JP2010079426A - Semiconductor storage device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a semiconductor storage device that is protected from leakage or alteration of information without using a complicated procedure even when a plurality of users shares the device. <P>SOLUTION: This semiconductor storage device has: a first storage part 104 having a plurality of divided security areas each holding data; a second storage part 105 holding management information for accessing the security area and associated with each of the plurality of security areas; and a control controller 107 collating input information input to access the first storage part with the management information held in the second storage part, and allowing the access to the security area associated with the management information corresponding to the input information. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a semiconductor memory device.

  In recent years, semiconductor storage devices such as semiconductor memory cards have been used as storage devices for storing data in personal computers (hereinafter referred to as personal computers), digital cameras, mobile phones, and the like. The semiconductor memory device often records important information such as digitized personal information and confidential information. If the important information stored in the semiconductor memory device can be easily read or written, the important information can be read illegally by others (information leakage) or illegally rewritten (information falsification). End up. For example, Patent Document 1 discloses a technique for restricting reading and writing of data stored in a semiconductor storage device and protecting it from information leakage and tampering.

  However, with the technique disclosed in Patent Document 1, when a semiconductor memory device is shared by a plurality of users, important information such as personal information and confidential information of the users cannot be protected for each user. That is, important information stored in the semiconductor memory device may be illegally read or illegally rewritten by another sharer, and it is impossible to properly protect such important information. There's a problem. Further, since information is protected using a plurality of addresses, there is a problem that the procedure becomes complicated.

JP 2001-356963 A

  SUMMARY OF THE INVENTION An object of the present invention is to provide a semiconductor memory device that can be protected from information leakage and tampering even when it is not complicated procedures and is shared by a plurality of users.

  According to one aspect of the present invention, there is provided a first storage unit having a security area divided into a plurality of pieces and capable of holding data, and information for accessing the security area, wherein the information is associated with each of the plurality of security areas. A second storage unit that holds the management information that has been stored, and the input information that is input to access the first storage unit is checked against the management information that is stored in the second storage unit. There is provided a semiconductor memory device comprising a control controller that enables access to an associated security area.

  According to the present invention, the management information is associated with each of the security areas divided into a plurality, and the access to the security area becomes possible when the input information matches the management information. Even in such a case, the accessible area can be limited for each user, and information such as data held in the semiconductor device can be protected from leakage or tampering.

  Exemplary embodiments of a semiconductor memory device according to the present invention will be explained below in detail with reference to the accompanying drawings.

(First embodiment)
FIG. 1 is a block diagram showing a schematic configuration of a semiconductor memory card as a semiconductor memory device according to the first embodiment of the present invention. The semiconductor memory card 102 generally includes an interface 103, a nonvolatile memory I (first storage unit) 104, a nonvolatile memory II (second storage unit) 105, a data buffer 106, and a control controller 107. Hereinafter, they will be described in order. The semiconductor memory card 102 is used by being connected to a dedicated terminal 101 such as a personal computer. Data stored in the nonvolatile memory I104 in the semiconductor memory card 102 is read or written in accordance with a command issued from the dedicated terminal 101. Further, the user of the semiconductor memory card 102 can input ID information and password information as input information using the dedicated terminal 101 and transfer them to the semiconductor memory card 102.

  The interface 103 functions as an intermediary unit that mediates transmission / reception of information between the control controller 107 on the semiconductor memory card 102 side and the dedicated terminal 101. That is, data and commands are transferred between the dedicated terminal 101 and the controller 107 via the interface 103. For example, input information (ID information / password information) input by the user on the dedicated terminal 101 to access the nonvolatile memory I 104 is transferred to the control controller 107 via the interface 103.

  FIG. 2 is an address map of the nonvolatile memory I104. As the nonvolatile memory I104, for example, a NAND flash memory is used. The nonvolatile memory I104 includes a system unit 120, a user data unit 122, and a security unit 124. Further, the security unit 124 is divided into a plurality of security areas, a first security area 124a, a second security area 124b, a third security area 124c,.

  The system unit 120 holds a file system for managing data stored in the user data unit 122 and the security unit 124, for example, FAT (File Allocation Tables).

  The user data section 122 holds data written by the user. The user data unit 122 is not restricted by an ID or password, and any user who accesses the semiconductor memory card 102 using the dedicated terminal 101 can read and write data.

  The security unit 124 holds data written by the user. Unlike the user data unit 122, the security unit 124 is subject to access restrictions. Therefore, the security unit 124 can only be accessed after authentication by the dedicated terminal 101 that is a host device. The security unit 124 can restrict access by setting different ID information and password information as management information for each security area 124a, 124b, 124c. Access restrictions based on management information (ID information / password information) will be described in detail later.

  FIG. 3 is an address map of the nonvolatile memory II105. The nonvolatile memory II 105 has an area management table 121 for managing the security areas 124 a, 124 b, and 124 c in the security unit 124. In the area management table 121, a start address and an end address indicating the area range of each security area 124a, 124b, 124c are written. Also, management information (ID information / password information) for accessing each security area 124a, 124b, 124c is held in association with the area range of each security area 124a, 124b, 124c.

  The data buffer 106 is a storage device that can temporarily store data to be written to the nonvolatile memory I104 and data read from the nonvolatile memory I104.

  The controller 107 controls the semiconductor memory card 102. The control controller 107 interprets a command issued from the dedicated terminal 101 and transferred via the interface 103. For example, if the command issued from the dedicated terminal 101 is a write command (write command), data (write data) to be written to the nonvolatile memory I104 is temporarily stored in the data buffer 106. Then, the controller 107 writes the data stored in the data buffer 106 into the nonvolatile memory I104.

  If the command issued from the dedicated terminal 101 is a read command (read command), the controller 107 temporarily stores data (read data) read from the nonvolatile memory I104 in the data buffer 106. Then, the controller 107 transfers the information stored in the data buffer 106 to the dedicated terminal 101 via the interface 103.

  The controller 107 authenticates a user who uses the semiconductor memory card 102. The controller 107 collates the input information (ID information / password information) input using the dedicated terminal 101 with the management information (ID information / password information) held in the area management table 121 of the nonvolatile memory II 105. . As a result of the collation, the control controller 107 sets the security area associated with the management information that matches the input information as a valid area, and sets the other security areas as invalid areas. The security area, which is an effective area, is made accessible and data can be read and written. On the other hand, it is impossible to access a security area that is an invalid area, and data cannot be read or written. For example, if the input information is “ID information I” and “password information I”, the first security area 124a associated with the management information “ID information I” and “password information I” is the effective area, and the others The second security area 124b, the third security area 124c, and the like are invalid areas.

  If the management information that matches the input information is not held in the area management table 121, the controller 107 newly registers a security area in the area management table 121. In this case, the controller 107 writes the input information in the area management table 121 in association with the newly registered security area. As a result, a new security area is generated in the nonvolatile memory I104.

  If no input information is input by the user, the controller 107 does not accept a command for the security unit 124 of the nonvolatile memory I104. However, since a command for the user data portion 122 is accepted, data can be written to and read from the user data portion 122 even when ID information and password information are not input.

  FIG. 4 is a flowchart for explaining a procedure for writing data to the security unit 124 of the semiconductor memory card 102. When the dedicated terminal 101 detects that the semiconductor memory card 102 is connected (step S1), the dedicated terminal 101 and the semiconductor memory card 102 perform device authentication with each other (steps S2 and S3). After successful device authentication, user authentication is performed. Input information (ID information / password information) input by the user using the dedicated terminal 101 is transferred to the semiconductor memory card 102 using a dedicated command (step S4). The controller 107 in the semiconductor memory card 102 collates the input information with the management information (ID information / password information) held in the area management table 121 in the nonvolatile memory II 105 (step S5). Then, the security area associated with the management information that matches the input information is determined as the valid area, and the other security areas are determined as the invalid area (step S6).

  If there is no management information that matches the input information and there is no security area that is an effective area (step S7), the controller 107 registers a new security area in the area management table 121, and stores the security area. The effective area is set (step S8). After the valid area is determined, the dedicated terminal 101 issues a write command to the semiconductor memory card 102, and then transfers write data (step S9). When receiving the write command issued from the dedicated terminal 101, the semiconductor memory card 102 stores the write data sent subsequently in the data buffer 106 (step S10). The controller 107 writes the write data stored in the data buffer 106 in the security area that is the effective area (step S11), and notifies the dedicated terminal 101 that the writing has been completed (step S12).

  FIG. 5 is a flowchart for explaining a procedure for reading data from the security unit 124 of the semiconductor memory card 102. When the dedicated terminal 101 detects that the semiconductor memory card 102 is connected (step S21), the dedicated terminal 101 and the semiconductor memory card 102 perform device authentication with each other (steps S22 and S23). After successful device authentication, the input information input using the dedicated terminal 101 is transferred to the semiconductor memory card 102 using a dedicated command (step S24).

  Thereafter, the valid area and the invalid area are determined in the same manner as the data writing procedure (steps S25 to S26). If there is no management information that matches the input information and there is no security area that is an effective area (step S27), the controller 107 returns an error to the dedicated terminal 101 without reading data (step S28). .

  After the valid area is determined, the dedicated terminal 101 issues a read command to the semiconductor memory card 102 (step S29). When the semiconductor memory card 102 receives a read command issued from the dedicated terminal 101, the control controller 107 reads data from the security area that is the effective area of the security unit 124 in the nonvolatile memory I104, and reads the read data. The data is stored in the data buffer 106 (step S30). The controller 107 transfers the read data stored in the data buffer 106 to the dedicated terminal 101 via the interface 103 (step S31).

  As described above, the semiconductor memory card 102 according to the present invention can restrict access with different management information (ID information / password information) for each security area 124a, 124b, 124c. Thereby, even when the semiconductor memory card 102 is shared by a plurality of users, different security areas can be used for each user. Further, only the person who knows the ID information and the password information can write and read data in the security area. Accordingly, it is possible to prevent information such as data stored in the security area used by the user from being illegally read or rewritten by other users.

  Further, since the user can access the security area used by himself only by inputting the ID information and the password information using the dedicated terminal 101, a complicated procedure is not required.

  In addition, when there is no management information that matches the input information in the area management table 121, a new security area is registered in the area management table 121 to be an effective area. Even a user can generate a new security area for use in the nonvolatile memory I104 without complicated operations.

  In the present embodiment, the security unit 124 and the area management table 121 are configured to be separately provided in the nonvolatile memory I104 and the nonvolatile memory II105. However, these are configured to be provided in one memory. It doesn't matter.

  In addition, ID information and password information are used as management information, and it is configured to enable access when both match. For example, either ID information or password information is used as management information. If either one of them matches, the security area may be configured to be accessible.

(Second Embodiment)
A second embodiment of the present invention will be described with reference to the drawings. The same parts as those in the above embodiment are denoted by the same reference numerals, and redundant description is omitted. In the first embodiment, a plurality of security areas are managed by ID information and password information. However, in the second embodiment, when data is written in the security area that is an effective area, Security is improved by encrypting data using password information and then writing it.

  FIG. 6 is a flowchart for explaining a procedure for writing and reading encrypted data to / from the semiconductor memory card 102 in the semiconductor memory card according to the second embodiment. The procedure until the valid region and the invalid region are determined is performed in the same manner as in the first embodiment. When the controller 107 stores the write data in the data buffer 106 (step S41), it encrypts the data in the data buffer 106 using the password information (step S42), and then sets the security as an effective area of the nonvolatile memory I104. Write to the area (step S43). Thereafter, the controller 107 notifies the dedicated terminal 101 that the writing has been completed (step S44).

  When reading data, the read data read from the security area by the controller 107 is stored in the data buffer 106 (step S45). The controller 107 decodes the read data in the data buffer (step S46), and transfers the decoded read data to the dedicated terminal 101 (step S47).

  As described above, since the encrypted data is held in the security area that is set as the effective area, the information can be read by a terminal other than the dedicated terminal 101 that cannot transfer the ID information and the password information. However, it becomes difficult to decrypt data, and information leakage can be prevented.

  Note that encryption using ID information or encryption using both ID information and password information may be performed.

(Third embodiment)
A third embodiment of the present invention will be described. The same parts as those in the above embodiment are denoted by the same reference numerals, and redundant description is omitted. In the second embodiment, data is encrypted / decrypted at the time of data writing / reading, but in the third embodiment, it is in the effective area of the nonvolatile memory I when the password information is changed. Data can be re-encrypted using new password information.

  FIG. 7 is a flowchart for explaining a procedure for re-encrypting data when password information as management information is changed in the semiconductor memory card according to the third embodiment. The dedicated terminal 101 transfers the password information change command, input information (ID information / old password information), and new password information to the semiconductor memory card 102 (step S51).

  When receiving the password change command, the control controller 107 in the semiconductor memory card 102 receives the input information (ID information / old password information) transferred from the dedicated terminal 101 as management information (ID information / The password information stored in the area management table 121 is rewritten and changed to a new password (step S53).

  Next, the controller 107 stores the data in the security area in the nonvolatile memory I104 specified from the input information in the data buffer 106 (step S54), and decrypts this data with the old password (step S55). Thereafter, the decrypted data is encrypted again with a new password (step S56), and the encrypted data is written back to the security area in the nonvolatile memory I104 (step S57). Then, it notifies the dedicated terminal 101 that the password change has been completed (step S58). In step S52, if the input information does not match the management information, an error is notified to the dedicated terminal 101 (step S59).

  As described above, since the password information as the management information is changed and the data is re-encrypted with the new password after the change, the password can be periodically changed and the security can be improved.

(Fourth embodiment)
A fourth embodiment of the present invention will be described with reference to the drawings. The same parts as those in the above embodiment are denoted by the same reference numerals, and redundant description is omitted. In the third embodiment, the security is improved by changing the encryption key of the data. However, in the fourth embodiment, the data in the effective area is rearranged, and the rearrangement information is changed. By holding in the nonvolatile memory II, security is further enhanced.

  FIG. 8 is a flowchart for explaining a data writing procedure in the semiconductor memory card according to the fourth embodiment. FIG. 9 is an address map of the nonvolatile memory II105.

  As shown in FIG. 8, when the write command is transferred from the dedicated terminal 101 and the semiconductor memory card 102 receives the write command (step S61), the controller 107 in the semiconductor memory card 102 sets the valid area based on the input information. Determination is made (step S62), and write data is stored in the data buffer 106 (step S63). Next, the controller 107 divides and rearranges the data in the data buffer 106 (step S64). Information on the rearrangement order (rearrangement information) is registered by the controller 107 in association with the management information in the area management table 121 of the nonvolatile memory II 105 (step S65) (see also FIG. 9). Thereafter, the controller 107 writes the rearranged data in the effective area of the nonvolatile memory I104 (step S66), and notifies the dedicated terminal 101 of the completion of writing (step S67). If there is no management information that matches the input information and the effective area cannot be determined in step S62, a new security area is registered in the area management table 121 (step S68).

  FIG. 10 is a flowchart for explaining a reading procedure of the rearrangement information in the semiconductor memory card according to the fourth embodiment. The dedicated terminal 101 needs to rearrange the read data so that the read data is correct. The dedicated terminal 101 transfers the rearrangement information acquisition command and input information (ID information / password information) to the semiconductor memory card 102 (step S71). When the semiconductor memory card 102 receives the rearrangement information acquisition command, the input information is checked against the management information (ID information / password information) held in the area management table 121 in the nonvolatile memory II 105. If the input information matches the management information (step S72), the control controller 107 acquires rearrangement information associated with the corresponding management information (step S73) and transfers it to the dedicated terminal 101 (step S74). . The dedicated terminal 101 rearranges the read data based on the acquired rearrangement information and acquires correct read data (step S75). In step S72, if there is no management information that matches the input information in the area management table 121, the controller 107 notifies the dedicated terminal 101 of an error (step S76).

  As described above, even if the data held in the nonvolatile memory I104 is read, it cannot be read as correct data unless the reordering information is acquired. However, it is difficult to read correct data, and information leakage can be prevented.

(Fifth embodiment)
A fifth embodiment of the present invention will be described with reference to the drawings. The same parts as those in the above embodiment are denoted by the same reference numerals, and redundant description is omitted. In the first to fourth embodiments, the size of each security area of the nonvolatile memory I104 is determined and fixed when newly registered, but in the fifth embodiment, the security area registration is performed. It is characterized in that the area size of the security area can be changed afterwards.

  FIG. 11 is a flowchart for explaining a data writing procedure in the semiconductor memory card according to the fifth embodiment. FIG. 12 is an address map of the nonvolatile memory II105.

  Input information (ID information / password information), a write command, and ride data are transferred from the dedicated terminal 101 (step S81), and when the semiconductor memory card 102 receives them, the controller 107 in the semiconductor memory card 102 uses the input information as input information. Based on this, an effective area is determined (step S82), and the write data is stored in the data buffer 106 (step S83). At this time, the controller 107 calculates the data size of the write data after being written in the effective area. If the data size after writing exceeds the valid area (step S84), a new security area is created in the area not used by the security unit 124 of the nonvolatile memory I104. A security area is registered and a new security area is added to the effective area (step S85) (see also FIG. 12). Thereafter, the data in the data buffer 106 is rearranged as in the fourth embodiment, and the data is written to the effective area of the nonvolatile memory I104 (steps S86 to S89). If there is no management information that matches the input information and the effective area cannot be determined in step S82, a new security area is registered in the area management table 121 (step S90). Further, after the step S85, the data in the data buffer 106 may be written into the effective area as it is or after being encrypted without performing the data rearrangement.

  As described above, when writing data having a size that exceeds the capacity of the security area set as the effective area, the control controller 107 automatically adds the effective area. A person can use the semiconductor memory card 102 without worrying about the size of data to be written.

1 is a block diagram showing a schematic configuration of a semiconductor memory card according to a first embodiment. The figure which shows the address map of the non-volatile memory I. The figure which shows the address map of the non-volatile memory II. The flowchart for demonstrating the procedure which writes data in a semiconductor memory card. The flowchart for demonstrating the procedure which reads data from a semiconductor memory card. 9 is a flowchart for explaining a writing procedure and a reading procedure of encrypted data in the semiconductor memory card in the semiconductor memory card according to the second embodiment. 9 is a flowchart for explaining a procedure for re-encrypting data in a semiconductor memory card according to a third embodiment. 14 is a flowchart for explaining a data writing procedure in the semiconductor memory card according to the fourth embodiment. The figure which shows the address map of the non-volatile memory II. The flowchart for demonstrating the read-out procedure of rearrangement information in the semiconductor memory card based on 4th Embodiment. 14 is a flowchart for explaining a data writing procedure in a semiconductor memory card according to a fifth embodiment. The figure which shows the address map of the non-volatile memory II.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 101 Dedicated terminal, 102 Semiconductor memory card (semiconductor memory device), 104 Non-volatile memory I (first storage unit), 105 Non-volatile memory II (second storage unit), 107 Control controller, 124 Security unit, 124a First security Area, 124b second security area, 124c third security area

Claims (5)

A first storage unit having a security area divided into a plurality of data and capable of holding data;
Information for accessing the security area, a second storage unit that holds management information associated with each of the plurality of security areas;
The input information input to access the first storage unit is compared with the management information held in the second storage unit, and access to the security area associated with the management information that matches the input information is performed. A semiconductor memory device comprising: a control controller that enables the controller.   2. The semiconductor memory device according to claim 1, wherein the control controller encrypts data to be held in the security area with the management information.   3. The semiconductor memory device according to claim 2, wherein when the management information is changed, the control controller re-encrypts the data to be held in the security area with the changed management information.   The control controller divides the data to be held in the security area and rearranges the data, and causes the second storage unit to hold rearrangement information for restoring the rearranged data. The semiconductor memory device according to any one of claims 1 to 3.   When the control controller holds data exceeding the storage capacity of the security area, the control controller generates a new security area in the first storage unit and causes the new security area to hold data exceeding the storage capacity. The semiconductor memory device according to claim 1, wherein:

Images