JP2010033121A - Storage device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a storage device for properly preventing unauthorized copy. <P>SOLUTION: This storage device includes: a memory 100 for storing data D; an initial address check part 205 for deciding whether or not an initial address in starting the reading of the memory 100 is matched with a preliminarily set prescribed value; and an output control part 207 for inhibiting the output of data D stored in the memory 100 based on the decision result of the initial address check part 205. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a storage device having an unauthorized copy prevention function.

Conventionally, various storage devices having an unauthorized copy prevention function have been disclosed and proposed (see, for example, Patent Document 1 and Patent Document 2). Many conventional storage devices are configured to store data encrypted using predetermined key information.
JP 2003-59178 A JP 2002-373320 A

  Certainly, in the case of the conventional storage device, even if the stored data is illegally copied, the content is unknown unless decryption processing using predetermined key information is performed. Therefore, it is difficult to use illegally copied data.

  However, the conventional storage device described above makes it difficult to use illegally copied data, and the stored data can be freely read. For this reason, when illegally copied data is analyzed using a high-speed computer and the cipher is decrypted, there is a problem that the contents are freely copied thereafter.

  In view of the above problems, an object of the present invention is to provide a storage device that can appropriately prevent unauthorized copying.

  In order to achieve the above object, a storage device according to the present invention includes a memory for storing data; an initial stage for determining whether an initial address at the start of reading of the memory matches a predetermined value set in advance An address check unit; and an output control unit that prohibits output of data stored in the memory based on a determination result of the initial address check unit (first configuration). .

  In the storage device having the first configuration, the initial address check unit includes a one-shot generation unit that generates a one-shot signal at the start of reading of the memory; and an address that is actually being accessed to the memory. An address acquisition unit to be acquired; a normal address storage unit for storing a predetermined normal initial address; and the output data of the address acquisition unit and the output data of the normal address storage unit are compared to indicate a match / mismatch An address comparison unit that outputs a comparison result signal; loads and latches the comparison result signal based on the one-shot signal, and an initial address at the start of reading from the memory matches a preset normal initial address; An error flag generation unit for generating an error flag indicating whether or not Better to 2 configuration).

  In the storage device having the second configuration, the one-shot generation unit receives the second pulse after the first pulse of the read signal has arrived after the reset state of the storage device is released. In the meantime, a configuration (third configuration) for generating the one-shot signal having a predetermined logic level is preferable.

  With the storage device according to the present invention, unauthorized copying can be prevented appropriately.

  First, a first embodiment of a storage device according to the present invention will be described in detail with reference to FIG. FIG. 1 is a block diagram showing a first embodiment of a storage device according to the present invention.

  As shown in FIG. 1, the storage device of the present embodiment includes a read-only memory 100 (indicated as ROM [Random Access Memory] in FIG. 1) and an unauthorized copy prevention circuit 200. The unauthorized copy prevention circuit 200 includes a code check unit 201, a timing control unit 202, an increment check unit 203, an error detection unit 204, an initial address check unit 205, an OR calculator 206, a selector 207, , Comprising.

  The memory 100 is means for storing data D (such as a program read and executed by a CPU [Central Processing Unit]) in a nonvolatile manner.

  The code check unit 201 is a code analysis unit that analyzes a code included in the data D read from the memory 100. More specifically, the code check unit 201 monitors the data D read from the memory 100, and executes a predetermined monitoring target code (address instruction or address in addition to the jump instruction) accompanied by an address jump operation at the time of execution. And the analysis result is transmitted to the timing control unit 202 and the error detection unit 204. When the data D stored in the memory 100 is subjected to encryption processing or compression processing, the code check unit 201 performs a decryption processing function or decompression of the data D in addition to the code analysis function described above. It is necessary to have a processing function.

  The timing control unit 202 operates in response to an input of a read signal RD instructing reading of the data D, and based on the analysis result obtained by the code check unit 201, the timing check unit 202 increments the execution timing of the monitoring target code. 203 and a means for transmitting to the error detection unit 204.

  The increment check unit 203 is an address analysis unit that analyzes an address operation with respect to the memory 100. More specifically, the increment check unit 203 monitors the address signal ADD given to the memory 100, compares the previous address with the current address, and increments the address (here, only one address). It is detected whether or not an incrementing operation has been performed.

  The error detection unit 204 is a unit that refers to the analysis results of the code check unit 201 and the increment check unit 203 and determines whether an address operation that matches the code is performed. More specifically, the error detection unit 204 sets an error flag when an address increment operation is detected during execution of the monitoring target code. That is, when the error detection unit 204 detects that the address increment operation has been performed at the timing at which the address jump operation should be performed, the error detection unit 204 determines that there is a possibility of unauthorized copying, and then proceeds to the logical sum calculator 206. The output signal of the transition from low level to high level.

  The initial address check unit 205 monitors the address signal ADD given to the memory 100 to determine whether or not the initial address at the start of reading of the memory 100 matches a predetermined value set in advance. It is a means for setting an error flag when it is detected. That is, the initial address check unit 205 determines that there is a possibility of unauthorized copying when detecting that the reading of the data D is started from an address other than a predetermined value, and outputs an output signal to the logical sum calculator 206. From low level to high level.

  The logical sum calculator 206 is a means for performing a logical sum operation on the output signal of the error detection unit 204 and the output signal of the initial address check unit 205 and outputting the calculation result as a control signal for the selector 207. That is, the control signal of the selector 207 is low level only when both the output signal of the error detection unit 204 and the output signal of the initial address check unit 205 are low level, and is high level in the other cases.

  The selector 207 is an output control unit that prohibits the output of the data D stored in the memory 100 based on the output signal of the logical sum calculator 206. More specifically, the selector 207 selects and outputs the data D read from the memory 100 when the output signal of the logical sum calculator 206 is at a low level, while the output of the logical sum calculator 206. When the signal is at a high level, predetermined dummy data DD is selected and output. The dummy data DD may be a fixed value or a random value.

  Next, the protection operation of the unauthorized copy prevention circuit 200 when reading data from the storage device having the above-described configuration will be described in detail.

  When a legitimate access to the memory 100 is performed, reading of the data D is started with a predetermined value set in advance as an initial address, and an address operation for the memory 100 is also performed in a code included in the data D. Matched. Accordingly, since the output signals of the error detection unit 204 and the initial address check unit 205 are both kept at a low level, the output signal of the logical sum calculator 206 is at a low level, and the selector 207 is read from the memory 100. The data D is selected and output (that is, the data D output permission state).

  On the other hand, when the data D stored in the memory 100 is illegally copied, the address is incremented and stored in the memory 100 regardless of the contents of the code included in the data D. The data D are successively read in the order of their addresses. That is, when the data D is illegally copied, even if the address jump operation should be performed based on the monitoring target code described above, the address increment operation is performed ignoring this, so the address operation for the memory 100 is performed. Is no longer consistent with the code. In such a case, since the output signal of the error detection unit 204 transitions from the low level to the high level, the output signal of the logical sum calculator 206 becomes the high level, and the selector 207 reads the data read from the memory 100. Instead of D, predetermined dummy data DD is selected and output (data D output prohibited state).

  In addition, when illegal copying of the data D stored in the memory 100 is performed, reading of the data D may be started from an address other than a predetermined value set in advance. In such a case, since the output signal of the initial address check unit 205 is shifted from the low level to the high level, the output signal of the logical sum calculator 206 becomes the high level, and the selector 207 detects the detection result of the error detection unit 204. Without waiting for, the predetermined dummy data DD is selected and output.

  As described above, in the storage device according to the present embodiment, the output of the data D stored in the memory 100 can be prohibited under a situation where an illegal copy of the data D is suspected. Thus, unauthorized copying of data D can be prevented more appropriately.

  In the storage device having the above configuration, the code check unit 201 detects an error in the monitoring target code when it is unclear whether or not it involves an address jump operation according to the execution condition. A configuration may be adopted in which the detection unit 204 is instructed to mask an error flag obtained when the monitoring target code is executed.

  By adopting such a configuration, although the legal access to the memory 100 is performed, the monitored code does not accompany the address jump operation according to the conditions at the time of execution. However, since this is not erroneously determined as an error, unnecessary output prohibition of the data D can be avoided.

  However, the code check unit 201 may be configured to stop the subsequent mask instruction when the mask instruction to the error detection unit 204 reaches a predetermined value. By adopting such a configuration, for example, although there is an upper limit on the number of times the code is described whether it is unclear whether or not an address jump operation is involved depending on the execution condition, the upper limit is set. Since it is possible to avoid excessively masking the error flag of the error detection unit 204 beyond the value, it is possible to prevent unauthorized copying of the data D while reducing erroneous detection of errors.

  Next, a second embodiment of the storage device according to the present invention will be described in detail with reference to FIG. FIG. 2 is a block diagram showing a second embodiment of the storage device according to the present invention.

  As shown in FIG. 2, the storage device according to the present embodiment has substantially the same configuration as that of the first embodiment, and is characterized in that a decoder 208 is provided instead of the selector 207. Therefore, the same components as those in the first embodiment are denoted by the same reference numerals as those in FIG. 1, thereby omitting a redundant description, and in the following, detailed description centering on the decoder 208 that is a characteristic part of the present embodiment. To do.

  In the storage device of the present embodiment, the memory 100 stores encrypted data D. Note that the encryption processing applied to the data D may be single or double.

  The decoder 208 is an output control unit that prohibits the output of the data D stored in the memory 100 based on the output signal of the logical sum calculator 206. More specifically, when outputting the data D read from the memory 100, the decoder 208 performs a correct decryption process using predetermined key information based on the output signal of the logical sum calculator 206. Whether to perform random decryption processing intentionally using dummy key information.

  With such a configuration, in a situation where an illegal copy of the data D is suspected, the decoder 208 subjects the data D read from the memory 100 to an extremely random decryption process and outputs it. Accordingly, the contents of data illegally output from the storage device (herein referred to as dummy data DD according to the first embodiment) are unknown, and cannot be used.

  Further, since the dummy data DD is created through a random decryption process by the decoder 208, it is completely different from the data D stored in the memory 100 and is used for the encryption process of the data D. It is no longer possible to perform the decryption process with the existing key information. Therefore, even if the dummy data DD is analyzed by a high speed computer, it is very difficult to read the contents of the data D. In particular, if the decoder 208 is configured to perform random decryption processing while switching a plurality of pieces of dummy key information, the analysis processing of the dummy data DD is virtually impossible.

  As described above, in the storage device according to the present embodiment, the output of the data D stored in the memory 100 can be prohibited, so that illegal copying of the data D can be more appropriately prevented as compared with the conventional configuration. It becomes possible.

  In the above description, the configuration of intentionally performing random decryption processing has been described as an example. However, the configuration of the present invention is not limited to this, and decryption different from correct decryption processing is performed. Any configuration may be used as long as processing is performed.

  Next, a third embodiment of the storage device according to the present invention will be described in detail with reference to FIG. FIG. 3 is a block diagram showing a third embodiment of the storage device according to the present invention.

  As shown in FIG. 3, the storage device according to the present embodiment has substantially the same configuration as that of the first embodiment, and is characterized in that an encoder 209 is provided instead of the selector 207. Therefore, the same components as those in the first embodiment are denoted by the same reference numerals as those in FIG. 1, and redundant description is omitted. In the following, detailed description centering on the encoder 209 that is a characteristic part of the present embodiment. To do.

  The encoder 209 is an output control unit that prohibits output of the data D stored in the memory 100 based on the output signal of the logical sum calculator 206. More specifically, when outputting the data D read from the memory 100, the encoder 209 performs a correct encryption process using predetermined key information based on the output signal of the logical sum calculator 206. Whether to perform random encryption processing intentionally using dummy key information.

  By adopting such a configuration, the encoder 209 performs completely random encryption processing (in other words, reversibility thereof) on the data D read from the memory 100 under a situation where an illegal copy of the data D is suspected. Encryption processing that does not assume Accordingly, the contents of data illegally output from the storage device (herein referred to as dummy data DD according to the first embodiment) are unknown, and cannot be used. In particular, if the encoder 209 is configured to perform random encryption processing while switching a plurality of dummy key information, the decryption processing of the dummy data DD is practically impossible.

  As described above, in the storage device according to the present embodiment, the output of the data D stored in the memory 100 can be prohibited, so that illegal copying of the data D can be more appropriately prevented as compared with the conventional configuration. It becomes possible.

  In the above description, the configuration of intentionally performing random encryption processing has been described as an example. However, the configuration of the present invention is not limited to this, and encryption different from the correct encryption processing is performed. Any configuration may be used as long as processing is performed.

  Next, a fourth embodiment of the storage device according to the present invention will be described in detail with reference to FIG. FIG. 4 is a block diagram showing a fourth embodiment of the storage device according to the present invention.

  As shown in FIG. 4, the storage device according to the present embodiment has substantially the same configuration as that of the first embodiment described above, and is characterized by having an address control unit 210 instead of the selector 207. Therefore, the same components as those in the first embodiment are denoted by the same reference numerals as those in FIG. 1, and redundant description is omitted. Hereinafter, the details of the address control unit 210 that is a characteristic part of the present embodiment will be mainly described. I will give a simple explanation.

  The address control unit 210 is an output control unit that prohibits the output of the data D stored in the memory 100 based on the output signal of the logical sum calculator 206. More specifically, the address control unit 210 permits an address operation to the memory 100 when the output signal of the logical sum calculator 206 is at a low level, while the output signal of the logical sum calculator 206 is at a high level. In some cases, the address operation for the memory 100 is prohibited.

  By adopting such a configuration, the address control unit 210 prohibits the address operation for the memory 100 and prohibits the reading of the data D stored in the memory 100 under a situation where unauthorized copying of the data D is suspected. Therefore, illegal copying of data D can be prevented more appropriately than in the conventional configuration.

  Next, the configuration of the initial address check unit 205 will be described in detail with reference to FIG. FIG. 5 is a block diagram illustrating a configuration example of the initial address check unit 205.

  As shown in FIG. 5, the initial address check unit 205 of this configuration example includes a one-shot generation unit 1, an address acquisition unit 2, a normal address storage unit 3, an address comparison unit 4, and an error flag generation unit 5. , Comprising.

  The one-shot generation unit 1 is a means for generating a one-shot signal Sd from a read signal RD (data D read timing control signal) at the start of reading from the memory 100, and includes an inverter 11, a D flip-flop 12, and a D flip-flop. 13 and a logical product operator 14. The input end of the inverter 11 is connected to the application end of the read signal RD. The clock input terminals of the D flip-flops 12 and 13 are both connected to the output terminal of the inverter 11. A data input terminal (D) of the D flip-flop 12 is connected to a high-level signal application terminal (for example, a power supply line). The data input terminal (D) of the D flip-flop 13 is connected to the output terminal (Q) of the D flip-flop 12. The reset input terminals of the D flip-flops 12 and 13 are both connected to the application terminal of the reset signal RST. One input terminal of the AND operator 14 is connected to the output terminal (Q) of the D flip-flop 12. The other input terminal of the AND operator 14 is connected to the inverting output terminal (Q bar) of the D flip-flop 13. Note that the output terminal of the AND operator 14 corresponds to the output terminal of the one-shot generator 1 (the output terminal of the one-shot signal Sd).

  The address acquisition unit 2 is means for acquiring an address currently being accessed by latching the address signal ADD supplied to the memory 100 with the read signal RD.

  The normal address storage unit 3 is a means for storing a predetermined normal initial address. Note that the initial address check unit 205 of this configuration example will be described by taking a configuration in which the regular address storage unit 3 is provided independently as an example, but the configuration of the present invention is not limited to this, and the memory 100 A part of the storage area may be used as the regular address storage unit 3.

  The address comparison unit 4 compares the output data of the address acquisition unit 2 (the address currently being accessed) with the output data of the normal address storage unit 3 (a predetermined normal initial address). It is means for outputting a comparison result signal indicating mismatch. The comparison result signal is, for example, a binary signal that is at a low level if the output data of the address acquisition unit 2 and the normal address storage unit 3 match each other, and that is a high level if they do not match.

  The error flag generation unit 5 loads and latches the comparison result signal obtained by the address comparison unit 4, and determines whether or not the initial address at the start of reading from the memory 100 matches a preset normal initial address. , And includes a switch 51, a switch 52, and a D flip-flop 53.

  The switch 51 is connected on a signal path connecting the output terminal of the address comparison unit 4 (application terminal of the comparison result signal) and the data input terminal (D) of the D flip-flop 53, and the above-described signal according to the one-shot signal Sd. Means for conducting / cutting off the path. The switch 51 is turned on when the one-shot signal Sd is at a high level and turned off when the one-shot signal Sd is at a low level.

  The switch 52 is connected to a signal path connecting the output terminal (Q) of the D flip-flop 53 and the data input terminal (D), and is a means for conducting / cutting off the signal path according to the one-shot signal Sd. The switch 52 is turned off when the one-shot signal Sd is at a high level and turned on when the one-shot signal Sd is at a low level.

  The data input terminal (D) of the D flip-flop 53 is connected to the output terminal of the address comparison unit 4 through the switch 51, and is also connected to the output terminal (Q) of the D flip-flop 53 through the switch 52. ing. The clock input terminal of the D flip-flop 53 is connected to the output terminal of the inverter 11. The reset input terminal of the D flip-flop 53 is connected to the application terminal of the reset signal RST. The output terminal (Q) of the D flip-flop 53 is connected to the input terminal of the OR operator 206 (not shown in FIG. 5) as the output terminal of the initial address check unit 205 (the output terminal of the error flag ERR). .

  Next, the operation of the initial address check unit 205 configured as described above will be described in detail with reference to FIG. FIG. 6 is a timing chart for explaining the operation of the initial address check unit 205. In order from the top, the reset signal RST, the read signal RD, and the logic signal of each part of the one-shot generation unit 1 (inverted read of the inverter 11). The signal Sa, the output signal Sb of the D flip-flop 12, the inverted output signal Sc of the D flip-flop 13, and the one-shot signal Sd of the AND operator 14) are depicted. The logic signal shown here is merely an example, and the logic level may be inverted.

  When the reset signal RST transitions from the high level to the low level and the reset state of the memory device is released, the output signal Sb of the D flip-flop 12 is set to the low level, and the inverted output signal Sc of the D flip-flop 13 is the high level. Level. Thereafter, when the first pulse P1 falls in the read signal RD, the D flip-flop 12 takes in a high level signal that is always applied to the data input terminal (D), triggered by the rising edge of the inverted read signal Sa. The output signal Sb is set to a high level. The D flip-flop 13 takes the output signal Sb (low level) of the D flip-flop 12 applied to the data input terminal (D) at that time as a trigger by using the rising edge of the inverted read signal Sa as a trigger, and outputs the inverted signal. The signal Sc is set to a high level. Accordingly, the one-shot signal Sd obtained by the logical product operation of the output signal Sb and the inverted output signal Sc becomes high level.

  When the second pulse P2 falls to the read signal RD after the one-shot signal Sd is set to the high level, the D flip-flop 12 uses the rising edge of the inverted read signal Sa as a trigger to trigger the data input terminal (D) The high level signal that is always applied to is taken in, and the output signal Sb is set to the high level. The D flip-flop 13 takes the output signal Sb (high level) of the D flip-flop 12 applied to the data input terminal (D) at that time as a trigger by using the rising edge of the inverted read signal Sa as a trigger, and outputs the inverted signal. The signal Sc is set to a low level. Therefore, the one-shot signal Sd obtained by the logical product operation of the output signal Sb and the inverted output signal Sc is at a low level.

  Thereafter, even when the pulse of the read signal RD is sequentially lowered, the signal processing similar to the above is performed, and the one-shot signal Sd is maintained at the low level. In other words, in the one-shot generation unit 1, after the reset state of the storage device is released, a predetermined logic level (from the first pulse P1 of the read signal RD to the arrival of the second pulse P2) A one-shot signal Sd having a high level in the example of FIG. 6 is generated.

  As described above, the switches 51 and 52 forming the error flag generation unit 5 are turned on and off when the one-shot signal Sd is at a high level, and are at a low level. Are turned off and on, respectively. That is, the error flag generator 5 loads the comparison result signal obtained by the address comparator 4 when the first pulse P1 of the read signal RD arrives after the reset state of the storage device is released. When the second pulse P2 arrives, the comparison result signal loaded at that time is latched and output as an error flag ERR.

  With this configuration, the initial address check unit 205 can be realized with a very simple and simple circuit configuration.

  The configuration of the present invention can be variously modified in addition to the above-described embodiment without departing from the gist of the invention.

  For example, in the above-described embodiment, as a method for determining whether or not an address operation that matches a code is performed, it is detected whether or not an address increment operation has been performed when executing a code that involves an address jump operation. Although the configuration has been described as an example, the configuration of the present invention is not limited to this, and other methods may be used.

  In the above embodiment, the configuration using the read-only memory 100 as an example of the storage means for the data D has been described. However, the configuration of the present invention is not limited to this, and the configuration of the data D A readable / writable flash memory or an EEPROM [Electrically Erasable and Programmable Read Only Memory] may be used.

  The present invention can be used as a technique for preventing unauthorized copying of storage devices used in game cartridges, IC cards, security devices, and the like.

These are block diagrams which show 1st Embodiment of the memory | storage device which concerns on this invention. These are block diagrams which show 2nd Embodiment of the memory | storage device based on this invention. These are block diagrams which show 3rd Embodiment of the memory | storage device based on this invention. These are block diagrams which show 4th Embodiment of the memory | storage device based on this invention. FIG. 3 is a block diagram showing an example of the configuration of an initial address check unit 205. These are timing charts for explaining the operation of the initial address check unit 205.

Explanation of symbols

100 Read only memory (ROM)
200 Unauthorized Copy Prevention Circuit 201 Code Check Unit (Code Analysis Unit)
202 Timing control unit 203 Increment check unit (address analysis unit)
204 Error detection unit 205 Initial address check unit 206 OR operation unit 207 selector 208 decoder 209 encoder 210 address control unit 1 one-shot generation unit 11 inverter 12, 13 D flip-flop 14 AND operation unit 2 address acquisition unit 3 normal address storage 4 Address comparator 5 Error flag generator 51, 52 Switch 53 D flip-flop

Claims (3)

Memory for storing data;
An initial address check unit that determines whether an initial address at the start of reading of the memory matches a preset normal initial address;
An output control unit for prohibiting output of data stored in the memory based on a determination result of the initial address check unit;
A storage device comprising: The initial address check unit
A one-shot generator for generating a one-shot signal at the start of reading of the memory;
An address acquisition unit that acquires an address that is actually being accessed with respect to the memory;
A regular address storage unit for storing a predetermined regular initial address;
An address comparison unit that compares the output data of the address acquisition unit with the output data of the normal address storage unit and outputs a comparison result signal indicating the match / mismatch;
The comparison result signal is loaded and latched based on the one-shot signal, and an error flag indicating whether or not the initial address at the start of reading of the memory matches a preset normal initial address is generated. An error flag generator;
The storage device according to claim 1, further comprising:   The one-shot generation unit is configured to perform the one-shot having a predetermined logic level after the first pulse of the read signal arrives until the second pulse arrives after the storage device is released from the reset state. The storage device according to claim 2, wherein a signal is generated.

Images