Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
  • G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
  • G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/355—Personalisation of cards for use
  • G06Q20/3552—Downloading or loading of personalisation data
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
  • G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
  • H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2137—Time limited access, e.g. to a computer or data
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption

Definitions

• the present invention generally relates to electronic circuits and more particularly to circuits comprising a digital processing unit capable of handling encryption or authentication keys.
• the present invention relates more particularly to the protection of encryption or authentication keys contained in an integrated circuit provided with calculation means, for example a smart card or the like.
• calculation means for example a smart card or the like.
• Encryption keys Protection or authentica- tion contained in an electronic circuit against attempted hacking ⁇ tive is a recurring problem in cryptography.
• it is often sought to protect one or more keys, said native, initial or primary, stored in a non-volatile memory of a circuit during its manufacture, specifically in a personalization phase that ends its production process.
• the purpose of this protection is to avoid the problems associated with a so-called key revocation phenomenon which consists of considering a key as more secure enough and no longer using it. If this key is a initial key of the circuit, the latter must then be considered as unusable. To avoid this, we often use a key derivation mechanism that only keys derived from this initial key or master are used.
• the circuit may be able to generate a new one.
• Another countermeasure to hacking attempts is to use temporary keys transmitted by a trusted remote element and stored in a random access memory of the circuit (for short use or in which the circuit remains energized) or in a non-volatile reprogrammable memory (for longer use or extending over several feeding periods). These temporary keys can also be derived by the circuit from an identifier transmitted by the remote element. For example, in a pay-TV application, a control word, used to decrypt side RX ⁇ tor a video stream is obtained (derived) from key tempo ⁇ rary contained in a smart card.
• These temporary broadcast keys are obtained following a secure exchange process between the access provider and the receiver where the keys are either directly downloaded or themselves derived by the receiver's smart card from an identifier transmitted by the access provider.
• the delivery keys are the same for several users and are only used by the issuer for a certain duration (for example, a month).
• session keys are used and derived from a basic key contained in a smart card that is desirable to protect against possible hacking attempts.
• US 2007/003062 discloses a method of key distribution in a wireless communication system, in which one key is encrypted by another.
• An object is more particularly a solution compatible with the usual processes of encryption keys or authentication.
• this object is a solution requiring no modification of algorithms ⁇ fication authentication and encryption actual or potential key derivation algorithms.
• an object aims at a key derivation mechanism allowing control over the use of these keys over time.
• One embodiment of the method provides that the number of uses of the first key in a given period is limited by a counter stored in a second storage element reset automatically after a period independent of the fact that the circuit is powered or not.
• One embodiment of the method provides that the second key is contained in a nonvolatile memory element of the circuit.
• One embodiment of the method provides that the first key is obtained by derivation of the second key.
• One mode of implementation of the method provides that the second key is used to obtain the first key by decryption.
• An implementation of the method provides that the first key is the basis for deriving a third key used to encrypt or authenticate Prove information ⁇ ing from outside the circuit.
• a method of encrypted transmission of digital data in which a key ⁇ Frement tally of these data corresponds to the third key.
• a method of deriving a session key from an EMV application in which the session key corresponds to the third key.
• control method ⁇ utili zation of ink cartridges by means of a circuit associated with a printer and a key derived from an identifier provided by a cartridge, wherein said derived key corresponds to the pre ⁇ Mière key.
• an electronic circuit COMPOR ⁇ as means for cryptographic processing and at least one non-volatile memory, said first latch element being formed by at least one memory element having at least one first capacitive element exhibiting a leakage through of its dielectric space.
• One embodiment of the circuit comprises means adapted to implement one of the above methods.
• a system for broadcasting a digital content comprising: a transmitter capable of encrypting the content from a control word that changes periodically and transmitted, with the encrypted content, in encrypted form from at least one pre ⁇ Mière temporary key period longer than that of the control word; and a receiver associated with an electronic circuit capable of decrypting the control word from said first key, and then decrypting the content from this control word.
• An embodiment of a receiver includes a smart card reader.
• a system for controlling the use of ink cartridges by a printer comprising: at least one printer associated with at least one electronic circuit; and at least one ink cartridge adapted to transmit an identifier enabling the printer circuit to generate said first key.
• printer of such a system There is also a printer of such a system.
• a cartridge of such a system comprising an electronic circuit provided with a storage element automatically reset after a period independent of the fact that the circuit is powered or not, this element containing said identifier.
• a banking system using smart cards said first key being used to derive session keys transactions.
• FIG. 1 represents a chip card of the type to which the present invention applies by way of example
• FIG. 2 illustrates a broadcasting system of the type to which the present invention applies by way of example
• Figure 3 illustrates a payment card system of the type to which the present invention applies by way of example
• 4 illustrates a cartridge printer system of the type which applies for example pre ⁇ feel invention
• Fig. 5 is a block diagram of an embodiment of an electronic circuit
• FIG. 6 illustrates an example of memory contents of an electronic circuit in the application of FIG.
• FIG. 7 is a flowchart illustrating an embodiment according to this application example
• Figure 8 is a simplified flowchart of an embodiment of a ratification mechanism
• Fig. 9 is a simplified block diagram of a counter used in the mechanism of Fig. 8
• FIG. 10 illustrates an example of memory contents of an electronic circuit in the application of FIG. 3
• FIG. 11 illustrates an example of memory contents of an electronic circuit in the application of FIG. 4
• Figure 12 shows an embodiment of an electronic charge retention circuit
• Fig. 13 is a current-voltage graph illustrating the operation of the circuit of Fig. 12
• Figure 14 is a timing diagram illustrating ⁇ func tioning of the circuit of Figure 12
• 15 shows another embodiment of a charge retention circuit in an example of about ⁇ ment
• FIGS. 17A, 17B, 17C are respectively a view from above, a sectional view in a first direction and the equivalent electric diagram of an embodiment of an electronic circuit for retaining charges from EEPROM cells;
• FIGS. 18A, 18B and 18C are respectively a view from above, a sectional view in a second direction and the equivalent electric diagram of a first element of the circuit of FIGS. 17A to 17C;
• Figures 19A, 19B, 19C are respectively a top view, a sectional view along the second direction and the equivalent electrical diagram of a second element of the circuit of Figures 17A to 17C;
• FIGS. 20A, 20B, 20C are respectively a view from above, a sectional view along the second direction and the equivalent electric diagram of a third element of the circuit of FIGS. 17A to 17C; and FIGS. 2A, 21B, 21C are respectively a top view, a sectional view along the second direction and the equivalent electric diagram of a fourth element of the circuit of FIGS. 17A to 17C.
• FIG. 1 schematically represents a smart card 1 of the type to which the present invention applies by way of example.
• a smart card 1 is, for example, made of a plastic support 12 in or on which is reported an electronic circuit chip 5, capable of communicating with the outside by means of contacts 13 or by means of unrepresented non-contact transceiver elements.
• the circuit 5 of the card contains a processing unit that exploits one or more encryption, decryption, authentication keys, or more generally one or more keys exploited by a cryptographic mechanism.
• FIG 2 is an exemplary block diagram of applica ⁇ a controlled-access broadcast system.
• This example is for satellite broadcasting of digital media.
• Diffuser side 21 a digital media content (if any Prove ⁇ ing a digital encoding of an analog content) is encrypted by means of a control word CW, prior to its radio ⁇ diffusion.
• a decoder 23 converts, on the receiving side, the signals to make them interpretable (for example, by converting them in video signals), and decrypts the data from the same control word CW (symmetric encryption) or a control word linked to that of transmission by an asymmetric mechanism (public key - private key).
• the control word is obtained from a temporary key contained, for example, in the circuit 5 of a smart card 1 dedicated to each user.
• the temporary key is changed periodically (for example, every month). It is either transmitted to the card by the access provider by a secure mechanism, or derived by the card from an identifier broadcast by the issuer and a basic key contained in the card since its manufacture.
• the decoder 23 and the decryption circuit 5, often called conditional access module or CAM for "Conditional Access Module" are generally distinct. This module can also be carried by an electronic card of the decoder.
• FIG. 3 is a block diagram of another example of application to a payment card system 3.
• This example relates to the use of a smart card 1 (CARD) for payment transactions, for example, complying with the EMV standard.
• the card 1 is introduced in a reader 31 (READER) of the system 3 and has the role of allowing authentication of the cardholder to authorize a bank transaction.
• This transaction is effected via a central system 32 (ISSUER), generally the bank of the holder of the reader 31.
• This bank then communicates with the (not shown) of the cardholder to perform the transaction.
• FIG. 4 is a block diagram of yet another example of application to a cartridge printer system 4.
• a printer 41 intended to be connected (link 42) wired or wireless to a computer system (not shown), contains one or more ink cartridges 44.
• Each cartridge is provided with an electronic circuit 6 capable of at least communicating a digital identifier to an electronic circuit 5 of which the printer 41 is equipped. The identifier enables the circuit 5, among other things, to authenticate the cartridge 44.
• FIG. 5 is a block diagram of a mode of Réali ⁇ sation of an electronic circuit 5, for example contained in a smart card 1 of Figures 1, 2, 3, in a printer of Figure 4 or in a other access control module (electronic key type or other).
• the circuit 5 comprises, among others, a digital processing unit 51 (PU), one or rained ⁇ eral memory 52 (MEM) of which at least one nonvolatile memory (e.g., EEPROM) and random access memory (RZ -M), and an input / output circuit (I / O) 53 for communicating with the outside of the circuit 5 (for connection to the contacts 13 or to an antenna for example).
• PU digital processing unit 51
• MEM rained ⁇ eral memory 52
• I / O input / output circuit
• the various elements internal to the circuit 5 communicate with each other and with the interface 53 via one or more buses 54 of data, addresses and commands as well as any direct links between some of these elements.
• the circuit 5 may also incorporate other func tions ⁇ software or hardware, symbolized by a block 55 (FCT) in Figure 5.
• the circuit 5 also includes at least one circuit 100 (TCM) of elements of temporary storage with charge retention whose charge level changes over time, even when the circuit 5 is not powered.
• This circuit 100 constitutes one or more memory elements controlled in time (Time Controlled Memory). Detailed examples of circuits 100 will be described later in connection with FIG. 12 and following.
• each memory cell of a circuit 100 is capable of being programmed or activated (placed in a state arbitrarily noted as 1) by injecting or extracting charges in a capacitive element which presents a leakage through its dielectric space, so that its active state disappears (the element back to state 0) after a given time, regardless of the possible power supply of the circuit.
• Such a circuit 100 to charge retention stores a binary state or states forming a binary word consti ⁇ killing a temporary key.
• Figures 6 and 7 illustrate an example of application to a type of the broadcasting system from that of Figure 2.
• Figure 6 illustrates the contents of zones of said three memories ⁇ tinct circuit 5 including a non-volatile reprogrammable memory 52 EEPROM type RAM 52 'RAM and time-controlled memory 100 (TCM).
• TCM time-controlled memory 100
• a control word CW is used by the transmitter (21, FIG. 2) to encrypt the media content and must be known to the receiver (23, FIG. 2), more particularly to the circuit 5 associated with it (whether in a smart card 1, in an on-board circuit or in an access control module).
• the word CW is stored in RAM in circuit 5 because it changes at a relatively high frequency, typically less than a minute.
• the service provider (for simplicity, assumed to be confused with the transmitter 21) and, in this example, the card 1 share a broadcasting key BMK (Broadcast Monthly Key) which is a temporary key duration (for example a month ) greater than that of the word CW and used by the circuit 5 to decrypt the CW control words transmitted by the transmitter ⁇ being encrypted by the key BMK. Without this key BMK, the decoder is not able to decipher the successive words during its period of validity, so to decode the transmitted content.
• the BMK key is usually a common key rained ⁇ eral circuits 5 of different users.
• the circuit 5 contains at least one BRK (Broadcast Root Key) base key in non-volatile memory EEPROM.
• BRK Broadcast Root Key
• two basic keys BRK1 and BRK2 are provided either to allow the repudiation of one of the two if necessary, or to dedicate each key to an application (a category of digital contents).
• the number of basic keys may vary depending on the application and the size of the EEPROM available. This or these BRK keys are preferably stored in the card in its phase person ⁇ zation.
• these basic keys can be stored in a nonvolatile memory programmable once (OTP) being preferably individualized per circuit.
• OTP nonvolatile memory programmable once
• the BRK keys are used by the broadcaster to send to the card the temporary keys BMK (BMK1 and BMK2) which are stored in the memory 100.
• These temporary keys BMK are preferably stored in dedicated places of the memory 100.
• the time of Charge retention of memory 100 defines their maximum lifetime. By choosing a period at least equal to the period of maximum period that is guaranteed a monthly key can not be used or attacked during a period Suselling ⁇ higher this retention time since it will have disappeared the memory 100 at the end of this period. This prevents recorded programs from being replayed (executed) retrospectively.
• the resistance of the circuit 5 to attacks is such that the probability for an attacker to find a BMK key in one month is negligible.
• This example can be adapted to other BMK key durations. For example, we can use weekly keys.
• Figure 7 illustrates an implementation of the example of Figure 6.
• the diffuser 21 has the quantities BRK, BMK and CW.
• circuit 5 has only the BRK key (or BRK keys). Every month, the access provider 21 changes the key BMK and transmits it in an encrypted manner (block 71, EBRK ( BMK )) to the decoder 23, more precisely to its module or circuit 5.
• the circuit 5 decrypts the key BMK ( block 72, D BRK (E BRK (BMK))) then stores it in the memory 100 (block 73, BMK -> TCM).
• the transmitter 21 scrambles or digit (block 75, E BMK (CW), E C w (MEDIA)) each control word with the key BMK and the data MEDIA with the control word CW before transmitting both to the decoder.
• the decoder side circuit 5 decrypts the control word CW using the key BMK (block 76, D B MK (BMK E ) (CW)), then the data by means of this control word (block 77, DCW (ECW (MEDIA))) -
• the encryption and decryption algorithms E and D may be different for the key BMK, the control word CW and the data MEDIA.
• Syme algorithm ⁇ cudgel where the same key is shared and used to encrypt and decrypt, but we can use asymmetric algorithms to public and private keys for at least ciphers of BMK and CW key.
• one or more mechanisms of ratification ⁇ cation are added to limit the number of uses of the temporary key BMK and / or BRK base key in a given period of time.
• These ratifications are carried out by means of counters RC (Ratification Counter) which make it possible to count down the number of times that are used the keys BRK and BMK during a given period.
• RC Rasterification Counter
• the period control is performed automatically by the charge retention circuit 100 since the states of the counters disappear at the end of the period for which the circuit 100 is designed.
• FIG. 8 is a simplified functional block diagram illustrating one embodiment of the counter ratification mechanism, for example, of the BRK key.
• the counter RC (BRK) resets automatically and inde pendently ⁇ of the electronic circuit power supply 10 '.
• DPA Differential Power Analysis
• the RC counter (BMK) is for example incremented each time the BMK key is used to decode a CW control word.
• the RC (BMK) counter limits the number of uses of the BMK key in the set time. This duration is short by compared to that of RC counter retention (BRK). For example, limiting the number of uses of the control word to two every ten seconds prevents card sharing attacks for CW words changing every ten seconds, while allowing a second decoding when needed (for example for redundancy in case of error).
• FIG. 9 very schematically shows, in the form of blocks, an example of a counting circuit 90 containing n electronic charge-retaining circuits 10OQ, 100 ] _, ..., 10O n each storing a bit BQ, B ] _, ..., B n of the RC (BMK) or RC (BRK) counter.
• the circuit 50 is preferably controlled by an internal circuit 91 (CTRL) causing, as will be better understood later in connection with FIGS. 12 and following, the incrementation of the counter following a malfunction detection (INC input of the block 90), as well as reading the state of one or more bits of the counter.
• CTRL internal circuit 91
• the threshold TH can then be easily adapted regardless of the number of structural bits of the counter 90 by selecting the one of the counter bits to be taken into account to provide the OK / NOK result of the test 82.
• the above mechanism preferably works in counting mode from a value initialized to the value 2 at each new reception of a word CW (for example, every ten seconds) and decreed ⁇ with each use of the word CW. A new use is then prohibited if the counter is zero.
• the advantage of a counter stored in the memory 100 rather than RAM is that its value disappears anyway after the duration fixed by the circuit 100 (e.g., the same as the word CW frequency change), prohibiting a further utili zation ⁇ fraudulent.
• FIG. 10 illustrates another example of use of circuit 5 in an application to a payment card system. This figure represents an example of content of the three memories 52, 52 'and 100 of the circuit 5 of a smart card 1 according to this application example.
• a native key RK (Root Key) is stored in the smart card during the customization of its EEPROM memory.
• This key RK is associated with a counter of the number of its derivations RKDC (Root Key Derivation Counter) as well as with an ATC transaction counter (Authorization
• Transaction Counter also stored in reprogrammable non-volatile memory 52.
• the key RK is derived by the circuit 5 to obtain a basic key BK (Base Key) which is stored in the controlled charge retention memory 100.
• This key base BK is then derived at each transaction using the ATC transaction counter to obtain a session key SK stored in RAM and which is used for authorization exchanges of the transaction between the reader and the card.
• the transaction counter is the identifier of the index of the session key in the key derivation tree, allowing the central system with which the card communicates to retrieve the same session key.
• the lifetime of a card being fixed (generally a few years, for example 4) the RKDC counter der ⁇ ⁇ vation of the key RK fixed in the EEPROM memory can be encoded on a single byte for a derivation per week. Its value is for example sent to the supplier of the card in addition to the transaction number with each authorization message to validate a derivation of a session key.
• the number of possible uses of a base key per time slot is limited by means of a ratification counter RC (BK) stored in the memory 100.
• BK ratification counter
• the counter reset is automatic.
• a similar counter RC (RK) is used for the derivations of the key RK. This provides additional security over the RKDC counter by limiting the number of taps in a given time.
• Fig. 11 illustrates an exemplary application associated with the printer system of Fig. 4.
• a basic key contained in the printer 42 is derived a given number of times to communicate with a cartridge inserted into the printer. printer and has a key since its manufacture.
• Two Factors can lead to a need to change the key.
• a first factor is too many uses of the key by too many uses of the cartridge
• a second case is related to the expiry date of the ink, the cartridge being out of date.
• the integrated circuit 5 includes a memory area with retention of time charges 100 to limit the number of uses of the key, that is to say the number of introductions of the cartridge in the printer.
• a temporary session key is thus created by means of a usual key derivation algorithm (for example of the AES type) from a basic key BK contained in the card of the printer.
• the ID index of the key derived in a key derivation tree depends on an identifier of the cartridge (block 61, ID) communicated by it when it is introduced into the printer and, in case of conformity between the cartridge and the printer, to find the correct session key.
• the key derived from the printer side (block 45, DERIVE BK (ID)) is stored in a memory area 100 of the circuit 5.
• the start of the printer is conditioned by the use and obtaining of the correct session keys, which makes it possible to authenticate the cartridge (AUTHENTICATE) and to reserve the use of the printer with the use of cartridges of origin or, at least authorized by the manufacturer.
• the test authentication is performed, for example, each utili ⁇ printer sation.
• Storing the temporary key BK (ID) in the memory 100 makes its validity period independent of the power supply of the printer. This is particularly interesting since a printer is only rarely lit continuously.
• the cartridges do not need to be modified, only the electronic circuits of the printers are adapted to contain the storage elements 100.
• a duration of use of the cartridge 44 is also fixed by means of a time-holding retention memory 100 contained in the circuit 6 of the cartridge.
• One or more bits are set in the chip of the cartridge during manufacture and / or during reloading by an authorized and this active state disappears ⁇ auto matically when the duration is expired speaker.
• FIG. 12 represents a preferred example of a charge retention circuit 100.
• Such a circuit constitutes a storage element for a bit of a key or a counter described above.
• the circuit 100 comprises a first capacitive element C1 whose first electrode 121 is connected to a floating node F and whose dielectric space 123 is designed (by its permittivity and / or by its thickness) to exhibit significant leakage over time .
• Floating node F is understood to mean a node not directly connected to any diffused region of the semiconductor substrate in which circuit 100 (and circuit 10 ') is preferably produced and, more particularly, separated by a dielectric space from any terminal of application of potential.
• the second electrode 122 of the capacitive element C1 is either connected (dotted in FIG. 12) to a terminal 112 intended to be connected to a reference potential (for example ground), or left in the air.
• a second capacitive element C2 has a first elec ⁇ trode 131 connected to the node F and a second electrode 132 connected to the terminal 112.
• the capacitive element C2 has a higher charge retention capacity than the capacitive element C1.
• a third capacitive element C3 has a first electrode 141 connected to the node F and a second electrode 142 connected to a terminal 113 of the circuit 100, intended to be connected to a power source during an initialization of a charge retention phase (activation of the bit stored in state 1).
• a role of the capacitive element C2 is to store an electric charge.
• a role of the capacitive element C1 is to relatively slowly discharge the storage element C2 (relative to a direct connection of its electrode 131 to ground) through a leakage through its dielectric space.
• the presence of the capacitive element C2 makes it possible to separate the level of charge present in the circuit 100 with respect to the discharge element (capacitor C1).
• the thickness of the dielectric of the element C2 is greater than that of the element C1.
• the capacitance of the element C2 is greater, preferably in a ratio of at least 10, than that of the element C2.
• a role of the capacitive element C3 is to allow a charge injection into the capacitive element C2 by the Fowler-Nordheim effect or by a hot electron injection phenomenon.
• the element C3 makes it possible to avoid the stresses (stress) on the element C1 when the elements C2 and C1 are loaded in parallel.
• the thickness of the dielectric space of the element C3 is greater than that of the element C1, so as to avoid introducing a parasitic leakage path.
• the node F is connected to a gate G of an insulated control terminal transistor (for example, a MOS transistor 150) whose conduction terminals (drain D and source S) are connected to output terminals 114 and 115 for measure the residual charge contained in the element C2 (neglecting the capacity of the element C1 in parallel).
• the terminal 115 is connected to ground and the terminal 114 is connected to a current source (not shown) to a current-voltage conversion of the drain current I] _] _4 in the transistor 150.
• the thickness of the gate dielectric transistor for example, a MOS transistor 150
• the gate thickness of the transistor 150 is even greater than the thickness of the dielectric of the element C3, so as to avoid introducing a spurious path programming (injection or extraction of charges from the node F).
• the interpretation of the stored level can be carried out simply by means of a comparator whose switching takes place as long as the load of the node F remains sufficient.
• the level for which the comparator switches then defines the level of change of state of the bit stored by the element 100.
• Other reading solutions can be envisaged, for example a multilevel interpretation in an embodiment where the circuit 100 stores directly several bits.
• FIG. 13 represents an example of the current of the drain current Iii4 of the transistor 150 as a function of the voltage Vp at the node F, referenced with respect to the terminal 115.
• the voltage Vp then expresses the gate / source voltage of the transistor 150. depends on the residual load across capacitors C1 and C2 in parallel, therefore essentially the residual charge in capacitor C2.
• the evaluation of the drain current I] _] _4 can be performed by maintaining terminals 112 and 115 at the same potential (e.g. ground) and by applying a known voltage on terminal 114.
• FIG. 14 illustrates the evolution of the charge Qp at the point F as a function of time.
• the charge Q starts from an initial value Q INIT T o cancel an instant t with a discharge speed capa ⁇ citive.
• the time interval between the times t0 and t1 depends not only on the leakage capacity of the dielectric of the element C1 but also on the value (therefore of the storage capacity) of the element C2 which conditions the value QINIT-
• the programming or activation of the circuit 100 (transition to the state 1 of the stored bit) through the capacitive element C3 protects the capacitive element C1 whose oxide (dielectric) thickness is relatively thin and which would otherwise risk be damaged during programming. This makes it possible to make the measurements reliable and reproducible over time.
• Fig. 15 shows the wiring diagram of another embodiment of a charge retention circuit 100 '.
• the transistor 150 is replaced by a floating gate transistor FG connected to the node F.
• the control gate CG of the transistor 160 is connected to a load control terminal 116. residual in the circuit 100 '(thus the state of the bit stored).
• the thickness of the dielectric, between the floating gate FG and the channel (active zone) of the transistor 160, is greater than that of the element C1 and preferably greater than that of the element C3.
• the charge injection or extraction element C3 is a floating gate MOS transistor 170.
• the floating gate 141 of transistor 170 is connected to node F.
• the circuit has been represented in part of its environment.
• the drain 142 of the transistor 170 is connected to a current source 118 receiving a supply voltage Valim and its source 173 is connected to ground.
• Its control gate 174 receives a control signal CTRL intended to make transistor 170 turn on when there is a need for charge injection.
• the drain (terminal 114) of the transistor 160 receives the supply voltage Valim and its source is connected to ground by a current source 119 (variant inverted with respect to the embodiment described in connection with Figure 12).
• the voltage V ] _ ] _g across the current source 119 is representative of the voltage at the point F and is used to switch the output of a comparator (not shown).
• FIG. 16 illustrates, by a graph of the current I ] _i4 as a function of the voltage V ] _ ] _g applied to the control gate, the operation of the circuit of FIG. 15.
• the voltage at the drain and source terminals 114 of the transistor 160 is kept constant by the external reading circuit.
• the voltage drop between the floating gate and the terminal 115 then depends on the electrical load present at the node F, the total capacitance between the nodes F and 112 (essentially the capacitors C1 and C2), and the voltage applied to the gate In FIG.
• Curve a represents the case where node F is fully discharged.
• Curve b represents the case of a positive charge present on the node F (electron extraction).
• the threshold of the transistor 160 is then lowered.
• the curve c represents the case of a negative charge at the node F (electron injection) which generates an upper threshold for the MOS transistor 160.
• Different voltages can be used for programming and reading provided that there is an operable reference between the residual load and the interpretation of the state of the stored bit.
• a charge retention circuit is produced with the following values: capacitance C1: about 2 fF, dielectric thickness: about 40 ⁇ ;
• Capacity C2 about 20 fF, dielectric thickness: about 160A;
• Capacity C3 about 1%, dielectric strength: about 80 ⁇ .
• Such a circuit can be initialized by applying a voltage of the order of 12 volts and is discharged after about a week. This is of course only one example, the dielectric thicknesses and the possible combination in parallel of several elements C1 or C2 conditioning the charge retention time.
• FIGS. 17A, 18A, 19A, 20A and 2IA are diagrammatic top views, respectively of the electronic charge retention circuit and its elements C2, 170, C1 and 160.
• FIG. 17B is a section along line AA 'of FIG. Figure 17A.
• Figures 18B, 19B, 20B and 21B are respectively sectional views along lines BB 'of Figures 18A, 19A, 20A and 21A.
• 17C, 18C, 19C, 2OC and 21C represent the respective equivalent electrical diagrams of the electronic charge retention circuit and its elements C2, 170, C1 and 160.
• channel transistors N in a substrate 180 ( Figure 17B) of silicon type P it is assumed that channel transistors N in a substrate 180 ( Figure 17B) of silicon type P. The reverse is of course possible.
• Each element or cell C2, 170, C1 or 160 is obtained from a floating gate transistor connected in series with a selection transistor T2, T3, T1 or T4 with a single gate for selecting, for example, in a matrix network of EEPROM memory cells, the electronic circuit of charge retention.
• the floating gates of the different transistors forming elements C2, 170, Cl 160 and are connected inter ⁇ (conductive line 184) to form the floating node F.
• Their control gates are connected to a conductive line 185 of application of the signal CG read command.
• Their respective sources SC2, S7, SCl and S6 are interconnected to terminal 112 (ground) and their drains res ⁇ spective DC2, D7, DCl and D6 are connected to respective sources of T2 selection transistors, T3, Tl and T4.
• the gates of transistors T1 to T4 are connected together to a conductive line 186 for applying a circuit select signal SEL.
• Their respective drains Dl to D4 are connected to the bit lines BLL to BL4 ⁇ indi vidually controllable.
• the order of the bit lines in FIG. 17C has been arbitrarily illustrated BL2, BL3, BL1 and BL4 but the order of the different elements C2, 170, C1 and 160 in the horizontal direction of the rows (in the orientation of the figures) is indifferent.
• N-type source and drain regions (FIG. 17B) are assumed to be separated from each other in the direction of the lines by insulating zones 181.
• the floating gates are made in a first conductive level Ml separated from the active regions by an insulating level 182 and the control gates are made in a second conductive level M2 separated from the first by a third insulating level 183.
• the gates of the selection transistors are formed, for example, in the M2 level.
• a difference compared to a conventional EEPROM memory cell array is that the floating gates are inter ⁇ connected in groups of four transistors to realize the floating node F.
• the floating gate transistors realizing the various elements of the circuit are different from each other in the thickness of their tunnel window and / or in their drain and source connection.
• FIG. 18A to 18C illustrate the embodiment of the storage capacitor C2.
• the drain DC2 and source SC2 of the corresponding floating gate transistor are short-circuited (by extension of the N + type implantation throughout the active region, FIG. 18B) to form the electrode 132 of the capacitor.
• the tunnel window is eliminated compared to a standard EEPROM cell.
• Figures 19A to 19C illustrate the embodiment of the transistor 170 forming the capacitive element C3 programming.
• the drain zone D7 is connected to the source of the selection transistor T3.
• Source area S7 is connected to terminal 112.
• FIGS. 2OA to 2CC illustrate the realization of the capacitive element C1 constituting the leakage element of the charge retention circuit.
• a difference consists in thinning (zone 212, FIG. 20B) the dielectric window serving for the tunnel effect to increase the leaks.
• the thickness of the dielectric 212 is chosen to be about half (for example between 30 and 40 angstroms) of that (for example between 70 and 80 angstroms) of a tunnel window (202, FIG. 19B). an unmodified cell.
• Figures 21A to 21C illustrate the forming of read transistor 160 wherein the tunnel window has been deleted as well as, preferably, the implanted habi ⁇ tual area (201, 19B) of an EEPROM cell.
• the active zone bounded by the sources S6 and drain D6 is therefore similar to that of a normal MOS transistor.
• FIGS. 17A to 2IC are schematic and may be adapted to the technology used.
• the gates have been shown as aligned with the boundaries of drain regions and source but a light recou ⁇ suitably present.
• An advantage of the embodiment by means of a techno logy ⁇ EEPROM cell is that the charge retention circuit can be set and reset by applying the same voltage levels and the same time slots as used for erase or write in EEPROM memory cells.
• Another advantage is that it preserves stability over time by avoiding degradation of the thin oxide of the leakage element (Cl) during successive writing operations.
• bit lines BL1 to BL4 depend on the operating phases of the circuit and in particular on the programming (activation) or reading phase.
• Table I illustrates a mode of implementation of an activation (SET) and a reading (READ) of an electronic charge retention circuit as illustrated by FIGS. 17A to 21C. Table I
• the selection signal SEL is brought to a first high potential VPP 1 with respect to the ground to make the different transistors T1 to T4 go through while the CG signal applied to the control gates of the floating gate transistors remains at the low level 0 so as not to turn on the transistor 160.
• the bit lines BL1, BL2 and BL4 remain in the air (state of high impedance HZ) while the line BL3 is applied to a positive potential Vpp 2 for charging the floating node F.
• the line 112, common sources of floating gate transistors, is preferably left in the air (HZ state).
• the different selection transistors are activated by the signal SEL at a level Vgg ⁇ and a voltage VpEAO ⁇ e reading is applied to the control gates of the different floating gate transistors.
• BL1, BL2 and BL3 are in a state of high impedance HZ while line BL4 receives a potential V 114 for supplying the source of read current.
• Line 112 is here connected to ground.
• VPP 1, VPP 2, V SEL 'V READ V and 114 thereof "t, preferably the following: 1 VPP VPP higher than 2; V SEL greater than Vp ⁇ 0;
• VPP 1 about 14 volts
• VPP 2 about 12 volts
• VSEL about 4 volts
• parties ⁇ ticular several elements C2 may be used in paral lel ⁇ to increase the node capacity F so as to increase the discharge time of the electronic circuit; several members 170 may be used in paral lel ⁇ to increase the injection velocity or electron extraction at node F when programming; several leakage elements C1 can be used in parallel to reduce the discharge time of the system; and / or more read elements 160 may be intro ⁇ ducts in parallel to provide a higher current in the evaluation circuit.
• An electronic charge retention circuit can be introduced into any position of a standard EEPROM memory cell network, which makes it more difficult for its location to be found by a malicious user.
• the selection transistors of the cells forming the charge retention circuit are ⁇ tagged with normal EEPROM cells on the same bit lines, provided with suitable addressing and switching means.
• the charge retention circuit may be formed by any circuit capable of pre ⁇ Senter, reproducibly, a pressure drop in the time regardless of the circuit power supply.
• it may use a circuit as described in the international application WO-A-03/083769.
• the counters can be of any kind and the counting function can be of any increment or decrement.
• the counting function can be of any increment or decrement.
• the counting cells can not be reset other than temporally
• two incremental counters of finite size whose difference provides the value to consider.
• EEPROM and RAM memories these memories are more generally any memory or non-volatile memory element reprogrammable (for example, flash memories) and any memory or volatile storage element (eg registers).
• the invention can be implemented in non-contact devices (of the electromagnetic transponder type) which draw their power from an electromagnetic field in which they are located (generated by a terminal).

Landscapes

• Engineering & Computer Science (AREA)
• Physics & Mathematics (AREA)
• Computer Security & Cryptography (AREA)
• Theoretical Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Business, Economics & Management (AREA)
• Computer Hardware Design (AREA)
• Accounting & Taxation (AREA)
• Computer Networks & Wireless Communication (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Signal Processing (AREA)
• Software Systems (AREA)
• General Engineering & Computer Science (AREA)
• Finance (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Mathematical Physics (AREA)
• Storage Device Security (AREA)
• Lock And Its Accessories (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=39683454

Family Applications (1)

Country Status (5)

Families Citing this family (23)

Family Cites Families (19)

• 2008
  • 2008-01-11 FR FR0850169A patent/FR2926382B1/fr active Active
  • 2008-12-31 CN CN201510906509.7A patent/CN105550603A/zh active Pending
  • 2008-12-31 WO PCT/EP2008/068386 patent/WO2009089997A1/fr active Application Filing
  • 2008-12-31 EP EP08871074A patent/EP2229647A1/de not_active Withdrawn
  • 2008-12-31 US US12/811,810 patent/US8855314B2/en active Active
  • 2008-12-31 CN CN2008801244909A patent/CN101918953A/zh active Pending
• 2014
  • 2014-09-08 US US14/480,053 patent/US10158482B2/en active Active

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events