Search

US-20260128881-A1 - SEMICONDUCTOR DEVICE AND CONTROL METHOD OF SEMICONDUCTOR DEVICE

US20260128881A1US 20260128881 A1US20260128881 A1US 20260128881A1US-20260128881-A1

Abstract

A method for controlling a semiconductor device capable of ensuring robust security is provided. The method is implemented by a semiconductor device comprising an encryption key protection circuit, a processor, and a memory. It includes instructing, by the processor, the encryption key protection circuit to generate an encryption key pair, generating, by the encryption key protection circuit, the encryption key pair internally according to the instruction, encrypting, by the encryption key protection circuit, the generated encryption key pair using a common key, storing, by the processor, the encrypted encryption key pair output from the encryption key protection circuit into the memory, receiving, by the encryption key protection circuit, the encrypted encryption key pair stored in the memory when utilizing the encryption key pair, and decrypting, by the encryption key protection circuit, the encrypted encryption key pair received from the memory using the common key.

Inventors

  • Hiroki Ishiguro
  • Kosuke SHIBUYA
  • Kazuki MOCHIZUKI
  • Kyohei KIDA

Assignees

  • RENESAS ELECTRONICS CORPORATION

Dates

Publication Date
20260507
Application Date
20250904
Priority Date
20241101

Claims (16)

  1. 1 . A method implemented by a semiconductor device comprising an encryption key protection circuit, a processor, and a memory, comprising: instructing, by the processor, the encryption key protection circuit to generate an encryption key pair; generating, by the encryption key protection circuit, the encryption key pair internally according to the instruction; encrypting, by the encryption key protection circuit, the generated encryption key pair using a common key; storing, by the processor, the encrypted encryption key pair output from the encryption key protection circuit in the memory; receiving, by the encryption key protection circuit, when using the encryption key pair, the encrypted encryption key pair stored in the memory; and decrypting, using the common key by the encryption key protection circuit, the encrypted encryption key pair received from the memory.
  2. 2 . The method according to claim 1 , wherein the instructing includes instructing by the processor the encryption key protection circuit to generate the encryption key upon an initial power-on of the semiconductor device by the processor.
  3. 3 . The method according to claim 1 , further comprising receiving by the encryption key protection circuit the instruction from the processor, wherein the receiving includes accepting of instructions from the processor that has been pre-authorized for access and does not include accepting of instructions from the processor that has not been pre-authorized for access.
  4. 4 . The method according to claim 2 , wherein the instructing includes, by the processor, reading of program code stored in the memory upon an initial power-on of the semiconductor device and instructing the encryption key protection circuit to generate the encryption key.
  5. 5 . The method according to claim 1 , wherein the common key is stored within the encryption key protection circuit in a state that cannot be read from outside the semiconductor device.
  6. 6 . A semiconductor device comprising: an encryption key protection circuit; a processor that instructs the encryption key protection circuit to generate an encryption key pair; and a memory, wherein the encryption key protection circuit comprises: an encryption key generation unit that generates the encryption key pair internally according to instructions from the processor; an encryption unit that encrypts the generated encryption key pair using a common key and outputs the encrypted encryption key pair for storage in the memory; and a decryption unit that decrypts the encrypted encryption key pair stored in the memory using the common key when utilizing the encryption key pair.
  7. 7 . The semiconductor device according to claim 6 , wherein the processor instructs the encryption key protection circuit to generate the encryption key upon an initial power-on of the semiconductor device.
  8. 8 . The semiconductor device according to claim 6 , wherein the encryption key protection circuit accepts instructions from the processor that has been pre-authorized for access and does not accept instructions from the processor that has not been pre-authorized for access.
  9. 9 . The semiconductor device according to claim 6 , wherein the processor reads program code stored in the memory upon an initial power-on of the semiconductor device and instructs the encryption key protection circuit to generate the encryption key.
  10. 10 . The semiconductor device according to claim 6 , wherein the common key is stored within the encryption key protection circuit in a state that cannot be read from outside the semiconductor device.
  11. 11 . A method implemented by a semiconductor device comprising a protection circuit with guaranteed appropriate security strength, a processor, and a memory, comprising: instructing, by the processor, the protection circuit to generate an encryption key pair; generating, by the protection circuit, an encryption key pair internally according to the instruction; encrypting, by the protection circuit, the generated encryption key pair using a common key; storing, by the processor, the encrypted encryption key pair output from the protection circuit in the memory; receiving, by the protection circuit, when using the encryption key pair, the encrypted encryption key pair stored in the memory; and decrypting, using the common key by the protection circuit, the encrypted encryption key pair received from the memory.
  12. 12 . The method according to claim 11 , wherein the instructing includes instructing by the processor the protection circuit to generate the encryption key upon an initial power-on of the semiconductor device by the processor.
  13. 13 . The method according to claim 11 , further comprising receiving by the protection circuit the instruction from the processor, wherein the receiving includes accepting of instructions from the processor that has been pre-authorized for access and does not include accepting of instructions from the processor that has not been pre-authorized for access.
  14. 14 . The method according to claim 12 , wherein the instructing includes, by the processor, reading of program code stored in the memory upon an initial power-on of the semiconductor device and instructing the protection circuit to generate the encryption key.
  15. 15 . The method according to claim 11 , wherein the common key is stored within the protection circuit in a state that cannot be read from outside the semiconductor device.
  16. 16 . A semiconductor device comprising: a protection circuit with guaranteed appropriate security strength; a processor that instructs the protection circuit to generate an encryption key pair; and a memory, wherein the protection circuit comprises: an encryption key generation unit that generates the encryption key pair internally according to instructions from the processor; an encryption unit that encrypts the generated encryption key pair using a common key and outputs the encrypted encryption key pair for storage in the memory; and a decryption unit that decrypts the encrypted encryption key pair stored in the memory using the common key when utilizing the encryption key pair.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS The disclosure of Japanese Patent Application No. 2024-192785 filed on Nov. 1, 2024, including the specification, drawings and abstract is incorporated herein by reference in its entirety. BACKGROUND The present disclosure relates to a semiconductor device, particularly to a semiconductor device with a cryptographic key protection circuit and its control method. There are disclosed techniques listed below. [Patent Document 1] Japanese Unexamined Patent Application Publication No. 2021-184584 Conventionally, semiconductor devices have been proposed that hold both a device-specific key and a common key and utilize a cryptographic key protection circuit capable of performing encryption and decryption using the device-specific key and decryption using the common key. The cryptographic key protection circuit performs an activation process where data encrypted with the common key is decrypted using the common key, then encrypted using the device-specific key, and written to non-volatile memory. After the activation process, the encrypted data is read from the non-volatile memory, and the cryptographic key protection circuit decrypts it using the device-specific key to supply it to the processor. SUMMARY On the other hand, conventional methods have aspects that could be further improved in terms of security regarding the generation of device-specific keys. The present disclosure has been made to solve the above issues and provides a semiconductor device and a control method for the semiconductor device that can ensure robust security. Other objects and novel features will become apparent from the description of this specification and the accompanying drawings. The method of the present disclosure is implemented by a semiconductor device comprising a cryptographic key protection circuit, a processor, and a memory. The method includes: instructing, by the processor, the encryption key protection circuit to generate an encryption key pair; generating, by the encryption key protection circuit, the encryption key pair internally according to the instruction; encrypting, by the encryption key protection circuit, the generated encryption key pair using a common key; storing, by the processor, the encrypted encryption key pair output from the encryption key protection circuit in the memory; receiving, by the encryption key protection circuit, when using the encryption key pair, the encrypted encryption key pair stored in the memory; and decrypting, using the common key by the encryption key protection circuit, the encrypted encryption key pair received from the memory. The semiconductor device of the present disclosure includes a cryptographic key protection circuit, a processor that instructs the cryptographic key protection circuit to generate a cryptographic key pair, and a memory. The encryption key protection circuit comprises: an encryption key generation unit that generates the encryption key pair internally according to instructions from the processor; an encryption unit that encrypts the generated encryption key pair using a common key and outputs the encrypted encryption key pair for storage in the memory; and a decryption unit that decrypts the encrypted encryption key pair stored in the memory using the common key when utilizing the encryption key pair. The method of the present disclosure is implemented by a semiconductor device comprising a protection circuit with guaranteed appropriate security strength, a processor, and a memory. The method includes: instructing, by the processor, the protection circuit to generate an encryption key pair; generating, by the protection circuit, an encryption key pair internally according to the instruction; encrypting, by the protection circuit, the generated encryption key pair using a common key; storing, by the processor, the encrypted encryption key pair output from the protection circuit in the memory; receiving, by the protection circuit, when using the encryption key pair, the encrypted encryption key pair stored in the memory; and decrypting, using the common key by the protection circuit, the encrypted encryption key pair received from the memory. Another semiconductor device of the present disclosure includes a protection circuit with guaranteed appropriate security strength; a processor that instructs the protection circuit to generate an encryption key pair; and a memory. The protection circuit comprises: an encryption key generation unit that generates the encryption key pair internally according to instructions from the processor; an encryption unit that encrypts the generated encryption key pair using a common key and outputs the encrypted encryption key pair for storage in the memory; and a decryption unit that decrypts the encrypted encryption key pair stored in the memory using the common key when utilizing the encryption key pair. The semiconductor device and the control method of the semiconductor device of the pre