JP2010128571A - Semiconductor device, and method and program for controlling the same - Google Patents

Abstract

An object of the present invention is to provide a semiconductor device or the like capable of preventing access to data outside the range managed by the device even when subjected to a laser attack.
A selection means (131) for selecting an application program, a storage area information acquisition means (132) for acquiring storage area information, and whether the storage area information is within the storage area of the semiconductor device (101). Storage area information determination means (133) for determining whether or not the storage area includes the storage area of another application, and the storage area information is within the storage area of the semiconductor device (101). If the storage area information is determined not to include the storage area of another application, check area is added, and the storage area information corresponding to the application program is set as the setting storage area information. Setting means (134).
[Selection] Figure 2

Description

  The present invention incorporates an IC (integrated circuit) chip having a control element such as a writable and rewritable nonvolatile memory and a CPU (Central Processing Unit), for example, and a command input from an external device The present invention relates to a semiconductor device such as an IC card that executes various processes based on (command), a semiconductor device control method, and a semiconductor device control program.

  Recently, as a portable electronic device, an EEPROM as a nonvolatile memory, a RAM as a volatile memory, a CPU as a control element for accessing (reading or writing data, etc.) the memory, and the CPU An IC card having an IC chip having a ROM storing an operation program and the like and having means for writing and reading data based on a command (instruction) supplied from the outside is used in various industrial fields. Yes.

In general, when this type of IC card receives a data write command from an external device (IC card reader / writer), the data added to the command is written to an area designated by the command of the nonvolatile memory. It has become.

When a data read command is received from an external device, the target data is retrieved from the nonvolatile memory, and when the corresponding data exists, the data is read from the head for the data length. .

In recent years, IC cards equipped with IC chips instead of magnetic cards have begun to spread in fields requiring high security, such as credit cards and cash cards. An IC card on which such an IC chip is mounted reads and writes data with or without contact with an external device. Further, in order to make it difficult to decode data when it is read and received by a third party, the data is encrypted and read / written when the data is read / written from / to an external device.

  However, there are situations in which execution of program instructions is hindered by attacks by radiation, flash, light, laser, glitch, or otherwise. Such attacks change the instructions that are executed, resulting in inexecution or inaccurate execution of certain parts of the program.

  When the program is executed, an attack by, for example, laser, glitch, or electromagnetic radiation changes the instruction code executed by the processor, eg, any instruction codeop is converted to codeop 00h (BRSET0 in 6805, NOP in AVR) . That is, the program instruction is replaced with an inoperable instruction. Thus, certain sections of code fail to execute or execute irregularly, resulting in the execution of inoperable instructions rather than a security processing sequence in an operating system for smart cards, for example. Attacks can interfere with processor operation and cause untimely jumps in program memory.

Therefore, various countermeasures (anti-tamper countermeasures) have been considered recently for countermeasures against so-called tampering attacks such as illegally reading data in an internal nonvolatile memory for counterfeiting or falsification of IC cards. . Among them, there is a method of detecting that data has been tampered with by duplicating data written to the nonvolatile memory (see, for example, Patent Document 1).

There is also a method for checking the instruction code itself (see, for example, Patent Document 2).
JP-A-4-339614 Special table 2007-513422 gazette

  However, due to advances in attack technology, it is possible to perform an attack that changes the read / write target address at the timing of memory access even though the code itself is normal (laser attack).

  Therefore, when a malicious third party attacks an address from the outside and changes the address when reading or writing data, there is a possibility of accessing data outside the range managed by the third party.

  Therefore, the present invention is specified even when the data is accessed by going through a memory management process for managing the data when accessing the data, and when the memory management process accesses the data. Provided are a semiconductor device, a semiconductor device control method, and a semiconductor device control program capable of preventing access to data outside the range managed by the address by confirming that the address is an accessible area The purpose is to do.

  In order to solve the above problems, the present invention employs the following configuration.

  That is, according to the first aspect of the present invention, in the semiconductor device (101) for processing data information including at least two or more application programs, the selection means (101) for selecting the application program based on the selection information of the application program. 131), storage area information acquisition means (132) for acquiring storage area information from the application program selected by the selection means (131), and the storage area indicated by the storage area information is the semiconductor device (101). Storage area information determining means (133) for determining whether or not the storage area indicated by the storage area information includes the storage area of another application; The storage area information judging means (133) It is determined that the storage area indicated by the storage area information is within the storage area of the semiconductor device (101), and the storage area indicated by the storage area information does not include the storage area of another application. Storage area information setting means (134) for adding check information to the storage area information and setting the storage area information corresponding to the application program as setting storage area information. To do.

  According to a second aspect of the present invention, in the semiconductor device (101) according to the first aspect, the storage area information acquisition unit (132) reads out from the application program selected by the selection unit (131). When storage area information is acquired, it is checked whether the setting storage area information has been rewritten using the check information added to the setting storage area information set by the storage area information setting means (134) When the setting storage area information check means (135) and the setting storage area information check means (135) check that the setting storage area information is not rewritten, the read storage area information indicates The application program whose storage area has been selected by the selection means (131). Read storage area information check means (136) for determining whether or not it is included in the storage area indicated by the setting storage area information corresponding to the gram, and the read storage area information check means (136). When it is determined that the storage area indicated by is included in the storage area indicated by the setting storage area information corresponding to the application program selected by the selection means (131), the read storage area Data information reading means (137) for reading data information in the storage area corresponding to the information is further provided.

  Further, the invention according to claim 3 is the semiconductor device (101) according to claim 1, wherein the storage area information acquisition means (134) is updated from the application program selected by the selection means (131). When storage area information is acquired, it is checked whether the setting storage area information has been rewritten using the check information added to the setting storage area information set by the storage area information setting means (134) When the setting storage area information check means (135) to check and the setting storage area information check means (135) check that the setting storage area information has not been rewritten, the update storage area information indicates the The application program whose storage area has been selected by the selection means (131) The update storage area information check means (138) for determining whether or not it is included in the storage area indicated by the setting storage area information corresponding to the update storage area information by the update storage area information check means (138) When it is determined that the indicated storage area is included in the storage area indicated by the setting storage area information corresponding to the application program selected by the selection means, the update storage area information corresponds to the update storage area information Data information updating means (139) for updating the data information in the storage area is further provided.

  Further, the invention according to claim 4 is the semiconductor device (101) according to claim 2, wherein the setting storage area information check is performed each time the data information reading means (137) reads the data information in byte units. The means (135) checks whether the setting storage area information has been rewritten using the check information added to the setting storage area information set by the storage area information setting means (134), and A read storage area information check means (136) is provided in the storage area indicated by the setting storage area information corresponding to the application program in which the storage area indicated by the read storage area information is selected by the selection means (131). It is characterized by determining whether it is included.

  Furthermore, the invention according to claim 5 is the semiconductor device (101) according to claim 3, wherein each time the data information update means (139) updates the data information in byte units, the setting storage area information Check means (135) checks whether the setting storage area information has been rewritten using the check information added to the setting storage area information set by the storage area information setting means (134), The update storage area information check means (138) indicates the storage area indicated by the setting storage area information corresponding to the application program in which the storage area indicated by the update storage area information is selected by the selection means (131). It is characterized by determining whether it is contained in.

  Furthermore, the invention according to claim 6 is a control method of a semiconductor device (101) for processing data information comprising at least two or more application programs, wherein the application program is selected based on selection information of the application program. A selection step (131), a storage region information acquisition step (132) for acquiring storage region information from the application program selected in the selection step (131), and a storage region indicated by the storage region information is the semiconductor device A storage area information determination step (133) for determining whether or not the storage area is within the storage area in (101) and determining whether or not the storage area indicated by the storage area information includes the storage area of another application And in the storage area information judging step (133). The storage area indicated by the storage area information is within the storage area of the semiconductor device (101), and the storage area indicated by the storage area information does not include the storage area of another application. A storage area information setting step (134) for adding check information to the storage area information and setting the storage area information corresponding to the application program as setting storage area information. It is characterized by.

  Furthermore, in the invention according to claim 7, a computer included in the semiconductor device (101) that processes data information including at least two or more application programs is selected based on the selection information of the application program. Selection means (131), storage area information acquisition means (132) for acquiring storage area information from the application program selected by the selection means (131), and the storage area indicated by the storage area information is the semiconductor device ( 101) a storage area information determination unit (133) for determining whether the storage area is within the storage area and determining whether the storage area indicated by the storage area information includes the storage area of another application; According to the storage area information judging means (133) The storage area indicated by the storage area information is within the storage area of the semiconductor device (101), and the storage area indicated by the storage area information does not include the storage area of another application. If it is determined that the storage area information is added, check information is added to the storage area information and the storage area information corresponding to the application program is set as storage area information setting means (134). Features.

  Furthermore, in the invention according to claim 8, the semiconductor device (101) according to any one of claims 1 to 4 is an IC card (101) on which an IC (Integrated Circuit) chip (102) is mounted. It is characterized by.

  According to the present invention, even when a laser attack is performed on information indicating the accessible area for each application program, the check information is added to the information indicating the accessible area, and the check information is not valid. In some cases, an accessible area is not set, so that malfunction due to a laser attack can be avoided.

  Further, according to the present invention, even when a laser attack is performed on a data access address, the laser attack can be detected, and the program operates normally without reading important data. Therefore, it becomes possible to avoid an important data reading operation due to a laser attack.

  Furthermore, according to the present invention, even when a laser attack is performed on a data access address, the laser attack can be detected and a program can be executed without updating (rewriting) important data. Since it operates normally, it becomes possible to avoid an important data update (rewrite) operation by a laser attack.

  Furthermore, according to the present invention, even when a laser attack is performed on a data access address, the laser attack can be detected more reliably, and important data can be read (or rewritten). Since the program operates normally and the safety is improved, it is possible to reliably avoid the important data read (rewrite) operation by the laser attack.

  The best mode for carrying out the present invention will be described below with reference to the drawings.

  However, the present invention can be implemented in many different modes, and those skilled in the art can easily understand that the modes and details can be variously changed without departing from the spirit and scope of the present invention. Is done. Therefore, the present invention is not construed as being limited to the description of this embodiment mode. Note that in all the drawings for describing the embodiments, the same portions or portions having similar functions are denoted by the same reference numerals, and repetitive description thereof is omitted.

(Embodiment)
In this embodiment, an apparatus configuration and a flowchart for realizing a function of preventing a laser attack in the present invention will be described.

  FIG. 1 shows a block diagram of an IC card including an IC chip which is a semiconductor device for processing data information which is a target for mounting a function for preventing a laser attack in the present invention.

  In FIG. 1, the IC card 101 includes an arithmetic circuit 106 and an analog unit 115. The arithmetic circuit 106 includes a CPU 102 (also referred to as a central processing unit; also referred to as an MPU (micro processor)), a ROM 103 (also referred to as a read only memory), and a RAM 104 (random access memory). An auxiliary arithmetic unit 124, a non-volatile memory 125 such as a flash memory, and a controller 105. The analog unit 115 includes an antenna 107, a resonance circuit 108, a power supply circuit 109, a reset circuit 110, a clock generation circuit 111, a demodulation circuit 112, a modulation circuit 113, and a power management circuit 114. The controller 105 includes a CPU interface 116 (CPUIF), a control register 117, a code extraction circuit 118, and an encoding circuit 119. In FIG. 1, for the sake of simplification of explanation, the received signal 120 and the transmitted signal 121 are shown separately as communication signals. However, in actuality, they are superimposed on each other between the IC card 101 and the reader / writer device. Are sent and received at the same time. The reception signal 120 is received by the antenna 107 and the resonance circuit 108 and then demodulated by the demodulation circuit 112. The transmission signal 121 is transmitted from the antenna 107 after being modulated by the modulation circuit 113. Note that the received signal and the transmitted signal are expressions mainly on the IC card side, and it is added that the IC card receives an external signal and transmits the signal to the outside. In this specification, a signal received by the IC card from the reader / writer, in other words, a signal transmitted by the reader / writer is referred to as an external signal, and the external signal is received by the IC card and transmitted by the reader / writer. This is called external signal transmission / reception.

  Although FIG. 1 illustrates the case of non-contact, if “analog portion (115) + code extraction circuit (118) + encoding circuit (119)” is considered as “input / output portion”, FIG. The whole can be considered as a contact IC card. Thus, this embodiment can be considered not only as a non-contact IC card but also as an embodiment of a contact IC card.

  The ROM 103 stores a program that functions when processing the received data received from the reader / writer (memory management processing program according to the present embodiment, which is a laser attack prevention program, program A, program B, and program C). The RAM 104 stores processing data when the program functions. The ROM 103 includes a mask ROM, the RAM 104 includes a static memory (SRAM), a dynamic memory (DRAM), and the like, and the nonvolatile memory 125 includes a flash memory such as a NAND flash memory and a NOR flash memory. . The nonvolatile memory 125 stores data such as history, information such as a password, and stores (stores) data that can be a target of a laser attack.

  Further, a program (memory management processing program according to the present embodiment, which is a laser attack prevention program, program A150, program B151, and program C152) that functions when processing the received data received from the reader / writer is stored in the nonvolatile memory 125. (This case will be described in this embodiment).

  Furthermore, the storage area can be configured by a nonvolatile memory 125 instead of the ROM 103 and / or the RAM 104 to be provided in the storage area.

  For example, when a failure occurs in the memory management processing program, application program A150, application program B151, and application program C152 according to the present embodiment that protects information from laser attacks, the memory management processing program and application program are freely available from the outside at any time. A150, application program B151, and application program C152 can be configured to be rewritable.

  FIG. 2 shows a block diagram of the memory management processing program, application program A150, application program B151, and application program C152 stored in the ROM 103 or the nonvolatile memory 125. Since the memory management processing program is executed on the CPU 102, FIG. 2 shows a selection unit 131, a storage area information acquisition unit 132, a storage area information determination unit 133, a storage area information setting unit 134, which are expanded on the CPU 102. Each functional block of the memory management processing program as the setting storage area information check unit 135, the read storage area information check unit 136, the data information read unit 137, the update storage area information check unit 138, and the data information update unit 139 is shown.

  The operations of the memory management processing program, application program A150, application program B151, and application program C152 will be described in more detail with reference to flowcharts described later.

  Further, information such as data information (history, etc.) targeted for laser attack and personal identification number information stored in the non-volatile memory 125 area, which will be described later with reference to a flowchart, is the application program A data 150d and application program B 151d in FIG. Data and application program C data 152d are shown.

  The RAM 104 has a transmission data register 203 and a reception data register 204. The transmission data register 203 has a function of storing data transmitted by the IC card. The reception data register 204 has a function of storing data received by the IC card. Since the RAM 104 has a smaller amount of information than the ROM 103, its area is small.

  An example of a configuration of a signal transmitted from the reader / writer to the IC card, in other words, a signal received by the IC card will be described. The received signal is a signal having SOF (Start Of Frame; start of frame), flag, command, data, CRC (also referred to as cyclic redundancy check), EOF (End Of Frame; end of frame). SOF and EOF simply indicate the start and end of the signal. The flag has modulation type information such as ASK and FSK. The data includes data to be decrypted. The CRC has information on a unique code generated from the data in order to prevent misidentification of the data.

  Note that the computer in the present invention refers to an information processing apparatus including a storage unit, a control unit, and the like. The IC card 101 includes a CPU 102, a nonvolatile memory 125, and the like.

  Further, the IC card 101 according to the present invention has the above-described configuration, so that an application program that is a program to be processed is selected, storage area information to be accessed by the application program is acquired, and storage area information is acquired. Is a memory space on the IC card 101 and does not overlap with a range accessed by another application program, check information for determining whether or not the storage area information is falsified is added to the storage area information as setting storage area information. Set the data access range of the application program.

  When the application program accesses the setting storage area information of the application program, the application program checks whether the setting storage area information has been tampered with, and further stores the storage area information (read storage area information, The update storage area information) has a function of permitting access to the application program after checking whether it is within the range of the setting storage area information of the application program.

  Here, a configuration for exhibiting the function will be described with reference to a functional block diagram shown in FIG. An IC card 101 including an IC chip, which is a semiconductor device that processes data information that is a target for mounting a function to prevent laser attacks in the present invention, includes a selection unit 131, a storage area information acquisition unit 132, and a storage area information determination unit 133. A storage area information setting unit 133, a setting storage area information check unit 134, a read storage area information check unit 136, a data information read unit 137, an update storage area information check unit 138, and a data information update unit 139. .

  The selection unit 131 has a function of selecting an application program based on application program selection information.

  The selection information of the application program may be given from an upper function, or may be input via the reception signal 120 and the antenna of the IC card 101.

  The application program refers to application program A150, application program B151, and application program C152 stored on IC card 101. Based on the selection information of the application program, any of application program A150, application program B151, and application program C152 is used. May be executed, and a plurality of application programs may be selected and executed in a time-sharing manner.

  The storage area information acquisition unit 132 has a function of acquiring storage area information from the application program selected by the selection unit 131.

  Since the application program in this embodiment is a program for reading or updating application program data to be processed, storage area information indicating address range information of the application program data to be processed is acquired.

  The storage area information determination unit 133 determines whether or not the storage area (address range) indicated by the storage area information is within the storage area of the IC card 101 that is a semiconductor device (within the address range indicating data in the ROM 103, RAM 104, and nonvolatile memory 125). It is determined whether or not the storage area indicated by the storage area information includes the storage area of another application.

  It is determined whether or not the storage area of the IC card 101 is within the storage area of the IC card 101 (within the address range indicating the data in the ROM 103, RAM 104, and nonvolatile memory 125) if the storage area information indicates the storage area outside the IC card 101. Because the program may run away (deliberately or maliciously altered), it has the purpose of preventing runaway.

  For example, the data area of the application program A150 is the application program A data 150d, and the application program A150 determines whether the storage area indicated by the storage area information includes a storage area of another application. This is because only the A data 150d can be accessed.

  If the storage area information acquired by the storage area information acquisition unit 132 from the application program A150 is to access a data area such as the application program B data 151d or the application program C data 152d other than the application program A data 150d, the storage is performed. Since there is a possibility that the area information has been tampered with, in order to prevent access outside the range, it is determined whether or not the storage area of another application is included.

  The storage area information setting unit 134 causes the storage area information determination unit 133 to store the storage area indicated by the storage area information in the storage area of the semiconductor device, and the storage area indicated by the storage area information is a storage area of another application. When it is determined that the storage area information is not included, check information is added to the storage area information, and the storage area information corresponding to the application program is set as setting storage area information.

  That is, the storage area information setting unit 134 has storage area information in the storage area of the IC card 101 (in the address range indicating data in the ROM 103, RAM 104, and nonvolatile memory 125) and does not include storage areas of other applications. If it is determined that the storage area information has not been falsified, it is determined that the storage area information is valid, and the storage area information is set as the setting storage area information of the application program. Check the access range of the application program.

  Further, since the application program is a program for reading or updating the application program data to be processed, the acquired storage area information indicating the address range information of the application program data to be processed is prevented from being tampered with. Check information by a checksum method, a CRC method (Cyclic Redundancy Check), a parity check method, or the like is added.

  The check information includes setting storage area information that is an address range of application program A data 150d set for each application program of application program A150, application program B151, and application program C152, and an address range of application program B151d data. This is used for checking whether or not the setting storage area information and the setting storage area information which is the address range of the application program C data 152d have been falsified.

  The setting storage area information check unit 135 sets the setting storage area set by the storage area information setting unit 134 when the storage area information acquisition unit 132 acquires read storage area information from the application program selected by the selection unit 131. It has a function of checking whether the setting storage area information has been rewritten using the check information added to the information.

  In this way, the setting storage area information check unit 135 checks whether the setting storage area information has been rewritten using the check information every time the application program accesses the data area, and falsifies the setting storage area information. Is detected in advance so that data information in other important data areas is not read or updated.

  The read storage area information check unit 136 selects the storage area indicated by the read storage area information by the selection unit 131 when the setting storage area information check unit 135 checks that the setting storage area information has not been rewritten. It has a function of determining whether or not it is included in the storage area indicated by the setting storage area information corresponding to the application program.

  In this way, the read storage area information check unit 136 stores data in the storage area (setting storage area information) that the selected application program is allowed to access to the storage area indicated by the read storage area information. The access is permitted only when the read storage area information is within the storage area (set storage area information) that is allowed to be accessed.

  For example, the data in the setting storage area indicated by the setting storage area information of the application program A150 is application program A data 150d, and the data in the setting storage area indicated by the setting storage area information of the application program B151 is application program B data 151d. The data in the setting storage area indicated by the setting storage area information of the application program C152 is application program C data 152d.

  The data information reading unit 137 includes the storage area indicated by the read storage area information by the read storage area information check unit 136 in the storage area indicated by the setting storage area information corresponding to the application program selected by the selection unit 131. When it is determined that the data is read, it has a function of reading data information in a storage area corresponding to the read storage area information.

  The update storage area information check unit 138 selects the storage area indicated by the update storage area information by the selection unit 131 when the setting storage area information check unit 135 checks that the setting storage area information has not been rewritten. A function of determining whether the data is included in the storage area indicated by the setting storage area information corresponding to the application program.

  As described above, the update setting storage area information check unit 138 has the storage area indicated by the update storage area information in the storage area (setting storage area information) that the selected application program is allowed to access. It is determined whether or not the data is to be accessed, and the access is permitted only when the update storage area information is within the storage area (set storage area information) that is allowed to be accessed.

  For example, the data in the setting storage area indicated by the setting storage area information of the application program A150 is application program A data 150d, and the data in the setting storage area indicated by the setting storage area information of the application program B151 is application program B data 151d. The data in the setting storage area indicated by the setting storage area information of the application program C152 is application program C data 152d, and each piece of data is an allowable access range of each application program.

  In the data information update unit 139, the storage area indicated by the update storage area information by the update storage area information check unit 138 is included in the storage area indicated by the setting storage area information corresponding to the application program selected by the selection unit 131. A function to update (rewrite) data information in the storage area corresponding to the update storage area information.

[Example 1]
Next, a part of the operation of the memory management processing program having a function of preventing the laser attack in the CPU 102 in FIG. 2 will be described in correspondence with the flowchart of FIG.

  FIG. 3 is a flowchart showing an operation of setting a storage area indicated by the setting storage area information by an application program which is a part of the memory management processing program of the present embodiment.

  More specifically, an application program which is a program to be processed is selected, storage area information to be accessed by the application program is acquired, and the storage area information is a memory space on the IC card 101 and other application programs Is not overlapped with the access range, a process for adding the check information for determining whether the storage area information is falsified to the storage area information and setting the data access range of the application program as the setting storage area information will be described.

  In step S1, execution of any of the application program A150, application program B151, and application program C152 in the memory space on the IC card 101 is instructed.

  In step S2, the selection unit 131, which is a function realized in the memory management processing program, selects an application program based on selection information of the application program.

  In step S <b> 3, the storage area information acquisition unit 132 acquires storage area information from the application program selected by the selection unit 131.

  In step S4, the storage area information determination unit 133 sets the storage area (address range) indicated by the storage area information acquired in step S3 within the storage area of the IC card 101 (addresses indicating data in the ROM 103, RAM 104, and nonvolatile memory 125). And whether or not the storage area includes the storage area of another application program is determined.

  If the storage area indicated by the storage area information is within the storage area of the IC card 101 and does not include the storage area of another application program (step S4: YES), the process proceeds to step S5, and the storage area information When the storage area shown is not within the storage area of the IC card 101 or includes a storage area of another application program (step S4: NO), the process proceeds to step S7.

  In step S5, the storage area information setting unit 134 adds check information to the storage area information and sets a setting storage area based on the storage area information of the application program acquired in step 3.

  In step S6, the memory management processing program notifies the application program that called the memory management processing program that the storage area information is abnormal.

  As described above, according to the operation related to FIG. 3, it is possible to prevent the setting storage area that is the accessible range of the application program from being falsified. It is also possible to notify the program that called the memory management processing program that the storage area information is abnormal.

[Example 2]
Next, an example of the operation of the memory management processing program having a function of preventing the laser attack in the CPU 102 in FIG. 2 will be described in correspondence with the flowchart of FIG.

  FIG. 4 is a flowchart showing an operation for checking whether or not the read storage area information of the application program which is a part of the memory management processing program of this embodiment is within the accessible range.

  Specifically, when the application program accesses the setting storage area information of the application program, the application program checks whether the setting storage area information has been tampered with, and further stores the storage area information (read storage) to be accessed by the application program. The area information) has a function of permitting access to the application program after checking whether it is within the range of the setting storage area information of the application program.

  In step S10, the application program A150, application program B151, or application program C152 in the memory space on the IC card 101 instructs the data information reading process.

  In step S11, the selection unit 131 selects an application program based on the selection information of the application program, and the storage area information acquisition unit 132 acquires read storage area information from the application program selected by the selection unit 131.

  In step S12, the setting storage area information check unit 135 checks whether the setting storage area information has been rewritten using the check information added to the setting storage area information set by the storage area information setting unit 134.

  If the setting storage area information has not been rewritten (step S12: YES), the process proceeds to step S13. If the setting storage area information has been rewritten (step S12: NO), the process proceeds to step S17.

  In step S13, the read storage area information check unit 136 determines whether or not the storage area indicated by the read storage area information is included in the storage area indicated by the setting storage area information corresponding to the application program selected by the selection unit 131. Determine.

  When the storage area indicated by the read storage area information is included in the storage area indicated by the setting storage area information corresponding to the selected application program (step S13: YES), the process proceeds to step S14, and the read storage area information If the storage area indicated by is not included in the storage area indicated by the setting storage area information corresponding to the selected application program (step S13: NO), the process proceeds to step S17.

  In step S14, the data information reading unit 137 reads the data information in the storage area corresponding to the read storage area information.

  In step S15, the data information reading unit 137 notifies the application program selected in step S12 of the data information read in step S14.

  In step S16, the memory management processing program ends the data reading process.

  In step S17, the memory management processing program indicates that the setting storage area information is abnormal (tampered) or the read storage area information is abnormal (accessing outside the permitted access range). Notify the application program that called the memory management processing program.

  As described above, according to the operation related to FIG. 4, it is possible to detect the falsification of the setting storage area which is the accessible range of the application program. In addition, it is possible to notify the program that called the memory management processing program that the read storage area information is abnormal.

[Example 3]
Next, an example of the operation of the memory management processing program having a function of preventing the laser attack in the CPU 102 in FIG. 2 will be described in correspondence with the flowchart of FIG.

  FIG. 5 is a flowchart showing an operation for checking whether or not the update storage area information of the application program which is a part of the memory management processing program of the present embodiment is in an accessible range.

  Specifically, when the application program accesses the setting storage area information of the application program, the application program checks whether the setting storage area information has been tampered with, and further stores the storage area information (update memory to be accessed) by the application program. The area information) has a function of permitting access to the application program after checking whether it is within the range of the setting storage area information of the application program.

  In step S20, an update process of data information is instructed by the application program A150, application program B151, or application program C152 in the memory space on the IC card 101.

  In step S21, the selection unit 131 selects an application program based on the selection information of the application program, and the storage area information acquisition unit 132 acquires update storage area information from the application program selected by the selection unit 131.

  In step S22, the setting storage area information check unit 135 checks whether the setting storage area information has been rewritten using the check information added to the setting storage area information set by the storage area information setting unit 134.

  If the setting storage area information has not been rewritten (step S22: YES), the process proceeds to step S23. If the setting storage area information has been rewritten (step S22: NO), the process proceeds to step S27.

  In step S23, the update storage area information check unit 138 determines whether the storage area indicated by the update storage area information is included in the storage area indicated by the setting storage area information corresponding to the application program selected by the selection unit 131. Determine.

  When the storage area indicated by the update storage area information is included in the storage area indicated by the setting storage area information corresponding to the selected application program (step S23: YES), the process proceeds to step S24, and the update storage area information When the storage area indicated by is not included in the storage area indicated by the setting storage area information corresponding to the selected application program (step S23: NO), the process proceeds to step S26.

  In step S24, the data information update unit 139 updates the data information in the storage area corresponding to the update storage area information.

  The data information updating unit 139 may notify the data information read in step S24 to the application program selected in step S22 and check whether the data information updated in the application program is correct.

  In step S25, the memory management processing program ends the data information update processing.

  In step S26, the memory management processing program indicates that the setting storage area information is abnormal (tampered) or the update storage area information is abnormal (accessing outside the permitted range of access). Notify the application program that called the memory management processing program.

  As described above, according to the operation related to FIG. 5, it is possible to detect the falsification of the setting storage area which is the accessible range of the application program. In addition, it is possible to notify the program that called the memory management processing program that the update storage area information is abnormal.

  Note that this example can be implemented in combination with any of the other embodiments in this specification as appropriate.

[Description of the concept of this embodiment]
The concept of the present embodiment will be described with reference to FIG.
(1) After selecting the application, the application program A notifies the memory management process of the memory range information of the application program A data managed by itself. Then, information that can determine whether the check code has been tampered with is added to the memory range information.

(2) Setting of accessible range The memory management process holds designated memory range information (including check information such as a check code) as an accessible range.

(3) Data read (or data update)
The application program A specifies the address of data to be read (or updated) and accesses the data via the memory management process.

(4) Accessible range determination The memory management process confirms that the accessible range held internally has not been tampered with. Subsequently, it is determined whether the designated address is within the accessible range.
If it is confirmed that the accessible range has been tampered with or the address is outside the accessible range, the application program A is notified of abnormal operation information as an abnormal operation without proceeding to the next step.

(5) Data access Data is read or updated from the specified address.

(6) Read data acquisition When data read is specified in (3), the read data is notified to the application.

  According to the present invention, in an IC card equipped with an IC chip having a function of preventing a laser attack, by providing a memory management process, it becomes almost impossible to extract internal information by a laser attack, thereby improving security. I can do it. Further, in the case of an IC chip having a function of preventing a laser attack, even if there is a change in specifications accompanying a change in the method of preventing a laser attack, it is not necessary to recreate the IC chip from the mask design stage. Therefore, it is possible to reduce the manufacturing cost and the manufacturing time. Further, there is no concern that the IC chip that has been remade due to the change in the mask design has a defect.

  Further, conventionally, when manufacturing an IC chip having a function of preventing a laser attack, a circuit for preventing the laser attack is sometimes mounted. However, by adopting the present invention, the function of preventing the laser attack is stored as a program in the read-only memory or the non-volatile memory, so that an IC chip is provided rather than the case of providing a circuit having the function of preventing the laser attack separately. Can be miniaturized. Therefore, the yield due to the reduction in the number of transistors by the weight reduction of the IC chip, the cost reduction accompanying the increase in the number of IC chips that can be manufactured from one substrate, and the circuit having the function of preventing the laser attack. It can contribute to improvement.

As described above, the semiconductor device of the present invention may be provided and used in any goods, in addition to a license, insurance card, commuter pass, cash card, credit card, electronic key, It can be used for electronic money.

  3 to 5 are recorded in advance on a recording medium such as a hard disk, or are recorded in advance via a network such as the Internet, and are read out and executed by a general-purpose microcomputer or the like. Accordingly, it is possible to cause the general-purpose microcomputer or the like to function as the CPU according to the embodiment.

  Furthermore, the present invention is not limited to the above-described embodiments, and various modifications can be made within the scope of the gist of the present invention.

  Furthermore, it is to be understood that the embodiments described and illustrated herein are exemplary only and should not be considered as limiting the scope of the present invention. Other changes and modifications may be made in accordance with the spirit and scope of the invention.

It is a block diagram which shows the whole semiconductor device (101) which concerns on embodiment of this invention. It is a figure which shows the function outline | summary of the memory management process which concerns on embodiment of this invention. It is a flowchart which shows operation | movement of Example 1 of the memory management process which concerns on embodiment of this invention. It is a flowchart which shows operation | movement of Example 2 of the memory management process which concerns on Embodiment 1 of this invention. It is a flowchart which shows operation | movement of Example 3 of the memory management process which concerns on Embodiment 1 of this invention. It is a figure which shows the concept of embodiment concerning this invention.

Explanation of symbols

101 IC card 102 CPU 102
103 ROM
104 RAM
105 Controller 106 Arithmetic Circuit 107 Antenna 108 Resonant Circuit 109 Power Supply Circuit 112 Demodulation Circuit 113 Modulation Circuit 114 Power Management Circuit 115 Analog Unit 125 Nonvolatile Memory such as Flash Memory 131 Selection Unit 132 Storage Area Information Acquisition Unit 133 Storage Area Information Determination Unit 134 Storage area information setting section 135 Setting storage area information checking section 136 Reading storage area information checking section 137 Data information reading section 138 Updating storage area information checking section 139 Data information updating section

Claims (8)

In a semiconductor device for processing data information comprising at least two or more application programs,
Selection means for selecting the application program based on selection information of the application program;
Storage area information acquisition means for acquiring storage area information from the application program selected by the selection means;
It is determined whether or not the storage area indicated by the storage area information is within the storage area of the semiconductor device, and whether or not the storage area indicated by the storage area information includes the storage area of another application. Storage area information judging means for judging;
The storage area information judging means determines that the storage area indicated by the storage area information is in the storage area of the semiconductor device, and the storage area indicated by the storage area information is the storage area of another application. A storage area information setting means for adding check information to the storage area information and setting the storage area information corresponding to the application program as setting storage area information,
A semiconductor device comprising: The semiconductor device according to claim 1,
The check added to the set storage area information set by the storage area information setting means when the storage area information acquisition means acquires read storage area information from the application program selected by the selection means Setting storage area information check means for checking whether the setting storage area information has been rewritten using information;
When the setting storage area information check means checks that the setting storage area information is not rewritten, the storage area indicated by the read storage area information corresponds to the application program selected by the selection means. Read storage area information check means for determining whether the storage area indicated by the setting storage area information is included,
The storage area indicated by the read storage area information is included in the storage area indicated by the setting storage area information corresponding to the application program selected by the selection means by the read storage area information check means. Data information reading means for reading data information of a storage area corresponding to the read storage area information,
A semiconductor device further comprising: The semiconductor device according to claim 1,
The check added to the set storage area information set by the storage area information setting means when the storage area information acquisition means acquires update storage area information from the application program selected by the selection means Setting storage area information check means for checking whether the setting storage area information has been rewritten using information;
When the setting storage area information check means checks that the setting storage area information has not been rewritten, the storage area indicated by the update storage area information corresponds to the application program selected by the selection means. Update storage area information check means for determining whether the storage area is included in the storage area indicated by the setting storage area information
The storage area indicated by the update storage area information is included in the storage area indicated by the setting storage area information corresponding to the application program selected by the selection means by the update storage area information check means. Data information updating means for updating the data information in the storage area corresponding to the update storage area information,
A semiconductor device further comprising: The semiconductor device according to claim 2,
Each time the data information reading means reads the data information in bytes, the setting storage area information checking means uses the check information added to the setting storage area information set by the storage area information setting means. The setting storage area information is rewritten, and the read storage area information check means corresponds to the application program in which the storage area indicated by the read storage area information is selected by the selection means. A semiconductor device comprising: determining whether or not the storage area is indicated by setting storage area information. The semiconductor device according to claim 3,
Each time the data information updating unit updates the data information in units of bytes, the setting storage area information checking unit adds the check information added to the setting storage area information set by the storage area information setting unit. And checking whether the setting storage area information has been rewritten, and the update storage area information check means corresponds to the application program in which the storage area indicated by the update storage area information is selected by the selection means It is determined whether or not it is included in the storage area indicated by the setting storage area information. In a method for controlling a semiconductor device that processes data information including at least two or more application programs,
A selection step in which the application program is selected based on selection information of the application program;
A storage area information acquisition step of acquiring storage area information from the application program selected in the selection step;
It is determined whether or not the storage area indicated by the storage area information is within the storage area of the semiconductor device, and whether or not the storage area indicated by the storage area information includes the storage area of another application. A storage area information determination step to determine;
In the storage area information determining step, the storage area indicated by the storage area information is in the storage area of the semiconductor device, and the storage area indicated by the storage area information is the storage area of another application. A storage area information setting step of adding check information to the storage area information and setting the storage area information corresponding to the application program as setting storage area information,
A method for controlling a semiconductor device, comprising: A computer included in a semiconductor device for processing data information comprising at least two or more application programs;
Selection means for selecting the application program based on selection information of the application program;
Storage area information acquisition means for acquiring storage area information from the application program selected by the selection means;
It is determined whether or not the storage area indicated by the storage area information is within the storage area of the semiconductor device, and whether or not the storage area indicated by the storage area information includes the storage area of another application. Storage area information judging means for judging,
The storage area information judging means determines that the storage area indicated by the storage area information is in the storage area of the semiconductor device, and the storage area indicated by the storage area information is the storage area of another application. A storage area information setting means for adding check information to the storage area information and setting the storage area information corresponding to the application program as setting storage area information,
A program for controlling a semiconductor device, wherein   5. The semiconductor device according to claim 1, wherein the semiconductor device is an IC card on which an IC (Integrate Circuit) chip is mounted.