WO2022264564A1 - Method for manufacturing security module - Google Patents

Method for manufacturing security module Download PDF

Info

Publication number
WO2022264564A1
WO2022264564A1 PCT/JP2022/011002 JP2022011002W WO2022264564A1 WO 2022264564 A1 WO2022264564 A1 WO 2022264564A1 JP 2022011002 W JP2022011002 W JP 2022011002W WO 2022264564 A1 WO2022264564 A1 WO 2022264564A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
security module
manufacturing
individual
master key
Prior art date
Application number
PCT/JP2022/011002
Other languages
French (fr)
Japanese (ja)
Inventor
雅哉 山本
幸一 森岡
Original Assignee
パナソニックIpマネジメント株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パナソニックIpマネジメント株式会社 filed Critical パナソニックIpマネジメント株式会社
Priority to CN202280040740.0A priority Critical patent/CN117426066A/en
Priority to JP2023529549A priority patent/JPWO2022264564A1/ja
Publication of WO2022264564A1 publication Critical patent/WO2022264564A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/10Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with particular housing, physical features or manual controls

Definitions

  • the present disclosure relates to a method of manufacturing a security module.
  • IoT Internet of Things
  • IoT devices are considering encrypting and concealing data in communication via the Internet.
  • Patent Literature 1 discloses a technique for generating a common key from a master key and a home appliance serial number, encrypting information using the generated common key, and communicating the information.
  • Patent Literature 1 does not disclose how to prevent the master key from being leaked when the security module is manufactured.
  • the present disclosure provides a method of manufacturing a security module that can prevent the master key from being leaked during manufacturing of the security module.
  • a security module manufacturing method is a manufacturing method for manufacturing a security module holding a master key and an encrypted individual key obtained by encrypting the individual key with the master key, wherein the security A first step of writing the master key in the state of the IC alone in a storage area that can be written only once in an IC (Integrated Circuit) mounted on the module; and a second step of writing the encrypted individual key into a memory that can be written once.
  • IC Integrated Circuit
  • the security module manufacturing method it is possible to prevent the master key from being leaked during manufacturing of the security module.
  • FIG. 1 is a diagram showing the configuration of an IoT home appliance system according to an embodiment.
  • FIG. 2 is a block diagram of the functional configuration of the security module according to the embodiment.
  • FIG. 3 is a flow chart showing a method of encrypting an individual key.
  • FIG. 4 is a diagram showing the configuration of an encrypted file containing an encrypted individual key issued by a key issuing authority.
  • FIG. 5 is a flow chart showing a method of decrypting an encrypted individual key.
  • FIG. 6 is a flow chart showing an example of a method for manufacturing the security module according to the embodiment.
  • FIG. 7 is a diagram showing the configuration of the socket jig according to the embodiment.
  • FIG. 8 is a table showing control procedures for writing a master key to a chip according to the embodiment.
  • FIG. 9 is a flow chart showing another example of the security module manufacturing method according to the embodiment.
  • the security module manufacturing process includes multiple processes such as mounting and assembling, and the length of the manufacturing line for that purpose can be several tens of meters. In the manufacturing line, a plurality of workers work.
  • the inventors of the present application have found that in an environment where there are many workers in such a large space, it is difficult to sufficiently manage each worker, and there is a risk of leakage of firmware including the master key. I found a problem.
  • the master key forms the basis of the security of IoT home appliances, and if it is leaked even once, it becomes difficult to ensure the security of communication. This is considered to be very important in ensuring safety in communication.
  • the inventors of the present application conducted extensive research on a method of manufacturing a security module that can prevent the leakage of the master key during the manufacture of the security module, and devised the method of manufacturing the security module shown below.
  • a security module manufacturing method is a manufacturing method for manufacturing a security module holding a master key and an encrypted individual key obtained by encrypting the individual key with the master key, wherein the security A first step of writing the master key in the state of the IC alone in a storage area that can be written only once in an IC (Integrated Circuit) mounted on the module; and a second step of writing the encrypted individual key into a memory that can be written once.
  • IC Integrated Circuit
  • the master key can be written in an easy-to-handle IC unit state, making it easier to limit the work space and operators for writing the master key. In other words, it becomes easier to manage workers who write the master key. Therefore, according to the method for manufacturing a security module according to an aspect of the present disclosure, it is possible to prevent the master key from being leaked by a worker or the like during manufacturing of the security module.
  • the second step may be performed in a manufacturing line for manufacturing the security module, and the first step may be performed in a dedicated security room isolated from the manufacturing line.
  • the security module manufacturing method according to one aspect of the present disclosure can be realized at low cost without making the entire security module manufacturing process a secure environment.
  • the second step may be performed in the state of the memory alone, and the memory in which the encryption individual key is written may be mounted on the substrate.
  • the individual encryption key can be written in a single memory that is easy to handle, making it easier to limit the work space and operators for writing the individual encryption key. In other words, it becomes easier to manage the operator who writes the encrypted individual key. Therefore, according to the method for manufacturing a security module according to an aspect of the present disclosure, it is possible to prevent leakage of the individual encryption key by a worker or the like during manufacturing of the security module.
  • the second step may be performed with the memory mounted on the substrate.
  • a jig that performs writing in a single memory state does not have a function to write mutually different information (for example, an encryption individual key) to each of a plurality of memories
  • the memory is mounted on the board.
  • the encryption individual key can be written later.
  • the encrypted individual key is further encrypted using an individual value unique to the security module, and in the second step, the individual value is further written into the memory, and is written into the memory.
  • the method may further include a third step of writing the individual value to the storage area of the IC.
  • the method may further include a fourth step of writing firmware to the memory for writing the individual value to the storage area of the IC.
  • the fourth step may be performed with the memory alone, and the memory in which the encrypted individual key and the individual value are written may be mounted on the substrate.
  • a fifth step of deleting the individual values written in the memory may be further included after the third step.
  • the memory is a non-secure storage area, it is possible to prevent the individual value information from leaking out of the memory.
  • the IC has a secure zone and a non-secure zone
  • the master key is written in a storage area in the secure zone
  • the encrypted individual key is stored in the non-secure zone. It may be written to a certain storage area.
  • a lock function that prohibits reading of the master key during processing in the non-secure zone may be turned on.
  • each figure is a schematic diagram and is not necessarily strictly illustrated. Therefore, for example, scales and the like do not necessarily match in each drawing. Moreover, in each figure, the same code
  • FIG. 1 is a diagram showing the configuration of an IoT home appliance system according to this embodiment.
  • an IoT home appliance 1 can communicate with a cloud system 3 composed of a plurality of servers via the Internet 2.
  • the Internet 2 is an example of a network, and may be a telephone line or a LAN (Local Area Network).
  • An IoT home appliance 1 is a white goods such as a washing machine connected to the Internet 2 as shown in FIG. Note that the IoT home appliance 1 is not limited to white goods such as a washing machine connected to the Internet 2, and white goods such as a refrigerator or a microwave oven connected to the Internet 2 as described above. It's okay.
  • the IoT home appliance 1 may be any home appliance that can be connected to the Internet 2 .
  • the communication destination of the IoT home appliance 1 is not limited to the cloud system 3, and may be, for example, a terminal device such as a smart phone.
  • the IoT home appliance 1 is equipped with a security module 10 for realizing secure Internet communication.
  • FIG. 2 is a block diagram showing the functional configuration of the security module 10 according to this embodiment.
  • the security module 10 has an IC (Integrated Circuit) 15 and a flash memory 14. Also, the IC 15 includes a control unit 11 , a secure storage area 12 and a non-secure storage area 13 . The control unit 11, the secure storage area 12, and the non-secure storage area 13 are integrated into one chip.
  • IC Integrated Circuit
  • the control unit 11 is an arithmetic processing unit that executes various processes in the security module 10.
  • the secure storage area 12 stores the master key 12a.
  • the master key 12a is a master key used when encrypting an individual key in the key issuing authority, and is used in the security module 10 to decrypt the encrypted individual key 14a.
  • the master key 12a is, for example, a key (common master key) common to each product.
  • the secure storage area 12 is, for example, a storage area built into the IC 15 .
  • the secure storage area 12 is identifiable by a memory address within the IC 15, for example.
  • the non-secure storage area 13 stores individual values 13a.
  • the individual value 13a is a value used when encrypting the individual key in the key issuing authority, and is used in the security module 10 to decrypt the encrypted individual key 14a.
  • the individual value 13a is, for example, a unique value for each product.
  • the individual value 13a is, for example, a random value.
  • the individual value 13a may be an identification number (eg, serial number).
  • the non-secure storage area 13 is, for example, a storage area built into the IC 15 . Non-secure storage area 13 can be identified, for example, by a memory address within IC 15 .
  • the flash memory 14 stores an encrypted individual key 14a.
  • the encrypted individual key 14a is stored in a storage device separate from the IC 15.
  • the encrypted individual key 14a is an individual key encrypted using the master key 12a and the individual value 13a.
  • the flash memory 14 has a larger storage capacity than the secure storage area 12 and the non-secure storage area 13, for example.
  • the flash memory 14 is an example of memory.
  • the encrypted individual key 14a is not limited to using the individual value 13a as long as it is encrypted using at least the master key 12a. If the encrypted individual key 14a is generated by encrypting the individual key without using the individual value 13a, the security module 10 may not store the individual value 13a.
  • the IC 15 has a secure zone and a non-secure zone (not shown).
  • the Secure Zone has a mechanism to prevent unauthorized access from the outside.
  • the secure zone is a highly reliable arithmetic processing unit that is unlikely to be hacked.
  • the secure zone is connected to the secure storage area 12.
  • the secure storage area 12 is a storage device for secure zones.
  • the secure storage area 12 is not connected to, for example, the non-secure zone.
  • the security module 10 can also be said to hold the master key 12a in the secure zone.
  • a non-volatile memory with a one-time write function such as FUSE memory
  • the FUSE memory may be, for example, an eFuse memory that stores data by electrically irreversibly changing element characteristics.
  • the security module 10 executes secure processing in the secure zone, which is an area under surveillance mode. That is, the security module 10 executes secure processing in a secure zone, which is a separate environment from non-secure processing. Access to the memory area or program code in the secure zone is restricted from the program code in the area outside the monitor mode.
  • the security module 10 can execute secure processing in the secure zone without being affected by security-related vulnerabilities in non-secure processing.
  • the non-secure zone is a normal arithmetic processing unit. For example, processing by operating system programs or processing by normal application programs are executed in the non-secure zone.
  • the non-secure zone is connected to the non-secure storage area 13.
  • the non-secure storage area 13 is a storage device for the non-secure zone. It can also be said that the security module 10 holds an individual value 13a in the non-secure zone.
  • a non-volatile memory with a one-time write function such as FUSE memory
  • the FUSE memory may be, for example, an eFuse memory that stores data by electrically irreversibly changing element characteristics.
  • non-secure zone and the secure zone may be connected to the flash memory 14.
  • the flash memory 14 is a nonvolatile memory having a rewrite function. It can also be said that the security module 10 holds an encrypted individual key 14a in the non-secure zone. Also, the flash memory 14 may hold a firmware program executed by the control unit 11 and its setting data, in addition to the encrypted individual key 14a.
  • the security module 10 executes non-secure processing in a non-secure zone that is not a secure zone.
  • non-secure processing since non-secure processing is executed in an area that is not a secure zone, there is a risk that malicious code or the like may be executed by exploiting vulnerabilities, that is, eavesdropping or tampering.
  • eavesdropping or tampering For example, there is a risk that the encrypted individual key 14a will be leaked.
  • the master key 12a is not leaked, it is difficult to decrypt the encrypted individual key 14a, so the impact on security is small. For this reason as well, it is important to prevent leakage of the master key 12a.
  • Such a security module 10 is realized by mounting an IC 15, a flash memory 14, etc. on a substrate on which wiring and the like are formed.
  • a general-purpose MPU for example, is used for the IC 15 .
  • the IC 15 functions, for example, as an information processing unit for performing communication with the cloud system 3 using an individual key.
  • a communication module such as an antenna may be mounted on the security module 10, for example.
  • the individual key is, for example, a private key for decrypting data encrypted by the public key corresponding to the individual key in the IoT home appliance 1, that is, a private key of the public key cryptosystem. It may be a common key for key cryptography.
  • the master key 12a does not include the hardwired logic embedded in the IC 15. In other words, in the security module 10 according to the present embodiment, it is necessary to write the master key 12a into the secure storage area 12 during manufacturing.
  • FIG. 3 is a flow chart showing a method of encrypting an individual key. The processing shown in FIG. 3 is performed, for example, at the key issuing authority.
  • a key (key encryption key) for encrypting the individual key is derived based on the master key 12a and the individual value 13a (S11).
  • the method of deriving the key (key encryption key) using the master key 12a and the individual value 13a is exemplified by a method using a key derivation function (Key Derivation Function), but any other known method may be used.
  • step S12 the encrypted individual key 14a is generated.
  • the master key 12a, individual value 13a, and encrypted individual key 14a are output (S13).
  • a set of information including the master key 12a, the individual value 13a, and the encrypted individual key 14a is output to the security module 10 manufacturer.
  • FIG. 4 is a diagram showing the configuration of an encrypted file containing the encrypted individual key 14a (individual client private key in FIG. 4) issued by the key issuing authority. Since the master key 12a is common, FIG. 4 shows an example in which the key issuing authority issues information in which the encrypted individual key 14a and the individual value 13a (random value in FIG. 4) are set. There is The manufacturer of the security module 10 acquires, for example, the information shown in FIG. 4 from the key issuing authority. The manufacturer of the security module 10 also obtains the master key 12a from the key issuing authority.
  • the key issuing authority distributes the master key 12a, public key certificate, individual key (encrypted individual key 14a), individual value 13a, etc. to the manufacturer.
  • the key issuing agency is provided outside the manufacturer of the security module 10 .
  • the public key certificate contains information indicating the public key.
  • a public key certificate includes, for example, but is not limited to, public key version, issuer, validity period, certificate identification information (ID), public key, and the like.
  • the encrypted file includes multiple files including "File 1", “File 2" and "File 3".
  • One file contains data corresponding to one product.
  • the file name for example, the same character string as "serial value" may be used.
  • Each file contains an individual client private key (corresponding to the encrypted individual key 14a), an individual client certificate (corresponding to the public key certificate), and a random value (corresponding to the individual value 13a).
  • the information is different from each other.
  • the individual key is supplied from the key issuing authority to the security module 10 manufacturer in an encrypted state.
  • the encrypted file is, for example, a ZIP file and is compressed, but is not limited to this.
  • FIG. 5 is a flow chart showing a method of decrypting the encrypted individual key 14a.
  • the IoT home appliance 1 and the cloud system 3 transmit and receive encrypted data. For example, when the IoT home appliance 1 acquires data encrypted with a public key in the cloud system 3, the process shown in FIG. 5 is executed.
  • the control unit 11 derives a key (key encryption key) for decrypting the encrypted individual key 14a based on the master key 12a and the individual value 13a (S21). Then, the control unit 11 uses the key derived in step S21 to decrypt the encrypted individual key 14a (S22). That is, the control unit 11 generates an individual key based on the key derived in step S21 and the encrypted individual key 14a. In other words, the control unit 11 derives the key encryption key and uses the key encryption key to decrypt the encrypted individual key 14a, thereby obtaining the individual key (secret key). Any known method may be used to decrypt the encrypted individual key 14a using the master key 12a and the individual value 13a.
  • control unit 11 can decrypt the encrypted information transmitted from the cloud system 3 using the decrypted individual key.
  • FIG. 6 is a flow chart showing an example of a method for manufacturing the security module 10 according to this embodiment.
  • FIG. 6 shows a manufacturing method for manufacturing the security module 10 holding the master key 12a and the encrypted individual key 14a, which is the individual key encrypted by the master key 12a.
  • the IC 15 is also referred to as a chip 15 below.
  • the manufacturer of the security module 10 installs the IC 15 (for example, a general-purpose MPU) in a state in which the master key 12a and the individual value 13a are not stored in the secure storage area 12 and the non-secure storage area 13, respectively. Obtain from the manufacturer. Also, the manufacturer of the security module 10 acquires the encrypted file as shown in FIG. 4 and the master key 12a from the key issuing authority.
  • the IC 15 for example, a general-purpose MPU
  • the chip 15 (IC chip) is obtained (S31).
  • the worker acquires IC15.
  • a general-purpose MPU is obtained.
  • the information of the master key 12a and the individual value 13a is not stored in the chip 15 (for example, general-purpose MPU).
  • a socket jig is prepared (S32), and the master key 12a is written into the chip 15 alone using the socket jig (S33).
  • an operator prepares a socket jig and writes the master key 12a into the chip 15 alone. That is, the master key 12a is written in the secure storage area 12 while the chip 15 is not mounted on the board.
  • Writing the master key 12a in the state of the chip 15 alone is an important part of the manufacturing method of the security module 10 according to the present embodiment. Since the chip 15 alone is easy to handle, the time required for writing the master key 12a is shortened as compared with the case where the master key 12a is written in the chip 15 mounted on the substrate while suppressing the leakage of the master key 12a. be able to. This is because the chip 15 mounted on the substrate is more complicated to carry and handle than the single chip 15 and requires a wider working space. As in the present embodiment, it is relatively easy to suppress the leakage of the master key 12a if there is only a minimum necessary work space.
  • Steps S32 and S33 are an example of the first step.
  • the first step is to write the master key 12a in the state of the chip 15 alone in the secure storage area 12 (an example of a storage area that can be written only once) in the chip 15 (inside the IC 15) mounted on the security module 10. It can also be said that
  • steps S32 and S33 are preferably performed in a dedicated security room.
  • the chip 15 obtained in step S31 may be temporarily transported to a dedicated security room.
  • the dedicated security room is a dedicated space (for example, a dedicated room) for writing the master key 12a to the secure storage area 12, and is a space isolated from the space where the processes after step S34 are performed, for example.
  • the processes after step S34 may be performed in a manufacturing line for manufacturing the security module 10, and the processes of steps S32 and S33 may be performed in a dedicated security room isolated from the manufacturing line.
  • the dedicated security room may be separated by a wall or the like from the space where the processes from step S34 onwards are performed.
  • workers entering and exiting the dedicated security room are managed by surveillance cameras, an entry/exit system, and the like.
  • a dedicated security room is, for example, a room in which a worker in the dedicated security room can be identified.
  • workers who can enter and leave the dedicated security room may be registered in advance. When an unregistered worker enters a dedicated security room, an alarm or the like may be issued to notify the operator.
  • the number of workers and the number of workers in a dedicated security room may be managed by monitoring cameras, an entry/exit system, and the like. For example, if more than a predetermined number of workers are present in a dedicated security room, an alarm or the like may be used to inform them. Also, taking the socket jig out of the dedicated security room may be managed. For example, when a socket jig is taken out of a dedicated security room, an alarm or the like may be used to inform the user.
  • the master key 12a in a dedicated security room, it becomes possible to easily manage workers, objects (for example, socket jigs), and the like. Also, since the master key 12a is written in the state of the IC 15 alone, the dedicated security room can be saved in space.
  • FIG. 7 is a diagram showing the configuration of the socket jig 20 according to this embodiment.
  • the socket jig 20 is a jig for writing the master key 12a to the chip 15 in the state of the chip 15 alone, that is, in the state in which the chip 15 is not mounted on the substrate.
  • the socket jig 20 has three writing units 30 and a power supply unit 40 . Note that the number of writing units 30 included in the socket jig 20 is not particularly limited as long as it is one or more.
  • the writing unit 30 is a component for writing the master key 12a to the chip 15, and has a flash memory 31, a socket 32, and a light emitting unit 33.
  • the flash memory 31 stores write firmware (for example, OTP write firmware) for writing the master key 12a to the chip 15 .
  • write firmware for example, OTP write firmware
  • the flash memory 31 also stores the master key 12a.
  • the same firmware is stored in the flash memory 31 in each of the plurality of writing units 30 .
  • the socket 32 is a place where the chip 15 is arranged, and has a plurality of recesses corresponding to the terminals (pins) of the chip 15 .
  • the chip 15 placed in the socket 32 is electrically connected to each of the flash memory 31 and the light emitter 33 .
  • the light emitting unit 33 is, for example, a light emitting element such as an LED (Light Emitting Diode), and notifies the operator of the writing state of the master key 12a in a light emitting manner.
  • the light emission mode may be, for example, different emission colors, presence/absence of light emission, light emission intervals, and the like.
  • the power supply unit 40 supplies power for operating the chip 15, the light emitting unit 33, and the like.
  • FIG. 8 is a table showing a control procedure for writing the master key 12a to the chip 15 according to this embodiment.
  • FIG. 8 shows an example of details of step S33 shown in FIG.
  • the processing shown in FIG. 8 is executed by executing the write firmware stored in the flash memory 31 on the chip 15 arranged in the socket 32 of the socket jig 20 . It can be said that FIG. 8 shows the contents of the firmware for writing.
  • No. shown in FIG. indicates the processing order.
  • the contents shown in FIG. 8 are excerpted contents, and other processes may be included.
  • the chip 15 first activates a real-time OS (Operating System). At this time, for example, "Secure Boot” may be OFF.
  • OS Operating System
  • the chip 15 energizes the first GPIO (General-Purpose Input/Output).
  • the first GPIO is a pin (terminal) connected to the light emitting unit 33 .
  • the light-emitting unit 33 for example, an LED
  • the light-emitting unit 33 can be caused to emit light in a light-emitting mode indicating the start of processing, so that the operator can be notified of the start of the write processing of the master key 12a.
  • the chip 15 writes the master key 12a.
  • the master key 12a is written into a secure storage area 12 (eg, secure eFuse) within the chip 15 .
  • a secure storage area 12 eg, secure eFuse
  • the master key 12 a is automatically written to the secure storage area 12 in the chip 15 .
  • the chip 15 confirms the written master key 12a. That is, the chip 15 determines whether the written master key 12a is a correct master key. The chip 15, for example, confirms whether the master key 12a written in the secure storage area 12 and the master key 12a to be written (for example, the master key stored in the flash memory 31) match. By doing so, the determination is made.
  • the chip 15 locks the master key 12a.
  • Chip 15 turns on the locking function of the eFuse.
  • a lock function that prohibits reading of the master key 12a during processing in the non-secure zone may be turned on.
  • the second GPIO is a pin (terminal) connected to the light emitting unit 33 and is a different pin from the first GPIO.
  • the light emitting unit 33 e.g., LED
  • the light emitting unit 33 can be caused to emit light in a light emission mode indicating that the writing process has been completed normally, so that the operator can be notified that the writing process of the master key 12a has been performed normally. can be notified.
  • the chip 15 de-energizes the first GPIO. As a result, the chip 15 can turn off the light emitting section 33 (for example, an LED) upon completion of the writing process of the master key 12a.
  • the light emitting section 33 for example, an LED
  • the master key 12a can be written to the chip 15 in the state of the chip 15 alone. Then, the chip 15 in which the master key 12a is written is transported from the dedicated security room to the production line of the security module 10.
  • firmware firmware for the device
  • the flash memory 14 (S34).
  • write firmware for writing the individual values 13 a stored in the flash memory 14 to the non-secure storage area 13 of the chip 15 may also be written in the flash memory 14 .
  • step S34 in the state of the flash memory 14 alone, that is, in the state where the flash memory 14 is not mounted on the substrate, the individual value 13a is written to the storage area of the chip 15 (for example, the non-secure storage area 13).
  • Firmware may be written to the flash memory 14 .
  • Step S34 is an example of the fourth step.
  • the firmware for writing out of the firmware for the device and the firmware for writing is set to be executed.
  • a writing device called a Gang Writer is used to write the firmware to the flash memory 14, but it is not limited to this.
  • Step S35 is performed, for example, in the state of the flash memory 14 alone. Writing in step S35 also uses, for example, a gang writer or the like, but is not limited to this.
  • Step S35 is an example of the second step.
  • the second step can also be said to be a step of writing the encrypted individual key 14a and the individual value 13a into the flash memory 14 mounted on the substrate together with the chip 15 and capable of being written multiple times. Note that at least the encrypted individual key 14a is written to the flash memory 14 in step S35.
  • the chip 15 and flash memory 14 are incorporated into the module (S36).
  • chip 15 and flash memory 14 are mounted on the substrate.
  • other components such as an antenna are also mounted on the substrate.
  • step S36 the flash memory 14 in which at least the encrypted individual key 14a is written is mounted on the board.
  • a flash memory 14 in which an encrypted individual key 14a and an individual value 13a are written is mounted on a substrate.
  • Step S37 is an example of the third step.
  • the third step can also be said to be a step of writing the individual value 13a written in the flash memory 14 to the storage area of the chip 15 (for example, the non-secure storage area 13).
  • the individual value 13a is not limited to being written to the non-secure storage area 13 via the flash memory 14, and may be written via another storage device.
  • the individual value 13a may be stored in a RAM (Random Access Memory) or the like on the module via a serial port, and written to the non-secure storage area 13 via the RAM.
  • RAM Random Access Memory
  • the method of manufacturing the security module 10 may further include a step of deleting the individual value 13a written in the flash memory 14 (an example of the fifth step).
  • the master key 12a is written in the secure storage area 12 (an example of a storage area within the secure zone), and the encrypted individual key 14a is , is written to the flash memory 14 (an example of a storage area in the non-secure zone).
  • FIG. 9 is a flow chart showing another example of the method for manufacturing the security module 10 according to this embodiment.
  • the flowchart shown in FIG. 9 differs from the flowchart shown in FIG. 6 in that the order of steps S35 and S36 is changed. The following description focuses on the differences from FIG.
  • the flash memory 14 is incorporated into the module in a state in which only the firmware out of the firmware and the encrypted individual key 14a and the individual value 13a is written. It can also be said that the flash memory 14 is incorporated into a module in a state in which information written in common to other flash memories 14 is written.
  • write firmware for writing the individual value 13 a stored in the flash memory 14 to the non-secure storage area 13 of the chip 15 is also written to the flash memory 14 .
  • the encrypted individual key 14a and the individual value 13a are written into the flash memory 14 incorporated in the module (S35).
  • Writing the encrypted individual key 14a and the individual value 13a to the flash memory 14 is performed using, for example, a PC (Personal Computer).
  • the encrypted individual key 14a and the individual value 13a are written into the flash memory 14 by connecting the PC and the flash memory 14 via a dedicated connector or the like.
  • Step S35 is an example of the second step.
  • the second step may be performed with the flash memory 14 mounted on the substrate.
  • the firmware is executed to write the individual value 13a stored in the flash memory 14 to the non-secure storage area 13 of the chip 15 (S37).
  • Such a method for manufacturing the security module 10 is effective, for example, when the gang writer does not have the function of writing mutually different information (for example, mutually different individual values 13a) into each of the plurality of flash memories 14. .
  • each step may be performed by an operator, or a part thereof may be performed automatically.
  • each component may be configured with dedicated hardware or implemented by executing a software program suitable for each component.
  • Each component may be realized by reading and executing a software program recorded in a recording medium such as a hard disk or a semiconductor memory by a program execution unit such as a CPU or processor.
  • the division of functional blocks in the block diagram is an example, and a plurality of functional blocks can be realized as one functional block, one functional block can be divided into a plurality of functional blocks, and some functions can be moved to other functional blocks.
  • single hardware or software may process the functions of a plurality of functional blocks having similar functions in parallel or in a time-sharing manner.
  • each component described in the above embodiments and the like may be realized as software, or typically as an LSI, which is an integrated circuit. These may be made into one chip individually, or may be made into one chip so as to include part or all of them.
  • LSI is used here, it may also be called IC, system LSI, super LSI, or ultra LSI depending on the degree of integration.
  • the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor.
  • An FPGA Field Programmable Gate Array
  • a reconfigurable processor that can reconfigure the connections or settings of the circuit cells inside the LSI may be used.
  • an integrated circuit technology that replaces the LSI appears due to advances in semiconductor technology or another technology derived from it, the component may naturally be integrated using that technology.
  • a system LSI is a multi-functional LSI manufactured by integrating multiple processing units on a single chip. Specifically, it includes a microprocessor, ROM (Read Only Memory), RAM, etc. It is a computer system that A computer program is stored in the ROM. The system LSI achieves its functions by the microprocessor operating according to the computer program.
  • one aspect of the present disclosure may be a computer program that causes a computer to execute at least one of the characteristic steps included in the security module manufacturing method shown in FIG. 6, FIG. 8, or FIG.
  • the program may be a program to be executed by a computer.
  • one aspect of the present disclosure may be a computer-readable non-transitory recording medium on which such a program is recorded.
  • such a program may be recorded on a recording medium and distributed or distributed. For example, by installing the distributed program in a device having another processor and causing the processor to execute the program, it is possible to cause the device to perform the above processes.
  • each step in the security module manufacturing method described in the above embodiments may be changed. Further, each step in the security module manufacturing method described in the above embodiment may be performed in one step or in separate steps. It should be noted that “performed in one step” means that each step is performed using one device, each step is performed continuously, or each step is performed at the same place. is. In addition, separate steps mean that each step is performed using separate equipment, each step is performed at different times (for example, different days), or each step is performed at different locations. intended to include
  • these general or specific aspects may be realized by a system, method, integrated circuit, computer program, or non-transitory recording medium such as a computer-readable CD-ROM. It may be realized by any combination of circuits, computer programs or recording media.
  • the program may be pre-stored in a recording medium, or may be supplied to the recording medium via a wide area network including the Internet.
  • the present disclosure is useful for manufacturing security modules.
  • IoT Home Appliance Internet 3 Cloud System 10 Security Module 11 Control Unit 12 Secure Storage Area 12a Master Key 13 Non-Secure Storage Area 13a Individual Value 14, 31 Flash Memory 14a Encryption Individual Key 15 Chip (IC) 20 socket jig 30 writing unit 32 socket 33 light emitting unit 40 power supply unit

Abstract

Provided is a method for manufacturing a security module (10). The security module (10) holds a master key (12a) and an encrypted individual key (14a) obtained by encrypting an individual key by means of the master key (12a). The manufacturing method comprises: a first step (S33) for writing the master key (12a) into a write-once storage region of an IC when alone, the IC to be mounted in the security module (10); and a second step (S35) for writing the encrypted individual key (14a) into a write-many flash memory (14) which is to be implemented on a substrate together with the IC.

Description

セキュリティモジュールの製造方法Security module manufacturing method
 本開示は、セキュリティモジュールの製造方法に関する。 The present disclosure relates to a method of manufacturing a security module.
 近年、IoT(Internet of Things)技術が進展しており、冷蔵庫、洗濯機、電子レンジ等の白物家電に通信モジュールが搭載されたIoT機器がインターネットに接続され、白物家電をより便利に活用するという試みがなされている。 In recent years, IoT (Internet of Things) technology has progressed, and IoT devices equipped with communication modules in white goods such as refrigerators, washing machines, and microwave ovens are connected to the Internet, making the use of white goods more convenient. Attempts are being made to
 一方、IoT機器がインターネットに接続されると、インターネットを介して機器を誤動作させるような攻撃が行われる、又は、インターネットを介して利用履歴など機器に関する情報が盗聴される危険がある。 On the other hand, when IoT devices are connected to the Internet, there is a risk that attacks that cause the devices to malfunction will be carried out via the Internet, or information about the devices such as usage history will be wiretapped via the Internet.
 そこで、安全なインターネット通信を実現するため、IoT機器では、インターネットを介した通信においてデータを暗号化して秘匿することが検討されている。 Therefore, in order to realize safe Internet communication, IoT devices are considering encrypting and concealing data in communication via the Internet.
 例えば、特許文献1には、マスタ鍵と家電機器の製造番号とから共通鍵を生成し、生成した共通鍵を用いて情報を暗号化して通信する技術が開示されている。 For example, Patent Literature 1 discloses a technique for generating a common key from a master key and a home appliance serial number, encrypting information using the generated common key, and communicating the information.
特開2018-14640号公報JP 2018-14640 A
 ところで、IoT機器には、マスタ鍵と、暗号化された個別鍵(暗号化個別鍵)とを記憶したセキュリティモジュールが搭載されることが検討されている。マスタ鍵は、暗号化個別鍵を復号するために用いられる。そのため、例えば、マスタ鍵が漏洩してしまうと、暗号化個別鍵が復号される恐れがあるので、マスタ鍵の管理は重要である。例えば、セキュリティモジュールの製造時においても、マスタ鍵が漏洩しないように管理されることが求められる。しかしながら、特許文献1には、セキュリティモジュールの製造時においてマスタ鍵が漏洩することを抑制することについては、開示されていない。 By the way, it is being considered to install a security module that stores a master key and an encrypted individual key (encrypted individual key) in IoT devices. The master key is used to decrypt encrypted individual keys. Therefore, for example, if the master key is leaked, the encrypted individual key may be decrypted, so management of the master key is important. For example, even when the security module is manufactured, it is required to be managed so that the master key is not leaked. However, Patent Literature 1 does not disclose how to prevent the master key from being leaked when the security module is manufactured.
 そこで、本開示は、セキュリティモジュールの製造時においてマスタ鍵が漏洩することを抑制することができるセキュリティモジュールの製造方法を提供する。 Therefore, the present disclosure provides a method of manufacturing a security module that can prevent the master key from being leaked during manufacturing of the security module.
 本開示の一態様に係るセキュリティモジュールの製造方法は、マスタ鍵、及び、前記マスタ鍵によって個別鍵が暗号化された暗号化個別鍵を保持するセキュリティモジュールを製造する製造方法であって、前記セキュリティモジュールに搭載されるIC(Integrated Circuit)内の1回のみ書き込み可能な記憶領域に前記マスタ鍵を前記IC単体の状態で書き込む第1工程と、前記ICとともに基板に実装されるメモリであって複数回の書き込みが可能なメモリに前記暗号化個別鍵を書き込む第2工程とを含む。 A security module manufacturing method according to an aspect of the present disclosure is a manufacturing method for manufacturing a security module holding a master key and an encrypted individual key obtained by encrypting the individual key with the master key, wherein the security A first step of writing the master key in the state of the IC alone in a storage area that can be written only once in an IC (Integrated Circuit) mounted on the module; and a second step of writing the encrypted individual key into a memory that can be written once.
 本開示の一態様に係るセキュリティモジュールの製造方法によれば、セキュリティモジュールの製造時においてマスタ鍵が漏洩することを抑制することができる。 According to the security module manufacturing method according to one aspect of the present disclosure, it is possible to prevent the master key from being leaked during manufacturing of the security module.
図1は、実施の形態に係るIoT家電機器システムの構成を示す図である。FIG. 1 is a diagram showing the configuration of an IoT home appliance system according to an embodiment. 図2は、実施の形態に係るセキュリティモジュールの機能構成を示すブロック図である。FIG. 2 is a block diagram of the functional configuration of the security module according to the embodiment. 図3は、個別鍵の暗号化方法を示すフローチャートである。FIG. 3 is a flow chart showing a method of encrypting an individual key. 図4は、鍵発行機関から発行された暗号化個別鍵を含む暗号化ファイルの構成を示す図である。FIG. 4 is a diagram showing the configuration of an encrypted file containing an encrypted individual key issued by a key issuing authority. 図5は、暗号化個別鍵の復号方法を示すフローチャートである。FIG. 5 is a flow chart showing a method of decrypting an encrypted individual key. 図6は、実施の形態に係るセキュリティモジュールの製造方法の一例を示すフローチャートである。FIG. 6 is a flow chart showing an example of a method for manufacturing the security module according to the embodiment. 図7は、実施の形態に係るソケット治具の構成を示す図である。FIG. 7 is a diagram showing the configuration of the socket jig according to the embodiment. 図8は、実施の形態に係るマスタ鍵をチップに書き込む制御手順を示す表である。FIG. 8 is a table showing control procedures for writing a master key to a chip according to the embodiment. 図9は、実施の形態に係るセキュリティモジュールの製造方法の他の一例を示すフローチャートである。FIG. 9 is a flow chart showing another example of the security module manufacturing method according to the embodiment.
 (本開示に至った経緯)
 本開示の説明に先立ち、本開示に至った経緯について説明する。 (Circumstances leading to this disclosure)
Prior to explaining the present disclosure, the circumstances leading to the present disclosure will be described.
 上記の「背景技術」で記載したように、データを暗号化して秘匿するために、マスタ鍵を用いることが検討されている。 As described in the "Background Art" above, the use of master keys is under consideration in order to encrypt and keep data confidential.
 IoT家電機器に汎用MPU(Micro Processor Unit)等が実装されたセキュリティモジュールが搭載される場合、セキュリティモジュールの製造工程において、当該汎用MPUにマスタ鍵を書き込む必要がある。 When a security module implemented with a general-purpose MPU (Micro Processor Unit) or the like is installed in an IoT home appliance, it is necessary to write a master key to the general-purpose MPU in the manufacturing process of the security module.
 一方、セキュリティモジュールの製造工程は、実装工程、アセンブル工程等の複数の工程があり、そのための製造ラインの長さは、数十メートルとなる場合もある。そして、製造ラインでは、複数の作業者が作業を行う。 On the other hand, the security module manufacturing process includes multiple processes such as mounting and assembling, and the length of the manufacturing line for that purpose can be several tens of meters. In the manufacturing line, a plurality of workers work.
 本願発明者らは、このような広い空間に多数の作業者がいるような環境下では、各作業者の管理等を十分に行うことが困難であり、マスタ鍵を含むファームウェアが漏洩するリスクがあるという課題を見出した。マスタ鍵は、IoT家電機器におけるセキュリティの根幹をなしており、1度でも漏洩してしまうと通信における安全性を確保することが困難となる実情に鑑み、製造工程におけるマスタ鍵の漏洩を抑制することは、通信における安全性を確保する上で、非常に重要であると考えられる。 The inventors of the present application have found that in an environment where there are many workers in such a large space, it is difficult to sufficiently manage each worker, and there is a risk of leakage of firmware including the master key. I found a problem. The master key forms the basis of the security of IoT home appliances, and if it is leaked even once, it becomes difficult to ensure the security of communication. This is considered to be very important in ensuring safety in communication.
 そこで、本願発明者らは、セキュリティモジュールの製造時においてマスタ鍵が漏洩することを抑制することができるセキュリティモジュールの製造方法について鋭意検討を行い、以下に示すセキュリティモジュールの製造方法を創案した。 Therefore, the inventors of the present application conducted extensive research on a method of manufacturing a security module that can prevent the leakage of the master key during the manufacture of the security module, and devised the method of manufacturing the security module shown below.
 本開示の一態様に係るセキュリティモジュールの製造方法は、マスタ鍵、及び、前記マスタ鍵によって個別鍵が暗号化された暗号化個別鍵を保持するセキュリティモジュールを製造する製造方法であって、前記セキュリティモジュールに搭載されるIC(Integrated Circuit)内の1回のみ書き込み可能な記憶領域に前記マスタ鍵を前記IC単体の状態で書き込む第1工程と、前記ICとともに基板に実装されるメモリであって複数回の書き込みが可能なメモリに前記暗号化個別鍵を書き込む第2工程とを含む。 A security module manufacturing method according to an aspect of the present disclosure is a manufacturing method for manufacturing a security module holding a master key and an encrypted individual key obtained by encrypting the individual key with the master key, wherein the security A first step of writing the master key in the state of the IC alone in a storage area that can be written only once in an IC (Integrated Circuit) mounted on the module; and a second step of writing the encrypted individual key into a memory that can be written once.
 これにより、マスタ鍵の書き込みを取り扱いが簡便なIC単体の状態で行うことができるので、マスタ鍵を書き込むための作業スペース、及び、作業者を限定しやすくなる。つまり、マスタ鍵の書き込みを行う作業者等を管理しやすくなる。よって、本開示の一態様に係るセキュリティモジュールの製造方法によれば、セキュリティモジュールの製造時において作業者等によりマスタ鍵が漏洩することを抑制することができる。 As a result, the master key can be written in an easy-to-handle IC unit state, making it easier to limit the work space and operators for writing the master key. In other words, it becomes easier to manage workers who write the master key. Therefore, according to the method for manufacturing a security module according to an aspect of the present disclosure, it is possible to prevent the master key from being leaked by a worker or the like during manufacturing of the security module.
 また、例えば、前記第2工程は、前記セキュリティモジュールを製造する製造ラインで行われ、前記第1工程は、前記製造ラインとは隔離した専用のセキュリティルームで行われてもよい。 Also, for example, the second step may be performed in a manufacturing line for manufacturing the security module, and the first step may be performed in a dedicated security room isolated from the manufacturing line.
 これにより、セキュリティモジュールの製造工程全体をセキュアな環境とすることなく、本開示の一態様に係るセキュリティモジュールの製造方法を低コストで実現することができる。 As a result, the security module manufacturing method according to one aspect of the present disclosure can be realized at low cost without making the entire security module manufacturing process a secure environment.
 また、例えば、前記第2工程は、前記メモリ単体の状態で行われ、前記暗号化個別鍵が書き込まれた前記メモリが前記基板に実装されてもよい。 Further, for example, the second step may be performed in the state of the memory alone, and the memory in which the encryption individual key is written may be mounted on the substrate.
 これにより、暗号化個別鍵の書き込みを取り扱いが簡便なメモリ単体の状態で行うことができるので、暗号化個別鍵を書き込むための作業スペース、及び、作業者を限定しやすくなる。つまり、暗号化個別鍵の書き込みを行う作業者等を管理しやすくなる。よって、本開示の一態様に係るセキュリティモジュールの製造方法によれば、セキュリティモジュールの製造時において作業者等により暗号化個別鍵が漏洩することを抑制することができる。 As a result, the individual encryption key can be written in a single memory that is easy to handle, making it easier to limit the work space and operators for writing the individual encryption key. In other words, it becomes easier to manage the operator who writes the encrypted individual key. Therefore, according to the method for manufacturing a security module according to an aspect of the present disclosure, it is possible to prevent leakage of the individual encryption key by a worker or the like during manufacturing of the security module.
 また、例えば、前記第2工程は、前記メモリが前記基板に実装された状態で行われてもよい。 Also, for example, the second step may be performed with the memory mounted on the substrate.
 これにより、メモリ単体の状態で書き込みを行う治具が、複数のメモリのそれぞれに互いに異なる情報(例えば、暗号化個別鍵)を書き込む機能を有していない場合に、メモリが基板に実装された後に暗号化個別鍵を書き込むことができる。 As a result, when a jig that performs writing in a single memory state does not have a function to write mutually different information (for example, an encryption individual key) to each of a plurality of memories, the memory is mounted on the board. The encryption individual key can be written later.
 また、例えば、前記暗号化個別鍵は、さらに前記セキュリティモジュールに固有の個別値を用いて暗号化されており、前記第2工程では、さらに前記個別値を前記メモリに書き込み、前記メモリに書き込まれた前記個別値を前記ICの前記記憶領域に書き込む第3工程をさらに含んでもよい。 Further, for example, the encrypted individual key is further encrypted using an individual value unique to the security module, and in the second step, the individual value is further written into the memory, and is written into the memory. The method may further include a third step of writing the individual value to the storage area of the IC.
 これにより、メモリを介してICの記憶領域に個別値を容易に書き込むことができる。 As a result, individual values can be easily written to the storage area of the IC via the memory.
 また、例えば、前記個別値を前記ICの前記記憶領域に書き込むためのファームウェアを前記メモリに書き込む第4工程をさらに含んでもよい。 Also, for example, the method may further include a fourth step of writing firmware to the memory for writing the individual value to the storage area of the IC.
 これにより、ファームウェアを起動するだけで、個別値を記憶領域に書き込むことができる。 As a result, individual values can be written to the storage area simply by activating the firmware.
 また、例えば、前記第4工程は、前記メモリ単体の状態で行われ、前記暗号化個別鍵及び前記個別値が書き込まれた前記メモリが前記基板に実装されてもよい。 Further, for example, the fourth step may be performed with the memory alone, and the memory in which the encrypted individual key and the individual value are written may be mounted on the substrate.
 これにより、個別値の書き込みを取り扱いが簡便なメモリ単体の状態で行うことができるので、個別鍵を書き込むための作業スペース、及び、作業者を限定しやすくなる。つまり、個別鍵の書き込みを行う作業者等を管理しやすくなる。よって、本開示の一態様に係るセキュリティモジュールの製造方法によれば、セキュリティモジュールの製造時において作業者等により個別鍵が漏洩することを抑制することができる。 As a result, individual values can be written in a single memory that is easy to handle, making it easier to limit the work space and operators for writing individual keys. In other words, it becomes easier to manage workers who write individual keys. Therefore, according to the method for manufacturing a security module according to an aspect of the present disclosure, it is possible to prevent the individual key from being leaked by a worker or the like during manufacturing of the security module.
 また、例えば、さらに、前記第3工程の後に、前記メモリに書き込まれている前記個別値を削除する第5工程を含んでもよい。 Further, for example, a fifth step of deleting the individual values written in the memory may be further included after the third step.
 これにより、メモリがノンセキュアな記憶領域である場合、当該メモリから個別値の情報が流出することを抑制することができる。 As a result, if the memory is a non-secure storage area, it is possible to prevent the individual value information from leaking out of the memory.
 また、例えば、前記ICは、セキュアゾーンと、ノンセキュアゾーンとを有し、前記マスタ鍵は、前記セキュアゾーン内にある記憶領域に書き込まれ、前記暗号化個別鍵は、前記ノンセキュアゾーン内にある記憶領域に書き込まれてもよい。 Also, for example, the IC has a secure zone and a non-secure zone, the master key is written in a storage area in the secure zone, and the encrypted individual key is stored in the non-secure zone. It may be written to a certain storage area.
 これにより、マスタ鍵がセキュアゾーン内の記憶領域に書き込まれるので、例えば、外部からのアクセス等によりマスタ鍵が漏洩することを抑制することができる。 As a result, since the master key is written to the storage area within the secure zone, it is possible to prevent the master key from being leaked due to, for example, access from the outside.
 また、例えば、前記第1工程では、さらに、前記ノンセキュアゾーンにおける処理において前記マスタ鍵の読み出しを禁止するロック機能をオンにしてもよい。 Also, for example, in the first step, a lock function that prohibits reading of the master key during processing in the non-secure zone may be turned on.
 これにより、ノンセキュアゾーンにおける処理を介してマスタ鍵が漏洩することを抑制することができる。 As a result, it is possible to prevent the master key from being leaked through processing in the non-secure zone.
 以下、実施の形態について、図面を参照しながら具体的に説明する。 Hereinafter, embodiments will be specifically described with reference to the drawings.
 なお、以下で説明する実施の形態は、いずれも包括的、又は、具体的な例を示すものである。以下の実施の形態で示される数値、形状、構成要素、構成要素の配置位置、及び、接続形態、ステップ(工程)、ステップ(工程)の順序などは、一例であり、本開示を限定する主旨ではない。例えば、数値は、厳格な意味のみを表す表現ではなく、実質的に同等な範囲、例えば数%程度の差異をも含むことを意味する表現である。また、以下の実施の形態における構成要素のうち、独立請求項に記載されていない構成要素については、任意の構成要素として説明される。 It should be noted that the embodiments described below are all comprehensive or show specific examples. Numerical values, shapes, components, arrangement positions of components, connection forms, steps (processes), order of steps (processes), etc. shown in the following embodiments are examples, and are intended to limit the present disclosure. is not. For example, numerical values are not expressions that express only strict meanings, but expressions that include a substantially equivalent range, for example, a difference of several percent. Further, among the constituent elements in the following embodiments, constituent elements not described in independent claims will be described as optional constituent elements.
 また、各図は、模式図であり、必ずしも厳密に図示されたものではない。したがって、例えば、各図において縮尺などは必ずしも一致しない。また、各図において、実質的に同一の構成については同一の符号を付しており、重複する説明は省略又は簡略化する。 In addition, each figure is a schematic diagram and is not necessarily strictly illustrated. Therefore, for example, scales and the like do not necessarily match in each drawing. Moreover, in each figure, the same code|symbol is attached|subjected about the substantially same structure, and the overlapping description is abbreviate|omitted or simplified.
 また、本明細書において、同じなどの要素間の関係性を示す用語、並びに、数値、及び、数値範囲は、厳格な意味のみを表す表現ではなく、実質的に同等な範囲、例えば数%程度(例えば、5%程度)の差異をも含むことを意味する表現である。 Also, in this specification, terms indicating the relationship between elements such as the same, and numerical values and numerical ranges are not expressions that express only strict meanings, but substantially equivalent ranges, such as about several percent This expression means that a difference of (for example, about 5%) is also included.
 (実施の形態)
 以下、本実施の形態に係るセキュリティモジュールの製造方法について、図1~図9を参照しながら説明する。 (Embodiment)
A method of manufacturing a security module according to the present embodiment will be described below with reference to FIGS. 1 to 9. FIG.
 [1.IoT家電機器システムの構成]
 まず、本実施の形態に係るセキュリティモジュールの製造方法を用いて製造されたセキュリティモジュールが搭載されたIoT家電機器を備えるIoT家電機器システムの構成について、図1を参照しながら説明する。図1は、本実施の形態に係るIoT家電機器システムの構成を示す図である。 [1. Configuration of IoT home appliance system]
First, the configuration of an IoT home appliance system including IoT home appliances equipped with a security module manufactured using the security module manufacturing method according to the present embodiment will be described with reference to FIG. FIG. 1 is a diagram showing the configuration of an IoT home appliance system according to this embodiment.
 図1に示すように、IoT家電機器システムは、IoT家電機器1がインターネット2を介して、複数のサーバから構成されるクラウドシステム3と通信可能である。 As shown in FIG. 1, in the IoT home appliance system, an IoT home appliance 1 can communicate with a cloud system 3 composed of a plurality of servers via the Internet 2.
 インターネット2は、ネットワークの一例であり、電話回線、LAN(Local Area Network)であってもよい。 The Internet 2 is an example of a network, and may be a telephone line or a LAN (Local Area Network).
 IoT家電機器1は、図1に示すように例えば洗濯機のような白物家電がインターネット2に接続されたものである。なお、IoT家電機器1は、洗濯機のような白物家電がインターネット2に接続されたものに限らず、上述したように冷蔵庫、又は、電子レンジといった白物家電がインターネット2に接続されたものでもよい。IoT家電機器1は、インターネット2に接続可能な家電機器であればよい。また、IoT家電機器1の通信先は、クラウドシステム3であることに限定されず、例えば、スマートフォンなどの端末装置であってもよい。 An IoT home appliance 1 is a white goods such as a washing machine connected to the Internet 2 as shown in FIG. Note that the IoT home appliance 1 is not limited to white goods such as a washing machine connected to the Internet 2, and white goods such as a refrigerator or a microwave oven connected to the Internet 2 as described above. It's okay. The IoT home appliance 1 may be any home appliance that can be connected to the Internet 2 . Further, the communication destination of the IoT home appliance 1 is not limited to the cloud system 3, and may be, for example, a terminal device such as a smart phone.
 また、IoT家電機器1には、安全なインターネット通信を実現するためのセキュリティモジュール10が搭載される。 In addition, the IoT home appliance 1 is equipped with a security module 10 for realizing secure Internet communication.
 セキュリティモジュール10の構成について、図2を参照しながら説明する。図2は、本実施の形態に係るセキュリティモジュール10の機能構成を示すブロック図である。 The configuration of the security module 10 will be described with reference to FIG. FIG. 2 is a block diagram showing the functional configuration of the security module 10 according to this embodiment.
 図2に示すように、セキュリティモジュール10は、IC(Integrated Circuit)15と、フラッシュメモリ14とを有する。また、IC15は、制御部11と、セキュアな記憶領域12と、ノンセキュアな記憶領域13とを含んで構成される。制御部11と、セキュアな記憶領域12と、ノンセキュアな記憶領域13とは、1チップ化されている。 As shown in FIG. 2, the security module 10 has an IC (Integrated Circuit) 15 and a flash memory 14. Also, the IC 15 includes a control unit 11 , a secure storage area 12 and a non-secure storage area 13 . The control unit 11, the secure storage area 12, and the non-secure storage area 13 are integrated into one chip.
 制御部11は、セキュリティモジュール10における各種処理を実行する演算処理部である。 The control unit 11 is an arithmetic processing unit that executes various processes in the security module 10.
 セキュアな記憶領域12は、マスタ鍵12aを記憶する。マスタ鍵12aは、鍵発行機関において個別鍵を暗号化する際に用いられたマスタ鍵であり、セキュリティモジュール10においては、暗号化個別鍵14aを復号するために用いられる。マスタ鍵12aは、例えば、製品ごとに共通の鍵(共通マスタ鍵)である。セキュアな記憶領域12は、例えば、IC15に内蔵される記憶領域である。セキュアな記憶領域12は、例えば、IC15内のメモリアドレスにより識別可能である。 The secure storage area 12 stores the master key 12a. The master key 12a is a master key used when encrypting an individual key in the key issuing authority, and is used in the security module 10 to decrypt the encrypted individual key 14a. The master key 12a is, for example, a key (common master key) common to each product. The secure storage area 12 is, for example, a storage area built into the IC 15 . The secure storage area 12 is identifiable by a memory address within the IC 15, for example.
 ノンセキュアな記憶領域13は、個別値13aを記憶する。個別値13aは、鍵発行機関において個別鍵を暗号化する際に用いられた値であり、セキュリティモジュール10においては、暗号化個別鍵14aを復号するために用いられる。個別値13aは、例えば、製品ごとに固有の値である。個別値13aは、例えば、ランダム値である。例えば、個別値13aは、識別番号(例えば、製造番号)であってもよい。ノンセキュアな記憶領域13は、例えば、IC15に内蔵される記憶領域である。ノンセキュアな記憶領域13は、例えば、IC15内のメモリアドレスにより識別可能である。 The non-secure storage area 13 stores individual values 13a. The individual value 13a is a value used when encrypting the individual key in the key issuing authority, and is used in the security module 10 to decrypt the encrypted individual key 14a. The individual value 13a is, for example, a unique value for each product. The individual value 13a is, for example, a random value. For example, the individual value 13a may be an identification number (eg, serial number). The non-secure storage area 13 is, for example, a storage area built into the IC 15 . Non-secure storage area 13 can be identified, for example, by a memory address within IC 15 .
 フラッシュメモリ14は、暗号化個別鍵14aを記憶する。つまり、暗号化個別鍵14aは、IC15とは別体の記憶装置に記憶されている。暗号化個別鍵14aは、マスタ鍵12a及び個別値13aを用いて暗号化された個別鍵である。また、フラッシュメモリ14は、例えば、セキュアな記憶領域12及びノンセキュアな記憶領域13より保存容量が大きい。フラッシュメモリ14は、メモリの一例である。 The flash memory 14 stores an encrypted individual key 14a. In other words, the encrypted individual key 14a is stored in a storage device separate from the IC 15. FIG. The encrypted individual key 14a is an individual key encrypted using the master key 12a and the individual value 13a. Also, the flash memory 14 has a larger storage capacity than the secure storage area 12 and the non-secure storage area 13, for example. The flash memory 14 is an example of memory.
 なお、暗号化個別鍵14aは、少なくともマスタ鍵12aを用いて暗号化されていればよく、個別値13aを用いることに限定されない。個別値13aを用いずに個別鍵を暗号化することで暗号化個別鍵14aが生成された場合、セキュリティモジュール10は、個別値13aを記憶していなくてもよい。 The encrypted individual key 14a is not limited to using the individual value 13a as long as it is encrypted using at least the master key 12a. If the encrypted individual key 14a is generated by encrypting the individual key without using the individual value 13a, the security module 10 may not store the individual value 13a.
 また、IC15は、セキュアゾーン及びノンセキュアゾーン(図示しない)を有している。 Also, the IC 15 has a secure zone and a non-secure zone (not shown).
 セキュアゾーンは、外部からの不正アクセスを受け付けないための仕組みを有する。つまり、セキュアゾーンは、ハッキングされる恐れが少なく、信頼性の高い演算処理部である。 The Secure Zone has a mechanism to prevent unauthorized access from the outside. In other words, the secure zone is a highly reliable arithmetic processing unit that is unlikely to be hacked.
 セキュアゾーンは、セキュアな記憶領域12と接続している。言い換えると、セキュアな記憶領域12は、セキュアゾーン用の記憶装置である。また、セキュアな記憶領域12は、例えば、ノンセキュアゾーンとは接続されていない。セキュリティモジュール10は、セキュアゾーンにマスタ鍵12aを保持するとも言える。 The secure zone is connected to the secure storage area 12. In other words, the secure storage area 12 is a storage device for secure zones. Also, the secure storage area 12 is not connected to, for example, the non-secure zone. The security module 10 can also be said to hold the master key 12a in the secure zone.
 セキュアな記憶領域12には、例えば、FUSEメモリのような、1回限りの書き込み機能を有する不揮発性メモリが用いられる。FUSEメモリは、例えば、電気的に素子特性を不可逆的に変更させることによってデータを記憶するeFuseメモリであってもよい。 For the secure storage area 12, for example, a non-volatile memory with a one-time write function, such as FUSE memory, is used. The FUSE memory may be, for example, an eFuse memory that stores data by electrically irreversibly changing element characteristics.
 セキュリティモジュール10は、監視モード下の領域であるセキュアゾーンにおいてセキュア処理を実行する。つまり、セキュリティモジュール10は、ノンセキュア処理とは別環境であるセキュアゾーンでセキュア処理を実行する。監視モード外の領域にあるプログラムコードからは、セキュアゾーン内にあるメモリ領域又はプログラムコードへのアクセスは制限される。 The security module 10 executes secure processing in the secure zone, which is an area under surveillance mode. That is, the security module 10 executes secure processing in a secure zone, which is a separate environment from non-secure processing. Access to the memory area or program code in the secure zone is restricted from the program code in the area outside the monitor mode.
 これにより、セキュリティモジュール10は、ノンセキュア処理においてセキュリティに関する脆弱性があっても、その影響を及ぼさずにセキュアゾーンにおいてセキュア処理を実行できる。 As a result, the security module 10 can execute secure processing in the secure zone without being affected by security-related vulnerabilities in non-secure processing.
 ノンセキュアゾーンは、通常の演算処理部である。例えば、オペレーティングシステムプログラムによる処理、又は、通常のアプリケーションプログラムによる処理は、ノンセキュアゾーンにおいて実行される。 The non-secure zone is a normal arithmetic processing unit. For example, processing by operating system programs or processing by normal application programs are executed in the non-secure zone.
 ノンセキュアゾーンは、ノンセキュアな記憶領域13と接続している。言い換えると、ノンセキュアな記憶領域13は、ノンセキュアゾーン用の記憶装置である。セキュリティモジュール10は、ノンセキュアゾーンに個別値13aを保持するとも言える。 The non-secure zone is connected to the non-secure storage area 13. In other words, the non-secure storage area 13 is a storage device for the non-secure zone. It can also be said that the security module 10 holds an individual value 13a in the non-secure zone.
 ノンセキュアな記憶領域13には、例えば、FUSEメモリのような、1回限りの書き込み機能を有する不揮発性メモリが用いられる。FUSEメモリは、例えば、電気的に素子特性を不可逆的に変更させることによってデータを記憶するeFuseメモリであってもよい。 For the non-secure storage area 13, for example, a non-volatile memory with a one-time write function, such as FUSE memory, is used. The FUSE memory may be, for example, an eFuse memory that stores data by electrically irreversibly changing element characteristics.
 また、ノンセキュアゾーン及びセキュアゾーンは、フラッシュメモリ14と接続していてもよい。フラッシュメモリ14は、書き換え機能を有する不揮発性メモリである。セキュリティモジュール10は、ノンセキュアゾーンに、暗号化個別鍵14aを保持するとも言える。また、フラッシュメモリ14は、暗号化個別鍵14a以外にも、制御部11が実行するファームウェアプログラム、及び、その設定データを保持していても良い。 Also, the non-secure zone and the secure zone may be connected to the flash memory 14. The flash memory 14 is a nonvolatile memory having a rewrite function. It can also be said that the security module 10 holds an encrypted individual key 14a in the non-secure zone. Also, the flash memory 14 may hold a firmware program executed by the control unit 11 and its setting data, in addition to the encrypted individual key 14a.
 セキュリティモジュール10は、セキュアゾーンでないノンセキュアゾーンにおいて、ノンセキュア処理を実行する。換言すると、ノンセキュア処理は、セキュアゾーンでない領域において実行されるため、脆弱性をついて不正コードなどが実行され得る、つまり盗聴、又は、改竄のリスクがある。例えば、暗号化個別鍵14aが漏洩するリスクがある。しかしながら、暗号化個別鍵14aが漏洩しても、マスタ鍵12aが漏洩していなければ、当該暗号化個別鍵14aを復号することが困難であるので、セキュリティへの影響は小さい。このことからも、マスタ鍵12aの漏洩を防ぐことが重要である。 The security module 10 executes non-secure processing in a non-secure zone that is not a secure zone. In other words, since non-secure processing is executed in an area that is not a secure zone, there is a risk that malicious code or the like may be executed by exploiting vulnerabilities, that is, eavesdropping or tampering. For example, there is a risk that the encrypted individual key 14a will be leaked. However, even if the encrypted individual key 14a is leaked, if the master key 12a is not leaked, it is difficult to decrypt the encrypted individual key 14a, so the impact on security is small. For this reason as well, it is important to prevent leakage of the master key 12a.
 このようなセキュリティモジュール10は、配線等が形成された基板に、IC15、フラッシュメモリ14等が実装されることで実現される。IC15には、例えば、汎用のMPUが用いられる。IC15は、例えば、個別鍵を用いた通信をクラウドシステム3と行うための情報処理部として機能する。また、セキュリティモジュール10には、例えば、アンテナ等の通信モジュールが実装されてもよい。 Such a security module 10 is realized by mounting an IC 15, a flash memory 14, etc. on a substrate on which wiring and the like are formed. A general-purpose MPU, for example, is used for the IC 15 . The IC 15 functions, for example, as an information processing unit for performing communication with the cloud system 3 using an individual key. In addition, a communication module such as an antenna may be mounted on the security module 10, for example.
 なお、個別鍵は、例えば、個別鍵に対応する公開鍵により暗号化されたデータを、IoT家電機器1において復号するための秘密鍵である、つまり公開鍵暗号方式の秘密鍵であるが、共通鍵暗号方式の共通鍵であってもよい。 Note that the individual key is, for example, a private key for decrypting data encrypted by the public key corresponding to the individual key in the IoT home appliance 1, that is, a private key of the public key cryptosystem. It may be a common key for key cryptography.
 なお、本実施の形態に係るマスタ鍵12aには、IC15上にハードワイヤードロジックで埋め込まれたものは含まれない。つまり、本実施の形態に係るセキュリティモジュール10では、製造上において、セキュアな記憶領域12にマスタ鍵12aを書き込む必要がある。 It should be noted that the master key 12a according to the present embodiment does not include the hardwired logic embedded in the IC 15. In other words, in the security module 10 according to the present embodiment, it is necessary to write the master key 12a into the secure storage area 12 during manufacturing.
 [2.個別鍵の暗号化処理及び復号処理]
 続いて、上記の個別鍵の暗号化処理及び復号処理について、図3~図5を参照しながら説明する。図3は、個別鍵の暗号化方法を示すフローチャートである。図3に示す処理は、例えば、鍵発行機関において行われる。 [2. Encryption and decryption of individual keys]
Next, the encryption processing and decryption processing of the individual key will be described with reference to FIGS. 3 to 5. FIG. FIG. 3 is a flow chart showing a method of encrypting an individual key. The processing shown in FIG. 3 is performed, for example, at the key issuing authority.
 図3に示すように、まず、マスタ鍵12aと個別値13aとに基づいて、個別鍵を暗号化するための鍵(鍵暗号化鍵)が導出される(S11)。マスタ鍵12aと個別値13aとを用いた鍵(鍵暗号化鍵)の導出方法は、鍵導出関数(Key Derivation Function)を用いた方法が例示されるが、その他の既知のいかなる方法が用いられてもよい。 As shown in FIG. 3, first, a key (key encryption key) for encrypting the individual key is derived based on the master key 12a and the individual value 13a (S11). The method of deriving the key (key encryption key) using the master key 12a and the individual value 13a is exemplified by a method using a key derivation function (Key Derivation Function), but any other known method may be used. may
 次に、ステップS11で生成された鍵を用いて、個別鍵が暗号化される(S12)。つまり、ステップS12では、暗号化個別鍵14aが生成される。 Next, the individual key is encrypted using the key generated in step S11 (S12). That is, in step S12, the encrypted individual key 14a is generated.
 次に、マスタ鍵12a、個別値13a、及び、暗号化個別鍵14aが出力される(S13)。例えば、マスタ鍵12a、個別値13a、及び、暗号化個別鍵14aがセットとなった情報が、セキュリティモジュール10の製造メーカに出力される。 Next, the master key 12a, individual value 13a, and encrypted individual key 14a are output (S13). For example, a set of information including the master key 12a, the individual value 13a, and the encrypted individual key 14a is output to the security module 10 manufacturer.
 図4は、鍵発行機関から発行された暗号化個別鍵14a(図4中の個別クライアント秘密鍵)を含む暗号化ファイルの構成を示す図である。マスタ鍵12aは共通であるので、図4では、暗号化個別鍵14a、及び、個別値13a(図4中のランダム値)がセットとなった情報を鍵発行機関が発行した例について図示している。セキュリティモジュール10の製造メーカは、例えば、図4に示す情報を鍵発行機関から取得する。なお、セキュリティモジュール10の製造メーカは、マスタ鍵12aも鍵発行機関から取得する。 FIG. 4 is a diagram showing the configuration of an encrypted file containing the encrypted individual key 14a (individual client private key in FIG. 4) issued by the key issuing authority. Since the master key 12a is common, FIG. 4 shows an example in which the key issuing authority issues information in which the encrypted individual key 14a and the individual value 13a (random value in FIG. 4) are set. there is The manufacturer of the security module 10 acquires, for example, the information shown in FIG. 4 from the key issuing authority. The manufacturer of the security module 10 also obtains the master key 12a from the key issuing authority.
 なお、鍵発行機関は、マスタ鍵12a、公開鍵証明書、個別鍵(暗号化個別鍵14a)、個別値13a等を製造メーカに配布する。鍵発行機関は、セキュリティモジュール10の製造メーカの外部に設けられる。なお、公開鍵証明書には、公開鍵を示す情報が含まれる。公開鍵証明書には、例えば、公開鍵のバージョン、発行者、有効期間、証明書識別情報(ID)、公開鍵等が含まれるが、これに限定されない。 The key issuing authority distributes the master key 12a, public key certificate, individual key (encrypted individual key 14a), individual value 13a, etc. to the manufacturer. The key issuing agency is provided outside the manufacturer of the security module 10 . The public key certificate contains information indicating the public key. A public key certificate includes, for example, but is not limited to, public key version, issuer, validity period, certificate identification information (ID), public key, and the like.
 図4に示すように、暗号化ファイルには、「ファイル1」、「ファイル2」及び「ファイル3」を含む複数のファイルが含まれる。1つのファイルが、1つの製品に対応するデータを含む。なお、ファイル名は、例えば、「シリアル値」と同じ文字列としておくとよい。 As shown in FIG. 4, the encrypted file includes multiple files including "File 1", "File 2" and "File 3". One file contains data corresponding to one product. For the file name, for example, the same character string as "serial value" may be used.
 ファイルのそれぞれには、個別クライアント秘密鍵(暗号化個別鍵14aに対応)、個別クライアント証明書(公開鍵証明書に対応)、及び、ランダム値(個別値13aに対応)が含まれる。ファイルのそれぞれにおいて、当該情報が互いに異なっている。 Each file contains an individual client private key (corresponding to the encrypted individual key 14a), an individual client certificate (corresponding to the public key certificate), and a random value (corresponding to the individual value 13a). In each of the files, the information is different from each other.
 このように、個別鍵は、暗号化された状態で、鍵発行機関からセキュリティモジュール10の製造メーカに供給される。 In this way, the individual key is supplied from the key issuing authority to the security module 10 manufacturer in an encrypted state.
 なお、暗号化ファイルは、例えば、ZIPファイルであり圧縮されているが、これに限定されない。 The encrypted file is, for example, a ZIP file and is compressed, but is not limited to this.
 次に、セキュリティモジュール10において、暗号化個別鍵14aを復号する方法について、図5を参照しながら説明する。図5は、暗号化個別鍵14aの復号方法を示すフローチャートである。 Next, the method of decrypting the encrypted individual key 14a in the security module 10 will be described with reference to FIG. FIG. 5 is a flow chart showing a method of decrypting the encrypted individual key 14a.
 上記でも説明したように、IoT家電機器1とクラウドシステム3とは、暗号化されたデータを送受信する。例えば、クラウドシステム3において公開鍵により暗号化されたデータをIoT家電機器1が取得した場合に、図5に示す処理が実行される。 As explained above, the IoT home appliance 1 and the cloud system 3 transmit and receive encrypted data. For example, when the IoT home appliance 1 acquires data encrypted with a public key in the cloud system 3, the process shown in FIG. 5 is executed.
 図5に示すように、制御部11は、マスタ鍵12aと個別値13aとに基づいて、暗号化個別鍵14aを復号するための鍵(鍵暗号化鍵)を導出する(S21)。そして、制御部11は、ステップS21で導出された鍵を用いて、暗号化個別鍵14aを復号する(S22)。つまり、制御部11は、ステップS21で導出された鍵と、暗号化個別鍵14aとに基づいて、個別鍵を生成する。言い換えると、制御部11は、鍵暗号化鍵を導出し、鍵暗号化鍵を使用して、暗号化個別鍵14aを復号することによって、個別鍵(秘密鍵)を取得する。なお、マスタ鍵12aと個別値13aとを用いた暗号化個別鍵14aの復号方法は、既知のいかなる方法が用いられてもよい。 As shown in FIG. 5, the control unit 11 derives a key (key encryption key) for decrypting the encrypted individual key 14a based on the master key 12a and the individual value 13a (S21). Then, the control unit 11 uses the key derived in step S21 to decrypt the encrypted individual key 14a (S22). That is, the control unit 11 generates an individual key based on the key derived in step S21 and the encrypted individual key 14a. In other words, the control unit 11 derives the key encryption key and uses the key encryption key to decrypt the encrypted individual key 14a, thereby obtaining the individual key (secret key). Any known method may be used to decrypt the encrypted individual key 14a using the master key 12a and the individual value 13a.
 これにより、制御部11は、クラウドシステム3から送信された暗号化された情報を、復号された個別鍵を用いて、復号することができる。 As a result, the control unit 11 can decrypt the encrypted information transmitted from the cloud system 3 using the decrypted individual key.
 [3.セキュリティモジュールの製造方法]
 続いて、上記のように構成されるセキュリティモジュール10の製造方法について、図6~図9を参照しながら説明する。図6は、本実施の形態に係るセキュリティモジュール10の製造方法の一例を示すフローチャートである。図6は、マスタ鍵12a、及び、マスタ鍵12aによって個別鍵が暗号化された暗号化個別鍵14aを保持するセキュリティモジュール10を製造する製造方法を示す。なお、以下では、IC15を、チップ15とも記載する。 [3. Security module manufacturing method]
Next, a method of manufacturing the security module 10 configured as described above will be described with reference to FIGS. 6 to 9. FIG. FIG. 6 is a flow chart showing an example of a method for manufacturing the security module 10 according to this embodiment. FIG. 6 shows a manufacturing method for manufacturing the security module 10 holding the master key 12a and the encrypted individual key 14a, which is the individual key encrypted by the master key 12a. Note that the IC 15 is also referred to as a chip 15 below.
 セキュリティモジュール10の製造メーカは、例えば、セキュアな記憶領域12及びノンセキュアな記憶領域13のそれぞれに、マスタ鍵12a及び個別値13aが記憶されていない状態のIC15(例えば、汎用MPU)をIC15の製造メーカから取得する。また、セキュリティモジュール10の製造メーカは、図4に示すような暗号化ファイル、及び、マスタ鍵12aを、鍵発行機関から取得する。 The manufacturer of the security module 10, for example, installs the IC 15 (for example, a general-purpose MPU) in a state in which the master key 12a and the individual value 13a are not stored in the secure storage area 12 and the non-secure storage area 13, respectively. Obtain from the manufacturer. Also, the manufacturer of the security module 10 acquires the encrypted file as shown in FIG. 4 and the master key 12a from the key issuing authority.
 つまり、本実施の形態に係るセキュリティモジュール10の製造工程において、鍵発行機関から取得したマスタ鍵12aをセキュアな記憶領域12に書き込む必要がある。マスタ鍵12aの漏洩は、セキュリティモジュール10の製造工程においても起こり得る。以下では、セキュリティモジュール10の製造工程において、マスタ鍵12aの漏洩を抑制することができるセキュリティモジュール10の製造方法について説明する。 In other words, it is necessary to write the master key 12a obtained from the key issuing authority into the secure storage area 12 in the manufacturing process of the security module 10 according to the present embodiment. Leakage of the master key 12 a may also occur during the manufacturing process of the security module 10 . A method of manufacturing the security module 10 capable of suppressing leakage of the master key 12a in the manufacturing process of the security module 10 will be described below.
 図6に示すように、まず、セキュリティモジュール10の製造方法では、チップ15(ICチップ)を取得する(S31)。例えば、作業者は、IC15を取得する。本実施の形態に係るセキュリティモジュール10の製造方法では、例えば、汎用MPUを取得する。なお、この時点で、チップ15(例えば、汎用MPU)には、マスタ鍵12a及び個別値13aの情報は記憶されていない。 As shown in FIG. 6, first, in the method of manufacturing the security module 10, the chip 15 (IC chip) is obtained (S31). For example, the worker acquires IC15. In the manufacturing method of the security module 10 according to this embodiment, for example, a general-purpose MPU is obtained. At this point, the information of the master key 12a and the individual value 13a is not stored in the chip 15 (for example, general-purpose MPU).
 次に、セキュリティモジュール10の製造方法では、ソケット治具を準備し(S32)、当該ソケット治具を用いて、チップ15単体の状態で、マスタ鍵12aを書き込む(S33)。例えば、作業者により、ソケット治具が準備され、チップ15単体の状態でマスタ鍵12aが書き込まれる。つまり、チップ15は、基板に実装されていない状態で、セキュアな記憶領域12にマスタ鍵12aが書き込まれる。 Next, in the method of manufacturing the security module 10, a socket jig is prepared (S32), and the master key 12a is written into the chip 15 alone using the socket jig (S33). For example, an operator prepares a socket jig and writes the master key 12a into the chip 15 alone. That is, the master key 12a is written in the secure storage area 12 while the chip 15 is not mounted on the board.
 チップ15単体の状態でマスタ鍵12aを書き込むことは、本実施の形態に係るセキュリティモジュール10の製造方法における要部である。チップ15単体は、取り扱いが簡便であるので、マスタ鍵12aの漏洩を抑制しつつ、基板に実装されたチップ15にマスタ鍵12aを書き込む場合に比べてマスタ鍵12aの書き込みに要する時間を短縮することができる。基板に実装されたチップ15は、チップ15単体に比べて、持ち運び等の取り扱いが煩雑となり、またより広い作業スペース等を要するためである。本実施の形態のように、必要最低限の作業スペースのみであれば、マスタ鍵12aの漏洩を抑制することは比較的容易である。 Writing the master key 12a in the state of the chip 15 alone is an important part of the manufacturing method of the security module 10 according to the present embodiment. Since the chip 15 alone is easy to handle, the time required for writing the master key 12a is shortened as compared with the case where the master key 12a is written in the chip 15 mounted on the substrate while suppressing the leakage of the master key 12a. be able to. This is because the chip 15 mounted on the substrate is more complicated to carry and handle than the single chip 15 and requires a wider working space. As in the present embodiment, it is relatively easy to suppress the leakage of the master key 12a if there is only a minimum necessary work space.
 ステップS32及びS33は、第1工程の一例である。第1工程は、セキュリティモジュール10に搭載されるチップ15内(IC15内)のセキュアな記憶領域12(1回のみ書き込み可能な記憶領域の一例)にマスタ鍵12aをチップ15単体の状態で書き込む工程であるとも言える。 Steps S32 and S33 are an example of the first step. The first step is to write the master key 12a in the state of the chip 15 alone in the secure storage area 12 (an example of a storage area that can be written only once) in the chip 15 (inside the IC 15) mounted on the security module 10. It can also be said that
 なお、ステップS32及びS33は、専用のセキュリティルームで実施されるとよい。つまり、ステップS31で取得されたチップ15は、一旦、専用のセキュリティルームに運ばれてもよい。専用のセキュリティルームは、セキュアな記憶領域12にマスタ鍵12aを書き込むための専用の空間(例えば、専用の部屋)であり、例えば、ステップS34以降の工程を行う空間とは隔離した空間である。例えば、ステップS34以降の工程は、セキュリティモジュール10を製造する製造ラインで行われ、ステップS32及びS33の工程は、製造ラインと隔離した専用のセキュリティルームで行われてもよい。 It should be noted that steps S32 and S33 are preferably performed in a dedicated security room. In other words, the chip 15 obtained in step S31 may be temporarily transported to a dedicated security room. The dedicated security room is a dedicated space (for example, a dedicated room) for writing the master key 12a to the secure storage area 12, and is a space isolated from the space where the processes after step S34 are performed, for example. For example, the processes after step S34 may be performed in a manufacturing line for manufacturing the security module 10, and the processes of steps S32 and S33 may be performed in a dedicated security room isolated from the manufacturing line.
 専用のセキュリティルームは、例えば、ステップS34以降の工程を行う空間とは壁等により仕切られていてもよい。また、専用のセキュリティルームに入退室する作業者は、監視カメラ、入退システム等により管理される。専用のセキュリティルームは、例えば、専用のセキュリティルーム内にいる作業者を把握可能な部屋である。 For example, the dedicated security room may be separated by a wall or the like from the space where the processes from step S34 onwards are performed. In addition, workers entering and exiting the dedicated security room are managed by surveillance cameras, an entry/exit system, and the like. A dedicated security room is, for example, a room in which a worker in the dedicated security room can be identified.
 また、専用のセキュリティルームに入退室可能な作業者は、予め登録されていてもよい。そして、登録されていない作業者が専用のセキュリティルームに入室した場合、アラーム等で報知してもよい。また、監視カメラ、入退システム等により、専用のセキュリティルーム内にいる作業者、及び、作業者の人数が管理されてもよい。例えば、所定の人数以上の作業者が専用のセキュリティルーム内にいる場合、アラーム等で報知してもよい。また、ソケット治具の専用のセキュリティルーム外への持ち出しも、管理されてもよい。例えば、ソケット治具が専用のセキュリティルーム外への持ち出された場合、アラーム等で報知してもよい。 In addition, workers who can enter and leave the dedicated security room may be registered in advance. When an unregistered worker enters a dedicated security room, an alarm or the like may be issued to notify the operator. In addition, the number of workers and the number of workers in a dedicated security room may be managed by monitoring cameras, an entry/exit system, and the like. For example, if more than a predetermined number of workers are present in a dedicated security room, an alarm or the like may be used to inform them. Also, taking the socket jig out of the dedicated security room may be managed. For example, when a socket jig is taken out of a dedicated security room, an alarm or the like may be used to inform the user.
 このように、専用のセキュリティルームでマスタ鍵12aの書き込みを行うことで、作業者、物(例えば、ソケット治具)等の管理を容易に行うことが可能となる。また、マスタ鍵12aをIC15単体の状態で書き込むので、専用のセキュリティルームは、省スペースですむ。 In this way, by writing the master key 12a in a dedicated security room, it becomes possible to easily manage workers, objects (for example, socket jigs), and the like. Also, since the master key 12a is written in the state of the IC 15 alone, the dedicated security room can be saved in space.
 ここで、ソケット治具、及び、チップ15にマスタ鍵12aを書き込む手順について、図7及び図8を参照しながら説明する。図7は、本実施の形態に係るソケット治具20の構成を示す図である。 Here, the procedure for writing the master key 12a to the socket jig and the chip 15 will be described with reference to FIGS. 7 and 8. FIG. FIG. 7 is a diagram showing the configuration of the socket jig 20 according to this embodiment.
 図7に示すように、ソケット治具20は、チップ15単体の状態、つまりチップ15を基板に実装していない状態で、マスタ鍵12aをチップ15に書き込むための治具である。ソケット治具20は、3つの書き込み部30と電源部40とを有する。なお、ソケット治具20が有する書き込み部30の数は1以上であれば特に限定されない。 As shown in FIG. 7, the socket jig 20 is a jig for writing the master key 12a to the chip 15 in the state of the chip 15 alone, that is, in the state in which the chip 15 is not mounted on the substrate. The socket jig 20 has three writing units 30 and a power supply unit 40 . Note that the number of writing units 30 included in the socket jig 20 is not particularly limited as long as it is one or more.
 書き込み部30は、チップ15にマスタ鍵12aを書き込むための構成部であり、フラッシュメモリ31と、ソケット32と、発光部33とを有する。 The writing unit 30 is a component for writing the master key 12a to the chip 15, and has a flash memory 31, a socket 32, and a light emitting unit 33.
 フラッシュメモリ31には、チップ15にマスタ鍵12aを書き込むための書き込み用のファームウェア(例えば、OTP書き込み用のファームウェア)が記憶されている。例えば、フラッシュメモリ31に、マスタ鍵12aも記憶されている。複数の書き込み部30のそれぞれにおいて、同じファームウェアがフラッシュメモリ31に記憶されている。 The flash memory 31 stores write firmware (for example, OTP write firmware) for writing the master key 12a to the chip 15 . For example, the flash memory 31 also stores the master key 12a. The same firmware is stored in the flash memory 31 in each of the plurality of writing units 30 .
 ソケット32は、チップ15を配置する場所であり、チップ15の端子(ピン)に応じた凹部が複数形成されている。ソケット32に配置されたチップ15は、フラッシュメモリ31及び発光部33のそれぞれと電気的に接続される。 The socket 32 is a place where the chip 15 is arranged, and has a plurality of recesses corresponding to the terminals (pins) of the chip 15 . The chip 15 placed in the socket 32 is electrically connected to each of the flash memory 31 and the light emitter 33 .
 発光部33は、例えば、LED(Light Emitting Diode)等の発光素子であり、マスタ鍵12aの書き込み状態を発光態様により作業者に通知する。発光態様は、例えば、発光色、発光の有無、発光間隔等を異ならせることであってもよい。 The light emitting unit 33 is, for example, a light emitting element such as an LED (Light Emitting Diode), and notifies the operator of the writing state of the master key 12a in a light emitting manner. The light emission mode may be, for example, different emission colors, presence/absence of light emission, light emission intervals, and the like.
 電源部40は、チップ15、発光部33等を動作させるための電源を供給する。 The power supply unit 40 supplies power for operating the chip 15, the light emitting unit 33, and the like.
 図8は、本実施の形態に係るマスタ鍵12aをチップ15に書き込む制御手順を示す表である。図8は、図6に示すステップS33の詳細の一例を示す。ソケット治具20のソケット32に配置されたチップ15上で、フラッシュメモリ31に記憶された書き込み用のファームウェアが実行されることで、図8に示す処理が実行される。図8は、書き込み用のファームウェアの内容を示すとも言える。なお、図8に示すNo.は処理順を示す。また、図8に示す内容は、抜粋した内容であり、他の処理が含まれていてもよい。 FIG. 8 is a table showing a control procedure for writing the master key 12a to the chip 15 according to this embodiment. FIG. 8 shows an example of details of step S33 shown in FIG. The processing shown in FIG. 8 is executed by executing the write firmware stored in the flash memory 31 on the chip 15 arranged in the socket 32 of the socket jig 20 . It can be said that FIG. 8 shows the contents of the firmware for writing. In addition, No. shown in FIG. indicates the processing order. Also, the contents shown in FIG. 8 are excerpted contents, and other processes may be included.
 図8に示すように、まず、チップ15は、リアルタイムOS(Operating System)を起動する。このとき、例えば、「Secure Boot」は、OFFであってもよい。 As shown in FIG. 8, the chip 15 first activates a real-time OS (Operating System). At this time, for example, "Secure Boot" may be OFF.
 次に、チップ15は、第1のGPIO(General-Purpose Input/Output)に通電する。第1のGPIOは、発光部33に接続されるピン(端子)である。これにより、処理開始を示す発光態様で発光部33(例えば、LED)を発光させることができるので、作業者にマスタ鍵12aの書き込み処理の開始を通知することができる。 Next, the chip 15 energizes the first GPIO (General-Purpose Input/Output). The first GPIO is a pin (terminal) connected to the light emitting unit 33 . As a result, the light-emitting unit 33 (for example, an LED) can be caused to emit light in a light-emitting mode indicating the start of processing, so that the operator can be notified of the start of the write processing of the master key 12a.
 次に、チップ15は、マスタ鍵12aを書き込む。具体的には、マスタ鍵12aをチップ15内のセキュアな記憶領域12(例えば、セキュアなeFuse)に書き込む。このように、チップ15上で書き込み用のファームウェアが実行されることで、マスタ鍵12aが自動でチップ15内のセキュアな記憶領域12に書き込まれる。 Next, the chip 15 writes the master key 12a. Specifically, the master key 12a is written into a secure storage area 12 (eg, secure eFuse) within the chip 15 . By executing the write firmware on the chip 15 in this way, the master key 12 a is automatically written to the secure storage area 12 in the chip 15 .
 次に、チップ15は、書き込まれたマスタ鍵12aを確認する。つまり、チップ15は、書き込まれたマスタ鍵12aが正しいマスタ鍵であるか否かを判定する。チップ15は、例えば、セキュアな記憶領域12に書き込まれたマスタ鍵12aと、書き込む対象のマスタ鍵12a(例えば、フラッシュメモリ31に記憶されているマスタ鍵)とが一致しているか否かを確認することにより、当該判定を行う。 Next, the chip 15 confirms the written master key 12a. That is, the chip 15 determines whether the written master key 12a is a correct master key. The chip 15, for example, confirms whether the master key 12a written in the secure storage area 12 and the master key 12a to be written (for example, the master key stored in the flash memory 31) match. By doing so, the determination is made.
 次に、チップ15は、書き込まれたマスタ鍵12aが正しい場合(書き込む対象のマスタ鍵12aと一致する場合)、マスタ鍵12aをロックする。チップ15は、eFuseのロック機能をオンにする。チップ15は、例えば、「Secure Boot」を、ONにする。これにより、ノンセキュアゾーンから、マスタ鍵12aを読み出すことが禁止される。 Next, if the written master key 12a is correct (if it matches the master key 12a to be written), the chip 15 locks the master key 12a. Chip 15 turns on the locking function of the eFuse. The chip 15, for example, turns on "Secure Boot". This prohibits reading the master key 12a from the non-secure zone.
 このように、第1工程では、ノンセキュアゾーンにおける処理においてマスタ鍵12aの読み出しを禁止するロック機能がオンされてもよい。 Thus, in the first step, a lock function that prohibits reading of the master key 12a during processing in the non-secure zone may be turned on.
 次に、チップ15は、第2のGPIOに通電する。第2のGPIOは、発光部33に接続されるピン(端子)であって、第1のGPIOとは異なるピンである。これにより、書き込み処理が正常に終了した処理正常終了を示す発光態様で発光部33(例えば、LED)を発光させることができるので、作業者にマスタ鍵12aの書き込み処理が正常に行われたことを通知することができる。 Next, the chip 15 energizes the second GPIO. The second GPIO is a pin (terminal) connected to the light emitting unit 33 and is a different pin from the first GPIO. As a result, the light emitting unit 33 (e.g., LED) can be caused to emit light in a light emission mode indicating that the writing process has been completed normally, so that the operator can be notified that the writing process of the master key 12a has been performed normally. can be notified.
 次に、チップ15は、第1のGPIOの通電を解除する。これにより、チップ15は、マスタ鍵12aの書き込み処理の終了にともなって、発光部33(例えば、LED)を消灯させることができる。 Next, the chip 15 de-energizes the first GPIO. As a result, the chip 15 can turn off the light emitting section 33 (for example, an LED) upon completion of the writing process of the master key 12a.
 上記の制御手順により、チップ15単体の状態で、マスタ鍵12aを当該チップ15に書き込むことができる。そして、マスタ鍵12aが書き込まれたチップ15は、専用のセキュリティルームからセキュリティモジュール10の製造ラインに運び出される。 According to the above control procedure, the master key 12a can be written to the chip 15 in the state of the chip 15 alone. Then, the chip 15 in which the master key 12a is written is transported from the dedicated security room to the production line of the security module 10. FIG.
 図6を再び参照して、次に、セキュリティモジュール10の製造方法では、フラッシュメモリ14に機器(例えば、家電製品)に対応するファームウェア(機器用のファームウェア)を書き込む(S34)。このとき、フラッシュメモリ14には、フラッシュメモリ14に記憶された個別値13aをチップ15のノンセキュアな記憶領域13に書き込むための書き込み用のファームウェアも書き込まれてもよい。例えば、ステップS34では、フラッシュメモリ14単体の状態、つまりフラッシュメモリ14が基板に実装されていない状態で、個別値13aをチップ15の記憶領域(例えば、ノンセキュアな記憶領域13)に書き込むためのファームウェアが当該フラッシュメモリ14に書き込まれてもよい。ステップS34は、第4工程の一例である。 Referring back to FIG. 6, next, in the method for manufacturing the security module 10, firmware (firmware for the device) corresponding to the device (for example, home appliance) is written into the flash memory 14 (S34). At this time, write firmware for writing the individual values 13 a stored in the flash memory 14 to the non-secure storage area 13 of the chip 15 may also be written in the flash memory 14 . For example, in step S34, in the state of the flash memory 14 alone, that is, in the state where the flash memory 14 is not mounted on the substrate, the individual value 13a is written to the storage area of the chip 15 (for example, the non-secure storage area 13). Firmware may be written to the flash memory 14 . Step S34 is an example of the fourth step.
 そして、最初に電源が供給されたときに、機器用のファームウェア及び書き込み用のファームウェアのうち書き込み用のファームウェアが実行されるように設定される。 Then, when the power is supplied for the first time, the firmware for writing out of the firmware for the device and the firmware for writing is set to be executed.
 なお、フラッシュメモリ14にファームウェアを書き込むには、例えば、ギャングライタ(Gang Writer)と呼ばれる書き込み装置等が用いられるが、これに限定されない。 A writing device called a Gang Writer, for example, is used to write the firmware to the flash memory 14, but it is not limited to this.
 次に、セキュリティモジュール10の製造方法では、フラッシュメモリ14に暗号化個別鍵14a、及び、個別値13aを書き込む(S35)。ステップS35は、例えば、フラッシュメモリ14単体の状態で行われる。ステップS35の書き込みも、例えば、ギャングライタ等が用いられるが、これに限定されない。 Next, in the method for manufacturing the security module 10, the encrypted individual key 14a and the individual value 13a are written into the flash memory 14 (S35). Step S35 is performed, for example, in the state of the flash memory 14 alone. Writing in step S35 also uses, for example, a gang writer or the like, but is not limited to this.
 ステップS35は、第2工程の一例である。第2工程は、チップ15とともに基板に実装されるフラッシュメモリ14であって複数回の書き込みが可能なフラッシュメモリ14に暗号化個別鍵14a、及び、個別値13aを書き込む工程であるとも言える。なお、ステップS35では、少なくとも暗号化個別鍵14aがフラッシュメモリ14に書き込まれる。 Step S35 is an example of the second step. The second step can also be said to be a step of writing the encrypted individual key 14a and the individual value 13a into the flash memory 14 mounted on the substrate together with the chip 15 and capable of being written multiple times. Note that at least the encrypted individual key 14a is written to the flash memory 14 in step S35.
 次に、セキュリティモジュール10の製造方法では、チップ15、及び、フラッシュメモリ14をモジュールに組み込む(S36)。例えば、チップ15、及び、フラッシュメモリ14が基板に実装される。なお、基板には、アンテナ等の他の部品も実装される。 Next, in the method of manufacturing the security module 10, the chip 15 and flash memory 14 are incorporated into the module (S36). For example, chip 15 and flash memory 14 are mounted on the substrate. Note that other components such as an antenna are also mounted on the substrate.
 ステップS36では、少なくとも暗号化個別鍵14aが書き込まれたフラッシュメモリ14が基板に実装される。本実施の形態では、暗号化個別鍵14a及び個別値13aが書き込まれたフラッシュメモリ14が基板に実装される。 In step S36, the flash memory 14 in which at least the encrypted individual key 14a is written is mounted on the board. In this embodiment, a flash memory 14 in which an encrypted individual key 14a and an individual value 13a are written is mounted on a substrate.
 次に、モジュールに組み込まれたチップ15に電力を供給して、フラッシュメモリ14に記憶されている書き込み用のファームウェアを実行させる。当該ファームウェアが実行されることで、フラッシュメモリ14に記憶されている個別値13aが、チップ15のノンセキュアな記憶領域13に書き込まれる(S37)。このように、個別値13aは、フラッシュメモリ14等のチップ15外部の記憶装置から取得される。ステップS37は、第3工程の一例である。第3工程は、フラッシュメモリ14に書き込まれた個別値13aをチップ15の記憶領域(例えば、ノンセキュアな記憶領域13)に書き込む工程であるとも言える。 Next, power is supplied to the chip 15 incorporated in the module to execute the write firmware stored in the flash memory 14 . By executing the firmware, the individual value 13a stored in the flash memory 14 is written to the non-secure storage area 13 of the chip 15 (S37). Thus, the individual value 13a is obtained from a storage device outside the chip 15, such as the flash memory 14 or the like. Step S37 is an example of the third step. The third step can also be said to be a step of writing the individual value 13a written in the flash memory 14 to the storage area of the chip 15 (for example, the non-secure storage area 13).
 なお、個別値13aは、フラッシュメモリ14を介してノンセキュアな記憶領域13に書き込まれることに限定されず、他の記憶装置を介して書き込まれてもよい。例えば、個別値13aは、シリアルポートを介してモジュール上のRAM(Random Access Memory)等に記憶され、当該RAMを介してノンセキュアな記憶領域13に書き込まれてもよい。 Note that the individual value 13a is not limited to being written to the non-secure storage area 13 via the flash memory 14, and may be written via another storage device. For example, the individual value 13a may be stored in a RAM (Random Access Memory) or the like on the module via a serial port, and written to the non-secure storage area 13 via the RAM.
 なお、チップ15のノンセキュアな記憶領域13に個別値13aが書き込まれた後、フラッシュメモリ14に書き込まれている個別値13aは、削除されてもよい。つまり、セキュリティモジュール10の製造方法は、フラッシュメモリ14に書き込まれている個別値13aを削除する工程(第5工程の一例)をさらに含んでいてもよい。 After the individual value 13a is written to the non-secure storage area 13 of the chip 15, the individual value 13a written to the flash memory 14 may be deleted. That is, the method of manufacturing the security module 10 may further include a step of deleting the individual value 13a written in the flash memory 14 (an example of the fifth step).
 上記のように、本実施の形態に係るセキュリティモジュール10の製造方法では、マスタ鍵12aは、セキュアな記憶領域12(セキュアゾーン内にある記憶領域の一例)に書き込まれ、暗号化個別鍵14aは、フラッシュメモリ14(ノンセキュアゾーン内にある記憶領域の一例)に書き込まれる。 As described above, in the method of manufacturing the security module 10 according to the present embodiment, the master key 12a is written in the secure storage area 12 (an example of a storage area within the secure zone), and the encrypted individual key 14a is , is written to the flash memory 14 (an example of a storage area in the non-secure zone).
 なお、セキュリティモジュール10の製造方法は、図6に示す製造方法に限定されない。セキュリティモジュール10の製造方法の他の例について、図9を参照しながら説明する。図9は、本実施の形態に係るセキュリティモジュール10の製造方法の他の一例を示すフローチャートである。図9に示すフローチャートは、ステップS35及びS36の順序が入れ替わっている点において、図6に示すフローチャートと相違する。以下、図6との相違点を中心に説明する。 The manufacturing method of the security module 10 is not limited to the manufacturing method shown in FIG. Another example of the method of manufacturing the security module 10 will be described with reference to FIG. FIG. 9 is a flow chart showing another example of the method for manufacturing the security module 10 according to this embodiment. The flowchart shown in FIG. 9 differs from the flowchart shown in FIG. 6 in that the order of steps S35 and S36 is changed. The following description focuses on the differences from FIG.
 図9に示すように、セキュリティモジュール10の製造方法では、フラッシュメモリ14に機器に対応するファームウェアを書き込んだ(S34)後、チップ15及びフラッシュメモリ14をモジュールに組み込む(S36)。つまり、フラッシュメモリ14は、ファームウェア、並びに、暗号化個別鍵14a及び個別値13aのうち、ファームウェアのみが書き込まれた状態で、モジュールに組み込まれる。フラッシュメモリ14は、他のフラッシュメモリ14にも共通で書き込まれる情報が書き込まれた状態で、モジュールに組み込まれるとも言える。 As shown in FIG. 9, in the method of manufacturing the security module 10, after writing firmware corresponding to the device into the flash memory 14 (S34), the chip 15 and the flash memory 14 are incorporated into the module (S36). That is, the flash memory 14 is incorporated into the module in a state in which only the firmware out of the firmware and the encrypted individual key 14a and the individual value 13a is written. It can also be said that the flash memory 14 is incorporated into a module in a state in which information written in common to other flash memories 14 is written.
 なお、このとき、フラッシュメモリ14には、フラッシュメモリ14に記憶された個別値13aをチップ15のノンセキュアな記憶領域13に書き込むための書き込み用のファームウェアも書き込まれる。 At this time, write firmware for writing the individual value 13 a stored in the flash memory 14 to the non-secure storage area 13 of the chip 15 is also written to the flash memory 14 .
 次に、セキュリティモジュール10の製造方法では、モジュールに組み込まれたフラッシュメモリ14に暗号化個別鍵14a及び個別値13aが書き込まれる(S35)。暗号化個別鍵14a及び個別値13aのフラッシュメモリ14への書き込みは、例えば、PC(Personal Computer)を用いて行われる。例えば、PCとフラッシュメモリ14とを専用のコネクタ等を介して接続することで暗号化個別鍵14a及び個別値13aがフラッシュメモリ14に書き込まれる。 Next, in the method of manufacturing the security module 10, the encrypted individual key 14a and the individual value 13a are written into the flash memory 14 incorporated in the module (S35). Writing the encrypted individual key 14a and the individual value 13a to the flash memory 14 is performed using, for example, a PC (Personal Computer). For example, the encrypted individual key 14a and the individual value 13a are written into the flash memory 14 by connecting the PC and the flash memory 14 via a dedicated connector or the like.
 ステップS35は、第2工程の一例である。第2工程は、フラッシュメモリ14が基板に実装された状態で行われてもよい。 Step S35 is an example of the second step. The second step may be performed with the flash memory 14 mounted on the substrate.
 次に、図6と同様、ファームウェアが実行されることで、フラッシュメモリ14に記憶されている個別値13aが、チップ15のノンセキュアな記憶領域13に書き込まれる(S37)。 Next, as in FIG. 6, the firmware is executed to write the individual value 13a stored in the flash memory 14 to the non-secure storage area 13 of the chip 15 (S37).
 このようなセキュリティモジュール10の製造方法は、例えば、ギャングライタが、複数のフラッシュメモリ14のそれぞれに互いに異なる情報(例えば、互いに異なる個別値13a)を書き込む機能を有していない場合に有効である。 Such a method for manufacturing the security module 10 is effective, for example, when the gang writer does not have the function of writing mutually different information (for example, mutually different individual values 13a) into each of the plurality of flash memories 14. .
 (その他の実施の形態)
 以上、一つ又は複数の態様に係るセキュリティモジュールの製造方法について、実施の形態に基づいて説明したが、本開示は、この各実施の形態に限定されるものではない。本開示の趣旨を逸脱しない限り、当業者が思いつく各種変形を本実施の形態に施したものや、異なる実施の形態における構成要素を組み合わせて構築される形態も、本開示に含まれてもよい。 (Other embodiments)
Although the method for manufacturing a security module according to one or more aspects has been described above based on the embodiments, the present disclosure is not limited to these embodiments. As long as it does not deviate from the spirit of the present disclosure, the present disclosure may include various modifications that a person skilled in the art can come up with, and a configuration constructed by combining the components of different embodiments. .
 例えば、上記実施の形態におけるセキュリティモジュールの製造方法は、各工程が作業者により行われてもよいし、一部が自動で行われてもよい。 For example, in the security module manufacturing method in the above embodiment, each step may be performed by an operator, or a part thereof may be performed automatically.
 また、上記実施の形態等において、各構成要素は、専用のハードウェアで構成されるか、各構成要素に適したソフトウェアプログラムを実行することによって実現されてもよい。各構成要素は、CPU又はプロセッサなどのプログラム実行部が、ハードディスク又は半導体メモリなどの記録媒体に記録されたソフトウェアプログラムを読み出して実行することによって実現されてもよい。 In addition, in the above embodiments and the like, each component may be configured with dedicated hardware or implemented by executing a software program suitable for each component. Each component may be realized by reading and executing a software program recorded in a recording medium such as a hard disk or a semiconductor memory by a program execution unit such as a CPU or processor.
 また、ブロック図における機能ブロックの分割は一例であり、複数の機能ブロックを一つの機能ブロックとして実現したり、一つの機能ブロックを複数に分割したり、一部の機能を他の機能ブロックに移してもよい。また、類似する機能を有する複数の機能ブロックの機能を単一のハードウェア又はソフトウェアが並列又は時分割に処理してもよい。 Also, the division of functional blocks in the block diagram is an example, and a plurality of functional blocks can be realized as one functional block, one functional block can be divided into a plurality of functional blocks, and some functions can be moved to other functional blocks. may Moreover, single hardware or software may process the functions of a plurality of functional blocks having similar functions in parallel or in a time-sharing manner.
 また、上記実施の形態等で説明した各構成要素は、ソフトウェアとして実現されても良いし、典型的には、集積回路であるLSIとして実現されてもよい。これらは、個別に1チップ化されてもよいし、一部又は全てを含むように1チップ化されてもよい。ここでは、LSIとしたが、集積度の違いにより、IC、システムLSI、スーパーLSI、ウルトラLSIと呼称されることもある。また、集積回路化の手法はLSIに限るものではなく、専用回路又は汎用プロセッサで実現してもよい。LSI製造後に、プログラムすることが可能なFPGA(Field Programmable Gate Array)又は、LSI内部の回路セルの接続若しくは設定を再構成可能なリコンフィギュラブル・プロセッサを利用してもよい。更には、半導体技術の進歩又は派生する別技術によりLSIに置き換わる集積回路化の技術が登場すれば、当然、その技術を用いて構成要素の集積化を行ってもよい。 Also, each component described in the above embodiments and the like may be realized as software, or typically as an LSI, which is an integrated circuit. These may be made into one chip individually, or may be made into one chip so as to include part or all of them. Although LSI is used here, it may also be called IC, system LSI, super LSI, or ultra LSI depending on the degree of integration. Also, the method of circuit integration is not limited to LSI, and may be realized by a dedicated circuit or a general-purpose processor. An FPGA (Field Programmable Gate Array) that can be programmed after the LSI is manufactured, or a reconfigurable processor that can reconfigure the connections or settings of the circuit cells inside the LSI may be used. Furthermore, if an integrated circuit technology that replaces the LSI appears due to advances in semiconductor technology or another technology derived from it, the component may naturally be integrated using that technology.
 システムLSIは、複数の処理部を1個のチップ上に集積して製造された超多機能LSIであり、具体的には、マイクロプロセッサ、ROM(Read Only Memory)、RAMなどを含んで構成されるコンピュータシステムである。ROMには、コンピュータプログラムが記憶されている。マイクロプロセッサが、コンピュータプログラムに従って動作することにより、システムLSIは、その機能を達成する。 A system LSI is a multi-functional LSI manufactured by integrating multiple processing units on a single chip. Specifically, it includes a microprocessor, ROM (Read Only Memory), RAM, etc. It is a computer system that A computer program is stored in the ROM. The system LSI achieves its functions by the microprocessor operating according to the computer program.
 また、本開示の一態様は、図6、図8又は図9に示されるセキュリティモジュールの製造方法に含まれる特徴的な各ステップの少なくとも1つをコンピュータに実行させるコンピュータプログラムであってもよい。 Also, one aspect of the present disclosure may be a computer program that causes a computer to execute at least one of the characteristic steps included in the security module manufacturing method shown in FIG. 6, FIG. 8, or FIG.
 また、例えば、プログラムは、コンピュータに実行させるためのプログラムであってもよい。また、本開示の一態様は、そのようなプログラムが記録された、コンピュータ読み取り可能な非一時的な記録媒体であってもよい。例えば、そのようなプログラムを記録媒体に記録して頒布又は流通させてもよい。例えば、頒布されたプログラムを、他のプロセッサを有する装置にインストールして、そのプログラムをそのプロセッサに実行させることで、その装置に、上記各処理を行わせることが可能となる。 Also, for example, the program may be a program to be executed by a computer. Also, one aspect of the present disclosure may be a computer-readable non-transitory recording medium on which such a program is recorded. For example, such a program may be recorded on a recording medium and distributed or distributed. For example, by installing the distributed program in a device having another processor and causing the processor to execute the program, it is possible to cause the device to perform the above processes.
 また、上記実施の形態で説明したセキュリティモジュールの製造方法における各工程の順序は、入れ替えられてもよい。また、上記実施の形態で説明したセキュリティモジュールの製造方法における各工程は、1つの工程で実施されてもよいし、別々の工程で実施されてもよい。なお、1つの工程で実施されるとは、各工程が1つの装置を用いて実施される、各工程が連続して実施される、又は、各工程が同じ場所で実施されることを含む意図である。また、別々の工程とは、各工程が別々の装置を用いて実施される、各工程が異なる時間(例えば、異なる日)に実施される、又は、各工程が異なる場所で実施されることを含む意図である。 Also, the order of each step in the security module manufacturing method described in the above embodiments may be changed. Further, each step in the security module manufacturing method described in the above embodiment may be performed in one step or in separate steps. It should be noted that "performed in one step" means that each step is performed using one device, each step is performed continuously, or each step is performed at the same place. is. In addition, separate steps mean that each step is performed using separate equipment, each step is performed at different times (for example, different days), or each step is performed at different locations. intended to include
 なお、これらの全般的又は具体的な態様は、システム、方法、集積回路、コンピュータプログラム又はコンピュータで読み取り可能なCD-ROM等の非一時的記録媒体で実現されてもよく、システム、方法、集積回路、コンピュータプログラム又は記録媒体の任意な組み合わせで実現されてもよい。プログラムは、記録媒体に予め記憶されていてもよいし、インターネット等を含む広域通信網を介して記録媒体に供給されてもよい。 In addition, these general or specific aspects may be realized by a system, method, integrated circuit, computer program, or non-transitory recording medium such as a computer-readable CD-ROM. It may be realized by any combination of circuits, computer programs or recording media. The program may be pre-stored in a recording medium, or may be supplied to the recording medium via a wide area network including the Internet.
 本開示は、セキュリティモジュールの製造に有用である。 The present disclosure is useful for manufacturing security modules.
 1  IoT家電機器
 2  インターネット
 3  クラウドシステム
 10  セキュリティモジュール
 11  制御部
 12  セキュアな記憶領域
 12a  マスタ鍵
 13  ノンセキュアな記憶領域
 13a  個別値
 14、31  フラッシュメモリ
 14a  暗号化個別鍵
 15  チップ(IC)
 20  ソケット治具
 30  書き込み部
 32  ソケット
 33  発光部
 40  電源部 1 IoT Home Appliance 2 Internet 3 Cloud System 10 Security Module 11 Control Unit 12 Secure Storage Area 12a Master Key 13 Non-Secure Storage Area 13a Individual Value 14, 31 Flash Memory 14a Encryption Individual Key 15 Chip (IC)
20 socket jig 30 writing unit 32 socket 33 light emitting unit 40 power supply unit

Claims (10)

  1.  マスタ鍵、及び、前記マスタ鍵によって個別鍵が暗号化された暗号化個別鍵を保持するセキュリティモジュールを製造する製造方法であって、
     前記セキュリティモジュールに搭載されるIC(Integrated Circuit)内の1回のみ書き込み可能な記憶領域に前記マスタ鍵を前記IC単体の状態で書き込む第1工程と、
     前記ICとともに基板に実装されるメモリであって複数回の書き込みが可能なメモリに前記暗号化個別鍵を書き込む第2工程とを含む
     セキュリティモジュールの製造方法。     A manufacturing method for manufacturing a security module holding a master key and an encrypted individual key obtained by encrypting the individual key with the master key,
    a first step of writing the master key in a single writable storage area in an IC (Integrated Circuit) mounted on the security module;
    and a second step of writing the encrypted individual key into a memory mounted on a board together with the IC and capable of being written multiple times.
  2.  前記第2工程は、前記セキュリティモジュールを製造する製造ラインで行われ、
     前記第1工程は、前記製造ラインとは隔離した専用のセキュリティルームで行われる
     請求項1に記載のセキュリティモジュールの製造方法。     The second step is performed on a production line that manufactures the security module,
    2. The method of manufacturing a security module according to claim 1, wherein said first step is performed in a dedicated security room isolated from said manufacturing line.
  3.  前記第2工程は、前記メモリ単体の状態で行われ、
     前記暗号化個別鍵が書き込まれた前記メモリが前記基板に実装される
     請求項1又は2に記載のセキュリティモジュールの製造方法。     The second step is performed in the state of the memory alone,
    3. The method of manufacturing a security module according to claim 1, wherein the memory in which the individual encryption key is written is mounted on the board.
  4.  前記第2工程は、前記メモリが前記基板に実装された状態で行われる
     請求項1又は2に記載のセキュリティモジュールの製造方法。     3. The method of manufacturing a security module according to claim 1, wherein the second step is performed with the memory mounted on the substrate.
  5.  前記暗号化個別鍵は、さらに前記セキュリティモジュールに固有の個別値を用いて暗号化されており、
     前記第2工程では、さらに前記個別値を前記メモリに書き込み、
     前記メモリに書き込まれた前記個別値を前記ICの前記記憶領域に書き込む第3工程をさらに含む
     請求項1~4のいずれか1項に記載のセキュリティモジュールの製造方法。     The encrypted individual key is further encrypted using an individual value unique to the security module,
    In the second step, further writing the individual value to the memory;
    5. The method of manufacturing a security module according to any one of claims 1 to 4, further comprising a third step of writing said individual value written in said memory into said memory area of said IC.
  6.  前記個別値を前記ICの前記記憶領域に書き込むためのファームウェアを前記メモリに書き込む第4工程をさらに含む
     請求項5に記載のセキュリティモジュールの製造方法。     6. The method of manufacturing a security module according to claim 5, further comprising a fourth step of writing firmware into said memory for writing said individual value into said storage area of said IC.
  7.  前記第4工程は、前記メモリ単体の状態で行われ、
     前記暗号化個別鍵及び前記個別値が書き込まれた前記メモリが前記基板に実装される
     請求項6に記載のセキュリティモジュールの製造方法。     The fourth step is performed in the state of the memory alone,
    7. The method of manufacturing a security module according to claim 6, wherein the memory in which the encrypted individual key and the individual value are written is mounted on the board.
  8.  さらに、前記第3工程の後に、前記メモリに書き込まれている前記個別値を削除する第5工程を含む
     請求項5~7のいずれか1項に記載のセキュリティモジュールの製造方法。     8. The method of manufacturing a security module according to any one of claims 5 to 7, further comprising a fifth step of deleting said individual value written in said memory after said third step.
  9.  前記ICは、セキュアゾーンと、ノンセキュアゾーンとを有し、
     前記マスタ鍵は、前記セキュアゾーン内にある記憶領域に書き込まれ、
     前記暗号化個別鍵は、前記ノンセキュアゾーン内にある記憶領域に書き込まれる
     請求項1~8のいずれか1項に記載のセキュリティモジュールの製造方法。     The IC has a secure zone and a non-secure zone,
    the master key is written to a storage area within the secure zone;
    The security module manufacturing method according to any one of claims 1 to 8, wherein the encrypted individual key is written in a storage area within the non-secure zone.
  10.  前記第1工程では、さらに、前記ノンセキュアゾーンにおける処理において前記マスタ鍵の読み出しを禁止するロック機能をオンにする
     請求項9に記載のセキュリティモジュールの製造方法。     10. The method of manufacturing a security module according to claim 9, wherein in the first step, a lock function that prohibits reading of the master key is turned on during processing in the non-secure zone.
PCT/JP2022/011002 2021-06-14 2022-03-11 Method for manufacturing security module WO2022264564A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202280040740.0A CN117426066A (en) 2021-06-14 2022-03-11 Method for producing a security module
JP2023529549A JPWO2022264564A1 (en) 2021-06-14 2022-03-11

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2021-098967 2021-06-14
JP2021098967 2021-06-14

Publications (1)

Publication Number Publication Date
WO2022264564A1 true WO2022264564A1 (en) 2022-12-22

Family

ID=84526125

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/011002 WO2022264564A1 (en) 2021-06-14 2022-03-11 Method for manufacturing security module

Country Status (3)

Country Link
JP (1) JPWO2022264564A1 (en)
CN (1) CN117426066A (en)
WO (1) WO2022264564A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060289658A1 (en) * 2003-09-04 2006-12-28 Infineon Technologies Ag Processor circuit and method of allocating a logic chip to a memory chip
JP2017034646A (en) * 2015-08-05 2017-02-09 Kddi株式会社 Management device, management system, key generating device, key generating system, key management system, vehicle, management method, key generating method, and computer program
US20200110888A1 (en) * 2018-10-04 2020-04-09 Samsung Electronics Co., Ltd. Device and method of provisioning secure information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060289658A1 (en) * 2003-09-04 2006-12-28 Infineon Technologies Ag Processor circuit and method of allocating a logic chip to a memory chip
JP2017034646A (en) * 2015-08-05 2017-02-09 Kddi株式会社 Management device, management system, key generating device, key generating system, key management system, vehicle, management method, key generating method, and computer program
US20200110888A1 (en) * 2018-10-04 2020-04-09 Samsung Electronics Co., Ltd. Device and method of provisioning secure information

Also Published As

Publication number Publication date
CN117426066A (en) 2024-01-19
JPWO2022264564A1 (en) 2022-12-22

Similar Documents

Publication Publication Date Title
US11533187B2 (en) Device birth certificate
TWI741041B (en) Unified programming environment for programmable devices
TWI744373B (en) Embedding foundational root of trust using security algorithms
US10496811B2 (en) Counterfeit prevention
CN106537407B (en) Root of trust
RU2695487C1 (en) Method and system for interaction of devices of the internet of things (iot)
TWI817930B (en) Device programming system with device authentication
US8572410B1 (en) Virtualized protected storage
US8843764B2 (en) Secure software and hardware association technique
US9268971B2 (en) Secure processor supporting multiple security functions
US10110380B2 (en) Secure dynamic on chip key programming
US20150095652A1 (en) Encryption and decryption processing method, apparatus, and device
JP2012532387A (en) System and method for managing electronic assets
WO2010116618A1 (en) Key implementation system
TW201820818A (en) Method and device for configuring terminal master key
KR101859606B1 (en) Key management device
WO2022264564A1 (en) Method for manufacturing security module
WO2019057612A1 (en) Distributed deployment of unique firmware
EP2575068A1 (en) System and method for providing hardware-based security
JP2019125147A (en) Control unit, and method and program for writing data
US8943327B2 (en) Apparatus and method to enable operation between a main assembly and a sub-assembly that are cryptographically related
CN115694805A (en) Electronic device, integrated circuit design and manufacturing method and product operation method
CN117852105A (en) Chip security management method, device, terminal and medium based on hardware enhancement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22824563

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023529549

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE