WO1998029813A1 - Method for ensuring the safety of a security module, and related security module - Google Patents

Method for ensuring the safety of a security module, and related security module Download PDF

Info

Publication number
WO1998029813A1
WO1998029813A1 PCT/FR1997/002389 FR9702389W WO9829813A1 WO 1998029813 A1 WO1998029813 A1 WO 1998029813A1 FR 9702389 W FR9702389 W FR 9702389W WO 9829813 A1 WO9829813 A1 WO 9829813A1
Authority
WO
WIPO (PCT)
Prior art keywords
sensitive operation
interrupted
execution
tests
sensitive
Prior art date
Application number
PCT/FR1997/002389
Other languages
French (fr)
Inventor
Michel Hazard
Original Assignee
Bull Cp8
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bull Cp8 filed Critical Bull Cp8
Priority to JP10529680A priority Critical patent/JPH11505055A/en
Priority to BR9707881A priority patent/BR9707881A/en
Priority to EP97952982A priority patent/EP0891587A1/en
Priority to AU56683/98A priority patent/AU5668398A/en
Publication of WO1998029813A1 publication Critical patent/WO1998029813A1/en
Priority to NO983960A priority patent/NO983960L/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • G06F12/1466Key-lock mechanism
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/0826Embedded security module

Definitions

  • the invention relates to a method for securing a security module arranged to cooperate with an information processing device, the module comprising information processing means and information storage means and being arranged to execute a set of operations including at least one sensitive operation.
  • sensitive operation is understood to mean any operation the execution of which has significant repercussions on: - security in general: with regard in particular to any operation aimed at verifying the clearance of a person vis-à-vis regarding access to certain information, services or functions;
  • the application concerned in particular with regard in particular to any operation aimed at defining or modifying certain parameters characterizing the fundamental rights and obligations of a user vis-à-vis this application (for example, for a banking application, a operation to update an account balance).
  • the term "security module” must be taken, either in its classic sense in which it designates a device intended, in a communication or information network, to be owned by an organization supervising the network and to be stored in a protected manner secret and fundamental parameters of the network such as cryptographic keys, that is to say more simply designating a device assigned to various users of the network and allowing each of them to have access to it, this latter device also being capable of hold secret parameters.
  • the security module may take the form of a portable object of the smart card type.
  • the problem which the invention aims to solve is to prevent an interruption of the sensitive operation in progress from occurring, or at least to control the number of interruptions likely to occur.
  • the invention relates in particular to fraudulent interruptions, without however excluding accidental interruptions.
  • the risk is that operations aimed at securing the execution of said set of operations, do not execute.
  • operations aimed at securing the execution of said set of operations do not execute.
  • it is the operation of writing the result of the comparison, which aims to limit the number of authorized tests.
  • the fraudster manages to stop the program after comparison but before writing his result, he can repeat a large number of times the operation of presentation of a new confidential code, and possibly take advantage of the observation of electrical signals present at the terminals of the safety module, signals which are in practice always influenced by the nature of the calculation or result.
  • the fraudster's storage of a large number of such observations and a statistical analysis the latter may possibly be able to identify the correct confidential code of the user.
  • This problem is solved according to the invention by providing measures allowing the security module to check whether the sensitive operation or the sensitive operations previously triggered have been executed in full or not and, if not, to prohibit the execution of the sensitive operation to come.
  • the method according to the invention comprises the steps consisting in: executing, on the occasion of each execution of the sensitive operation and upstream of it, a first additional sequence of operations intended to activate means signaling and, downstream of said sensitive operation, a second additional sequence of operations intended to deactivate said signaling means; -accounting for each interrupted test for which the sensitive operation was triggered but not executed, so that the signaling means were first activated but were not subsequently deactivated, so as to define a number of tests interrupted found N RS ;
  • the invention also relates to a security module designed to implement this method.
  • FIG. 1 is the diagram of a security module to which is intended for the invention, cooperating with an information processing device;
  • FIG. 2 is a flowchart of execution of a sensitive operation
  • FIGS. 3a to 3c and 4a, 4b represent the state of a counter for breaks in the C RS sequence at different times, during the execution of one or more sensitive operations.
  • the information processing device 1 shown in FIG. 1 comprises in a manner known per se a microprocessor 2 to which are connected a ROM memory 3, and a RAM memory 4, means 5 for cooperating with a security module 8, and a transmission interface 7 allowing the information processing device to communicate with another similar device, either directly or through a communication network.
  • the device 1 can also be equipped with storage means such as floppy disks or removable or non-removable discs, input means (such as a keyboard and / or a pointing device of the mouse type) and display means, these different means not being shown in FIG. 1.
  • storage means such as floppy disks or removable or non-removable discs
  • input means such as a keyboard and / or a pointing device of the mouse type
  • display means these different means not being shown in FIG. 1.
  • the information processing device can be constituted by any computer device installed on a private or public site and capable of providing means of information management or delivery of various goods or services, this device being permanently installed or portable. It can in particular also be a telecommunications device.
  • the security module 8 includes information processing means 9, an associated non-volatile memory 10, and means 13 for cooperating with the information processing device. This module is arranged to define, in the memory 10, a secret zone 11 in which information once recorded, is inaccessible from outside the module but only accessible to the processing means 9, and a free zone 12 which is accessible from outside the module for reading and / or writing information.
  • Each memory zone can include a non-erasable part ROM and an erasable part EPROM, EEPROM, or made up of RAM memory of the "flash" type, that is to say having the characteristics of an EEPROM memory with further times identical to those of a conventional RAM.
  • a volatile memory RAM not shown, is also provided.
  • a security module 8 it is possible in particular to use a microprocessor with self-programmable non-volatile memory, as described in American patent n ° 4,382,279 in the name of the Applicant.
  • the self-programmable nature of the memory corresponds to the possibility for a program fi located in this memory, to modify another program fj also located in this memory into a program gj.
  • the means to be used to carry out this self-programming can vary according to the technique used to design the information processing means 9, it is recalled that, in the case where these processing means are constituted by a microprocessor associated with a non-volatile memory and according to the aforementioned patent, these means can include:
  • this writing program can however be replaced by a writing automaton with logic circuits.
  • the microprocessor of the security module 8 is replaced - or at least supplemented - by logic circuits implanted in a semiconductor chip.
  • such circuits are capable of carrying out calculations, in particular of authentication and signature, thanks to wired, and not microprogrammed, electronics. They can in particular be of the ASIC type (from the English “Application Specifies Integrated Circuit”).
  • the security module 8 will be designed in monolithic form on a single chip.
  • the security nature of the security module may result from its location in a tamper-proof enclosure.
  • the aforementioned signaling means comprise at least one C RS sequence break counter arranged to count sequence breaks occurring during the execution of the sensitive operation, that is to say interruptions occurring in the execution, step by step, of this operation.
  • This counter is incorporated into the information processing means 9 of the security module 8.
  • there are two reference numbers namely a number of observed sequence breaks N RS and a number of breaks authorized sequence N RS A, the first corresponding to the number of sequence breaks which have occurred in the execution of a sensitive operation determined since a determined time, and the second corresponding to the maximum number of sequence breaks which can occur without causing a blockage of the security module.
  • the instant from which the number of N RS sequence breaks is calculated corresponds to a first commissioning of the security module by a user for whom it is intended, the number N RS counting any break of sequence intervened from this moment until a determined day.
  • N RSA it is determined by an authority so as to take into account sequence breaks resulting, not from a fraudulent act, but from operating anomalies of the security module likely to intervene spontaneously over its entire lifetime.
  • N RS A should be chosen small, otherwise a fraudster would benefit from a comfortable number of attempts to try to violate the security module.
  • N RSA will be less than twenty, in particular less than ten.
  • a first step 21 consists in checking whether the number of sequence breaks N RS is much less than or equal to the number of sequence breaks authorized N RSA - If not , a sequence break is brought about to prohibit the execution of the sensitive operation: this interruption may be either final in that it will prevent any subsequent execution of this sensitive operation, or even in that it will block any subsequent operation of the security module, whatever the operation envisaged, is provisional if it is foreseen that the sensitive operation may be executed again in the future after a reset of the number of N RS sequence breaks by an authorized authority.
  • a second step 22 consists in incrementing the sequence break counter C RS by one unit.
  • the next step is to perform the sensitive operation itself. If this operation has taken place in full, that is to say without an accidental or fraudulent break in the sequence having occurred, the sequence break counter C RS is then decremented by one unit in step 24 , so as to recover the value it had before the start of the sensitive operation.
  • the operation 21 for testing the value of the number of sequence breaks N RS may be performed after that 22 of incrementing the sequence break counter C RS by one unit.
  • FIGS. 3a to 3c show successive states taken by the C RS sequence break counter, prior to the execution of a sensitive operation to be protected. This counter consists of a cyclic file with several positions
  • each position being materialized by at least one memory cell.
  • the number of positions is equal to eight, numbered from 1 to 8.
  • a value of the number of breaks in sequence N RS is stored, except in one position (here position 5) which is blank because containing no value. Any blank position is marked with the symbol 0.
  • FIG. 3a represents the state of the counter upstream of step 22 of the flow diagram of FIG. 2.
  • the position located above the blank position (here position 4) stores a current value N RS corresponding to a current value of the counter, while the six positions 3 to 1 then 8 to 6 respectively store different values, taken successively by going back in time, namely N RS +1 for position 3, N RS for position 2 .. etc..up to N RS -2 for the oldest position 6, these positions corresponding to a certain number of successive sensitive operations.
  • -position 4 state of the counter just after step 24 (removal of a unit), which shows that no sequence interruption, voluntary or accidental, occurred during this execution of the sensitive operation.
  • positions 7 and 8 correspond to the following events, relating to a previous execution of sensitive operation: -position 7: state of the counter before step 22 of FIG. 2;
  • position 6 it corresponds to the state of the counter just before step 24, during an execution of an even older sensitive operation. Indeed, the value it contains corresponds to that of position 7, increased by one.
  • FIG. 3b shows the state of the sequence break counter in a preliminary execution phase of step 22 of the flow diagram of FIG. 2.
  • the processing means information 9 from the security module erased the position 6 located below the blank position 5, thus defining a new blank position.
  • the information processing means 9 have executed step 22 of FIG. 2 by adding a unit to the current value N RS of position 4 and by storing the result N RS +1 in the position next 5.
  • FIGS. 4a and 4b show successive states taken by the sequence break counter C RS , downstream of the execution of the sensitive operation 23 of FIG. 2.
  • FIG. 4a shows the state of the sequence break counter in a preliminary phase of execution of step 24 of FIG. 2.
  • the information processing means 9 of the security module have erased the position 7 located below the new blank position 6.
  • the information processing means 9 executed step 24 of FIG. 2 by subtracting a unit from the current value N RS +1 from position 5 and by storing the result N RS in position next 6.
  • the signaling function is advantageously nested with that of counting the sequence breaks using a single device: the C RS sequence break counter.
  • the steps 21, 22 and 24 of incrementation and decrementation of the counter can be conceived as subroutines of a main program constituted by the sensitive operation itself.
  • a reference or address of the counter is entered as a parameter when the subroutine is called. This mode of operation adds flexibility in the implementation of sequences of operations.
  • C RS sequence break counters In the case where one wishes to secure several distinct sensitive operations and intended to be executed independently of one another, one can define as many C RS sequence break counters as there are operations, each one verifying the correct execution of an operation sensitive determined. However, according to a preferred mode, only one common counter is defined, which will be incremented, and in principle decremented, during the execution of any of these sensitive operations. This observation also applies to the case where the counter is replaced by a flag.
  • An important concern of the invention is that the security procedure described does not result in slowing down, or even blocking the operation of the security module, due to the inevitable accidental interruptions which are observed throughout the operating period of this, relating not only to sensitive operations but also to ordinary operations, such as those relating to the application concerned (financial application, service provision, etc.), the non-execution of which does not affect security in general, nor the fundamental rights and obligations of the user in the application concerned.
  • the large number of operations thus secured would risk increasing consequently the number of accidental interruptions noted: the number of authorized sequence breaks N RSA would then be reached more quickly, so that a partial or total blocking of the security module would also intervene more quickly.
  • An improvement of the invention consists in that the authorized number of interrupted tests N RSA includes a random number varying each time that a determined number of sensitive operations have been triggered.
  • the number N RSA varies at a determined frequency, but it takes successive values which are not foreseeable, which contributes to disturb any fraudulent observation of the behavior of the security module.
  • This random number can advantageously be generated in the security module according to one of the software methods described in American patents N ° 5,177,790 or 5,365,466.
  • the authorized number of interrupted trials N RSA is composed of a fixed number to which is added a random number.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention concerns a method for ensuring the safety of a security module (8) designed for co-operating with a data processing device (1), said module being arranged for executing a set of operations including at least a sensitive operation (23). The invention is characterised in that the method comprises the following steps consisting in: executing, for each execution of the sensitive operation and upstream of it, a first sequence of supplementary operations (22) for activating signalling means and, downstream of said sensitive operation, a second set of supplementary operations (24) for deactivating said signalling means; verifying, for each execution of the sensitive operation and upstream of the first sequence of supplementary operations (22), whether the signalling means are deactivated; if the signalling means are activated, inhibiting the execution of the sensitive operation.

Description

Procédé de sécurisation d'un module de sécurité, et module de sécurité associéMethod for securing a security module, and associated security module
L'invention concerne un procédé de sécurisation d'un module de sécurité agencé pour coopérer avec un dispositif de traitement de l'information, le module comportant des moyens de traitement de l'information et des moyens de mémorisation de l'information et étant agencé pour exécuter un ensemble d'opérations incluant au moins une opération sensible. On entend, par le terme « opération sensible », toute opération dont l'exécution a des répercutions importantes sur : - la sécurité en général : en ce qui concerne notamment toute opération visant à vérifier l'habilitation d'une personne vis-à-vis de l'accès à certaines informations, services, ou fonctions ;The invention relates to a method for securing a security module arranged to cooperate with an information processing device, the module comprising information processing means and information storage means and being arranged to execute a set of operations including at least one sensitive operation. The term “sensitive operation” is understood to mean any operation the execution of which has significant repercussions on: - security in general: with regard in particular to any operation aimed at verifying the clearance of a person vis-à-vis regarding access to certain information, services or functions;
- l'application concernée en particulier : en ce qui concerne notamment toute opération visant à définir ou modifier certains paramètres caractérisant les droits et obligations fondamentaux d'un usager vis-à-vis de cette application (par exemple , pour une application bancaire, une opération visant à mettre à jour un solde de compte).- the application concerned in particular: with regard in particular to any operation aimed at defining or modifying certain parameters characterizing the fundamental rights and obligations of a user vis-à-vis this application (for example, for a banking application, a operation to update an account balance).
Le terme "module de sécurité" doit être pris, soit dans son sens classique dans lequel il désigne un dispositif ayant vocation, dans un réseau de communication ou d'information, à être détenu par un organisme supervisant le réseau et à stocker de façon protégée des paramètres secrets et fondamentaux du réseau tels que des clés cryptographiques, soit comme désignant plus simplement un dispositif attribué à divers usagers du réseau et permettant à chacun d'eux d'avoir accès à celui-ci, ce dernier dispositif étant lui aussi susceptible de détenir des paramètres secrets. Le module de sécurité pourra prendre la forme d'un objet portatif du type carte à puce.The term "security module" must be taken, either in its classic sense in which it designates a device intended, in a communication or information network, to be owned by an organization supervising the network and to be stored in a protected manner secret and fundamental parameters of the network such as cryptographic keys, that is to say more simply designating a device assigned to various users of the network and allowing each of them to have access to it, this latter device also being capable of hold secret parameters. The security module may take the form of a portable object of the smart card type.
Le problème que vise à résoudre l'invention est d'éviter qu'une interruption de l'opération sensible en cours d'exécution ne se produise, ou du moins de contrôler le nombre d'interruptions susceptibles d'intervenir. L'invention vise tout particulièrement les interruptions frauduleuses, sans exclure toutefois les interruptions accidentelles. Le risque est que des opérations visant à sécuriser l'exécution dudit ensemble d'opérations , ne s'exécutent pas. En ce qui concerne par exemple un programme de test d'un code confidentiel présenté par un usager, il s'agit de l'opération d'écriture du résultat de la comparaison, qui a pour but de limiter le nombre d'essais autorisés. Si le fraudeur arrive à stopper le programme après comparaison mais avant l'écriture de son résultat, il peut renouveler un grand nombre de fois l'opération de présentation d'un nouveau code confidentiel, et éventuellement tirer parti de l'observation des signaux électriques présents aux bornes du module de sécurité, signaux qui sont en pratique toujours influencés par la nature du calcul ou du résultat. Moyennant le stockage par le fraudeur d'un nombre important de telles observations et une analyse statistique, celui-ci peut éventuellement parvenir à identifier le bon code confidentiel de l'usager.The problem which the invention aims to solve is to prevent an interruption of the sensitive operation in progress from occurring, or at least to control the number of interruptions likely to occur. The invention relates in particular to fraudulent interruptions, without however excluding accidental interruptions. The risk is that operations aimed at securing the execution of said set of operations, do not execute. With regard, for example, to a program for testing a confidential code presented by a user, it is the operation of writing the result of the comparison, which aims to limit the number of authorized tests. If the fraudster manages to stop the program after comparison but before writing his result, he can repeat a large number of times the operation of presentation of a new confidential code, and possibly take advantage of the observation of electrical signals present at the terminals of the safety module, signals which are in practice always influenced by the nature of the calculation or result. By means of the fraudster's storage of a large number of such observations and a statistical analysis, the latter may possibly be able to identify the correct confidential code of the user.
Ce problème est résolu selon l'invention en prévoyant des mesures permettant au module de sécurité de vérifier si l'opération sensible ou les opérations sensibles précédemment déclenchées ont été exécutées intégralement ou non et, dans la négative, d'interdire l'exécution de l'opération sensible à venir.This problem is solved according to the invention by providing measures allowing the security module to check whether the sensitive operation or the sensitive operations previously triggered have been executed in full or not and, if not, to prohibit the execution of the sensitive operation to come.
Plus précisément, le procédé selon l'invention comprend les étapes consistant à : -exécuter, à l'occasion de chaque exécution de l'opération sensible et en amont de celle-ci, une première séquence supplémentaire d'opérations destinée à activer des moyens de signalisation et, en aval de ladite opération sensible, une seconde séquence supplémentaire d'opérations destinée à désactiver iesdits moyens de signalisation ; -comptabiliser chaque essai interrompu pour lequel l'opération sensible a été déclenchée mais pas exécutée, de sorte que les moyens de signalisation ont été tout d'abord activés mais n'ont pas été ensuite désactivés, de façon à définir un nombre d'essais interrompus constaté NRS ;More specifically, the method according to the invention comprises the steps consisting in: executing, on the occasion of each execution of the sensitive operation and upstream of it, a first additional sequence of operations intended to activate means signaling and, downstream of said sensitive operation, a second additional sequence of operations intended to deactivate said signaling means; -accounting for each interrupted test for which the sensitive operation was triggered but not executed, so that the signaling means were first activated but were not subsequently deactivated, so as to define a number of tests interrupted found N RS ;
-définir un nombre d'essais interrompus autorisé NRSA ; -comparer, à l'occasion de chaque exécution de l'opération sensible et en amont de celle-ci, ledit nombre d'essais interrompus constaté NRS audit nombre d'essais interrompus autorisé NRSA ; et -interdire, dans le cas où ledit nombre d'essais interrompus constaté NRS est supérieur audit nombre d'essais interrompus autorisé NRSA, l'exécution de l'opération sensible.-define an authorized number of interrupted tests N RSA ; -comparing, on the occasion of each execution of the sensitive operation and upstream thereof, said number of interrupted tests found N RS to said number of interrupted tests authorized N RSA ; and prohibit, in the event that said number of interrupted tests found N RS is greater than said number of interrupted tests authorized N RSA , the execution of the sensitive operation.
L'invention concerne aussi un module de sécurité agencé pour mettre en oeuvre ce procédé.The invention also relates to a security module designed to implement this method.
D'autres détails et avantages de la présente invention apparaîtront au cours de la description suivante d'un mode d'exécution préféré mais non limitatif, au regard des dessins annexés sur lesquels : La figure 1 est le schéma d'un module de sécurité auquel est destinée l'invention, coopérant avec un dispositif de traitement de l'information ;Other details and advantages of the present invention will appear during the following description of a preferred but non-limiting embodiment, with regard to the appended drawings in which: FIG. 1 is the diagram of a security module to which is intended for the invention, cooperating with an information processing device;
La figure 2 est un organigramme d'exécution d'une opération sensible ; et Les figures 3a à 3c et 4a, 4b représentent l'état d'un compteur de ruptures de séquence CRS à différents instants, au cours de l'exécution d'une ou plusieurs opérations sensibles.FIG. 2 is a flowchart of execution of a sensitive operation; and FIGS. 3a to 3c and 4a, 4b represent the state of a counter for breaks in the C RS sequence at different times, during the execution of one or more sensitive operations.
Le dispositif de traitement de l'information 1 représenté sur la figure 1 comprend de façon connue en soi un microprocesseur 2 auquel sont reliés une mémoire ROM 3, et une mémoire RAM 4, des moyens 5 pour coopérer avec un module de sécurité 8, et une interface de transmission 7 permettant au dispositif de traitement de l'information de communiquer avec un autre dispositif semblable, soit directement, soit au travers d'un réseau de communication.The information processing device 1 shown in FIG. 1 comprises in a manner known per se a microprocessor 2 to which are connected a ROM memory 3, and a RAM memory 4, means 5 for cooperating with a security module 8, and a transmission interface 7 allowing the information processing device to communicate with another similar device, either directly or through a communication network.
Le dispositif 1 peut en outre être équipé de moyens de stockage tels que des disquettes ou disques amovibles ou non, de moyens de saisie (tels qu'un clavier et/ou un dispositif de pointage du type souris) et de moyens d'affichage, ces différents moyens n'étant pas représentés sur la figure 1.The device 1 can also be equipped with storage means such as floppy disks or removable or non-removable discs, input means (such as a keyboard and / or a pointing device of the mouse type) and display means, these different means not being shown in FIG. 1.
Le dispositif de traitement de l'information peut être constitué par tout appareil informatique installé sur un site privé ou public et apte à fournir des moyens de gestion de l'information ou de délivrance de divers biens ou services, cet appareil étant installé à demeure ou portable. Il peut notamment s'agir aussi d'un appareil de télécommunications. Par ailleurs, le module de sécurité 8 inclut des moyens de traitement de l'information 9, une mémoire non volatile associée 10, et des moyens 13 pour coopérer avec le dispositif de traitement de l'information. Ce module est agencé pour définir, dans la mémoire 10, une zone secrète 11 dans laquelle des informations une fois enregistrées, sont inaccessibles depuis l'extérieur du module mais seulement accessibles aux moyens de traitement 9, et une zone libre 12 qui est accessible depuis l'extérieur du module pour une lecture et/ou une écriture d'informations. Chaque zone de mémoire peut comprendre une partie non effaçable ROM et une partie effaçable EPROM, EEPROM, ou constituée de mémoire RAM du type "flash", c'est-à-dire présentant les caractéristiques d'une mémoire EEPROM avec en outre des temps d'accès identiques à ceux d'une RAM classique. Une mémoire volatile RAM non représentée est par ailleurs prévue.The information processing device can be constituted by any computer device installed on a private or public site and capable of providing means of information management or delivery of various goods or services, this device being permanently installed or portable. It can in particular also be a telecommunications device. Furthermore, the security module 8 includes information processing means 9, an associated non-volatile memory 10, and means 13 for cooperating with the information processing device. This module is arranged to define, in the memory 10, a secret zone 11 in which information once recorded, is inaccessible from outside the module but only accessible to the processing means 9, and a free zone 12 which is accessible from outside the module for reading and / or writing information. Each memory zone can include a non-erasable part ROM and an erasable part EPROM, EEPROM, or made up of RAM memory of the "flash" type, that is to say having the characteristics of an EEPROM memory with further times identical to those of a conventional RAM. A volatile memory RAM, not shown, is also provided.
En tant que module de sécurité 8, on pourra notamment utiliser un microprocesseur à mémoire non volatile autoprogrammable, tel que décrit dans le brevet américain n° 4.382.279 au nom de la Demanderesse. Comme indiqué en page 1 , ligne 5 à 17 de ce brevet, le caractère autoprogrammable de la mémoire correspond à la possibilité pour un programme fi situé dans cette mémoire, de modifier un autre programme fj situé également dans cette mémoire en un programme gj. Bien que les moyens à mettre en oeuvre pour réaliser cette autoprogrammation puissent varier selon la technique utilisée pour concevoir les moyens de traitement de l'information 9, on rappelle que, dans le cas où ces moyens de traitement sont constitués par un microprocesseur associé à une mémoire non volatile et selon le brevet précité, ces moyens peuvent inclure :As a security module 8, it is possible in particular to use a microprocessor with self-programmable non-volatile memory, as described in American patent n ° 4,382,279 in the name of the Applicant. As indicated on page 1, line 5 to 17 of this patent, the self-programmable nature of the memory corresponds to the possibility for a program fi located in this memory, to modify another program fj also located in this memory into a program gj. Although the means to be used to carry out this self-programming can vary according to the technique used to design the information processing means 9, it is recalled that, in the case where these processing means are constituted by a microprocessor associated with a non-volatile memory and according to the aforementioned patent, these means can include:
- des mémoires tampon de données et d'adresses, associées à la mémoire- data and address buffers, associated with the memory
- un programme d'écriture dans la mémoire, chargé dans celle-ci et contenant notamment les instructions permettant le maintien d'une part de la tension de programmation de la mémoire, et d'autre part des données à écrire et de leurs adresses, pendant un temps suffisant, ce programme d'écriture pouvant toutefois être remplacé par un automate d'écriture à circuits logiques. Dans une variante, le microprocesseur du module de sécurité 8 est remplacé -ou tout du moins complété- par des circuits logiques implantés dans une puce à semi-conducteurs. En effet, de tels circuits sont aptes à effectuer des calculs, notamment d'authentification et de signature, grâce à de l'électronique câblée, et non microprogrammée. Ils peuvent notamment être de type ASIC (de l'anglais « Application Spécifie Integrated Circuit »). A titre d'exemple, on peut citer le composant de la société SIEMENS commercialisé sous la référence SLEa program for writing into the memory, loaded into the latter and containing in particular the instructions allowing the maintenance on the one hand of the programming voltage of the memory, and on the other hand of the data to be written and their addresses, for a sufficient time, this writing program can however be replaced by a writing automaton with logic circuits. In a variant, the microprocessor of the security module 8 is replaced - or at least supplemented - by logic circuits implanted in a semiconductor chip. Indeed, such circuits are capable of carrying out calculations, in particular of authentication and signature, thanks to wired, and not microprogrammed, electronics. They can in particular be of the ASIC type (from the English “Application Specifies Integrated Circuit”). By way of example, mention may be made of the component of the company SIEMENS marketed under the reference SLE
4436 et celui de la société SGS-THOMSON commercialisé sous la référence ST4436 and that of the company SGS-THOMSON marketed under the reference ST
1335.1335.
Avantageusement, le module de sécurité 8 sera conçu sous forme monolithique sur une seule puce.Advantageously, the security module 8 will be designed in monolithic form on a single chip.
En variante au microprocesseur à mémoire non volatile autoprogrammable décrit ci-dessus, le caractère sécuritaire du module de sécurité pourra résulter de sa localisation dans une enceinte inviolable.As an alternative to the self-programming non-volatile memory microprocessor described above, the security nature of the security module may result from its location in a tamper-proof enclosure.
Les moyens de signalisation précités comprennent au moins un compteur de ruptures de séquence CRS agencé pour compter des ruptures de séquence intervenant au cours de l'exécution de l'opération sensible , c'est-à-dire des interruptions se produisant dans l'exécution , pas à pas, de cette opération. Ce compteur est incorporé aux moyens de traitement de l'information 9 du module de sécurité 8. Selon le procédé de la figure 2, on distingue deux nombres de référence, à savoir un nombre de ruptures de séquence constaté NRS et un nombre de ruptures de séquence autorisé NRSA , le premier correspondant au nombre de ruptures de séquence qui sont intervenues dans l'exécution d'une opération sensible déterminée depuis un instant déterminé, et le second correspondant au nombre maximum de ruptures de séquence qui peuvent intervenir sans provoquer un blocage du module de sécurité. Typiquement, l'instant à partir duquel le nombre de ruptures de séquence NRS est calculé correspond à une première mise en service du module de sécurité par un utilisateur auquel celui-ci est destiné, le nombre NRS comptabilisant toute rupture de séquence intervenue depuis cet instant jusqu'à un jour déterminé. Quant au nombre de ruptures de séquence autorisé NRSA, il est déterminé par une autorité de façon à prendre en compte des ruptures de séquence résultant, non pas d'un acte frauduleux, mais d'anomalies de fonctionnement du module de sécurité susceptibles d'intervenir spontanément sur toute sa durée de vie. Naturellement, NRSA devra être choisi petit, faute de quoi un fraudeur bénéficierait d'un nombre confortable d'essais pour tenter de violer le module de sécurité. A titre d'exemple, NRSA sera inférieur à vingt, notamment inférieur à dix.The aforementioned signaling means comprise at least one C RS sequence break counter arranged to count sequence breaks occurring during the execution of the sensitive operation, that is to say interruptions occurring in the execution, step by step, of this operation. This counter is incorporated into the information processing means 9 of the security module 8. According to the method of FIG. 2, there are two reference numbers, namely a number of observed sequence breaks N RS and a number of breaks authorized sequence N RS A, the first corresponding to the number of sequence breaks which have occurred in the execution of a sensitive operation determined since a determined time, and the second corresponding to the maximum number of sequence breaks which can occur without causing a blockage of the security module. Typically, the instant from which the number of N RS sequence breaks is calculated corresponds to a first commissioning of the security module by a user for whom it is intended, the number N RS counting any break of sequence intervened from this moment until a determined day. As for the number of authorized sequence breaks N RSA , it is determined by an authority so as to take into account sequence breaks resulting, not from a fraudulent act, but from operating anomalies of the security module likely to intervene spontaneously over its entire lifetime. Naturally, N RS A should be chosen small, otherwise a fraudster would benefit from a comfortable number of attempts to try to violate the security module. For example, N RSA will be less than twenty, in particular less than ten.
A une entrée de l'organigramme d'exécution de l'opération sensible, une première étape 21 consiste à vérifier si le nombre de ruptures de séquence NRS est bien inférieur ou égal au nombre de ruptures de séquence autorisé NRSA- Dans la négative, on procède à une rupture de séquence provoquée pour interdire l'exécution de l'opération sensible : cette interruption pourra être soit définitive en ce qu'elle empêchera toute exécution ultérieure de cette opération sensible , voire en ce qu'elle bloquera tout fonctionnement ultérieur du module de sécurité , quelle que soit l'opération envisagée, soit provisoire s'il est prévu que l'opération sensible pourra être à nouveau exécutée dans l'avenir après une réinitialisation du nombre de ruptures de séquence NRS par une autorité habilitée. En revanche, si le nombre de ruptures de séquence NRS est bien inférieur ou égal au nombre de ruptures de séquence autorisé NRSA- , une seconde étape 22 consiste à incrémenter le compteur de ruptures de séquence CRS d'une unité. L'étape suivante consiste à exécuter l'opération sensible elle-même. Si cette opération s'est déroulée intégralement, c'est-à-dire sans qu'une rupture de séquence accidentelle ou frauduleuse ne soit intervenue, le compteur de ruptures de séquence CRS est alors décrémenté d'une unité à l'étape 24, de façon à retrouver la valeur qu'il avait avant le début de l'opération sensible.At an entry in the flow diagram for executing the sensitive operation, a first step 21 consists in checking whether the number of sequence breaks N RS is much less than or equal to the number of sequence breaks authorized N RSA - If not , a sequence break is brought about to prohibit the execution of the sensitive operation: this interruption may be either final in that it will prevent any subsequent execution of this sensitive operation, or even in that it will block any subsequent operation of the security module, whatever the operation envisaged, is provisional if it is foreseen that the sensitive operation may be executed again in the future after a reset of the number of N RS sequence breaks by an authorized authority. On the other hand, if the number of sequence breaks N RS is much less than or equal to the number of sequence breaks authorized N RSA -, a second step 22 consists in incrementing the sequence break counter C RS by one unit. The next step is to perform the sensitive operation itself. If this operation has taken place in full, that is to say without an accidental or fraudulent break in the sequence having occurred, the sequence break counter C RS is then decremented by one unit in step 24 , so as to recover the value it had before the start of the sensitive operation.
En variante, l'opération 21 de test de la valeur du nombre de ruptures de séquence NRS pourra être effectuée après celle 22 d'incrémentation du compteur de ruptures de séquence CRS d'une unité. Les figures 3a à 3c montrent des états successifs que prend le compteur de ruptures de séquence CRS , en amont de l'exécution d'une opération sensible à protéger. Ce compteur est constitué par un fichier cyclique à plusieurs positionsAs a variant, the operation 21 for testing the value of the number of sequence breaks N RS may be performed after that 22 of incrementing the sequence break counter C RS by one unit. FIGS. 3a to 3c show successive states taken by the C RS sequence break counter, prior to the execution of a sensitive operation to be protected. This counter consists of a cyclic file with several positions
(au moins trois), chaque position étant matérialisée par au moins une cellule mémoire. Dans cet exemple, le nombre de positions est égal à huit, numérotées de 1 à 8. Dans chaque position , est mémorisée une valeur du nombre de ruptures de séquence NRS , sauf dans une position (ici la position 5) qui est vierge car ne contenant pas de valeur . Toute position vierge est repérée par le symbole 0.(at least three), each position being materialized by at least one memory cell. In this example, the number of positions is equal to eight, numbered from 1 to 8. In each position, a value of the number of breaks in sequence N RS is stored, except in one position (here position 5) which is blank because containing no value. Any blank position is marked with the symbol 0.
La figure 3a représente l'état du compteur en amont de l'étape 22 de l'organigramme de la figure 2. La position située au-dessus de la position vierge (ici la position 4) stocke une valeur courante NRS correspondant à une valeur actuelle du compteur , tandis que les six positions 3 à 1 puis 8 à 6 stockent respectivement des valeurs différentes, prises successivement en remontant dans le temps, à savoir NRS +1 pour la position 3, NRS pour la position 2 ..etc..jusqu'à NRS -2 pour la position 6 la plus ancienne, ces positions correspondant à un certain nombre d'opérations sensibles successives.FIG. 3a represents the state of the counter upstream of step 22 of the flow diagram of FIG. 2. The position located above the blank position (here position 4) stores a current value N RS corresponding to a current value of the counter, while the six positions 3 to 1 then 8 to 6 respectively store different values, taken successively by going back in time, namely N RS +1 for position 3, N RS for position 2 .. etc..up to N RS -2 for the oldest position 6, these positions corresponding to a certain number of successive sensitive operations.
On peut constater que les positions 2 à 4 correspondent aux événements suivants :We can see that positions 2 to 4 correspond to the following events:
-position 2 : état du compteur avant l'étape 22 de la figure 2 ;position 2: state of the counter before step 22 of FIG. 2;
-position 3 : état du compteur juste après l'étape 22 (ajout d'une unité) ;-position 3: state of the counter just after step 22 (addition of a unit);
-position 4 : état du compteur juste après l'étape 24 (retrait d'un unité), ce qui montre qu'aucune rupture de séquence , volontaire ou accidentelle, n'est intervenue durant cette exécution de l'opération sensible.-position 4: state of the counter just after step 24 (removal of a unit), which shows that no sequence interruption, voluntary or accidental, occurred during this execution of the sensitive operation.
En revanche, on peut constater que les positions 7 et 8 correspondent aux événements suivants , relatifs à une exécution antérieure d'opération sensible : -position 7 : état du compteur avant l'étape 22 de la figure 2 ;On the other hand, it can be seen that positions 7 and 8 correspond to the following events, relating to a previous execution of sensitive operation: -position 7: state of the counter before step 22 of FIG. 2;
-position 8 : état du compteur juste après l'étape 22 (ajout d'une unité) ;-position 8: state of the counter just after step 22 (addition of a unit);
-sachant que la position suivante 1 ne correspond pas à un retrait d'une unité par rapport à la position 8 (c'est-à-dire NRS -1 ), il faut en conclure qu'une rupture de séquence , volontaire ou accidentelle, est effectivement intervenue durant cette exécution de l'opération sensible, de sorte que l'étape 24 normalement prévue n'a pas été exécutée. En conclusion, on n'a pas procédé à un nouvel enregistrement d'une valeur de compteur puisque cette valeur n'a pas changé.- knowing that the following position 1 does not correspond to a withdrawal of a unit with respect to position 8 (that is to say N RS -1), it must be concluded from this that a rupture of Sequence, voluntary or accidental, actually intervened during this execution of the sensitive operation, so that the normally scheduled step 24 was not executed. In conclusion, a new recording of a counter value was not carried out since this value has not changed.
Quant à la position 6, elle correspond à l'état du compteur juste avant l'étape 24, lors d'une exécution d'opération sensible encore plus ancienne. En effet, la valeur qu'elle contient correspond à celle de la position 7, augmentée d'une unité.As for position 6, it corresponds to the state of the counter just before step 24, during an execution of an even older sensitive operation. Indeed, the value it contains corresponds to that of position 7, increased by one.
Revenant à l'opération sensible en cours d'exécution, la figure 3b montre l'état du compteur de ruptures de séquence dans une phase préliminaire d'exécution de l'étape 22 de l'organigramme de la figure 2. Les moyens de traitement de l'information 9 du module de sécurité ont procédé à un effacement de la position 6 située au-dessous de la position vierge 5, définissant ainsi une nouvelle position vierge. Sur la figure 3c, les moyens de traitement de l'information 9 ont exécuté l'étape 22 de la figure 2 en ajoutant une unité à la valeur courante NRS de la position 4 et en stockant le résultat NRS +1 dans la position suivante 5.Returning to the sensitive operation in progress, FIG. 3b shows the state of the sequence break counter in a preliminary execution phase of step 22 of the flow diagram of FIG. 2. The processing means information 9 from the security module erased the position 6 located below the blank position 5, thus defining a new blank position. In FIG. 3c, the information processing means 9 have executed step 22 of FIG. 2 by adding a unit to the current value N RS of position 4 and by storing the result N RS +1 in the position next 5.
Les figures 4a et 4b montrent des états successifs que prend le compteur de ruptures de séquence CRS , en aval de l'exécution de l'opération sensible 23 de la figure 2. La figure 4a montre l'état du compteur de ruptures de séquence dans une phase préliminaire d'exécution de l'étape 24 de la figure 2. Les moyens de traitement de l'information 9 du module de sécurité ont procédé à un effacement de la position 7 située au-dessous de la nouvelle position vierge 6. Sur la figure 4b, les moyens de traitement de l'information 9 ont exécuté l'étape 24 de la figure 2 en retranchant une unité à la valeur courante NRS +1 de la position 5 et en stockant le résultat NRS dans la position suivante 6.FIGS. 4a and 4b show successive states taken by the sequence break counter C RS , downstream of the execution of the sensitive operation 23 of FIG. 2. FIG. 4a shows the state of the sequence break counter in a preliminary phase of execution of step 24 of FIG. 2. The information processing means 9 of the security module have erased the position 7 located below the new blank position 6. In FIG. 4b, the information processing means 9 executed step 24 of FIG. 2 by subtracting a unit from the current value N RS +1 from position 5 and by storing the result N RS in position next 6.
On notera, dans l'exemple des figures 2 à 4b, que la fonction de signalisation est avantageusement imbriquée avec celle de comptage des ruptures de séquence au moyen d'un dispositif unique : le compteur de ruptures de séquence CRS .It will be noted, in the example of FIGS. 2 to 4b, that the signaling function is advantageously nested with that of counting the sequence breaks using a single device: the C RS sequence break counter.
Avantageusement, les étapes 21 ,22 et 24 d'incrémentation et de décrémentation du compteur pourront être conçues comme des sous-programmes d'un programme principal constitué par l'opération sensible elle-même. Dans ce cas, une référence ou adresse du compteur est introduite en tant que paramètre lors de l'appel du sous-programme. Ce mode de fonctionnement ajoute de la souplesse dans la mise en place des séquences d'opérations.Advantageously, the steps 21, 22 and 24 of incrementation and decrementation of the counter can be conceived as subroutines of a main program constituted by the sensitive operation itself. In this case, a reference or address of the counter is entered as a parameter when the subroutine is called. This mode of operation adds flexibility in the implementation of sequences of operations.
Dans le cas où l'on souhaite sécuriser plusieurs opérations sensibles distinctes et destinées à être exécutées indépendemment les unes des autres, on pourra définir autant de compteurs de ruptures de séquence CRS que d'opérations, chacun vérifiant la bonne exécution d'une opération sensible déterminée. Toutefois, selon un mode préféré, on ne définit qu'un seul compteur commun, qui sera incrémenté, et en principe décrémenté, lors de l'exécution d'une quelconque de ces opérations sensibles. Cette observation vaut aussi pour le cas où le compteur est remplacé par un drapeau.In the case where one wishes to secure several distinct sensitive operations and intended to be executed independently of one another, one can define as many C RS sequence break counters as there are operations, each one verifying the correct execution of an operation sensitive determined. However, according to a preferred mode, only one common counter is defined, which will be incremented, and in principle decremented, during the execution of any of these sensitive operations. This observation also applies to the case where the counter is replaced by a flag.
Une préoccupation importante de l'invention est que la procédure de sécurisation décrite n'aboutisse pas à ralentir, voire bloquer le fonctionnement du module de sécurité, en raison des inévitables interruptions accidentelles que l'on constate tout au long de la période de fonctionnement de celui-ci, relatives non seulement à des opérations sensibles mais aussi à des opérations ordinaires , telles que celles relatives à l'application concernée (application financière, prestation de service , etc.), dont l'inexécution n'affecte pas la sécurité en général, ni les droits et obligations fondamentaux de l'usager dans l'application concernée. En effet, le grand nombre d'opérations ainsi sécurisées risquerait de faire augmenter en conséquence le nombre d'interruptions accidentelles constatées : le nombre de ruptures de séquence autorisé NRSA serait alors atteint plus rapidement, de sorte qu'un blocage partiel ou total du module de sécurité interviendrait également plus rapidement. Ce résultat remarquable est obtenu selon l'invention en n'appliquant la procédure de sécurisation décrite qu'aux opérations qui correspondent effectivement à des opérations sensibles.An important concern of the invention is that the security procedure described does not result in slowing down, or even blocking the operation of the security module, due to the inevitable accidental interruptions which are observed throughout the operating period of this, relating not only to sensitive operations but also to ordinary operations, such as those relating to the application concerned (financial application, service provision, etc.), the non-execution of which does not affect security in general, nor the fundamental rights and obligations of the user in the application concerned. Indeed, the large number of operations thus secured would risk increasing consequently the number of accidental interruptions noted: the number of authorized sequence breaks N RSA would then be reached more quickly, so that a partial or total blocking of the security module would also intervene more quickly. This remarkable result is obtained according to the invention by applying the security procedure described only to operations which actually correspond to sensitive operations.
Un perfectionnement de l'invention consiste en ce que le nombre d'essais interrompus autorisé NRSA inclut un nombre aléatoire variant à chaque fois qu'un nombre déterminé d'opérations sensibles ont été déclenchées. Ainsi, le nombre NRSA varie à une fréquence déterminée, mais il prend des valeurs successives non prévisibles, ce qui contribue à perturber toute observation frauduleuse du comportement du module de sécurité. Ce nombre aléatoire pourra être généré avantageusement dans le module de sécurité selon l'un des procédés logiciels décrits dans les brevets américains N°5.177.790 ou 5.365.466. Selon une variante, le nombre d'essais interrompus autorisé NRSA est composé d'un nombre fixe auquel est ajouté un nombre aléatoire. An improvement of the invention consists in that the authorized number of interrupted tests N RSA includes a random number varying each time that a determined number of sensitive operations have been triggered. Thus, the number N RSA varies at a determined frequency, but it takes successive values which are not foreseeable, which contributes to disturb any fraudulent observation of the behavior of the security module. This random number can advantageously be generated in the security module according to one of the software methods described in American patents N ° 5,177,790 or 5,365,466. According to a variant, the authorized number of interrupted trials N RSA is composed of a fixed number to which is added a random number.

Claims

Revendications claims
1. Procédé de sécurisation d'un module de sécurité (8) agencé pour coopérer avec un dispositif de traitement de l'information (1 ), le module comportant des moyens de traitement de l'information (9,2) et des moyens de mémorisation de l'information (10 ; 3,4), et étant agencé pour exécuter un ensemble d'opérations incluant au moins une opération sensible (23) , caractérisé en ce qu'il comprend les étapes consistant à :1. Method for securing a security module (8) arranged to cooperate with an information processing device (1), the module comprising information processing means (9,2) and means for memorizing information (10; 3,4), and being arranged to execute a set of operations including at least one sensitive operation (23), characterized in that it comprises the steps consisting in:
-exécuter, à l'occasion de chaque exécution de l'opération sensible et en amont de celle-ci, une première séquence supplémentaire d'opérations (22) destinée à activer des moyens de signalisation et, en aval de ladite opération sensible, une seconde séquence supplémentaire d'opérations (24) destinée à désactiver lesdits moyens de signalisation ;-execute, on the occasion of each execution of the sensitive operation and upstream thereof, a first additional sequence of operations (22) intended to activate signaling means and, downstream of said sensitive operation, a second additional sequence of operations (24) for deactivating said signaling means;
-comptabiliser chaque essai interrompu pour lequel l'opération sensible a été déclenchée mais pas exécutée, de sorte que les moyens de signalisation ont été tout d'abord activés mais n'ont pas été ensuite désactivés, de façon à définir un nombre d'essais interrompus constaté NRS ;-accounting for each interrupted test for which the sensitive operation was triggered but not executed, so that the signaling means were first activated but were not subsequently deactivated, so as to define a number of tests interrupted found N RS ;
-définir un nombre d'essais interrompus autorisé NRSA ; -comparer, à l'occasion de chaque exécution de l'opération sensible et en amont de celle-ci, ledit nombre d'essais interrompus constaté NRS audit nombre d'essais interrompus autorisé NRSA ; et-define an authorized number of interrupted tests N RSA ; -comparing, on the occasion of each execution of the sensitive operation and upstream thereof, said number of interrupted tests found N RS to said number of interrupted tests authorized N RSA ; and
-interdire, dans le cas où ledit nombre d'essais interrompus constaté NRS est supérieur audit nombre d'essais interrompus autorisé NRSA, l'exécution de l'opération sensible.prohibit, in the event that said number of interrupted tests found N RS is greater than said number of interrupted tests authorized N RSA , the execution of the sensitive operation.
2. Procédé selon la revendication 1 , dans lequel, pour comptabiliser chaque essai interrompu , on incrémenté un compteur d'une unité à l'occasion de chaque exécution de l'opération sensible et en amont de celle-ci et, dans le cas où l'opération sensible a été exécutée, on décrémente le compteur d'une unité en aval de l'opération sensible. 2. Method according to claim 1, in which, to account for each interrupted test, a counter is incremented by one unit at the time of each execution of the sensitive operation and upstream thereof and, in the case where the sensitive operation has been executed, the counter is decremented by one unit downstream of the sensitive operation.
3. Procédé selon la revendication 1 , dans lequel ledit nombre d'essais interrompus autorisé NRSA inclut un nombre aléatoire variant à chaque fois que l'opération sensible (33) a été déclenchée un nombre prédéterminé de fois.3. Method according to claim 1, in which said authorized number of interrupted tests N RSA includes a random number varying each time that the sensitive operation (33) has been triggered a predetermined number of times.
4. Procédé selon la revendication 1 , dans lequel le module de sécurité (8) est agencé pour exécuter plusieurs opérations sensibles distinctes (33) et l'on comptabilise, au moyen du même nombre d'essais interrompus constaté NRS , chaque essai interrompu relatif à l'une quelconque de ces opérations sensibles.4. Method according to claim 1, in which the security module (8) is arranged to execute several distinct sensitive operations (33) and one counts, by means of the same number of interrupted tests found N RS , each interrupted test relating to any of these sensitive operations.
5. Module de sécurité (8) agencé pour coopérer avec un dispositif de traitement de l'information (1 ) et comportant des moyens de traitement de l'information (9,2) et des moyens de mémorisation de l'information (10 ; 3,4), et étant agencé pour exécuter un ensemble d'opérations incluant au moins une opération sensible (23) , caractérisé en ce qu'il comprend : -des moyens de signalisation agencés pour prendre un état dans lequel ils sont activés en amont d'une opération sensible à protéger, et un autre état dans lequel ils sont désactivés en aval de l'opération sensible si celle-ci a été exécutée5. Security module (8) arranged to cooperate with an information processing device (1) and comprising information processing means (9,2) and information storage means (10; 3,4), and being arranged to execute a set of operations including at least one sensitive operation (23), characterized in that it comprises: - signaling means arranged to assume a state in which they are activated upstream of a sensitive operation to be protected, and another state in which they are deactivated after the sensitive operation if it has been executed
-des moyens de comptage pour comptabiliser chaque essai interrompu pour lequel l'opération sensible a été déclenchée mais pas exécutée, de sorte que les moyens de signalisation ont été tout d'abord activés mais n'ont pas été ensuite désactivés, de façon à définir un nombre d'essais interrompus constaté NRS, lesdits moyens de mémorisation de l'information (10 ; 3,4) stockant un nombre d'essais interrompus autorisé NRSA ; -des moyens de comparaison pour comparer, à l'occasion de chaque exécution de l'opération sensible et en amont de celle-ci, ledit nombre d'essais interrompus constaté NRS audit nombre d'essais interrompus autorisé NRSA ; etcounting means for counting each interrupted test for which the sensitive operation was triggered but not executed, so that the signaling means were first activated but were not then deactivated, so as to define a number of interrupted tests noted N RS , said information storage means (10; 3,4) storing an authorized number of interrupted tests N RSA ; comparison means for comparing, on the occasion of each execution of the sensitive operation and upstream thereof, said number of interrupted tests found N RS to said number of interrupted tests authorized N RSA ; and
-des moyens d'interdiction pour interdire, dans le cas où ledit nombre d'essais interrompus constaté NRS est supérieur audit nombre d'essais interrompus autorisé NRSA, l'exécution de l'opération sensible.means of prohibition to prohibit, in the event that said number of interrupted tests found N RS is greater than said number of interrupted tests authorized N RSA , the execution of the sensitive operation.
6. Module de sécurité selon la revendication 5, dans lequel lesdits moyens de signalisation et de comptage comprennent un compteur agencé pour être incrémenté d'une unité à l'occasion de chaque exécution de l'opération sensible et en amont de celle-ci et, dans le cas où l'opération sensible a été exécutée, pour être décrémenté d'une unité en aval de l'opération sensible. 6. Security module according to claim 5, in which said signaling and counting means comprise a counter arranged to be incremented by one on the occasion of each execution of the sensitive operation and upstream of it and, in the case where the sensitive operation has been executed, to be decremented by one unit downstream of the sensitive operation.
PCT/FR1997/002389 1996-12-31 1997-12-23 Method for ensuring the safety of a security module, and related security module WO1998029813A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP10529680A JPH11505055A (en) 1996-12-31 1997-12-23 Security protection method for security module and related security module
BR9707881A BR9707881A (en) 1996-12-31 1997-12-23 Process for securing a security module and associated security module
EP97952982A EP0891587A1 (en) 1996-12-31 1997-12-23 Method for ensuring the safety of a security module, and related security module
AU56683/98A AU5668398A (en) 1996-12-31 1997-12-23 Method for ensuring the safety of a security module, and related security mo dule
NO983960A NO983960L (en) 1996-12-31 1998-08-28 Procedure for establishing the security of a security module, as well as its associated security module

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR96/16257 1996-12-31
FR9616257A FR2757972B1 (en) 1996-12-31 1996-12-31 METHOD FOR SECURING A SECURITY MODULE, AND RELATED SECURITY MODULE

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US09125616 A-371-Of-International 1998-08-21
US09/794,038 Continuation US20010010331A1 (en) 1996-12-31 2001-02-28 Process for protecting a security module, and associated security module

Publications (1)

Publication Number Publication Date
WO1998029813A1 true WO1998029813A1 (en) 1998-07-09

Family

ID=9499336

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR1997/002389 WO1998029813A1 (en) 1996-12-31 1997-12-23 Method for ensuring the safety of a security module, and related security module

Country Status (12)

Country Link
EP (1) EP0891587A1 (en)
JP (1) JPH11505055A (en)
KR (1) KR19990087418A (en)
CN (1) CN1212770A (en)
AR (1) AR009852A1 (en)
AU (1) AU5668398A (en)
BR (1) BR9707881A (en)
CA (1) CA2247475A1 (en)
FR (1) FR2757972B1 (en)
NO (1) NO983960L (en)
TW (1) TW405098B (en)
WO (1) WO1998029813A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2891654A1 (en) * 2005-10-05 2007-04-06 Proton World Int Nv Event counting method for e.g. kilometric counter of motor vehicle, involves arithmetically adding values contained in different words of memory cells to obtain counting result, and incrementing/decrementing one word
WO2008084016A1 (en) * 2007-01-05 2008-07-17 Proton World International N.V. Protection of information contained in an electronic circuit
US8411504B2 (en) 2007-01-05 2013-04-02 Proton World International N.V. Limitation of the access to a resource of an electronic circuit
US9036414B2 (en) 2007-01-05 2015-05-19 Proton World International N.V. Temporary locking of an electronic circuit to protect data contained in the electronic circuit

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6289457B1 (en) * 1998-07-17 2001-09-11 Amdahl Corporation Value data system having containers for theft deterrent repositories
FR2793904B1 (en) * 1999-05-21 2001-07-27 St Microelectronics Sa METHOD AND DEVICE FOR MANAGING AN ELECTRONIC CIRCUIT
JP2003316263A (en) 2002-04-19 2003-11-07 Sony Corp Arithmetic unit and operation method
FR2857473B1 (en) 2003-07-11 2005-09-16 Oberthur Card Syst Sa METHOD FOR SECURING THE EXECUTION OF A COMPUTER PROGRAM, IN PARTICULAR IN A MICROCIRCUIT BOARD
EP1605333B1 (en) * 2004-06-07 2008-12-10 Proton World International N.V. Program execution control
EP1698958A1 (en) * 2005-02-25 2006-09-06 Axalto SA Method for securing the writing in memory against radiation attacks or other attacks
DE102010044687A1 (en) * 2010-09-08 2012-03-08 Giesecke & Devrient Gmbh Portable data carrier with misoperation counter
DE102010054446A1 (en) * 2010-12-14 2012-06-14 Giesecke & Devrient Gmbh Portable data carrier with misoperation counter

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0157303A2 (en) * 1984-03-31 1985-10-09 Kabushiki Kaisha Toshiba Data processing device
US4614861A (en) * 1984-11-15 1986-09-30 Intellicard International, Inc. Unitary, self-contained card verification and validation system and method
FR2674647A1 (en) * 1991-03-29 1992-10-02 Widmer Michel Apparatus forming an electronic cheque-book for financial transactions and process for using such an apparatus
US5282247A (en) * 1992-11-12 1994-01-25 Maxtor Corporation Apparatus and method for providing data security in a computer system having removable memory
EP0602867A1 (en) * 1992-12-17 1994-06-22 NCR International, Inc. An apparatus for securing a system platform
EP0657820A1 (en) * 1993-12-08 1995-06-14 Siemens Aktiengesellschaft Method for preventing unauthorised data modification in an apparatus with a non-volatile memory

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0157303A2 (en) * 1984-03-31 1985-10-09 Kabushiki Kaisha Toshiba Data processing device
US4614861A (en) * 1984-11-15 1986-09-30 Intellicard International, Inc. Unitary, self-contained card verification and validation system and method
FR2674647A1 (en) * 1991-03-29 1992-10-02 Widmer Michel Apparatus forming an electronic cheque-book for financial transactions and process for using such an apparatus
US5282247A (en) * 1992-11-12 1994-01-25 Maxtor Corporation Apparatus and method for providing data security in a computer system having removable memory
EP0602867A1 (en) * 1992-12-17 1994-06-22 NCR International, Inc. An apparatus for securing a system platform
EP0657820A1 (en) * 1993-12-08 1995-06-14 Siemens Aktiengesellschaft Method for preventing unauthorised data modification in an apparatus with a non-volatile memory

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2891654A1 (en) * 2005-10-05 2007-04-06 Proton World Int Nv Event counting method for e.g. kilometric counter of motor vehicle, involves arithmetically adding values contained in different words of memory cells to obtain counting result, and incrementing/decrementing one word
WO2007039629A1 (en) * 2005-10-05 2007-04-12 Proton World International N.V. Event counter
US8122079B2 (en) 2005-10-05 2012-02-21 Proton World International N.V. Event counter
WO2008084016A1 (en) * 2007-01-05 2008-07-17 Proton World International N.V. Protection of information contained in an electronic circuit
US8411504B2 (en) 2007-01-05 2013-04-02 Proton World International N.V. Limitation of the access to a resource of an electronic circuit
US8566931B2 (en) 2007-01-05 2013-10-22 Proton World International N.V. Protection of information contained in an electronic circuit
US9036414B2 (en) 2007-01-05 2015-05-19 Proton World International N.V. Temporary locking of an electronic circuit to protect data contained in the electronic circuit

Also Published As

Publication number Publication date
CA2247475A1 (en) 1998-07-09
BR9707881A (en) 1999-07-27
KR19990087418A (en) 1999-12-27
AU5668398A (en) 1998-07-31
TW405098B (en) 2000-09-11
AR009852A1 (en) 2000-05-03
EP0891587A1 (en) 1999-01-20
CN1212770A (en) 1999-03-31
FR2757972A1 (en) 1998-07-03
JPH11505055A (en) 1999-05-11
NO983960D0 (en) 1998-08-28
FR2757972B1 (en) 1999-02-19
NO983960L (en) 1998-08-28

Similar Documents

Publication Publication Date Title
EP0507669B1 (en) Method for electronic payment with an IC-card provided with numbered tokens; and card to implement this method
EP0707290B1 (en) Method and apparatus for loading a protected memory zone in data processing equipment
EP0426541B1 (en) Method of protection against fraudulent use of a microprocessor card and device for its application
CA2144124C (en) Process and device for authentifying a data medium used to authorize a transaction or to authorize access to a service or a location, and related medium
EP1766588B1 (en) Security module component
EP0914640A1 (en) Method for storing and operating sensitive information in a security module, and associated security module
EP0617819B1 (en) Device for intervention on a terminal delivering goods or services
CA2046289C (en) Method for generating random numbers in a data processing system and system using said method
EP0425053A1 (en) Data processing system having memory card authenticating means, electronic circuit for use in that system and method for using this authentication
FR2666671A1 (en) METHOD FOR MANAGING AN APPLICATION PROGRAM LOADED IN A MICROCIRCUIT MEDIUM.
EP1605333B1 (en) Program execution control
WO1998029813A1 (en) Method for ensuring the safety of a security module, and related security module
EP3455812B1 (en) Method for securing an electronic device, and corresponding electronic device
EP1055203B1 (en) Protocol between an electronic key and a lock
EP0670561A1 (en) Operating method of an IC-card
WO1998028719A1 (en) Method for secure transfer of data by a communication network
EP1316874B1 (en) Freezing of functioning in an integrated circuit
EP3234848B1 (en) Method of dispatching an item of security information and electronic device able to implement such a method
US20010010331A1 (en) Process for protecting a security module, and associated security module
EP1609326B1 (en) Method of protecting a mobile-telephone-type telecommunication terminal
WO2002073552A1 (en) Verification of access compliance of subjects with objects in a data processing system with a security policy
EP0910839B1 (en) Method for safely storing credit units in a smart card and monetary transaction system using same
WO2004093019A1 (en) Electronic entity secured by a modifiable counter for the uses of classified data
WO2016097637A1 (en) Method of securing a pin code with error counters in a chip card
FR2789774A1 (en) Security module for secure comparison of an authentication code with one stored in memory has additional auxiliary registers in which randomly chosen data words are placed for use in authenticating the code in the main registers

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 97192699.9

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AU BR CA CN JP KR NO SG US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 1997952982

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2247475

Country of ref document: CA

Ref document number: 2247475

Country of ref document: CA

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 09125616

Country of ref document: US

ENP Entry into the national phase

Ref document number: 1998 529680

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1019980706836

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 56683/98

Country of ref document: AU

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 1997952982

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1019980706836

Country of ref document: KR

WWW Wipo information: withdrawn in national office

Ref document number: 1997952982

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1019980706836

Country of ref document: KR