EP2195793A1 - Verfahren zum erzeugen von masken in einem kommunizierenden objekt und entsprechendes kommunizierendes objekt - Google Patents
Verfahren zum erzeugen von masken in einem kommunizierenden objekt und entsprechendes kommunizierendes objektInfo
- Publication number
- EP2195793A1 EP2195793A1 EP08803273A EP08803273A EP2195793A1 EP 2195793 A1 EP2195793 A1 EP 2195793A1 EP 08803273 A EP08803273 A EP 08803273A EP 08803273 A EP08803273 A EP 08803273A EP 2195793 A1 EP2195793 A1 EP 2195793A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- mask
- communicating object
- data
- communicating
- diversified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Definitions
- the field of the invention is that of communicating objects, such as in particular smart cards, mobile phones or PDAs. More specifically, the present invention relates to a method of generating masks in a communicating object.
- the term "mask” will be used to denote a digital function intended to mask sensitive data or instructions of a program that is to be kept secret in the communicating object.
- data is for example a key, a code, an identifier of the owner of the card or an algorithm or instructions that we do not wish to disclose to a possible attacker.
- This data is not stored "in the clear” in the map.
- it is known to apply a mathematical function to this sensitive data item. The resulting data is then a masked data stored in the memory of the card. Subsequently, if one wishes to read this sensitive data, an inverse mathematical function of the previous one is applied to the masked data and the sensitive data can then be recovered for its use, for example for the execution of a program.
- the mathematical function is for example an exclusive-Ou.
- FIG. 1 represents the masking of a data item comprising i bytes do to d ,.
- the mask used to mask the data item 10 is denoted 1 1 and also comprises i bytes bo to h ,.
- the masking function here is an exclusive-or-function 12.
- the masking therefore consists in producing an octet-oriented Exclusive-O.
- the data 10 is regenerated, the exclusive-or-function being reversible.
- the present invention aims to overcome this disadvantage.
- one of the objectives of the invention is to propose a data masking method for a communicating object making it possible to mask a very large number of data without the need to memorize more than one mask or at least a number of masks important.
- the application of diversifiers to the master mask thus makes it possible to obtain diversified masks which are used to mask the data.
- the reversible function used is an exclusive function.
- the application of a diversifier to the master mask consists in applying a rotation to the master mask.
- the generation of diversified masks consists of simple rotations of the master mask.
- a master mask of 256 bytes it will be possible to generate 256 different masks if the rotation is oriented bytes. It is of course also possible to perform rotations at the bit level, which further increases the number of different masks that can be generated.
- the diversifier is preferably generated pseudo-randomly in the communicating object. This has the advantage of being able to hide data on the fly.
- the masks masters are diversified from one object communicating to another. Thus, even if an attacker manages to discover the master mask of a communicating object, he will not be able to unmask the data stored in another communicating object since their masks are different.
- the invention also relates to a communicating object comprising means for implementing such a method.
- the communicating object preferably consists of a smart card.
- FIG. masking a data, according to the state of the art FIG. 2 represents a preferred mode of implementation of the method according to the invention.
- Figure 1 has been described above with reference to the state of the art.
- FIG. 2 represents a preferred mode of implementation of the method according to the invention.
- a mask 11, called master mask is used.
- the master mask 1 1 is stored in the communicating object.
- the invention proposes applying a diversifier D to the master mask 11 in order to generate a diversified mask 14.
- the diversifier D is a simple pointer which marks the byte of the master mask 1 1 which will be used to mask the first byte of the data item 10.
- the other bytes are taken one after the other, in a simplified implementation mode. This produces a diversified mask 14 whose first byte is b, _i and the last byte is b ,. So we have simply applied a rotation to the bytes of the master mask 11. It is also possible to apply rotations to the bits of the master mask 1 1, the rotation then being oriented bits.
- the bytes d 0 to d of the data 10 are masked using the bytes of the diversified mask 14 to provide the masked data item 15.
- the masked data item 15 In order to be able to unmask the masked data item 15, it is stored in the object communicating with the diversifier D which was used to generate the diversified mask 14, that is to say with the diversifier having made it possible to obtain it.
- the masked datum 15 is therefore associated with the diversifier D.
- another diversifier When writing or creating another data in the card, another diversifier will be generated, preferably in a random manner, to generate another diversified mask that will be used to hide this other data.
- the advantage of the invention is that it is possible to generate as many diversified masks as there are bytes (or bits) in the master mask 11.
- the storage of the diversifier D is little greedy in memory, typically one byte.
- the diversifier D1 will be applied to the first master mask and the diversifying D2 to the second master mask.
- Each byte of a datum to be masked will be masked, for example by means of the exclusive-or-function, by a byte of the first diversified mask and by a byte of the second diversified mask.
- the diversifiers D1 and D2 will then be stored with the masked data.
- For a master mask of 256 bytes it is then possible to generate 256 2 different masks.
- the invention is particularly applicable in a Java environment, diversifiers can be stored with the header of Java objects.
- the reversible or exclusive function is not the only one that can be used: it is possible to use a DES function or a simple rotation. Any reversible function is suitable for the invention.
- the diversifier D is preferably generated randomly or pseudo-randomly when the data item 10 is written / created in the communicating object or at each restart of the communicating object.
- the master masks 1 1 are preferably diversified. This ensures that in the event of a successful attack on a communicating object, the attacker in possession of a master mask can not unmask the hidden data in another communicating object.
- the invention applies to any communicating object, such as for example mobile phones and preferably to smart cards, for example to multi-application smart cards.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Finance (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP08803273A EP2195793A1 (de) | 2007-09-28 | 2008-08-27 | Verfahren zum erzeugen von masken in einem kommunizierenden objekt und entsprechendes kommunizierendes objekt |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP07301410A EP2053568A1 (de) | 2007-09-28 | 2007-09-28 | Verfahren zur Erzeugung von Masken in einem Kommunikationsobjekt und entsprechendes Kommunikationsobjekt |
EP08803273A EP2195793A1 (de) | 2007-09-28 | 2008-08-27 | Verfahren zum erzeugen von masken in einem kommunizierenden objekt und entsprechendes kommunizierendes objekt |
PCT/EP2008/061242 WO2009040204A1 (fr) | 2007-09-28 | 2008-08-27 | Procede de generation de masques dans un objet communiquant et objet communiquant correspondant |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2195793A1 true EP2195793A1 (de) | 2010-06-16 |
Family
ID=39167270
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07301410A Withdrawn EP2053568A1 (de) | 2007-09-28 | 2007-09-28 | Verfahren zur Erzeugung von Masken in einem Kommunikationsobjekt und entsprechendes Kommunikationsobjekt |
EP08803273A Ceased EP2195793A1 (de) | 2007-09-28 | 2008-08-27 | Verfahren zum erzeugen von masken in einem kommunizierenden objekt und entsprechendes kommunizierendes objekt |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07301410A Withdrawn EP2053568A1 (de) | 2007-09-28 | 2007-09-28 | Verfahren zur Erzeugung von Masken in einem Kommunikationsobjekt und entsprechendes Kommunikationsobjekt |
Country Status (3)
Country | Link |
---|---|
US (1) | US20100239091A1 (de) |
EP (2) | EP2053568A1 (de) |
WO (1) | WO2009040204A1 (de) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9118441B2 (en) | 2013-01-25 | 2015-08-25 | Freescale Semiconductor, Inc. | Layout-optimized random mask distribution system and method |
CN104598829B (zh) * | 2013-10-31 | 2018-08-07 | 上海复旦微电子集团股份有限公司 | 数据处理方法、装置及防攻击方法和装置以及存储装置 |
EP3499788B1 (de) * | 2017-12-15 | 2020-07-29 | Secure-IC SAS | Dynamische maskierung |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4783834A (en) * | 1987-02-20 | 1988-11-08 | International Business Machines Corporation | System for creating transposed image data from a run end or run length representation of an image |
US5428685A (en) * | 1992-01-22 | 1995-06-27 | Fujitsu Limited | IC memory card and method of protecting data therein |
GB2264373B (en) * | 1992-02-05 | 1995-12-20 | Eurologic Research Limited | Data encryption apparatus and method |
US7328350B2 (en) * | 2001-03-29 | 2008-02-05 | Arcot Systems, Inc. | Method and apparatus for secure cryptographic key generation, certification and use |
US6173384B1 (en) * | 1998-02-11 | 2001-01-09 | Nortel Networks Limited | Method of searching for a data element in a data structure |
KR100429545B1 (ko) * | 1999-08-17 | 2004-04-28 | 삼성전자주식회사 | 이동통신 시스템의 스크램블링 부호의 식별자 통신방법 |
JP2002217751A (ja) * | 2001-01-22 | 2002-08-02 | Fujitsu Ltd | 電力制御装置及び電力制御方法 |
US7406529B2 (en) * | 2001-02-09 | 2008-07-29 | Yahoo! Inc. | System and method for detecting and verifying digitized content over a computer network |
KR100692425B1 (ko) * | 2001-09-28 | 2007-03-09 | 하이 덴시티 디바이시스 에이에스 | 대량 저장 장치의 암호화/복호화를 위한 방법 및 장치 |
US20030145203A1 (en) * | 2002-01-30 | 2003-07-31 | Yves Audebert | System and method for performing mutual authentications between security tokens |
DE10344636B4 (de) * | 2003-09-25 | 2016-08-04 | Infineon Technologies Ag | Datenabhängige Ver/Entschlüsselung |
TWI230357B (en) * | 2003-12-19 | 2005-04-01 | Sunplus Technology Co Ltd | Device and method for writing data in a processor to memory at unaligned location |
US7899190B2 (en) * | 2004-04-16 | 2011-03-01 | Research In Motion Limited | Security countermeasures for power analysis attacks |
JP2006014035A (ja) * | 2004-06-28 | 2006-01-12 | Toshiba Corp | 記憶媒体処理方法、記憶媒体処理装置及びプログラム |
EP1724961B1 (de) * | 2005-05-10 | 2007-09-26 | Research In Motion Limited | Schlüsselmaskierung für kryptographische Prozesse mittels einer Kombination von Zufallsmaskenwerten |
US20070067644A1 (en) * | 2005-08-26 | 2007-03-22 | International Business Machines Corporation | Memory control unit implementing a rotating-key encryption algorithm |
EP1798943A1 (de) * | 2005-12-13 | 2007-06-20 | Axalto SA | SIM mit Nachrichten-Client |
US20070168377A1 (en) * | 2005-12-29 | 2007-07-19 | Arabella Software Ltd. | Method and apparatus for classifying Internet Protocol data packets |
US8209549B1 (en) * | 2006-10-19 | 2012-06-26 | United Services Automobile Association (Usaa) | Systems and methods for cryptographic masking of private data |
US8161395B2 (en) * | 2006-11-13 | 2012-04-17 | Cisco Technology, Inc. | Method for secure data entry in an application |
US8422668B1 (en) * | 2006-12-15 | 2013-04-16 | Spansion Llc | Table lookup operation on masked data |
US7973644B2 (en) * | 2007-01-30 | 2011-07-05 | Round Rock Research, Llc | Systems and methods for RFID tag arbitration where RFID tags generate multiple random numbers for different arbitration sessions |
-
2007
- 2007-09-28 EP EP07301410A patent/EP2053568A1/de not_active Withdrawn
-
2008
- 2008-08-27 US US12/680,242 patent/US20100239091A1/en not_active Abandoned
- 2008-08-27 WO PCT/EP2008/061242 patent/WO2009040204A1/fr active Application Filing
- 2008-08-27 EP EP08803273A patent/EP2195793A1/de not_active Ceased
Non-Patent Citations (1)
Title |
---|
See references of WO2009040204A1 * |
Also Published As
Publication number | Publication date |
---|---|
EP2053568A1 (de) | 2009-04-29 |
US20100239091A1 (en) | 2010-09-23 |
WO2009040204A1 (fr) | 2009-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1964307B1 (de) | Verfahren zum erzeugen eines sicheren zählers auf einem onboard-computersystem mit einer chipkarte | |
EP2446579A1 (de) | Verfahren zur gegenseitigen authentifizierung eines lesegeräts und eines funketiketts | |
FR3078464A1 (fr) | Procede et circuit de mise en oeuvre d'une table de substitution | |
WO2009040204A1 (fr) | Procede de generation de masques dans un objet communiquant et objet communiquant correspondant | |
EP1832974A1 (de) | Schutz vor elektromagnetischer Analyse einer Berechnung in einem elektronischen Schaltkreis | |
EP1449067B1 (de) | Sicherung eines pseudozufallsgenerators | |
FR3056322A1 (fr) | Procede de chiffrement ou de dechiffrement protege contre des attaques par canaux caches | |
EP2315388B1 (de) | Gesichertes Verfahren zur kryptografischen Berechnung, und entsprechende elektronische Komponente | |
FR2792141A1 (fr) | Procede de securisation d'un ou plusieurs ensembles electroniques mettant en oeuvre un meme algorithme cryptographique avec cle secrete, une utilisation du procede et l'ensemble electronique | |
WO2009083528A1 (fr) | Procédé et système pour générer des données biométriques stables | |
EP3502899A1 (de) | Verfahren zur bestimmung einer summe von integritäten, entsprechendes computerprogramm und entsprechende elektronische einheit | |
EP3857810B1 (de) | Kryptografisches verfahren zum sicheren vergleich zweier geheimer daten x und y | |
CA2867241A1 (fr) | Procede de cryptage d'une pluralite de donnees en un ensemble securise | |
EP3482524B1 (de) | Verfahren zur erzeugung von parametern zur charakterisierung eines kryptografischen protokolls | |
EP3526946B1 (de) | Verschlüsselungsverfahren, entschlüsselungsverfahren, vorrichtung und entsprechendes computerprogramm | |
EP2374240B1 (de) | Verfahren zum implementieren eines blockverschlüsselungsalgorithmus | |
EP3324324B1 (de) | Schutzverfahren einer elektronischen vorrichtung, die ein programm gegen angriffe durch fehler-injektion oder typenverwirrung ausführt | |
BE1021243B1 (fr) | Procede de configuration d'un support de donnees portable personalise | |
FR3078419A1 (fr) | Procede et circuit de realisation d'une operation de substitution | |
WO2007051770A1 (fr) | Procede securise de manipulations de donnees lors de l'execution d'algorithmes cryptographiques sur systemes embarques | |
EP3153961A1 (de) | Verfahren und system zum verteilten dynamischen schutz | |
FR2995110A1 (fr) | Optimisation memoire cryptographique | |
FR3114668A1 (fr) | Système sur puce pour applications de cryptographie incluant un compteur monotone et procédé de mise en œuvre associé | |
EP2895959A1 (de) | Verfahren zum zugriff auf die anordnung der zellen eines speicherbereichs für schreiben oder lesen von datenblöcken in diesen zellen | |
WO2020160832A1 (fr) | Transmission securisee de donnees par modulation spatiale |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20100428 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA MK RS |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: GAUTERON, LAURENT Inventor name: AMIEL, FREDERIC |
|
17Q | First examination report despatched |
Effective date: 20101014 |
|
DAX | Request for extension of the european patent (deleted) | ||
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20141118 |