The present invention relates to an MPU protection device having features in comparison of waveforms.
In general, a technology for preventing information from leaking upon receiving unauthorized access to a computer is known. The information that is liable to be leaked includes information having high secrecy such as personal information and a trade secret. Therefore, a necessity for advancement of the technology for preventing the information from leaking is high.
As a method of the unauthorized access to the computer, specific examples thereof generally include a method of reading a signal by bringing a needle used for the unauthorized access into direct contact with a pin terminal of an MPU.
As the technology for preventing the information from leaking upon receiving the unauthorized access by such a method, specific examples thereof include the technology described in JP 2012-079152.
In order to prevent unauthorized access after factory shipping, JP 2012-079152 discloses a technology of invalidating a debug terminal of a semiconductor device, upon factory shipping, by using a program outside a device, called a “validation routine” according to which validity of the debug terminal can be controlled.
However, JP 2012-079152 has a content limited to prevention of the unauthorized access using the debug terminal, in which a problem of vulnerability to unauthorized access without using the debug terminal has remained.
Then, an objective of the present invention is to provide a technology according to which even the unauthorized access without using the debug terminal can be prevented.
In order to achieve the objective described above, the present invention provides an MPU protection device developed, having: a reference waveform holding unit that holds power supply waveform data of an MPU as a reference; an in-use power supply waveform acquisition unit that acquires an in-use power supply waveform being a power supply waveform when using the MPU; a comparison unit that compares identity between the acquired in-use power supply waveform and the held reference waveform; a reference holding unit that holds a reference for determining both to have identity and/or non-identity; and an MPU operation stopping unit for stopping at least a part of MPU operation when both waveforms are determined to have non-identity in comparison results using the held reference in the comparison unit. According to the device, even unauthorized access without using a debug terminal can be prevented. Thus, distribution of information having high secrecy such as personal information and a trade secret can be prevented.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection device developed, wherein the comparison unit has a spectrum comparison means for comparing the identity by spectrum comparison. Thus, the unauthorized access can be appropriately found out for noise or the like in which a change easily appears in a spectrum.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection device developed, wherein the comparison unit has a majority comparison means for comparing the identity by a majority of plural times of comparison results. Thus, erroneous determination of deeming a change in the waveform without depending on the unauthorized access as a change by the unauthorized access can be reduced, and presence or absence of the unauthorized access can be determined with higher accuracy.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection device developed, wherein the reference waveform holding unit has a reference amplitude data holding means for holding reference amplitude data being amplitude data of a current or a voltage as the power supply waveform data of the MPU, and the in-use power supply waveform acquisition unit has an in-use amplitude data acquisition means for acquiring in-use amplitude waveform data being the amplitude data of the current or the voltage when using the MPU as the power supply waveform data when using the MPU, and the comparison unit has an amplitude data comparison means for comparing the in-use amplitude data with the reference amplitude data. Thus, the unauthorized access influencing the power supply waveform in a form other than the noise can also be counteracted.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection device developed, further having a non-normal operation unit that allows the MPU to intentionally perform wrong operation and/or dummy operation after stopping in the MPU operation stopping unit when both waveforms are determined to have non-identity in the comparison results using the held reference in the comparison unit. Thus, a certain level of damage can be caused to a person who commits unauthorized access, leading to suppression of committing such unauthorized access.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection device developed, wherein the reference waveform is a waveform of electronic equipment including the MPU upon factory shipping thereof. Thus, the waveform in a state without unauthorized access can be held as the reference.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection device developed, wherein the reference waveform is a waveform of electronic equipment including the MPU during start of use thereof. Thus, the waveform in a state of having a significantly low possibility of receiving the unauthorized access can be held as the reference.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection device developed, wherein a signal waveform of the MPU is applied in addition to the power supply waveform or in place of the power supply waveform. Thus, if a clock frequency signal waveform is used, for example, such unauthorized access as influencing a frequency can be reliably found out.
Moreover, the present invention further provides electronic equipment equipped with the MPU protection device having the feature developed. Thus, the electronic equipment having a function for preventing even the unauthorized access without using the debug terminal can be provided.
Meanwhile, the present invention provides an MPU protection method developed, in which a method of operating the MPU protection device has: a reference waveform holding unit that holds power supply waveform data of an MPU as a reference; and a reference holding unit that holds the reference for determining both to have identity and/or non-identity between an in-use power supply waveform being a power supply waveform when using the MPU as described later and the held reference waveform, and the method has an in-use power supply waveform acquisition step of acquiring the in-use power supply waveform being the power supply waveform when using the MPU; a comparison step of comparing the identity between the in-use power supply waveform acquired in the in-use power supply waveform acquisition step and the held reference waveform; and an MPU operation stopping step of stopping at least a part of MPU operation when both waveforms are determined to have non-identity in comparison results using the held reference in the comparison step. According to the method, even the unauthorized access without using the debug terminal can be prevented. Thus, distribution of the information having high secrecy such as the personal information and the trade secret can be prevented.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection method developed, wherein the comparison step has a spectrum comparison means for comparing the identity by spectrum comparison. Thus, the unauthorized access can be appropriately found out for the noise or the like in which the change easily appears in the spectrum.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection method developed, wherein the comparison step has a majority comparison means for comparing the identity by a majority of plural times of comparison results. Thus, the erroneous determination of deeming the change in the waveform without depending on the unauthorized access as the change by the unauthorized access can be reduced, and presence or absence of the unauthorized access can be determined with higher accuracy.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection method developed, wherein the reference waveform holding unit has a reference amplitude data holding means for holding reference amplitude data being amplitude data of a current or a voltage as power supply waveform data of the MPU, and the in-use power supply waveform acquisition step has an in-use amplitude data acquisition means for acquiring in-use amplitude waveform data being the amplitude data of the current or the voltage when using the MPU as the power supply waveform data when using the MPU, and the comparison step has an amplitude data comparison means for comparing the in-use amplitude data with the reference amplitude data. Thus, the unauthorized access influencing the power supply waveform in the form other than the noise can also be counteracted.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection method developed, further having a non-normal operation step of allowing the MPU to intentionally perform wrong operation and/or dummy operation after stopping in the MPU operation stopping step when both waveforms are determined to have non-identity in the comparison results using the held reference in the comparison unit. Thus, a certain level of damage can be caused to the person who commits the unauthorized access, leading to suppression of committing such unauthorized access.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection method developed, wherein the reference waveform is a waveform of electronic equipment including the MPU upon factory shipping thereof. Thus, the waveform in the state without unauthorized access can be held as the reference.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection method developed, wherein the reference waveform is a waveform of electronic equipment including the MPU during start of first use after purchase thereof. Thus, the waveform in the state of having the significantly low possibility of receiving the unauthorized access can be held as the reference.
Moreover, the present invention further provides, in addition to the feature described above, the MPU protection method developed, wherein a signal waveform of the MPU is applied in addition to the power supply waveform or in place of the power supply waveform. Thus, if the clock frequency signal waveform is used, for example, such unauthorized access as influencing the frequency can be reliably found out.
Moreover, the present invention provides a protection method for electronic equipment, using the MPU protection method having the feature developed. Thus, the electronic equipment that is liable to receive the unauthorized access without using the debug terminal can be protected.
According to the present invention described above, even unauthorized access without using a debug terminal can be prevented.
Hereinafter, embodiments according to the present invention will be described by using drawings. The content of the present invention is not limited only to the following Examples, and various variations may be made within the scope without departing from the spirit.
A device according to the present example is an MPU protection device having: a reference waveform holding unit that holds power supply waveform data of an MPU as a reference; an in-use power supply waveform acquisition unit that acquires an in-use power supply waveform being a power supply waveform when using the MPU; a comparison unit that compares identity between the acquired in-use power supply waveform and the held reference waveform; a reference holding unit that holds a reference for determining both to have identity and/or non-identity; and an MPU operation stopping unit for stopping at least a part of MPU operation when both waveforms are determined to have non-identity in comparison results using the held reference in the comparison unit.
As described above, as a method of unauthorized access to a computer, specific example thereof generally include a method of reading a signal by bringing a needle used for the unauthorized access into direct contact with a pin terminal of an MPU. When the unauthorized access is committed by such a method, the power supply waveform inevitably has any influence during the contact.
The device according to the present example has been developed for the purpose of finding out a change in the power supply waveform and taking measures for preventing the unauthorized access. According to the device, even the unauthorized access without using a debug terminal can be prevented. Thus, distribution of information having high secrecy such as personal information and a trade secret can be prevented.
Hereinafter, a function of the device and a content of hardware, and a flow of processing according to the present example will be described in detail.
In addition, the functional block of each unit constituting the present device as described below may be realized as hardware, software or both the hardware and the software. Specific examples thereof include, if the unit uses a computer, a hardware configuration unit such as a CPU, a main memory, a bus or a secondary storage (storage media such as a hard disk, a nonvolatile memory, a CD-ROM and a DVD-ROM, and a reading drive of the media), a printer, a display device and other external peripheral devices, an I/O port for the external peripheral device, a driver program and other application programs for controlling the hardware, and a user interface used for information input.
Moreover, such hardware and software are utilized for performing operation processing of the program developed on the main memory in the CPU, or processing, accumulating or performing output processing of data held on the memory or the hard disk, or data input through an interface, or controlling each hardware configuration unit. Moreover, the present invention can be realized not only as the device but also as the method. Moreover, a part of such an invention can be configured as the software. Further, a software product used for allowing the computer to execute such software, and a storage medium to which the same product is fixed are also obviously included in the technical scope of the present invention (a same rule also applies thereto throughout the whole of the present description).
Functioning of the Reference Waveform Holding Unit, the in-Use Power Supply Waveform Acquisition Unit and the Comparison Unit
The device according to the present example needs to have a function for finding out a change to the power supply waveform as information for determining presence or absence of the unauthorized access.
In general, in order to find out the change, information during normal time needs to be compared with information at real time. The reason is that, if the information at real time has identity with the information during normal time, the waveform is taken as “having no change”, and if the information at real time has non-identity with the information during normal time, the waveform is taken as “having a change”.
If the description described above is adapted to the device according to the present invention, the information is in a relation in which the information during normal time is the “reference waveform”, and the information at real time is the “in-use power supply waveform”. Then, the change in the waveform is found out by comparing both the waveform information in the “comparison unit” and so forth. The “reference waveform holding unit”, the “in-use power supply waveform acquisition unit” and the “comparison unit” will be described on the premise described above.
The “reference waveform holding unit” has a function of holding the power supply waveform data of the MPU as the reference. The “MPU” herein means a so-called microprocessor, including the CPU and the GPU. The function is realized by the HDD, the DVD, the CD, the nonvolatile memory or the like, for example.
Unless there are power supply waveform data of the MPU in a state without unauthorized access, the change in the power supply waveform is unable to be found out by the comparison. Therefore, the information held herein serves as indispensable information upon comparison in the comparison unit described later.
An input method for the reference power supply waveform data of the MPU may be a method in which the power supply waveform data is directly acquired from a power supply line of the MPU before factory shipping or immediately after power-up, or if the power supply waveform to be originally held by the MPU can be grasped, the power supply waveform data may be directly recorded in the holding unit as data or a function.
Moreover, the reference power supply waveform data of the MPU may be supplied in the form of a graph showing a current or voltage value along elapse of time, data showing ranges of an upper limit and a lower limit of the current or voltage value, data of a spectrum of the waveform as described later, or further a signal waveform such as a clock waveform to be supplied in place of the power supply waveform, for example.
The “in-use power supply waveform acquisition unit” has a function of acquiring the in-use power supply waveform being the power supply waveform when using the MPU. The function can be realized by preliminarily setting a circuit for acquiring the waveform on a printed circuit board.
A place from which the in-use power supply waveform is acquired may be a portion from which power is supplied to the MPU, a power supply circuit common with the CPU, or any other places. However, the place from which the in-use power supply waveform is acquired is desirably a place sensitively influenced when the unauthorized access occurs. Therefore, the place is most preferably the portion from which the power is supplied to the MPU, being the portion having the highest sensitivity.
With regard to timing of acquiring the in-use power supply waveform, the waveform may be acquired constantly or intermittently. However, in view of difficulty in predicting the timing at which the unauthorized access is committed, the waveform is desirably acquired at the timing at which the unauthorized access at any time point can be found out. When the waveform is constantly acquired, the unauthorized access at any time point can be found out. Therefore, with regard to the timing of acquiring the in-use power supply waveform, the waveform is desirably acquired constantly.
The “comparison unit” has a function of comparing the identity between the acquired in-use power supply waveform and the held reference waveform. According to the function, a difference between the in-use power supply waveform and the reference waveform can be found out.
As described above, when the unauthorized access is committed by the method of reading the signal by bringing the needle used for the unauthorized access into direct contact with the pin terminal of the MPU, the power supply waveform inevitably has any influence during the contact. Therefore, if the unauthorized access should occur, an acquired power supply waveform should cause a difference from the reference waveform. A case where the noise is generated as in
The MPU protection device according to the present invention should have the function for finding out the change to the power supply waveform by having the “reference waveform holding unit”, the “in-use power supply waveform acquisition unit” and the “comparison unit” each having the function as described above.
When the change to the power supply waveform is found out by the functions of the “reference waveform holding unit”, the “in-use power supply waveform acquisition unit” and the “comparison unit”, the MPU protection device needs to have a function for freeing the MPU from the unauthorized access for protecting the MPU.
In general, when acquired information is linked with predetermined operation, as the premise, whether or not the predetermined operation is performed needs to be determined. When the premise is adapted to the MPU protection device, whether or not the “change to the power supply waveform” is caused by the influence by the unauthorized access needs to be determined. The reason is that various influences such as exogenous noise are considered for the change in the power supply waveform in addition to the influence by the unauthorized access, and only the influence by the unauthorized access needs to be definitely determined.
If the description described above is adapted to the MPU protection device according to the present invention, a unit holding the reference for determining whether or not the change is influenced by the unauthorized access, more specifically, whether or not the predetermined operation is to be performed is the “reference holding unit”, and a unit in which the predetermined operation is performed is positioned as the “MPU operation stopping unit”. The “reference holding unit” and the “MPU operation stopping unit” will be described based on the premises described above.
The “reference holding unit” has a function of holding the reference for determining both to have identity and/or non-identity. The function is realized by the HDD, the DVD, the CD, the nonvolatile memory or the like, for example. According to the function, as a result of the comparison in the comparison unit, a case where the change in the power supply waveform is influenced by the unauthorized access to the MPU and a case where the change is not influenced by the unauthorized access to the MPU can be differentiated.
As a content of the reference to be held, such a reference can be considered as a reference (1) in which both are determined to have non-identity when a rise or fall of center potential takes place at a predetermined proportion or more in comparison with the reference, a reference (2) in which the waveforms are determined to have non-identity when distortion of the waveform takes place at a predetermined proportion or more in an area ratio in comparison with the reference, and a reference (3) in which both are determined to have non-identity when a change in apart of spectrum takes place at a predetermined proportion or more in comparison with the reference, for one second or more for all.
Specifically, the predetermined proportion herein is desirably ±10% when the determination depends on the references (1) and (2), and on the other hand, the predetermined proportion is desirably ±30% when the determination depends on the reference (3).
For example, when the determination depends on the reference (1), presence or absence of the unauthorized access can be appropriately determined for such a change in which the whole of power supply waveform data rises or falls. Moreover, when the determination depends on the reference (2), presence or absence of the unauthorized access can be appropriately determined for such a change in which an amplitude between the upper limit and the lower limit is expanded or reduced in comparison with the reference while the center potential has no change. Further, when the determination depends on the reference (3), presence or absence of the unauthorized access can be appropriately definitely determined for the noise or the like in which the change easily appears in the spectrum.
While the potential in the reference waveform oscillates between the vicinity of “2” as an upper limit and the vicinity of “−2” as a lower limit, with the vicinity of “0” as the center potential,
While the potential in the reference waveform oscillates between the vicinity of “2” as an upper limit and the vicinity of “−2” as a lower limit, with the vicinity of “0” as the center potential,
In
The “MPU operation stopping unit” has a function of stopping at least a part of MPU operation when both waveforms are determined to have non-identity in comparison results using the held reference in the comparison unit. Specifically, the unit has a function of stopping at least a part of a program counter or data register of the MPU as a protection object. According to the function, when the unauthorized access is caused to the MPU, information leak by the unauthorized access can be blocked to protect the MPU.
The MPU protection device according to the present invention should have the function for freeing the MPU from the unauthorized access when the change to the power supply waveform is found out by having the “reference holding unit” and the “MPU operation stopping unit” each having the function as described above.
Even the unauthorized access without using the debug terminal can be prevented by having the functions as described above.
As shown in the figure, the MPU protection device in the present example has a “CPU (central processing unit)” (0601) for performing various operation processing, and a “main memory” (0602). Moreover, the device also has an “HDD” (0603) for holding reference waveform information, and determination reference information on presence or absence of the identity between the in-use power supply waveform and the reference waveform, and also an “I/O (input/output)” (0604) for acquiring in-use power supply waveform information from a “power supply line” of an MPU body, or transmitting an OFF signal to the MPU body when both are determined to have non-identity therebetween. Then, the elements are interconnected by a data communication channel such as a “system bus” (0605) to transmit and receive or process the information.
Moreover, the “main memory” causes reading of a program according to which various processing are performed in order to allow the “CPU” to execute the program, and simultaneously provides a work area being also a working area of the program. Moreover, a plurality of addresses are assigned to the “main memory”, the “HDD” and the “flash memory”, respectively, and in the program executed in the “CPU”, data can be exchanged with each other and processed by specifying the address and accessing thereto.
In the “I/O (input/output)” (0604) of the MPU protection device, the in-use power supply waveform information is acquired from a “power supply line” (0608) of an MPU (0606) being a protection object. Then, in the MPU protection device, the in-use power supply waveform information is stored in the address in the “main memory”.
Then, in the “CPU”, the acquired in-use power supply waveform is compared with the reference waveform preliminarily held in the “HDD”, presence or absence of the identity is determined by using a determination reference preliminarily held in the “HDD”, and if both are determined to have non-identity, the OFF signal is transmitted to a “UI” (0607) of the MPU (0606) by logic operation processing in the “CPU”, and so forth.
In the MPU (0606), if the OFF signal is received, apart or whole of supply of a power supply signal is stopped.
As shown in the figure, first, in-use power supply waveform being power supply waveform when using an MPU is acquired (S0701). Next, identity between the acquired in-use power supply waveform and a held reference waveform is compared (S0702). Then, when both waveforms are determined to have non-identity in comparison results using a held reference (S0703), at least a part of MPU operation is stopped (S0704). On the other hand, when both waveforms are determined to have identity in the comparison results using the held reference (S0703), the processing returns to the step of acquiring the in-use power supply waveform being the power supply waveform when using the MPU (S0701).
In addition, as described above, the held reference waveform may be the power supply waveform of electronic equipment including the MPU upon factory shipping thereof, or may be the waveform of the electronic equipment including the MPU during start of first use after purchase thereof.
According to the steps described above, even the unauthorized access without using the debug terminal can be prevented.
As a further desirable embodiment, the present example provides, based on Example 1, an MPU protection device, wherein the comparison unit has a spectrum comparison means for comparing identity by spectrum comparison.
Hereinafter, a function of the device and a content of hardware, and a flow of processing according to the present example will be described in detail.
The “reference waveform holding unit” has a function of holding power supply waveform data of the MPU as a reference. The “in-use power supply waveform acquisition unit” has a function of acquiring an in-use power supply waveform being a power supply waveform when using the MPU. The power supply waveform data herein is waveform spectrum data for both the in-use power supply waveform data and the power supply waveform data held as the reference.
The “comparison unit” (0804) has a function of comparing identity between the acquired in-use power supply waveform and the held reference waveform. Then, in the present example, the “comparison unit” has a spectrum comparison means (0807). The “spectrum comparison means” means a function of comparing the identity between the acquired in-use power supply waveform and the held reference waveform by spectrum comparison.
As described above, if unauthorized access should occur, an acquired power supply waveform should cause a difference from the reference waveform. When the difference is caused by a change as noise, the difference becomes clear by comparing spectra.
The unauthorized access can be appropriately found out for the noise or the like in which the change easily appears in the spectrum by having the function as described above.
Characteristic portions in Example 2 in each hardware configuration unit in each processing in the present device will be described by using the figure, and other portions are described in the same manner as in Example 1.
In the MPU protection device according to the present example, a comparison program has a spectrum comparison means as a content of the comparison program stored in the “main memory” (1002).
Therefore, a content of comparison in the “CPU” (1001) should be spectrum comparison. Moreover, reference waveform information held in the “HDD” (1003) of the MPU protection device and in-use power supply waveform information acquired in the “I/O (input/output)” (1004) and stored in the main memory should be the waveform spectrum data for both.
The comparison step in the present example has a spectrum comparison step. The “spectrum comparison step” means a step of comparing identity between the acquired in-use power supply waveform and the held reference waveform by the spectrum comparison.
As the premise of comparing the identity by the spectrum in the comparison step, waveform information held in the reference waveform holding unit of the MPU protection device should be the waveform spectrum data, and the waveform information acquired in the in-use power supply acquisition step (S1101) also should be the waveform spectrum data.
Thus, the unauthorized access can be appropriately found out for the noise or the like in which the change easily appears in the spectrum.
The present invention provides, in addition to the features in Examples 1 and 2, an MPU protection device, wherein the comparison unit has a majority comparison means for comparing identity by a majority of plural times of comparison results.
Hereinafter, a function of the device and a content of hardware, and a flow of processing according to the present example will be described in detail.
The “comparison unit” (1204) in the present example has a majority comparison means (1207). The “majority comparison means” means a function of comparing the identity by the majority of plural times of comparison results.
Moreover, the majority is not necessarily applied as the reference, and for example, if the noise is caused in 20% or more, the waveforms may be determined to have non-identity, or if the noise is caused in 30% or more, the waveforms may be determined to have non-identity. Then, the unit desirably has a function of automatically detecting what numerical value is to be applied as the reference. As the function, for example, the unit may have an exogenous noise measurement unit for measuring a quantity of electromagnetic wave noise under an environment in which an inspection target computer is placed. The function can be realized by an antenna for detecting the electromagnetic wave noise, for example.
Thus, erroneous determination in which a change in the waveform without depending on the unauthorized access is determined to be a change caused by the unauthorized access can be reduced, and presence or absence of the unauthorized access can determined with higher accuracy.
Characteristic portions in Example 3 in each hardware configuration unit in each processing in the present device will be described by using the figure, and other portions are described in the same manner as in Examples 1 and 2.
As a content of a comparison program stored in the “main memory” (1402), the comparison program has a majority comparison means. Therefore, a content of comparison in the “CPU” (1401) should be the majority of plural times of comparisons.
Here, reference waveform information held in the “HDD” (1403) of the MPU protection device and in-use power supply waveform information acquired in the “I/O (input/output)” (1404) of the MPU protection device and stored in the main memory may be amplitude data, or may be waveform spectrum data.
The comparison step (S1502) has a majority comparison step. A “majority comparison step” (1505) means a step of comparing the identity by the majority of plural times of comparison results.
Thus, erroneous determination in which a change in the waveform without depending on the unauthorized access is determined to be a change caused by the unauthorized access can be reduced, and presence or absence of the unauthorized access can be determined with higher accuracy.
As a further desirable embodiment, the present example provides, in addition to Example 1 or 3, an MPU protection device, wherein the reference waveform holding unit has a reference amplitude data holding means for holding reference amplitude data being amplitude data of a current or a voltage as power supply waveform data of an MPU, and the in-use power supply waveform acquisition unit has an in-use amplitude data acquisition means for acquiring in-use amplitude data being the amplitude data of the current or the voltage when using the MPU as the power supply waveform data when using the MPU, and the comparison unit has an amplitude data comparison means for comparing the in-use amplitude data with the reference amplitude data.
Hereinafter, a function of the device and a content of hardware, and a flow of processing according to the present example will be described in detail.
The “reference waveform holding unit” (1602) has a function of holding the power supply waveform data of the MPU as the reference. The reference waveform herein is the amplitude data of the current or the voltage. In the above case, the waveform information acquired in the “in-use power supply waveform acquisition unit” (1603) should be the amplitude data of the current or the voltage when using the MPU, and in the “comparison unit” (1604), the in-use amplitude data should be compared with the reference amplitude data.
In order to realize the function, the “reference waveform holding unit” has a reference amplitude data holding means (1607) for holding reference amplitude data being the amplitude data of the current or the voltage as the power supply waveform data of the MPU. Moreover, the “in-use power supply waveform acquisition unit” has an amplitude data acquisition means (1608) for acquiring in-use amplitude data being the amplitude data of the current or the voltage when using the MPU as the power supply waveform data when using the MPU. Further, the “comparison unit” has an amplitude data comparison means (1609) for comparing the in-use amplitude data with the reference amplitude data.
According to
Thus, unauthorized access influencing the power supply waveform in a form other than noise can be appropriately determined for such a case where the center potential rises or falls in comparison with the reference, or where an amplitude between an upper limit and a lower limit is expanded or reduced in comparison with the reference while the center potential has no change.
Characteristic portions in Example 4 in each hardware configuration unit in each processing in the present device will be described by using the figure, and other portions are described in the same manner as in Examples 1 to 3.
Therefore, a content of comparison in the “CPU” (1801) should be the comparison between the in-use amplitude data and the reference amplitude data. Moreover, the reference waveform information held in the “HDD” (1803) of the MPU protection device and the in-use waveform information acquired in the “I/O (input/output)” (1804) of the MPU protection device and stored in the main memory should be amplitude data for both.
The processing has an in-use power waveform acquisition step (S1901), a comparison step (S1902), confirmation of presence or absence of identity (S1903) and an MPU operation stopping step (S1904). In the above case, the MPU protection device to be used is provided on the premise of having the reference waveform holding unit having the reference amplitude data holding means.
The in-use power waveform acquisition step (S1901) in the present example has an in-use amplitude data acquisition step. An “in-use amplitude data acquisition step” (1905) means a step of acquiring the in-use amplitude data being the amplitude data of the current or the voltage when using the MPU as the power supply waveform data when using the MPU.
Moreover, the comparison step (S1902) in the present example has an amplitude data comparison step. An “amplitude data comparison step” (1906) means a step of comparing the in-use amplitude data with the reference amplitude data.
According to the steps described above, the unauthorized access influencing the power supply waveform in the form other than the noise can also be appropriately determined for such a case where the center potential rises or falls in comparison with the reference, or where the amplitude between the upper limit and the lower limit is expanded or reduced in comparison with the reference while the center potential has no change.
Moreover, the present example provides an MPU protection device, wherein a signal waveform of an MPU is used in addition to the power supply waveform or in place of the power supply waveform in Examples 1 to 4.
Hereinafter, a function of the device and a content of hardware, and a flow of processing according to the present example will be described in detail.
The “signal waveform” means the signal waveform such as a clock waveform to be supplied.
When such a configuration is taken, held reference waveform information and in-use power supply waveform information are only the signal waveform of the MPU, or the signal waveform and the power supply waveform of the MPU, and the waveforms should be compared in the comparison unit.
Thus, if a clock frequency signal waveform is used, for example, such unauthorized access as influencing a frequency can be reliably found out.
Characteristic portions in Example 5 in each hardware configuration unit in each processing in the present device will be described by using the figure, and other portions are described in the same manner as in Examples 1 to 4.
A content of comparison in the “CPU” (2101) should be the comparison between reference signal waveform information and in-use signal waveform information.
Therefore, programs stored in the “main memory” should be an MPU operation stopping program, and also an in-use signal waveform acquisition program, and a comparison program for comparing the in-use signal waveform information with the reference signal waveform information. Moreover, the reference waveform information held in the “HDD” (2103) of the MPU protection device and the in-use waveform information acquired in the “I/O (input/output)” (2104) of the MPU protection device and stored in the main memory should be signal waveform information for all.
First, an in-use signal waveform is acquired from an MPU protection device (S2201). Then, identity between the acquired in-use signal waveform (such as a clock frequency signal) and the held reference waveform (such as the clock frequency signal) is compared (S2202). As a result, when both waveforms are determined to have non-identity in comparison results using the held reference (S2203), at least a part of MPU operation is stopped (S2204). On the other hand, when both waveforms are determined to have identity in the comparison results using the held reference (S2203), the processing returns to the step of acquiring the in-use signal waveform being a signal waveform when using the MPU (S2201).
As the premise of comparing the waveforms by the signal waveform, the waveform information held in the reference waveform holding unit of the MPU protection device should be signal waveform information (such as the clock frequency signal), and the waveform information acquired in the in-use signal waveform acquisition step (S2201) also should be the signal waveform information (such as the clock frequency signal).
Thus, if the clock frequency signal waveform is used, for example, such unauthorized access as influencing a frequency can be reliably found out.
As a further desirable embodiment, the present invention provides, in addition to Examples 1 to 5, an MPU protection device having a non-normal operation unit that allows an MPU to intentionally perform wrong operation and/or dummy operation after stopping in an MPU operation stopping unit when both waveforms are determined to have non-identity in comparison results using a held reference in a comparison unit.
Hereinafter, a function of the device and a content of hardware, and a flow of processing according to the present example will be described in detail.
The “non-normal operation unit” has a function of allowing the MPU to intentionally perform wrong operation and/or dummy operation after stopping in the MPU operation stopping unit when both waveforms are determined to have non-identity in comparison results using held reference in the comparison unit. Specifically, the unit allows the MPU to perform wrong operation by providing the MPU being a protection object with a compulsive interrupt command. Moreover, the unit may allow the MPU to perform wrong operation by replacing a program counter of the MPU being the protection object.
A certain level of damage can be caused to a person who commits unauthorized access by having the function as described above, leading to suppression of committing such unauthorized access.
Characteristic portions in Example 6 in each hardware configuration unit in each processing in the present device will be described by using the figure, and other portions are described in the same manner as in Examples 1 to 5.
Programs stored in the “main memory” of the MPU protection device according to the present example are an in-use power supply waveform acquisition program, a comparison program, an MPU operation stopping program, and also a non-normal operation program. The “non-normal operation program” means the program of allowing the MPU to intentionally perform wrong operation and/or dummy operation.
Therefore, in the “CPU”, an acquired in-use power supply waveform is compared with a reference waveform preliminarily held in the “HDD”, presence or absence of identity is determined by using a determination reference preliminarily held in the “HDD”, and if both are determined to have non-identity, an OFF signal is transmitted to a “UI” (2407) of an “MPU” (2406) according to logic operation processing in the “CPU”, and then a wrong operation and/or dummy operation execution signal is transmitted thereto. Specifically, the wrong operation and/or dummy operation execution signal means the compulsive interrupt command or replacement of the program counter.
In the MPU (2406), if the OFF signal and the wrong operation and/or dummy operation execution signal are received, a part or whole of supply of a power supply signal is stopped and supply of an improper power supply signal is started.
In the present example, a non-normal operation step (S2505) exists after the MPU operation stopping step (S2504). The “non-normal operation step” means processing of allowing the MPU to intentionally perform wrong operation and/or dummy operation.
Thus, a certain level of damage can be caused to a person who commits unauthorized access, leading to suppression of committing such unauthorized access.
The present example provides electronic equipment equipped with an MPU protection device having the features in Examples 1 to 6 as extension of embodiments in Examples 1 to 6. Moreover, the present example provides a protection method for electronic equipment, using the MPU protection method having the features in Examples 1 to 6, also as the protection method for electronic equipment. More specifically, the feature of the present example is in integrating the MPU protection device or the MPU protection method in Examples 1 to 6 each with the electronic equipment or the protection method for electronic equipment. A functional configuration, a hardware configuration and a flow of processing of the MPU protection device are provided in the same manner as in Examples 1 to 6 for all.
According to the electronic equipment in the present example, the electronic equipment having a function for preventing even unauthorized access without using a debug terminal can be provided. Moreover, according to the MPU protection method in the present example, the electronic equipment that is liable to receive the unauthorized access without using the debug terminal can be protected.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/JP2015/078011 | 10/2/2015 | WO | 00 |