EP1374191A2 - Extraction d'une donnee privee pour authentification d'un circuit integre - Google Patents

Extraction d'une donnee privee pour authentification d'un circuit integre

Info

Publication number
EP1374191A2
EP1374191A2 EP02730352A EP02730352A EP1374191A2 EP 1374191 A2 EP1374191 A2 EP 1374191A2 EP 02730352 A EP02730352 A EP 02730352A EP 02730352 A EP02730352 A EP 02730352A EP 1374191 A2 EP1374191 A2 EP 1374191A2
Authority
EP
European Patent Office
Prior art keywords
network
private data
circuit
data
physical parameters
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP02730352A
Other languages
German (de)
English (en)
French (fr)
Inventor
Pierre-Yvan Liardet
Luc Wuidart
François Guette
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
STMicroelectronics SA
Original Assignee
STMicroelectronics SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by STMicroelectronics SA filed Critical STMicroelectronics SA
Publication of EP1374191A2 publication Critical patent/EP1374191A2/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • G07F7/127Card verification in which both online and offline card verification can take place
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/12Card verification
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L23/00Details of semiconductor or other solid state devices
    • H01L23/544Marks applied to semiconductor devices or parts, e.g. registration marks, alignment structures, wafer maps
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L23/00Details of semiconductor or other solid state devices
    • H01L23/57Protection from inspection, reverse engineering or tampering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L2223/00Details relating to semiconductor or other solid state devices covered by the group H01L23/00
    • H01L2223/544Marks applied to semiconductor devices or parts
    • H01L2223/54433Marks applied to semiconductor devices or parts containing identification or tracking information
    • H01L2223/5444Marks applied to semiconductor devices or parts containing identification or tracking information for electrical read out
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L2223/00Details relating to semiconductor or other solid state devices covered by the group H01L23/00
    • H01L2223/544Marks applied to semiconductor devices or parts
    • H01L2223/54473Marks applied to semiconductor devices or parts for use after dicing
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L2924/00Indexing scheme for arrangements or methods for connecting or disconnecting semiconductor or solid-state bodies as covered by H01L24/00
    • H01L2924/0001Technical content checked by a classifier
    • H01L2924/0002Not covered by any one of groups H01L24/00, H01L24/00 and H01L2224/00

Definitions

  • the present invention relates to the authentication of an integrated circuit or of an electronic element or sub-assembly containing such a circuit by means of an authentication procedure using a secret datum contained in the integrated circuit.
  • the invention relates more particularly to authentication procedures based on the use of a private data or key (also called secret) by means of an external device.
  • An example of application of the present invention is the field of smart cards whether or not with prepaid account units.
  • the various authentication methods of a smart card or the like are intended to prevent piracy or falsification of a card either by using a discrete device reproducing the card, or by pirating a reading terminal. or by large-scale reproduction of falsified smart cards.
  • the private data itself is not sent, but a calculation result taking this private data into account, a number depending on a random number chosen by the integrated circuit and communicated to the external device, and a random number chosen by the external device and communicated to the card.
  • the result is then verified by the external device to authenticate the card.
  • the present invention aims to improve the procedures and systems for authenticating integrated circuits using private data originating from the integrated circuit.
  • the invention aims, more particularly, to optimize the anti-fraud security of electronic devices using an integrated circuit provided with private data by preventing the extraction of this private data by various attacks of the integrated circuit.
  • the present invention provides a method of extracting private data in an integrated circuit participating in an authentication procedure by means of an external device taking this private data into account, the private data being generated on demanded and made ephemeral.
  • a lifetime of this private data is initialized and this data is erased from at least one first storage element containing it, at the end of this lifespan.
  • the generation of the private data and the initialization of its lifetime are triggered by the same signal.
  • the lifetime of the private data is reduced as it is generated.
  • the lifetime is variable.
  • the private data is obtained at least partially from a network of physical parameters.
  • the network of physical parameters is programmable.
  • the network of physical parameters is programmed, at least partially, by a word supplied by a storage element.
  • the network of physical parameters is programmed, at least partially, by noise.
  • the network of physical parameters is also controlled outside the periods of generation of the private data.
  • the private data is obtained at least from a first data stored in the integrated circuit and from a second data generated on request by the network of physical parameters.
  • the second datum is made ephemeral.
  • the numbers of bits of the first and second data are close to each other, preferably equal.
  • the present invention also provides an integrated circuit, comprising means for implementing the method.
  • the circuit includes a reset circuit of at least one storage element.
  • the reset circuit consists of one or more delay elements initialized by a command to generate the private data.
  • FIG. 1 illustrates, in the form of a flowchart, a method of authenticating an integrated circuit using private data to which the present invention applies
  • FIG. 2 represents, in the form of a block diagram and very schematically, a circuit for extracting private data according to an embodiment of the present invention
  • FIG. 3 represents an embodiment of a network of physical parameters of an extraction circuit according to the present invention
  • FIGS. 4A and 4B illustrate, in the form of timing diagrams, the operation of the network of FIG. 3
  • Figures 5, 6 and 7 show three embodiments of a reset circuit of an extraction circuit according to the present invention.
  • a characteristic of the present invention is not to permanently store the private or secret data in binary form in the integrated circuit but to generate this private data on request, that is to say during a procedure of 'authentication.
  • the invention further provides that this private data is ephemeral, that is to say that it is no longer detectable in the integrated circuit after a predetermined time following its generation.
  • FIG. 1 represents, in the form of a simplified flowchart, an embodiment of a procedure authentication of the type to which the present invention applies. This example relates to the authentication of a smart card by an external device. In FIG. 1, the steps of the authentication procedure taking place on the card C side or on the reader R side have been highlighted.
  • An authentication phase naturally follows the introduction of a card into the reader, the sending of an identifier by the card to the reader or to a central, its verification by the central, then the extraction by the central of 'a data or public key v from the identifier communicated by the card.
  • This public key most often comes from a key table.
  • a number r (block 10). This number r is stored (block 11, MEM (r)) in the integrated circuit of the card. Then, we apply (block 12) to this number r a first algorithm ALG01 providing a result X. The result X is transmitted to the reader R which stores it (block 13, MEM (X)). On the reader side, we draw a random number e (block 14) which we memorize (block 15, MEM (e)). This number e is sent to the card C which itself stores it (block 16, MEM (e)).
  • the card then extracts its private data s (block 17) according to the method of the present invention.
  • This private data is taken into account in a second algorithm ALG02 (block 18) with the data r and e to provide a result Y.
  • the number r is erased after having been used for the calculation of the number Y and before 1 sending of the latter.
  • the result Y is sent to the reader R which verifies (block 19) by means of a third algorithm ALG03 that the quantity X is indeed equal to the application of this algorithm to the quantities Y, e and v.
  • the public key v is of course a function of the data or private key s of the card.
  • the reader supplies an authentication (T) or absence of authentication (F) indicator to the card (block 20).
  • T authentication
  • F absence of authentication
  • the authentication procedure is then completed.
  • An authentication method as described in FIG. 1 is known.
  • the invention intervenes only to provide the private data s in a characteristic manner.
  • the sizes of different data are generally important to improve security against hacking.
  • the different data taken into account can have the following sizes: n, g and X each represent approximately 1000 bits; r, s and Y each represent about 220 bits; and e represents about 30 bits.
  • the public key v can be calculated by the reader or the central office from the identifier of the card and from data sent by the latter.
  • FIG. 2 represents an embodiment of a cell 1 for extracting private data in an integrated circuit according to the present invention.
  • Cell 1 comprises a network of physical parameters (PPN) linked to the manufacture of the integrated circuit chip.
  • PPN physical parameters
  • This network of physical parameters 2 provides a large number of signals and participates in the generation of the private data s according to the invention.
  • a preferred embodiment of a network of physical parameters will be illustrated below in relation to FIG. 3.
  • a network classic of physical parameters consisting, for example in measuring electrical parameters. It may, for example, be a measurement of a threshold voltage of a transistor, a measurement of a resistance or a measurement of stray capacitance, a measurement of current produced by a source of current, a time constant measurement (for example, an RC circuit), a measurement of an oscillation frequency, etc.
  • a network classic of physical parameters consisting, for example in measuring electrical parameters. It may, for example, be a measurement of a threshold voltage of a transistor, a measurement of a resistance or a measurement of stray capacitance, a measurement of current produced by a source of current, a time constant measurement (for example, an RC circuit), a measurement of an oscillation frequency, etc.
  • the electrical parameter or parameters taken into account are specific to a manufacturing and constitute a signature of the integrated circuits resulting from this manufacturing.
  • these signals are converted into digital signals by means of an analog-to-digital converter 24 (ADC) and, where appropriate, multiplexed by a multiplexer 4 (MUX) to constitute a binary word SP2, stored in a register 25.
  • ADC analog-to-digital converter 24
  • MUX multiplexer 4
  • the word SP2 is therefore sensitive to technological and manufacturing process dispersions.
  • the converter 24 and the multiplexer 4 have been shown in dotted lines because they are optional elements.
  • the converter 24 can be omitted in the preferred embodiment of the network of physical parameters described later with reference to FIG. 3.
  • the electrical parameters measured by means of the network 2 are not always the same.
  • Network 2 is then programmable. It is parameterized or configured at each measurement from a binary word MP, stored in a register 26.
  • the word MP is specific to the integrated circuit chip and can be individualized from one card to another.
  • the measurement of physical parameters is triggered by a MES signal from a control unit 7 of cell 1.
  • Cell 1 preferably receives a single control signal St, triggering an extraction of the parameter s delivered on a single output terminal of cell 1.
  • the word SP2 is supplied to a combiner 8 also receiving a binary word SP1 stored in a register 9.
  • the role of the circuit 8 is to combine the words SP1 and SP2 to provide the private data s stored in a register 10.
  • the number s is then a k bit word obtained from the words SP1 and SP2 respectively on kl and k2 bits.
  • the numbers k1 and k2 of bits of the words SP1 and SP2 are equal. This keeps equality of difficulty to a possible pirate in case a part (SP1 or SP2) of the word s comes to be discovered.
  • the SP1 number differs from one card to another.
  • the combiner 8 guarantees the size of the data s and a non-zero value.
  • the use of a data SP1 specific to the card guarantees that the private key is unique whatever the data MP supplied to the network of physical parameters to configure it. According to a simplified embodiment, for example for a circuit of reduced size, it will be possible to seek, for a given size of private key, to limit the size of the network of physical parameters by increasing the size of the data item SP1.
  • cell 1 also includes a circuit 22 for resetting (resetting to one or one) of some of its registers.
  • the role of circuit 22 is in particular to make the presence of private data s in the register temporary.
  • the circuit 22 commands the reinitialization not only of the register 21 but also of the register 25 containing the data. SP2 extracted from the network 2. In other words, the lifetime of the private data and / or of its constituents is fixed from its generation.
  • An advantage of the present invention is that by combining the use of a network of physical parameters for condition at least part of the private data and a timed reset of the storage elements (for example, registers) storing this private data, a possible hacker is prevented from discovering the private data of the card by a visual examination, for example .
  • the combinations of the MP and SPl parameters conditioning the obtaining of the private data increase the difficulty of hacking.
  • the use of a combination of the words SP1 and SP2 is optional.
  • the data MP and SP1 are merged. In this case, only one register 9 or 26 is used.
  • the circuit 22 is for example controlled by a clock CLK triggered by the control unit 7 on arrival of a signal St for triggering the extraction of the parameter s.
  • this code can be stored directly or modified in the register 9 to constitute the code SP1.
  • circuit 22 can also reset register 9 to prevent the permanent presence of the SP1 code on the card. This function is illustrated by a dotted line in Figure 2.
  • a noise source (dotted lines 23). This involves providing the physical parameters network with random orders outside of periods authentication. This then makes pirating more difficult by observing the consumption of the circuit. By operating network 2 continuously, it will be more difficult for a hacker to identify when it is used to generate a key.
  • a hacker may consider network 2 as a simple source of analog noise used to interfere with consumption, which is known per se, and consequently eliminate the contribution to consumption in its attack, including when the network is used to generate a key.
  • the measurement signal then commands a multiplexer responsible for selecting or combining the configuration signals represented by the word MP and the bits M23 arriving on the link 23.
  • the signal MES is, for example, a trigger bit of a multiplexer 2 '' MP and M23 signals.
  • the noise source 23 can replace all or part of the word MP in the configuration or programming of the network 2.
  • the word MP is permanently supplied to the network 2 which then spends its time generating the data SP2.
  • the private key s remains however ephemeral when combined with the data SP1. There is then even more chance that the hacker filters the response in consumption of network 2 during an attack consisting in examining the consumption of the circuit.
  • a network of physical parameters consisting in measuring electrical parameters present in the network in the form of resistances, stray capacitances or the like is not the subject of the present invention.
  • Such an embodiment is perfectly conventional. It could be, for example, a network of resistors and / or switchable capacitors associated in parallel and / or in series, the switches being controlled as a function of the configuration signals MP and possibly M23 arriving on the network 2.
  • FIG. 3 represents the electrical diagram of a preferred embodiment of a network of physical parameters according to the present invention.
  • circuit 2 comprises a single input terminal 42 intended to receive a digital signal E for triggering a generation.
  • the signal E must include, as will be seen below in relation to FIGS. 4A and 4B, at least one edge per identification. It could be directly the signal St.
  • Circuit 2 directly delivers a binary code B ⁇ , B2, ..., Bi- ⁇ # Bi, ..., Bn-i, Bn on a predetermined number of bits, this code being sensitive to technological and process dispersions. circuit manufacturing.
  • Each bit B ⁇ is delivered on a terminal 3 ⁇ , 32, • -., 3 ⁇ - ⁇ , 3 ⁇ ⁇ • • -,, 3 nl » 3 n ⁇ u circuit 2 which is specific to it. Circuit 2 therefore delivers the identification code in parallel form.
  • Each bit B ⁇ of the identification code is associated with an electrical path Pi, P2, ..., Pi, ..., P n connecting the common input terminal 42 to a terminal 3i of the same rank.
  • the delays brought by the different electrical paths Pi are chosen to be slightly different from each other so as to guarantee sensitivity to the technological dispersions of the manufacturing process.
  • an average electrical path 44 (CO) is provided for fixing the instant of reading from the appearance of the trigger edge of the input signal E
  • the path 44 connects the entrance 42 of the circuit
  • each electric path Pi includes a delay element 6 ⁇ (Cl), 62 (C2 ) ..., 6i (Ci) ..., 6 n (Cn) connecting input 42 of the circuit to input D of the corresponding flip-flop on the path.
  • the delay elements 6i are the elements which, according to the present invention, have different delays with respect to each other.
  • the flip-flops 5i preferably have the same constitution. However, they participate in the delay brought to the input signal to the respective output terminals of circuit 2 with respect to the average delay CO brought by the element 44.
  • this edge arrives on the respective entries D of the rockers at different times.
  • the reading of the input state of the different flip-flops is synchronized by the edge of the signal E delayed, this time by the element 44. It is in particular for this reason that a CO delay corresponding approximately to the average delay of the different elements 6i.
  • the different outputs 3i of circuit 2 are connected individually at the input of a register for storing the binary code obtained, each bit Bi corresponding to one of the outputs of the circuit.
  • this register is the register 25 in FIG. 2.
  • FIGS. 4A and 4B illustrate, in the form of timing diagrams and without respect for scale, the operation of the network 2 of FIG. 3.
  • FIGS. 4A and 4B represent examples of patterns of signal E, and of signals at the output of the different delay elements.
  • the chronograms have been designated by the references CO, Cl, C2, C3 and C4.
  • FIGS. 4A and 4B represents the difference between two circuits 1 integrated on chips from different manufacturers.
  • FIG. 4B illustrates the same circuit resulting from a different manufacturing process therefore giving a different chip.
  • the code obtained is different. For example, it is the code 0010.
  • an instant t5 has been made arbitrarily identical to the case in FIG. 4A.
  • the instants t'0, t'1, t'2, t'3 and t'4 at which the edge of the signal E has finished traversing the respective paths C0, Cl, C2, C3 and C4 are different from the case of Figure 4A.
  • the retarding element C0 is itself sensitive to technological and manufacturing process dispersions. This does not, however, affect the implementation of the invention since this delay represents a average delay and where the code sought is arbitrary. Indeed, for the generation of a private key, what is important is that integrated circuits originating from the same manufacturing process provide the same code. As the retarding elements are sensitive to dispersions in the manufacturing process, this will be the case with the implementation of the preferred embodiment of the network 2 of physical parameters.
  • An advantage of this embodiment is that the network 2 is particularly sensitive.
  • the detectable difference of the delays brought by the different paths is of the order of a picosecond.
  • the dispersions of the manufacturing or technological processes most often bring differences of the order of at least ten picoseconds.
  • Another advantage is that in case of drift in time of one of the delays brought by the elements, this does not affect the results of the circuit. Indeed, all the delay elements preferably being of similar constitution, the dispersion will be in the same direction for all the elements (paths).
  • any integrated elements sensitive to technological dispersions or influenced by the manufacturing process can be used. It could be, for example, series of resistors and / or capacitors.
  • resistors it will be possible to use resistors in the thickness of the integrated circuit, but it will be preferable to use resistors in polycrystalline silicon whose value is linked to the geometry and which have the advantage of being less dependent on the temperature.
  • the retarding elements may take other forms, provided that they are sensitive to technological dispersions and / or manufacturing processes.
  • the choice of the range of variation of the delays brought by the different elements depends on the application and the desired sensitivity.
  • An advantage of the network of physical parameters illustrated in FIG. 3 is that it avoids the use of an analog / digital converter 24 insofar as the binary word is directly delivered by the respective outputs of the flip-flops.
  • Figures 5 to 7 show, schematically and partially, different embodiments of the reset circuit 22.
  • the circuit 22 consists of several delay elements 71 ( ⁇ ), 72 ( ⁇ ') f 73 ( ⁇ ") to differentiate the instants of reinitialization of the registers 25, 9 and 21
  • the element 71 brings the delay ⁇ for resetting the register 25.
  • the element 72 and the element 71 with which it is in series bring the delay ⁇ + ⁇ ′ for resetting the register 9.
  • the element 73 and the element 71 with which it is in series provide the delay ⁇ + ⁇ "for resetting the register 21.
  • the signal applied to the delay element 71 constituting the first element of circuit 22 can be directly the signal bit St which can also constitute the MES bit for controlling the network of physical parameters.
  • the signal MES is used to trigger a delay element 74 providing a delay minimal ⁇ m.
  • FIG. 6 also illustrates a more detailed example of controlling the network of physical parameters. as in FIG. 2.
  • a multiplexer 76 has been shown therein for combining the MP signals and the noise 23 or for selecting the MP signal or the noise 23.
  • the reading of this multiplexer is controlled by the signal MES.
  • the output of the multiplexer delivers a configuration word in register 77 (REG). This configuration word is used for the physical parameter network 2 "proper and, according to this embodiment, for configuring the variable delay ⁇ v.
  • a fixed delay ⁇ is used, provided by an element 71.
  • the delay ⁇ is triggered by setting network of physical parameters, that is to say by the multiplexer 76 or by the register 77 (not shown in FIG. 7), or by a signal produced by the network itself.
  • the retarding element 71 can of course be associated with the elements 72 and 73 of FIG. 5.
  • the various exemplary embodiments as well as others can be provided individually or in combination.
  • the present invention is susceptible of various variants and modifications which will appear to those skilled in the art.
  • the invention has been described in relation to a particular authentication method, it applies regardless of the authentication procedure envisaged, provided that it uses private data on the part of the circuit to be identified.
  • storage registers which may be replaced by any suitable storage element, for example memories or parts of memory which may or may not be volatile depending on the type of data stored.
  • the writing and reading of the data in these storage elements may be serial or parallel.
  • provision may be made to reduce the time of presence of the private key as it is generated during the same authentication, for example during successive generations required by unsuccessful authentication. This further improves reliability by reducing the presence of the private key in the event that it is an attack aimed at detecting this key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Condensed Matter Physics & Semiconductors (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Finance (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
EP02730352A 2001-04-04 2002-04-04 Extraction d'une donnee privee pour authentification d'un circuit integre Withdrawn EP1374191A2 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0104586A FR2823398B1 (fr) 2001-04-04 2001-04-04 Extraction d'une donnee privee pour authentification d'un circuit integre
FR0104586 2001-04-04
PCT/FR2002/001190 WO2002082389A2 (fr) 2001-04-04 2002-04-04 Extraction d'une donnee privee pour authentification d'un circuit integre

Publications (1)

Publication Number Publication Date
EP1374191A2 true EP1374191A2 (fr) 2004-01-02

Family

ID=8861937

Family Applications (1)

Application Number Title Priority Date Filing Date
EP02730352A Withdrawn EP1374191A2 (fr) 2001-04-04 2002-04-04 Extraction d'une donnee privee pour authentification d'un circuit integre

Country Status (5)

Country Link
US (1) US7827413B2 (ja)
EP (1) EP1374191A2 (ja)
JP (1) JP2004534992A (ja)
FR (1) FR2823398B1 (ja)
WO (1) WO2002082389A2 (ja)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7840803B2 (en) * 2002-04-16 2010-11-23 Massachusetts Institute Of Technology Authentication of integrated circuits
FR2875949A1 (fr) * 2004-09-28 2006-03-31 St Microelectronics Sa Verrouillage d'un circuit integre
GB0615392D0 (en) * 2006-08-03 2006-09-13 Wivenhoe Technology Ltd Pseudo random number circuitry
JP2008059150A (ja) * 2006-08-30 2008-03-13 Fuji Xerox Co Ltd 情報処理プログラム、画像読取プログラム、情報処理装置、画像読取装置および情報処理システム
US8312269B2 (en) * 2007-11-28 2012-11-13 Hitachi Global Storage Technologies Netherlands, B.V. Challenge and response access control providing data security in data storage devices
US9032476B2 (en) * 2009-05-12 2015-05-12 Empire Technology Development Llc Secure authentication
US8533492B2 (en) 2009-05-22 2013-09-10 Mitsubishi Electric Corporation Electronic device, key generation program, recording medium, and key generation method
US8572394B2 (en) 2009-09-04 2013-10-29 Computer Associates Think, Inc. OTP generation using a camouflaged key
US8843757B2 (en) * 2009-11-12 2014-09-23 Ca, Inc. One time PIN generation
US8457919B2 (en) * 2010-03-31 2013-06-04 Inside Secure Process for testing the resistance of an integrated circuit to a side channel analysis
FR2964218B1 (fr) * 2010-08-25 2013-08-09 Oberthur Technologies Securisation d'un element de memorisation d'une donnee binaire, registre de controle et d'une carte a puce
DE102013203415B4 (de) * 2013-02-28 2016-02-11 Siemens Aktiengesellschaft Erstellen eines abgeleiteten Schlüssels aus einem kryptographischen Schlüssel mittels einer physikalisch nicht klonbaren Funktion
WO2015089346A1 (en) 2013-12-13 2015-06-18 Battelle Memorial Institute Electronic component classification
US9970986B2 (en) * 2014-03-11 2018-05-15 Cryptography Research, Inc. Integrated circuit authentication
US10789550B2 (en) 2017-04-13 2020-09-29 Battelle Memorial Institute System and method for generating test vectors

Family Cites Families (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3415209A1 (de) 1983-04-29 1984-10-31 N.V. Philips' Gloeilampenfabrieken, Eindhoven Speichereinheit mit einem speicher und einer schutzeinheit
WO1984004614A1 (en) 1983-05-13 1984-11-22 Ira Dennis Gale Data security device
EP0186230A2 (en) 1984-12-21 1986-07-02 Koninklijke Philips Electronics N.V. Memory access controller with parallel checking of virtual address and action word
DE3736882C2 (de) * 1987-10-30 1997-04-30 Gao Ges Automation Org Verfahren zur Echtheitsprüfung eines Datenträgers mit integriertem Schaltkreis
DE4243888A1 (de) * 1992-12-23 1994-06-30 Gao Ges Automation Org Datenträger und Verfahren zur Echtheitsprüfung eines Datenträgers
US5679945A (en) * 1995-03-31 1997-10-21 Cybermark, L.L.C. Intelligent card reader having emulation features
CA2245822A1 (en) * 1996-02-09 1997-08-14 Integrated Technologies Of America, Inc. Access control/crypto system
US5887065A (en) * 1996-03-22 1999-03-23 Activcard System and method for user authentication having clock synchronization
US8549310B2 (en) * 1996-04-08 2013-10-01 Walker Digital, Llc Method and apparatus for secure measurement certification
US6085323A (en) * 1996-04-15 2000-07-04 Kabushiki Kaisha Toshiba Information processing system having function of securely protecting confidential information
KR100213188B1 (ko) * 1996-10-05 1999-08-02 윤종용 사용자 인증 장치 및 방법
JP3440763B2 (ja) * 1996-10-25 2003-08-25 富士ゼロックス株式会社 暗号化装置、復号装置、機密データ処理装置、及び情報処理装置
AUPO799197A0 (en) * 1997-07-15 1997-08-07 Silverbrook Research Pty Ltd Image processing method and apparatus (ART01)
JPH11191149A (ja) * 1997-12-26 1999-07-13 Oki Electric Ind Co Ltd Icカード用lsiおよびその使用方法
US6028445A (en) * 1997-12-30 2000-02-22 Xilinx, Inc. Decoder structure and method for FPGA configuration
US6657535B1 (en) * 1998-08-31 2003-12-02 Hawkeye Global, Inc. System for signaling a device at a remote location
US6192436B1 (en) * 1998-09-18 2001-02-20 Xilinx Inc. System and method for configuration of electronic devices using a smart card which having configuration data stored therein
DE19843424A1 (de) * 1998-09-22 2000-03-23 Fraunhofer Ges Forschung Vorrichtung zum Liefern von Ausgangsdaten als Reaktion auf Eingangsdaten und Verfahren zum Überprüfen der Authentizität und Verfahren zum verschlüsselten Übertragen von Informationen
US6161213A (en) * 1999-02-17 2000-12-12 Icid, Llc System for providing an integrated circuit with a unique identification
US6654889B1 (en) * 1999-02-19 2003-11-25 Xilinx, Inc. Method and apparatus for protecting proprietary configuration data for programmable logic devices
US7017043B1 (en) * 1999-03-19 2006-03-21 The Regents Of The University Of California Methods and systems for the identification of circuits and circuit designs
JP3342677B2 (ja) * 1999-06-22 2002-11-11 インターナショナル・ビジネス・マシーンズ・コーポレーション コンテンツデータ鑑定装置
US6829356B1 (en) * 1999-06-29 2004-12-07 Verisign, Inc. Server-assisted regeneration of a strong secret from a weak secret
FR2796175B1 (fr) 1999-07-09 2001-08-31 Sagem Procede de preservation de l'integrite de donnees logiciel de mise en oeuvre de donnees sensibles confidentielles et carte support de ces donnees
US7005733B2 (en) * 1999-12-30 2006-02-28 Koemmerling Oliver Anti tamper encapsulation for an integrated circuit
US7240218B2 (en) * 2000-02-08 2007-07-03 Algotronix, Ltd. Method of using a mask programmed key to securely configure a field programmable gate array
US6769062B1 (en) * 2000-10-25 2004-07-27 Ericsson Inc. Method and system of using an insecure crypto-accelerator
US6948065B2 (en) * 2000-12-27 2005-09-20 Intel Corporation Platform and method for securely transmitting an authorization secret
FR2825873A1 (fr) * 2001-06-11 2002-12-13 St Microelectronics Sa Stockage protege d'une donnee dans un circuit integre
JP2003078518A (ja) * 2001-09-03 2003-03-14 Fuji Xerox Co Ltd 暗号化・復号システム、暗号化装置、復号装置およびそれらの方法
JP3904432B2 (ja) * 2001-11-16 2007-04-11 株式会社ルネサステクノロジ 情報処理装置
US7769997B2 (en) * 2002-02-25 2010-08-03 Network Resonance, Inc. System, method and computer program product for guaranteeing electronic transactions
US7840803B2 (en) * 2002-04-16 2010-11-23 Massachusetts Institute Of Technology Authentication of integrated circuits
WO2006071380A2 (en) * 2004-11-12 2006-07-06 Pufco, Inc. Securely field configurable device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO02082389A2 *

Also Published As

Publication number Publication date
FR2823398A1 (fr) 2002-10-11
US7827413B2 (en) 2010-11-02
JP2004534992A (ja) 2004-11-18
US20040114765A1 (en) 2004-06-17
WO2002082389A2 (fr) 2002-10-17
WO2002082389A3 (fr) 2003-02-13
FR2823398B1 (fr) 2003-08-15

Similar Documents

Publication Publication Date Title
EP1267248B1 (fr) Stockage protégé d'une donnée dans un circuit intégré
EP1374191A2 (fr) Extraction d'une donnee privee pour authentification d'un circuit integre
EP0317014B1 (fr) Unité de mémoire vive à plusieurs modes de test et ordinateur muni de telles unités
EP0402210B1 (fr) Procédé pour vérifier l'intégrité d'un logiciel ou de données, et système pour la mise en oeuvre de ce procédé
EP1993057A1 (fr) Détection d'une perturbation d'état d'une bascule d'un circuit électronique
FR2948795A1 (fr) Detecteur d'injection de fautes dans un circuit integre
EP1391853A1 (fr) Diversification d'un identifiant unique d'un circuit intégré
WO1999048239A1 (fr) Procede de securisation de donnees mettant en oeuvre un algorithme cryptographique
EP1359551A1 (fr) Génération de quantités secrètes d'identification d'un circuit intégré
EP1359550A1 (fr) Régéneration d'une quantité secrète à partir d'un identifiant d'un circuit intégré
EP0875830A1 (fr) Circuit testable à faible nombre de broches
EP0884704B1 (fr) Procédé d'authentification de circuit intégré
EP1436792B1 (fr) Protocole d'authentification a verification d'integrite de memoire
EP1742407B1 (fr) Protection d'une quantité numérique contenue dans un circuit intégré comportant une interface JTAG
EP1365317A1 (fr) Test d'un algorithme exécuté par un circuit integré
WO2002082448A1 (fr) Identification d'un circuit integre a partir de ses parametres physiques de fabrication
EP1633074A1 (fr) Circuit intégré à signal de sécurisation codé, procédé de sécurisation, dispositif et signal de sécurisation codé au moyen d'une clé dynamique correspondants.
EP1571522A1 (fr) Dispositif de protection contre l'injection d'erreur dans un bloc logique asynchrone d'un module logique élémentaire
EP1374242A1 (fr) Stockage d'un code binaire immuable dans un circuit integre
WO2003039065A2 (fr) Procede securise de mise en oeuvre d'un algorithme de cryptographie et composant correspondant
EP3153961A1 (fr) Procédé et système de sauvegarde répartie dynamique
FR2823401A1 (fr) Regeneration d'une quantite secrete a partir d'un identifiant d'un circuit integre
FR3066847A1 (fr) Protection d'un generateur aleatoire
EP1571754A1 (fr) Dispositif de protection contre l'injection d'erreur dans une bascule synchrone d'un module logique élémentaire
FR2793979A1 (fr) Procede de gestion de donnees par un module de securite

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20031017

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

17Q First examination report despatched

Effective date: 20121217

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20141031