WO1999041715A1 - Portable object such as a card with microcircuit comprising means for monitoring commands applied thereto - Google Patents

Portable object such as a card with microcircuit comprising means for monitoring commands applied thereto Download PDF

Info

Publication number
WO1999041715A1
WO1999041715A1 PCT/FR1999/000310 FR9900310W WO9941715A1 WO 1999041715 A1 WO1999041715 A1 WO 1999041715A1 FR 9900310 W FR9900310 W FR 9900310W WO 9941715 A1 WO9941715 A1 WO 9941715A1
Authority
WO
WIPO (PCT)
Prior art keywords
microcircuit
portable object
outside
commands
clk
Prior art date
Application number
PCT/FR1999/000310
Other languages
French (fr)
Inventor
Roland Moreno
Original Assignee
Innovatron
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Innovatron filed Critical Innovatron
Priority to JP2000531817A priority Critical patent/JP2002503857A/en
Priority to EP99903737A priority patent/EP1055206A1/en
Publication of WO1999041715A1 publication Critical patent/WO1999041715A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card

Definitions

  • Portable object of the microcircuit card type comprising means for supervising the commands applied to it
  • the invention relates to securing portable objects of the microcircuit card type.
  • the invention relates to certain attacks aimed at defeating the protection conferred by card inhibitor circuits, for example circuits preventing the reading of a confidential code, an encryption key, etc. or any other sensitive information stored in the memory of the microcircuit and normally inaccessible to reading from the outside.
  • the invention proposes to equip the portable object, which comprises an interface receiving signals representing commands from the outside. applied to the microcircuit, on the one hand, and signals representative of information to be processed by the microcircuit, on the other hand, means for supervising during a given period of time the application from the outside of at least one of the commands, these means being capable of detecting an abnormally repeated application of this command or of these commands with respect to a predefined criterion and of selectively inhibiting, as a function of this detection, the processing by the microcircuit of the information received .
  • the supervised command includes the reset signal and / or the clock signal
  • - Said given period of time is the period of time between a power-up and a subsequent power-down of the portable object
  • the supervision means include means for counting successive applications of the command, said predefined criterion being the exceeding of a given account value;
  • the supervision means comprise, for selectively inhibiting the processing by the microcircuit of the information received, means forming a gate controlling the transmission to the microcircuit of at least one of the commands and / or information received from the outside;
  • the door means control the transmission to the microcir cooked clock signal received from outside;
  • the supervision means also include means for evaluating the level of the supply voltage applied from the outside to the portable object and for inhibiting the processing by the microcircuit of the information received when this level goes out of a range of predetermined nominal voltage;
  • the supervision means are supplied from the outside by means of own regulating means, ensuring the functioning of these supervision means even when the level of the supply voltage applied from the outside leaves a voltage range nominal predetermined.
  • the reference 10 designates a microcircuit card, which is here of the type with galvanic contacts, that is to say comprising a series of contacts 12 making it possible to apply various commands and information to the microcircuit 14 incorporated in this card. to be processed, and to receive information from it after processing.
  • the various contacts can in particular be the VCC power supply, GND ground, I / O data input / output, CLK clock, and RST reset contacts according to ISO 7816-3, to which reference may be made for further details concerning the function of each of these contacts.
  • the starting point of the invention is the observation that, in most attacks comprising large quantities of cryptographic type tests, these sequences are separated by reset commands from the microcircuit 14, and that too many high of reset orders during the same session is abnormal wrong, presumably indicative of an attempted intrusion into protected areas of the microcircuit's memory.
  • the card typically comprises circuits for supervising the application of commands during a given session. These circuits can be either distinct from the microcircuit 14 and therefore interposed between the latter and the series of contacts 12, as illustrated in the figure, or incorporated into the microcircuit 14 proper, preferably in the form of hardware dedicated circuits.
  • the circuits of the invention comprise a first counter 16 receiving on its input 18 the signals applied to the reset RST input of the chip.
  • the output 20 of this counter commands the closing of a door 22 when a given setpoint is exceeded, for example 10 RST reset pulses during the same session, situation revealing a priori dialogue aberrant and probably indicative of an attempt to violate memory inhibitor circuits.
  • Gate 22 is for example interposed on the clock conductor
  • the counter 16 is initially reset to zero by a circuit 24 generating, by detection of the application of a voltage on the supply input VCC, a signal 'TRUE' once and only once during the same session .
  • the circuits which have just been described are supplied by an own regulator circuit 32.
  • This regulator produces and distributes a local supply voltage V CCL0C substantially constant for a very wide range of supply voltages applied to the contact VCC , even and above all when the applied voltage leaves the predetermined nominal range for VCC, typically 4.5 to 5.5 V for cards operating at 5 V, and 2.1 to 3.3 V for cards operating at 3 V , values corresponding to "normal operating conditions" according to ISO 7816-3.
  • the regulator circuit 32 produces two voltage references V M and V m (for example 5.5 V and 2.5 V) applied to two respective comparators 34, 36, the other input of which receives the supply voltage applied from the outside to the VCC terminal. If the voltage on VCC leaves the range [V m , V M ], the comparators 34, 36 force the output of a door 38 to 'TRUE' allowing the general entry door 22 to be closed via an additional inverting input. mentary of the latter.
  • the counting of critical events is carried out with recording in a permanent memory (of the EEPROM or flash type).
  • counting the clock cycles requires counting only the significant submultiples of the frequency, for example 10 or 10 ⁇ 8 .
  • counting will take place by firmware ("firmware"), according to a model such as the following, expressed in metalanguage: 1 °) Sequence to be inserted in the Vector Reset of the microprocessor (this vector indicates where the ordinal counter must point in the event of a "reset” on hardware interruption, ie an unconditional reset corresponding to the lowest level of masking): 6 inc EEPROM (O); Reset counter if EEPROM (O)> 1000 then END
  • TIM real time (in seconds, from Power On);

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention concerns a portable object (10) comprising an interface receiving signals (VCC; CLK; RST) representing commands applied to the microcircuit (10) and signal (I/O) representing data to be processed by said microcircuit. Means (16, 26, 22) monitor for a given time interval the external application of at least one of said commands, said means being capable of detecting an abnormally repeated application of said command relative to a predetermined criterion and of selectively inhibiting, on the basis of said detection, the processing of the received data by the microcircuit. The monitored command can be the reset (RST) signal and/or the clock signal (CLK), and the given time interval, the interval between consecutive switching on and switching out of the portable object, the monitoring means (16, 26) operating by counting successive applications of the command, the predetermined criterion being the overshooting of the count value.

Description

1 1
Objet portatif de type carte à microcircuit comprenant des moyens de supervision des commandes qui lui sont appliquéesPortable object of the microcircuit card type comprising means for supervising the commands applied to it
L'invention concerne la sécurisation des objets portatifs de type carte à microcircuit.The invention relates to securing portable objects of the microcircuit card type.
Ces objets portatifs peuvent prendre différentes formes tels que carte, badge, clef, étiquette, etc., et c'est uniquement par commodité que l'on utilisera par la suite le terme de "carte", sans que celui-ci n'ait aucun caractère limitatif. De la même façon, l'invention sera décrite principalement dans le cadre d'une carte du type "à contacts", c'est-à-dire dont la communication avec le microcircuit se fait par l'intermédiaire de plages métalliques assurant une liaison galvanique avec un terminal, mais elle est également applicable aux cartes du type "sans contact", opérant à dis- tance du terminal par couplage non galvanique avec ce dernier, généralement par induction.These portable objects can take different forms such as card, badge, key, label, etc., and it is only for convenience that the term "card" will be used later, without this having no limiting character. In the same way, the invention will be described mainly in the context of a card of the "contact" type, that is to say of which the communication with the microcircuit is done by means of metal pads ensuring a connection galvanic with a terminal, but it is also applicable to cards of the "contactless" type, operating at a distance from the terminal by non-galvanic coupling with the latter, generally by induction.
Plus précisément, l'invention a trait à certaines attaques visant à vaincre la protection conférée par les circuits inhibiteurs des cartes, par exemple les circuits empêchant la lecture d'un code confidentiel, d'une clé de cryptage, etc. ou de toute autre information sensible conservée dans la mémoire du microcircuit et normalement inaccessible à la lecture depuis l'extérieur.More specifically, the invention relates to certain attacks aimed at defeating the protection conferred by card inhibitor circuits, for example circuits preventing the reading of a confidential code, an encryption key, etc. or any other sensitive information stored in the memory of the microcircuit and normally inaccessible to reading from the outside.
La plupart de ces attaques consistent à soumettre au microcircuit de grandes quantités d'épreuves de type cryptographique et à tenter la lecture de certaines variables, registres, etc. On peut en particulier essayer de forcer un échange de signaux avec la carte suivant des protocoles non conformes aux diverses normes, ou incluant des signaux dont les valeurs (niveaux de tension, durées d'impulsions, etc.) sortent des valeurs nominales prescrites pour un fonctionnement normal de la carte. Il est possible de déclencher ainsi à l'intérieur du microcircuit des opérations non conformes (modification inopinée du registre d'adresses, sauts de programme incontrôlés, etc.) susceptibles de permettre la lecture de zones qui ne pourraient être atteintes dans des conditions nominales de fonctionnement. Les microcircuits, notamment dans les programmes commandant le fonctionnement des processeurs, comportent souvent des instructions permettant la protection à l'encontre de ces fraudes.Most of these attacks involve submitting large quantities of cryptographic tests to the microcircuit and attempting to read certain variables, registers, etc. We can in particular try to force an exchange of signals with the card according to protocols which do not comply with the various standards, or which include signals whose values (voltage levels, pulse durations, etc.) exceed the nominal values prescribed for a normal operation of the card. It is thus possible to trigger non-conforming operations inside the microcircuit (unexpected modification of the address register, uncontrolled program jumps, etc.) likely to allow the reading of areas which could not be reached under nominal conditions of operation. Microcircuits, especially in commanding programs the operation of processors, often include instructions allowing protection against these frauds.
Toutefois, en pratique, la protection conférée par ces mécanismes intégrés au microcircuit ou à son logiciel ne se révèle pas absolue, de sorte que la carte reste encore vulnérable à certaines attaques du type précité, notamment celles consistant, comme indiqué, à soumettre le microcircuit à un très grand nombre d'épreuves de type cryptographique.However, in practice, the protection conferred by these mechanisms integrated into the microcircuit or its software does not prove to be absolute, so that the card is still vulnerable to certain attacks of the aforementioned type, in particular those consisting, as indicated, in submitting the microcircuit to a very large number of cryptographic type tests.
Pour pallier cette faiblesse et accroître encore le degré d'autopro- tection de la carte à l'encontre des attaques extérieures, l'invention propose de doter l'objet portatif, qui comporte une interface recevant de l'extérieur des signaux représentatifs de commandes appliquées au microcircuit, d'une part, et des signaux représentatifs d'informations à traiter par le microcircuit, d'autre part, de moyens pour superviser pen- dant une période de temps donnée l'application depuis l'extérieur d'au moins l'une des commandes, ces moyens étant aptes à détecter une application anormalement répétée de cette commande ou de ces commandes par rapport à un critère prédéfini et à inhiber sélectivement, en fonction de cette détection, le traitement par le microcircuit des infor- mations reçues.To overcome this weakness and further increase the degree of self-protection of the card against external attacks, the invention proposes to equip the portable object, which comprises an interface receiving signals representing commands from the outside. applied to the microcircuit, on the one hand, and signals representative of information to be processed by the microcircuit, on the other hand, means for supervising during a given period of time the application from the outside of at least one of the commands, these means being capable of detecting an abnormally repeated application of this command or of these commands with respect to a predefined criterion and of selectively inhibiting, as a function of this detection, the processing by the microcircuit of the information received .
Selon diverses caractéristiques subsidiaires avantageuses :According to various advantageous subsidiary characteristics:
— la commande supervisée comprend le signal de remise à zéro et/ou le signal d'horloge ;- the supervised command includes the reset signal and / or the clock signal;
— ladite période de temps donnée est la période de temps comprise entre une mise sous tension et une mise hors tension consécutive de l'objet portatif ;- Said given period of time is the period of time between a power-up and a subsequent power-down of the portable object;
— les moyens de supervision comportent des moyens de comptage des applications successives de la commande, ledit critère prédéfini étant le dépassement d'une valeur de compte donnée ; — les moyens de supervision comportent, pour inhiber sélectivement le traitement par le microcircuit des informations reçues, des moyens formant porte contrôlant de la transmission au microcircuit d'au moins l'une des commandes et/ou informations reçues de l'extérieur ; — les moyens formant porte contrôlent la transmission au microcir- cuit du signal d'horloge reçu de l'extérieur ;The supervision means include means for counting successive applications of the command, said predefined criterion being the exceeding of a given account value; The supervision means comprise, for selectively inhibiting the processing by the microcircuit of the information received, means forming a gate controlling the transmission to the microcircuit of at least one of the commands and / or information received from the outside; The door means control the transmission to the microcir cooked clock signal received from outside;
— les moyens de supervision comprennent également des moyens pour évaluer le niveau de la tension d'alimentation appliquée de l'extérieur à l'objet portatif et pour inhiber le traitement par le mi- crocircuit des informations reçues lorsque ce niveau sort d'une plage de tension nominale prédéterminée ;The supervision means also include means for evaluating the level of the supply voltage applied from the outside to the portable object and for inhibiting the processing by the microcircuit of the information received when this level goes out of a range of predetermined nominal voltage;
— les moyens de supervision sont alimentés de l'extérieur par l'intermédiaire de moyens régulateurs propres, assurant le fonctionnement de ces moyens de supervision même lorsque le niveau de la tension d'alimentation appliquée de l'extérieur sort d'une plage de tension nominale prédéterminée.- the supervision means are supplied from the outside by means of own regulating means, ensuring the functioning of these supervision means even when the level of the supply voltage applied from the outside leaves a voltage range nominal predetermined.
00
D'autres caractéristiques et avantages de l'invention apparaîtront à la lecture de la description détaillée ci-dessous d'un exemple de mise en oeuvre, en référence à la figure unique annexée, qui est un schéma des circuits d'une carte à microcircuit incorporant les enseignements de la présente invention. 0Other characteristics and advantages of the invention will appear on reading the detailed description below of an exemplary implementation, with reference to the single appended figure, which is a diagram of the circuits of a microcircuit card. incorporating the teachings of the present invention. 0
Sur la figure, la référence 10 désigne une carte à microcircuit, qui est ici du type à contacts galvaniques, c'est-à-dire comportant une série de contacts 12 permettant d'appliquer au microcircuit 14 incorporé à cette carte diverses commandes et informations à traiter, et de recevoir de celle-ci des informations après traitement. Les divers contacts peuvent notamment être les contacts d'alimentation VCC, de masse GND, d'entrée/sortie de données I/O, d'horloge CLK, et de remise à zéro (reset) RST selon la norme ISO 7816-3, à laquelle on pourra se référer pour de plus amples détails concernant la fonction de chacun de ces contacts.In the figure, the reference 10 designates a microcircuit card, which is here of the type with galvanic contacts, that is to say comprising a series of contacts 12 making it possible to apply various commands and information to the microcircuit 14 incorporated in this card. to be processed, and to receive information from it after processing. The various contacts can in particular be the VCC power supply, GND ground, I / O data input / output, CLK clock, and RST reset contacts according to ISO 7816-3, to which reference may be made for further details concerning the function of each of these contacts.
Le point de départ de l'invention est la constatation que, dans la plupart des attaques comprenant de grandes quantités d'épreuves de type cryptographique, ces séquences sont séparées par des ordres de remise à zéro du microcircuit 14, et qu'un nombre trop élevé d'ordres de remise à zéro au cours d'une même session présente un caractère anor- mal, vraisemblablement révélateur d'une tentative d'intrusion dans les zones protégées de la mémoire du microcircuit.The starting point of the invention is the observation that, in most attacks comprising large quantities of cryptographic type tests, these sequences are separated by reset commands from the microcircuit 14, and that too many high of reset orders during the same session is abnormal wrong, presumably indicative of an attempted intrusion into protected areas of the microcircuit's memory.
D'autres commandes appliquées à la carte peuvent également présenter dans certains cas un caractère suspect, par exemple l'application d'un trop grand nombre de cycles d'horloge, toujours au cours d'une même session (une "session" étant ici la période séparant une connexion et une déconnexion consécutive de la carte, c'est-à-dire la période pendant laquelle une tension VCC d'alimentation est appliquée de façon continue). Pour détecter ces types de fraudes, la carte comporte, de façon caractéristique de l'invention, des circuits de supervision de l'application des commandes au cours d'une session donnée. Ces circuits peuvent être soit distincts du microcircuit 14 et donc intercalés entre celui-ci et la série de contacts 12, comme illustré sur la figure, soit incorporés au microcircuit 14 proprement dit, de préférence sous forme matérielle de circuits dédiés.Other commands applied to the card can also be suspicious in certain cases, for example the application of too many clock cycles, always during the same session (a "session" being here the period between a connection and a subsequent disconnection from the card, i.e. the period during which a supply voltage VCC is applied continuously). To detect these types of fraud, the card typically comprises circuits for supervising the application of commands during a given session. These circuits can be either distinct from the microcircuit 14 and therefore interposed between the latter and the series of contacts 12, as illustrated in the figure, or incorporated into the microcircuit 14 proper, preferably in the form of hardware dedicated circuits.
Plus précisément, les circuits de l'invention comprennent un premier compteur 16 recevant sur son entrée 18 les signaux appliqués sur l'entrée RST de remise à zéro de la puce. La sortie 20 de ce compteur commande la fermeture d'une porte 22 lors du dépassement d'une valeur de consigne donnée, par exemple 10 impulsions de remise à zéro RST au cours d'une même session, situation révélatrice d'un dialogue a priori aberrant et vraisemblablement révélateur d'une tentative de violation des circuits inhibiteurs de la mémoire.. La porte 22 est par exemple intercalée sur le conducteur d'horlogeMore specifically, the circuits of the invention comprise a first counter 16 receiving on its input 18 the signals applied to the reset RST input of the chip. The output 20 of this counter commands the closing of a door 22 when a given setpoint is exceeded, for example 10 RST reset pulses during the same session, situation revealing a priori dialogue aberrant and probably indicative of an attempt to violate memory inhibitor circuits. Gate 22 is for example interposed on the clock conductor
CLK aboutissant au microcircuit (ce cas n'étant qu'un exemple, d'autres configurations étant possibles, par exemple la fermeture de la ligne d'entrée/sortie de données I/O, la déconnexion de l'alimentation de la puce, etc.). Le compteur 16 est initialement remis à zéro par un circuit 24 générant, par détection de l'application d'une tension sur l'entrée d'alimentation VCC, un signal 'VRAI' une seule et unique fois au cours d'une même session.CLK leading to the microcircuit (this case being only an example, other configurations being possible, for example closing the I / O data input / output line, disconnecting the power supply from the chip, etc.). The counter 16 is initially reset to zero by a circuit 24 generating, by detection of the application of a voltage on the supply input VCC, a signal 'TRUE' once and only once during the same session .
On peut également prévoir un second compteur 26, recevant sur son entrée 28 les impulsions d'horloge appliquées sur l'entrée CLK, la sortie 30 de ce compteur 26 venant également fermer la porte 22 lors 5It is also possible to provide a second counter 26, receiving on its input 28 the clock pulses applied to the CLK input, the output 30 of this counter 26 also closing the door 22 during 5
du dépassement d'une valeur de consigne donnée, par exemple 107 impulsions d'horloge CLK au cours d'une même session.exceeding a given setpoint value, for example 10 7 CLK clock pulses during the same session.
Avantageusement, les circuits que l'on vient de décrire sont alimentés par un circuit régulateur propre 32. Ce régulateur produit et distribue une tension d'alimentation locale VCCL0C sensiblement constante pour une très large gamme de tensions d'alimentation appliquées sur le contact VCC , même et surtout lorsque la tension appliquée sort de la plage nominale prédéterminée pour VCC, typiquement 4,5 à 5,5 V pour les cartes fonctionnant sous 5 V, et 2,1 à 3,3 V pour les cartes fonctionnant sous 3 V, valeurs correspondant aux "conditions normales de fonctionnement" selon ISO 7816-3.Advantageously, the circuits which have just been described are supplied by an own regulator circuit 32. This regulator produces and distributes a local supply voltage V CCL0C substantially constant for a very wide range of supply voltages applied to the contact VCC , even and above all when the applied voltage leaves the predetermined nominal range for VCC, typically 4.5 to 5.5 V for cards operating at 5 V, and 2.1 to 3.3 V for cards operating at 3 V , values corresponding to "normal operating conditions" according to ISO 7816-3.
Pour déjouer des attaques complémentaires qui consisteraient à sous-alimenter ou suralimenter le microcircuit, le circuit régulateur 32 produit deux références de tension VM et Vm (par exemple 5,5 V et 2,5 V) appliquées à deux comparateurs respectifs 34, 36 dont l'autre entrée reçoit la tension d'alimentation appliquée de l'extérieur sur la borne VCC . Si la tension sur VCC sort de la plage [Vm, VM] , les comparateurs 34, 36 forcent à 'VRAI' la sortie d'une porte 38 permettant de fermer la porte d'entrée générale 22 via une entrée inverseuse supplé- mentaire de cette dernière.To thwart additional attacks which would consist of underfeeding or supercharging the microcircuit, the regulator circuit 32 produces two voltage references V M and V m (for example 5.5 V and 2.5 V) applied to two respective comparators 34, 36, the other input of which receives the supply voltage applied from the outside to the VCC terminal. If the voltage on VCC leaves the range [V m , V M ], the comparators 34, 36 force the output of a door 38 to 'TRUE' allowing the general entry door 22 to be closed via an additional inverting input. mentary of the latter.
Dans une variante de réalisation, le comptage des événements critiques s'effectue avec inscription dans une mémoire permanente (de type EEPROM ou flash).In an alternative embodiment, the counting of critical events is carried out with recording in a permanent memory (of the EEPROM or flash type).
Lorsqu'il s'agit de compter les ordres RST appliqués, cette mise en œuvre ne pose pas de problème particulier.When it comes to counting the applied RST orders, this implementation does not pose any particular problem.
En revanche, afin d'éviter une usure du composant mémoire, le comptage des cycles d'horloge nécessite de ne compter que les sous- multiples significatifs de la fréquence, par exemple 10 ou 10"8.On the other hand, in order to avoid wear of the memory component, counting the clock cycles requires counting only the significant submultiples of the frequency, for example 10 or 10 −8 .
Dans une autre variante de réalisation, mise en oeuvre de façon lo- gicielle, le comptage aura lieu par micrologiciel ("firmware"), selon un modèle tel que le suivant, exprimé en métalangage : 1°) Séquence à insérer dans le Vecteur Reset du microprocesseur (ce vecteur indique où doit pointer le compteur ordinal en cas de "reset" sur interruption matérielle, c'est-à-dire un reset inconditionnel correspon- dant au plus bas niveau de masquage) : 6 inc EEPROM(O) ; compteur de Reset if EEPROM(O) > 1000 then ENDIn another alternative embodiment, implemented in software, counting will take place by firmware ("firmware"), according to a model such as the following, expressed in metalanguage: 1 °) Sequence to be inserted in the Vector Reset of the microprocessor (this vector indicates where the ordinal counter must point in the event of a "reset" on hardware interruption, ie an unconditional reset corresponding to the lowest level of masking): 6 inc EEPROM (O); Reset counter if EEPROM (O)> 1000 then END
RETURNRETURN
2°) Routine à insérer dans la boucle principale (Main Loop) du microprocesseur :2 °) Routine to be inserted in the main loop (Main Loop) of the microprocessor:
; TIM = temps réel (en secondes, depuis Mise Sous Tension) ; EEPROM(l) = compteur de T/100 impulsions d'horloge if mod(TIM;100) = 0 then inc EEPROM(l) if EEPROM(l) > 1000 then END; TIM = real time (in seconds, from Power On); EEPROM (l) = T / 100 clock pulse counter if mod (TIM; 100) = 0 then inc EEPROM (l) if EEPROM (l)> 1000 then END
RETURN RETURN

Claims

REVENDICATIONS
1. Un objet portatif (10) de type carte à microcircuit, avec une interface recevant de l'extérieur des signaux (VCC, CLK, RST) représenta- tifs de commandes appliquées au microcircuit (10), d'une part, et des signaux (I/O) représentatifs d'informations à traiter par le microcircuit, d'autre part, caractérisé en ce qu'il comporte des moyens de supervision, pour superviser pendant une période de temps donnée l'application depuis l'extérieur d'au moins l'une des commandes, ces moyens étant aptes à détecter une application anormalement répétée de cette commande ou de ces commandes par rapport à un critère prédéfini et à inhiber sélectivement, en fonction de cette détection, le traitement par le microcircuit des informations reçues.1. A portable object (10) of microcircuit card type, with an interface receiving signals from outside (VCC, CLK, RST) representative of commands applied to the microcircuit (10), on the one hand, and signals (I / O) representative of information to be processed by the microcircuit, on the other hand, characterized in that it includes supervision means, for supervising the application from outside of a given period of time at least one of the commands, these means being capable of detecting an abnormally repeated application of this command or of these commands with respect to a predefined criterion and of selectively inhibiting, as a function of this detection, the processing by the microcircuit of the information received .
2. L'objet portatif de la revendication 1, dans lequel la commande supervisée comprend le signal de remise à zéro (RST) et/ou le signal d'horloge (CLK).2. The portable object of claim 1, wherein the supervised control comprises the reset signal (RST) and / or the clock signal (CLK).
3. L'objet portatif de la revendication 1, dans lequel ladite période de temps donnée est la période de temps comprise entre une mise sous tension et une mise hors tension consécutive de l'objet portatif.3. The portable object of claim 1, wherein said given period of time is the period of time between a power up and a subsequent power down of the portable object.
4. L'objet portatif de la revendication 1, dans lequel les moyens de supervision comportent des moyens (16, 26) de comptage des applications successives de la commande, ledit critère prédéfini étant le dépassement d'une valeur de compte donnée.4. The portable object of claim 1, in which the supervision means comprise means (16, 26) for counting successive applications of the command, said predefined criterion being the exceeding of a given account value.
5. L'objet portatif de la revendication 1, dans lequel les moyens de supervision comportent, pour inhiber sélectivement le traitement par le microcircuit des informations reçues, des moyens formant porte (22) contrôlant de la transmission au microcircuit d'au moins l'une des commandes et ou informations reçues de l'extérieur.5. The portable object of claim 1, wherein the supervision means comprise, to selectively inhibit the processing by the microcircuit of the information received, gate means (22) controlling the transmission to the microcircuit of at least the one of the orders and or information received from outside.
6. L'objet portatif de la revendication 1, dans lequel les moyens for- 86. The portable object of claim 1, wherein the means for- 8
mant porte (22) contrôlent la transmission au microcircuit du signal d'horloge (CLK) reçu de l'extérieur.mant gate (22) control the transmission to the microcircuit of the clock signal (CLK) received from the outside.
7. L'objet portatif de la revendication 1, dans lequel les moyens de supervision comprennent également des moyens (34, 36, 38) pour évaluer le niveau de la tension d'alimentation (VCC) appliquée de l'extérieur à l'objet portatif et pour inhiber le traitement par le microcircuit des informations reçues lorsque ce niveau sort d'une plage de tension nominale prédéterminée (IV , VM]).7. The portable object of claim 1, wherein the supervision means also comprise means (34, 36, 38) for evaluating the level of the supply voltage (VCC) applied from the outside to the object portable and to inhibit the processing by the microcircuit of the information received when this level leaves a predetermined nominal voltage range (IV, V M ]).
8. L'objet portatif de la revendication 1, dans lequel les moyens de supervision sont alimentés de l'extérieur par l'intermédiaire de moyens régulateurs propres (32), assurant le fonctionnement de ces moyens de supervision même lorsque le niveau de la tension d'alimentation appli- quée de l'extérieur sort d'une plage de tension nominale prédéterminée. 8. The portable object of claim 1, in which the supervision means are supplied from the outside by means of own regulating means (32), ensuring the operation of these supervision means even when the voltage level applied from the outside is outside a predetermined nominal voltage range.
PCT/FR1999/000310 1998-02-13 1999-02-11 Portable object such as a card with microcircuit comprising means for monitoring commands applied thereto WO1999041715A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2000531817A JP2002503857A (en) 1998-02-13 1999-02-11 A portable object such as a card with a microcircuit for monitoring applied commands
EP99903737A EP1055206A1 (en) 1998-02-13 1999-02-11 Portable object such as a card with microcircuit comprising means for monitoring commands applied thereto

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR9801789A FR2775090B1 (en) 1998-02-13 1998-02-13 PORTABLE OBJECT OF THE MICROCIRCUIT CARD TYPE COMPRISING MEANS OF SUPERVISING THE ORDERS THAT ARE APPLIED TO IT
FR98/01789 1998-02-13

Publications (1)

Publication Number Publication Date
WO1999041715A1 true WO1999041715A1 (en) 1999-08-19

Family

ID=9522973

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR1999/000310 WO1999041715A1 (en) 1998-02-13 1999-02-11 Portable object such as a card with microcircuit comprising means for monitoring commands applied thereto

Country Status (4)

Country Link
EP (1) EP1055206A1 (en)
JP (1) JP2002503857A (en)
FR (1) FR2775090B1 (en)
WO (1) WO1999041715A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4439711B2 (en) * 2000-10-19 2010-03-24 Necエレクトロニクス株式会社 Data processing apparatus and system
FR2833737B1 (en) * 2001-12-13 2004-04-02 Canal Plus Technologies COMBATING THE FRAUDULENT REPRODUCTION OF CHIP CARDS AND THE READING TERMINALS OF THESE CARDS
EP1862952A1 (en) * 2006-05-30 2007-12-05 Axalto SA Secure electronic device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0321728A1 (en) * 1987-12-17 1989-06-28 Siemens Aktiengesellschaft Method and data carrier assembly for validating memory chips
US4916333A (en) * 1987-07-10 1990-04-10 Sgs Thomson Microelectronics Sa Binary logic level electrical detector namely to prevent the detection of secret codes contained in a memory card
US4985921A (en) * 1988-04-11 1991-01-15 Spa Syspatronic Ag Portable data carrying device
US5097146A (en) * 1987-04-03 1992-03-17 Sgs Thomson-Microelectronics Sa Circuit for detecting high voltage level in mos technology
US5131091A (en) * 1988-05-25 1992-07-14 Mitsubishi Denki Kabushiki Kaisha Memory card including copy protection
US5550919A (en) * 1993-05-26 1996-08-27 Gemplus Card International Method and device for limiting the number of authentication operations of a chip card chip

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5097146A (en) * 1987-04-03 1992-03-17 Sgs Thomson-Microelectronics Sa Circuit for detecting high voltage level in mos technology
US4916333A (en) * 1987-07-10 1990-04-10 Sgs Thomson Microelectronics Sa Binary logic level electrical detector namely to prevent the detection of secret codes contained in a memory card
EP0321728A1 (en) * 1987-12-17 1989-06-28 Siemens Aktiengesellschaft Method and data carrier assembly for validating memory chips
US4985921A (en) * 1988-04-11 1991-01-15 Spa Syspatronic Ag Portable data carrying device
US5131091A (en) * 1988-05-25 1992-07-14 Mitsubishi Denki Kabushiki Kaisha Memory card including copy protection
US5550919A (en) * 1993-05-26 1996-08-27 Gemplus Card International Method and device for limiting the number of authentication operations of a chip card chip

Also Published As

Publication number Publication date
FR2775090A1 (en) 1999-08-20
JP2002503857A (en) 2002-02-05
FR2775090B1 (en) 2000-12-29
EP1055206A1 (en) 2000-11-29

Similar Documents

Publication Publication Date Title
US8577034B2 (en) Method and device for protecting a reading device for card-shaped data carriers from unauthorized evaluation or copying of magnetically encoded data of an inserted card-shaped data carrier
US5351303A (en) Infra-red imaging and pattern recognition system
EP0481881A1 (en) Integrated circuit with improved security access
WO2004057519A1 (en) Securing device for a security module connector
FR2776410A1 (en) Device to protect microprocessor card against fraudulent analysis of operations performed by measuring current consumed
FR2916560A1 (en) CRYPTOPROCESSOR WITH ENHANCED DATA PROTECTION
US4901057A (en) Device for securing a combination dial lock
FR2606530A1 (en) INTEGRATED CIRCUIT FOR MEMORIZING AND PROCESSING CONFIDENTIALLY INFORMATION WITH AN ANTI-FRAUD DEVICE
EP0426544B1 (en) Method of protection against inhibition of non-authorised writing over specific memory zone of a microprocessor card and device for application
EP3422260A1 (en) Detection of manipulation with chip cards
EP1459250A1 (en) Non-contact portable object comprising at least a peripheral device connected to the same antenna as the chip
FR2843466A1 (en) METHOD FOR PREVENTING FALSIFICATION OF A DATA PROCESSING SYSTEM, AND SYSTEM
JP2006229667A (en) Tamper-resistant device, and tamper-resistant method
WO1999041715A1 (en) Portable object such as a card with microcircuit comprising means for monitoring commands applied thereto
US6489890B1 (en) Security device
FR2819070A1 (en) METHOD AND DEVICE FOR PROTECTING THE HACKING OF INTEGRATED CIRCUITS
FR2728369A1 (en) METHOD AND DEVICE FOR INCREASING THE SECURITY OF AN INTEGRATED CIRCUIT
EP1793322A1 (en) Adaptable security module
US6388574B1 (en) Optical chassis intrusion detection with power on or off
US7461246B2 (en) First-time startup device warranty user interface notification
GB2277183A (en) Security device
EP1227329A1 (en) Poor powersupply connection detector circuit
US20220108591A1 (en) ATM Frauds Detection by Machine Learning System: SentryWare and SentryManager
FR2664724A1 (en) ELECTRICAL CONNECTOR FOR A CARD CONTAINING AN ELECTRONIC CIRCUIT AND FRAUD DETECTION DEVICE USING THE SAME.
US6513639B1 (en) Coin acceptor security apparatus

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 1999903737

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 09622011

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 1999903737

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1999903737

Country of ref document: EP