EP1131799A1 - Dispositif pour la limitation de fraudes dans une carte a circuit integre - Google Patents
Dispositif pour la limitation de fraudes dans une carte a circuit integreInfo
- Publication number
- EP1131799A1 EP1131799A1 EP99954054A EP99954054A EP1131799A1 EP 1131799 A1 EP1131799 A1 EP 1131799A1 EP 99954054 A EP99954054 A EP 99954054A EP 99954054 A EP99954054 A EP 99954054A EP 1131799 A1 EP1131799 A1 EP 1131799A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- threshold value
- state
- occurrences
- events
- indicator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0806—Details of the card
- G07F7/0813—Specific details related to card security
- G07F7/082—Features insuring the integrity of the data on or in the card
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
- G07F7/1083—Counting of PIN attempts
Definitions
- the present invention relates to an integrated circuit device containing a memory area comprising a data memory.
- Such an integrated circuit device is most often used for applications in which the security of information processing is essential.
- integrated circuit cards comprising applications relating to the health field, mobile telephony, or even applications relating to the banking field.
- An integrated circuit card consists of a plastic card body in which an electronic module is incorporated. Said card communicates with a terminal, for example, a mobile telephone, a banking terminal or even a computer, via a communication network and can send messages containing encrypted information to said terminal via this network in order to secure an information transfer. In everyday language, we say that the message is signed. For the calculation of the encrypted information, the card uses a secret coding key which is located in the data memory of its memory area and an encryption algorithm.
- an integrated circuit card remains vulnerable to the extent that a fraudster can perform a large number of actions on the card that will allow him to unlock his secrets.
- said fraudster wishing to find said coding key, can for example send an instruction to sign a message to said card and keep track of the signals generated during the execution of said instruction. Subsequently, it can send a large number of instructions for signing the same message, subject the card to electromagnetic disturbances at precise moments in the progress of said algorithm and keep the traces of the different signals transmitted.
- said fraudster can study the differences or the absence of differences between the various encrypted information obtained to discover a part of the coding key.
- said fraudster can still access confidential information by performing a very large number of actions on the integrated circuit card.
- a technical problem to be solved by the object of the present invention is to propose an integrated circuit device containing a memory area comprising a data memory, a device which would make it possible to better secure the card by limiting the number of possible actions on the card from a fraudster.
- a solution to the technical problem posed consists, according to the present invention, in that said data memory contains at least one counter element, at least one indicator element and at least one threshold value, said counter element counting, on the one hand, at less a number of occurrences of events occurring in said device, and, being, on the other hand, capable of reaching said threshold value indicative of a high maximum number of occurrences of said events, said indicator element being able to pass from a first state to a second state when said counter element has reached said threshold value.
- the device of the invention makes it possible to limit a number of possible actions or events on said integrated circuit card thanks, on the one hand, to a counter element which will count the number of actions carried out taking into account an action or a group of actions, and, on the other hand, thanks to an indicator element which will indicate that a threshold value of occurrences of events or actions has been reached which will allow thereafter to sanction a next exceeding of said threshold value.
- Figure 1 is a diagram of an integrated circuit device according to the invention, here an integrated circuit card.
- FIG. 2 is a diagram representing a memory area of the card of FIG. 1 according to the invention.
- FIG. 3 is a diagram showing a distribution of counting and indicating elements in the memory zone of FIG. 2.
- FIG. 4 is a diagram showing another distribution of counter and indicator elements in the memory zone of FIG. 2.
- FIG. 5 is a diagram of another implementation of the invention, said memory zone of FIG. 2 containing two identical indicator elements.
- FIG. 1 shows an integrated circuit device 10, an integrated circuit card in the embodiment shown.
- This card 10 contains a control element 11 (for example a central processing unit or CPU), a memory area 12 containing a data memory 14, and a block 13 of contacts intended for an electrical connection with for example a connector a card reader.
- Said memory area 12 is shown in FIG. 2. It contains a counter element CPT, a threshold value VS, an indicator element I and a blocking means Mb, said indicator element being capable of passing from a first state el to a second state e2 when said counter element has reached said threshold value.
- a power-up is an event which results in the sending by the card of a message, commonly called response to reset.
- Sending a signed message is also an event.
- the counter element CPT counts at least a number of occurrences of events occurring in the card, the number of occurrences of signed messages for example. Said counter element is capable of reaching the threshold value VS indicative of a high maximum number of occurrences of said events.
- the threshold value VS being fixed, may be found in one of these three memories , said memories being within the meaning of the patent a data memory, while the counter and indicator elements will be in a rewritable memory, their value being variable.
- said threshold value represents an improbable number of occurrences of said events occurring in said device during normal use of said device.
- said maximum number of occurrences of events is chosen to be high because it represents a number improbable occurrence of events and thus, said high maximum number of occurrence of events has a value greater than about one hundred, preferably greater than about one thousand.
- the threshold value will have as definition the number two thousand.
- said indicator element I goes from a first state el to a second state e2, it is said that element I goes from a passive state to a state active and, moreover, the device according to the invention provides that said memory area 12 includes means Mb for blocking the operation of said device when an indicator element has passed into the second state e2.
- an element I is activated and said blocking means Mb, after having verified the state of said element I, blocks said card which can no longer either receive or produce any event of the same nature that the one who activated the indicator element, here a signed message type event, either receive no event or perform any action whatsoever. In the latter case, said card is unusable and it is commonly said that the card is silent.
- a counter element is defined for a single event.
- the counter element CPT1 is defined for the event E1, the element CPT2 for the event E2 and the element CPT3 for the event E3.
- a counter element is defined for at least two events, said events being part of the same family.
- the counting elements CPT1 and CPT2 are defined respectively for the two families of events (E1, E2, E3) and (E4, E5).
- the invention provides that a threshold value is defined for each counter element.
- a threshold value is defined for each counter element.
- indicator elements indicate that the maximum number of authorized event occurrences represented by the VS threshold value has been reached.
- the device according to the invention provides that at least one indicator element I is defined for a single counter element CPT.
- the indicator element II goes into the second state e l2.
- the blocking means Mb checks the state of said element II and as soon as it has gone into the second state, it blocks said card, it is the same with elements 12 and 13.
- the device according to the invention provides that at least one indicator element
- the element II passes from the state el l to the state el2 which indicates that a fraud has taken place and consequently, the medium Mb blocks the card.
- the number of occurrences of events occurring in a card is limited, and consequently the number of possible actions on the card on the part of a fraudster. .
- said data memory 14 of said device contains at least two identical indicator elements located at non-contiguous locations of said data memory, said elements being attached to the same set of counter elements containing one or more counters according to the two aforementioned variants in relation to FIGS. 3 and 4.
- the indicator element I'I is identical to II insofar as they are both attached to the elements CPTl and CPT2 and they pass at the same time time from a first state to a second state when any of these two counting elements has reached its maximum value.
- said indicator elements are located in the data memory 14 of said card at non-contiguous locations which makes it possible to avoid fraud which would consist in changing the state of all the identical active indicator elements, said fraud being facilitated by the fact that the elements would be in very close locations one of the other. Also, even if a fraudster manages to change the state of an element I by making it passive, the other identical indicator elements will remain active because, in this case, it will be improbable for said fraudster to find the location of all the elements. identical indicators.
- the device according to the invention provides that said blocking means Mb blocks the operation of said device when the state of an indicator element is different from the state of another identical indicator element.
- said fraudster's action is thus countered.
- the values of the first states of the indicator elements may be equivalent or different from one another. It will be the same for the values of the second states.
- the device according to the invention makes it possible to better secure the card by limiting the number of possible actions on it by a fraudster.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9814409A FR2786006B1 (fr) | 1998-11-17 | 1998-11-17 | Dispositif pour la limitation de fraudes dans une carte a circuit integre |
FR9814409 | 1998-11-17 | ||
PCT/FR1999/002690 WO2000030047A1 (fr) | 1998-11-17 | 1999-11-04 | Dispositif pour la limitation de fraudes dans une carte a circuit integre |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1131799A1 true EP1131799A1 (fr) | 2001-09-12 |
Family
ID=9532808
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99954054A Withdrawn EP1131799A1 (fr) | 1998-11-17 | 1999-11-04 | Dispositif pour la limitation de fraudes dans une carte a circuit integre |
Country Status (7)
Country | Link |
---|---|
US (1) | US6726108B1 (fr) |
EP (1) | EP1131799A1 (fr) |
JP (1) | JP2002530758A (fr) |
CN (1) | CN1154961C (fr) |
AU (1) | AU1051300A (fr) |
FR (1) | FR2786006B1 (fr) |
WO (1) | WO2000030047A1 (fr) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2834366B1 (fr) * | 2001-12-28 | 2004-08-20 | Ct D Echanges De Donnees Et D | Carte a puce autoverrouillable, dispositif de securisation d'une telle carte et procedes associes |
FR2853785B1 (fr) * | 2003-04-09 | 2006-02-17 | Oberthur Card Syst Sa | Entite electronique securisee avec compteur modifiable d'utilisations d'une donnee secrete |
EP1612639A1 (fr) * | 2004-06-30 | 2006-01-04 | ST Incard S.r.l. | Méthode de détection et de réaction contre une attaque potentielle d'une opération exécutée par un jeton ou une carte cryptographique et visant à faire respecter la sécurité. |
US20070034700A1 (en) * | 2005-04-27 | 2007-02-15 | Mark Poidomani | Electronic cards and methods for making same |
DE102005058878B4 (de) * | 2005-12-09 | 2007-08-09 | Infineon Technologies Ag | Datentransfervorrichtung und Verfahren zum Senden von Daten |
FR2910666B1 (fr) | 2006-12-26 | 2013-02-08 | Oberthur Card Syst Sa | Dispositif electronique portable et procede de securisation d'un tel dispositif |
US8430323B2 (en) * | 2009-06-12 | 2013-04-30 | Oberthur Technologies of America Corp. | Electronic device and associated method |
KR101418962B1 (ko) * | 2009-12-11 | 2014-07-15 | 한국전자통신연구원 | 부채널 공격 방지를 위한 보안 장치 및 방법 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4109312A (en) * | 1974-02-07 | 1978-08-22 | Firma Carl Schenk Ag | Method and apparatus for measuring and indicating the unbalance of a rotor |
JPS60207957A (ja) * | 1984-03-31 | 1985-10-19 | Toshiba Corp | デ−タ保護方式 |
FR2705810B1 (fr) * | 1993-05-26 | 1995-06-30 | Gemplus Card Int | Puce de carte à puce munie d'un moyen de limitation du nombre d'authentifications. |
FR2716021B1 (fr) * | 1994-02-09 | 1996-04-12 | Gemplus Card Int | Procédé et système de transaction par carte à puce. |
JP3201157B2 (ja) * | 1994-07-26 | 2001-08-20 | 松下電器産業株式会社 | Icカード装置 |
FR2819070B1 (fr) * | 2000-12-28 | 2003-03-21 | St Microelectronics Sa | Procede et dispositif de protection conte le piratage de circuits integres |
-
1998
- 1998-11-17 FR FR9814409A patent/FR2786006B1/fr not_active Expired - Fee Related
-
1999
- 1999-11-04 WO PCT/FR1999/002690 patent/WO2000030047A1/fr active Application Filing
- 1999-11-04 JP JP2000582978A patent/JP2002530758A/ja not_active Abandoned
- 1999-11-04 AU AU10513/00A patent/AU1051300A/en not_active Abandoned
- 1999-11-04 CN CNB998134155A patent/CN1154961C/zh not_active Expired - Fee Related
- 1999-11-04 EP EP99954054A patent/EP1131799A1/fr not_active Withdrawn
- 1999-11-04 US US09/856,191 patent/US6726108B1/en not_active Expired - Fee Related
Non-Patent Citations (1)
Title |
---|
See references of WO0030047A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2000030047A1 (fr) | 2000-05-25 |
JP2002530758A (ja) | 2002-09-17 |
AU1051300A (en) | 2000-06-05 |
FR2786006B1 (fr) | 2001-10-12 |
FR2786006A1 (fr) | 2000-05-19 |
US6726108B1 (en) | 2004-04-27 |
CN1154961C (zh) | 2004-06-23 |
CN1326580A (zh) | 2001-12-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0531241B1 (fr) | Système électronique à accès contrÔlé | |
EP0675614A1 (fr) | Dispositif de mise en oeuvre d'un système d'échange sécurisé de données du genre RSA limité à la signature numérique et la vérification des messages | |
EP1269440A1 (fr) | Membrane elastomere anti-intrusion pour boitiers electroniques securises | |
WO2008023114A1 (fr) | Terminal de paiement electronique biometrique et procede de transaction | |
EP2449497A1 (fr) | Procede de detection d'une tentative d'attaque, support d'enregistrement et processeur de securite pour ce procede | |
EP1131799A1 (fr) | Dispositif pour la limitation de fraudes dans une carte a circuit integre | |
EP0776498B1 (fr) | Dispositif de clavier securise | |
FR2920561A1 (fr) | Borne de lecture d'informations contenues dans une memoire d'un objet portable et procede de fonctionnement de cette borne. | |
EP0791877B1 (fr) | Dispositif électronique délivrant une référence temporelle sûre pour la protection d'un logiciel | |
WO2002052389A2 (fr) | Methode anti-clonage d'un module de securite | |
EP1609326B1 (fr) | Procede de protection d'un terminal de telecommunication de type telephone mobile | |
WO2016046307A1 (fr) | Procédé d'auto-détection d'une tentative de piratage d'une carte électronique de paiement, carte, terminal et programme correspondants | |
FR2771533A1 (fr) | Carte de securite pour paiement securise par carte de credit | |
EP1436792A1 (fr) | Protocole d'authentification a verification d'integrite de memoire | |
WO2003056524A1 (fr) | Carte a puce autoverrouillable et dispositif de securisation d'une telle carte | |
EP2356608B1 (fr) | Procede et dispositif de diagnostic de la premiere reception d'un identifiant, procede de detection, support d'enregistrement et programme d'ordinateur pour ce procede | |
EP1544818A1 (fr) | Terminal sécurisé | |
EP2622526B1 (fr) | Dispositif de protection, terminal de paiement électronique et tête de lecture magnétique correspondants | |
EP1493072B1 (fr) | Procede et dispositif de protection de donnees numeriques stockees dans une memoire | |
EP0996102B1 (fr) | Procédé de contrôle d'un terminal muni d'un connecteur de carte à micromodules à contacts | |
EP1862952A1 (fr) | Dispositif électronique sécurisé | |
EP0817144A1 (fr) | Procédé de contrÔle de l'utilisation d'un messageur, messageur fonctionnant selon ce procédé et carte à puce pour l'accès conditionné à un messageur | |
FR2904449A1 (fr) | Procede de securisation pour appareil electronique utilisant une carte a puce | |
WO2016142487A1 (fr) | Touche sécurisée de clavier analogique, procédé et module de détection d'intrusion, terminal de paiement électronique, programme et support d'enregistrement correspondants | |
EP1254439A1 (fr) | Systeme de tele-paiement securise par signature numerique pour carte de paiement |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20010618 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
AX | Request for extension of the european patent |
Free format text: AL;LT;LV;MK;RO;SI |
|
17Q | First examination report despatched |
Effective date: 20030410 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: AXALTO S.A. |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GEMALTO SA |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20090613 |