WO2000030047A1 - Dispositif pour la limitation de fraudes dans une carte a circuit integre - Google Patents
Dispositif pour la limitation de fraudes dans une carte a circuit integre Download PDFInfo
- Publication number
- WO2000030047A1 WO2000030047A1 PCT/FR1999/002690 FR9902690W WO0030047A1 WO 2000030047 A1 WO2000030047 A1 WO 2000030047A1 FR 9902690 W FR9902690 W FR 9902690W WO 0030047 A1 WO0030047 A1 WO 0030047A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- threshold value
- state
- occurrences
- events
- indicator
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0806—Details of the card
- G07F7/0813—Specific details related to card security
- G07F7/082—Features insuring the integrity of the data on or in the card
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
- G07F7/1083—Counting of PIN attempts
Definitions
- the present invention relates to an integrated circuit device containing a memory area comprising a data memory.
- Such an integrated circuit device is most often used for applications in which the security of information processing is essential.
- integrated circuit cards comprising applications relating to the health field, mobile telephony, or even applications relating to the banking field.
- An integrated circuit card consists of a plastic card body in which an electronic module is incorporated. Said card communicates with a terminal, for example, a mobile telephone, a banking terminal or even a computer, via a communication network and can send messages containing encrypted information to said terminal via this network in order to secure an information transfer. In everyday language, we say that the message is signed. For the calculation of the encrypted information, the card uses a secret coding key which is located in the data memory of its memory area and an encryption algorithm.
- an integrated circuit card remains vulnerable to the extent that a fraudster can perform a large number of actions on the card that will allow him to unlock his secrets.
- said fraudster wishing to find said coding key, can for example send an instruction to sign a message to said card and keep track of the signals generated during the execution of said instruction. Subsequently, it can send a large number of instructions for signing the same message, subject the card to electromagnetic disturbances at precise moments in the progress of said algorithm and keep the traces of the different signals transmitted.
- said fraudster can study the differences or the absence of differences between the various encrypted information obtained to discover a part of the coding key.
- said fraudster can still access confidential information by performing a very large number of actions on the integrated circuit card.
- a technical problem to be solved by the object of the present invention is to propose an integrated circuit device containing a memory area comprising a data memory, a device which would make it possible to better secure the card by limiting the number of possible actions on the card from a fraudster.
- a solution to the technical problem posed consists, according to the present invention, in that said data memory contains at least one counter element, at least one indicator element and at least one threshold value, said counter element counting, on the one hand, at less a number of occurrences of events occurring in said device, and, being, on the other hand, capable of reaching said threshold value indicative of a high maximum number of occurrences of said events, said indicator element being able to pass from a first state to a second state when said counter element has reached said threshold value.
- the device of the invention makes it possible to limit a number of possible actions or events on said integrated circuit card thanks, on the one hand, to a counter element which will count the number of actions carried out taking into account an action or a group of actions, and, on the other hand, thanks to an indicator element which will indicate that a threshold value of occurrences of events or actions has been reached which will allow thereafter to sanction a next exceeding of said threshold value.
- Figure 1 is a diagram of an integrated circuit device according to the invention, here an integrated circuit card.
- FIG. 2 is a diagram representing a memory area of the card of FIG. 1 according to the invention.
- FIG. 3 is a diagram showing a distribution of counting and indicating elements in the memory zone of FIG. 2.
- FIG. 4 is a diagram showing another distribution of counter and indicator elements in the memory zone of FIG. 2.
- FIG. 5 is a diagram of another implementation of the invention, said memory zone of FIG. 2 containing two identical indicator elements.
- FIG. 1 shows an integrated circuit device 10, an integrated circuit card in the embodiment shown.
- This card 10 contains a control element 11 (for example a central processing unit or CPU), a memory area 12 containing a data memory 14, and a block 13 of contacts intended for an electrical connection with for example a connector a card reader.
- Said memory area 12 is shown in FIG. 2. It contains a counter element CPT, a threshold value VS, an indicator element I and a blocking means Mb, said indicator element being capable of passing from a first state el to a second state e2 when said counter element has reached said threshold value.
- a power-up is an event which results in the sending by the card of a message, commonly called response to reset.
- Sending a signed message is also an event.
- the counter element CPT counts at least a number of occurrences of events occurring in the card, the number of occurrences of signed messages for example. Said counter element is capable of reaching the threshold value VS indicative of a high maximum number of occurrences of said events.
- the threshold value VS being fixed, may be found in one of these three memories , said memories being within the meaning of the patent a data memory, while the counter and indicator elements will be in a rewritable memory, their value being variable.
- said threshold value represents an improbable number of occurrences of said events occurring in said device during normal use of said device.
- said maximum number of occurrences of events is chosen to be high because it represents a number improbable occurrence of events and thus, said high maximum number of occurrence of events has a value greater than about one hundred, preferably greater than about one thousand.
- the threshold value will have as definition the number two thousand.
- said indicator element I goes from a first state el to a second state e2, it is said that element I goes from a passive state to a state active and, moreover, the device according to the invention provides that said memory area 12 includes means Mb for blocking the operation of said device when an indicator element has passed into the second state e2.
- an element I is activated and said blocking means Mb, after having verified the state of said element I, blocks said card which can no longer either receive or produce any event of the same nature that the one who activated the indicator element, here a signed message type event, either receive no event or perform any action whatsoever. In the latter case, said card is unusable and it is commonly said that the card is silent.
- a counter element is defined for a single event.
- the counter element CPT1 is defined for the event E1, the element CPT2 for the event E2 and the element CPT3 for the event E3.
- a counter element is defined for at least two events, said events being part of the same family.
- the counting elements CPT1 and CPT2 are defined respectively for the two families of events (E1, E2, E3) and (E4, E5).
- the invention provides that a threshold value is defined for each counter element.
- a threshold value is defined for each counter element.
- indicator elements indicate that the maximum number of authorized event occurrences represented by the VS threshold value has been reached.
- the device according to the invention provides that at least one indicator element I is defined for a single counter element CPT.
- the indicator element II goes into the second state e l2.
- the blocking means Mb checks the state of said element II and as soon as it has gone into the second state, it blocks said card, it is the same with elements 12 and 13.
- the device according to the invention provides that at least one indicator element
- the element II passes from the state el l to the state el2 which indicates that a fraud has taken place and consequently, the medium Mb blocks the card.
- the number of occurrences of events occurring in a card is limited, and consequently the number of possible actions on the card on the part of a fraudster. .
- said data memory 14 of said device contains at least two identical indicator elements located at non-contiguous locations of said data memory, said elements being attached to the same set of counter elements containing one or more counters according to the two aforementioned variants in relation to FIGS. 3 and 4.
- the indicator element I'I is identical to II insofar as they are both attached to the elements CPTl and CPT2 and they pass at the same time time from a first state to a second state when any of these two counting elements has reached its maximum value.
- said indicator elements are located in the data memory 14 of said card at non-contiguous locations which makes it possible to avoid fraud which would consist in changing the state of all the identical active indicator elements, said fraud being facilitated by the fact that the elements would be in very close locations one of the other. Also, even if a fraudster manages to change the state of an element I by making it passive, the other identical indicator elements will remain active because, in this case, it will be improbable for said fraudster to find the location of all the elements. identical indicators.
- the device according to the invention provides that said blocking means Mb blocks the operation of said device when the state of an indicator element is different from the state of another identical indicator element.
- said fraudster's action is thus countered.
- the values of the first states of the indicator elements may be equivalent or different from one another. It will be the same for the values of the second states.
- the device according to the invention makes it possible to better secure the card by limiting the number of possible actions on it by a fraudster.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU10513/00A AU1051300A (en) | 1998-11-17 | 1999-11-04 | Device for limiting fraud in an integrated circuit card |
JP2000582978A JP2002530758A (ja) | 1998-11-17 | 1999-11-04 | 集積回路カードにおける偽造防止装置 |
EP99954054A EP1131799A1 (fr) | 1998-11-17 | 1999-11-04 | Dispositif pour la limitation de fraudes dans une carte a circuit integre |
US09/856,191 US6726108B1 (en) | 1998-11-17 | 1999-11-04 | Device for limiting fraud in an integrated circuit card |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR98/14409 | 1998-11-17 | ||
FR9814409A FR2786006B1 (fr) | 1998-11-17 | 1998-11-17 | Dispositif pour la limitation de fraudes dans une carte a circuit integre |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000030047A1 true WO2000030047A1 (fr) | 2000-05-25 |
Family
ID=9532808
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR1999/002690 WO2000030047A1 (fr) | 1998-11-17 | 1999-11-04 | Dispositif pour la limitation de fraudes dans une carte a circuit integre |
Country Status (7)
Country | Link |
---|---|
US (1) | US6726108B1 (fr) |
EP (1) | EP1131799A1 (fr) |
JP (1) | JP2002530758A (fr) |
CN (1) | CN1154961C (fr) |
AU (1) | AU1051300A (fr) |
FR (1) | FR2786006B1 (fr) |
WO (1) | WO2000030047A1 (fr) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2834366B1 (fr) * | 2001-12-28 | 2004-08-20 | Ct D Echanges De Donnees Et D | Carte a puce autoverrouillable, dispositif de securisation d'une telle carte et procedes associes |
FR2853785B1 (fr) * | 2003-04-09 | 2006-02-17 | Oberthur Card Syst Sa | Entite electronique securisee avec compteur modifiable d'utilisations d'une donnee secrete |
EP1612639A1 (fr) * | 2004-06-30 | 2006-01-04 | ST Incard S.r.l. | Méthode de détection et de réaction contre une attaque potentielle d'une opération exécutée par un jeton ou une carte cryptographique et visant à faire respecter la sécurité. |
KR20080003006A (ko) * | 2005-04-27 | 2008-01-04 | 프라이베이시스, 인크. | 전자 카드 및 그의 제조방법 |
DE102005058878B4 (de) * | 2005-12-09 | 2007-08-09 | Infineon Technologies Ag | Datentransfervorrichtung und Verfahren zum Senden von Daten |
FR2910666B1 (fr) | 2006-12-26 | 2013-02-08 | Oberthur Card Syst Sa | Dispositif electronique portable et procede de securisation d'un tel dispositif |
US8430323B2 (en) * | 2009-06-12 | 2013-04-30 | Oberthur Technologies of America Corp. | Electronic device and associated method |
KR101418962B1 (ko) * | 2009-12-11 | 2014-07-15 | 한국전자통신연구원 | 부채널 공격 방지를 위한 보안 장치 및 방법 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4879645A (en) * | 1984-03-31 | 1989-11-07 | Kabushiki Kaisha Toshiba | Data processing device with high security of stored programs |
FR2716021A1 (fr) * | 1994-02-09 | 1995-08-11 | Gemplus Card Int | Procédé et système de transaction par carte à puce. |
US5550919A (en) * | 1993-05-26 | 1996-08-27 | Gemplus Card International | Method and device for limiting the number of authentication operations of a chip card chip |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4109312A (en) * | 1974-02-07 | 1978-08-22 | Firma Carl Schenk Ag | Method and apparatus for measuring and indicating the unbalance of a rotor |
JP3201157B2 (ja) * | 1994-07-26 | 2001-08-20 | 松下電器産業株式会社 | Icカード装置 |
FR2819070B1 (fr) * | 2000-12-28 | 2003-03-21 | St Microelectronics Sa | Procede et dispositif de protection conte le piratage de circuits integres |
-
1998
- 1998-11-17 FR FR9814409A patent/FR2786006B1/fr not_active Expired - Fee Related
-
1999
- 1999-11-04 WO PCT/FR1999/002690 patent/WO2000030047A1/fr active Application Filing
- 1999-11-04 AU AU10513/00A patent/AU1051300A/en not_active Abandoned
- 1999-11-04 US US09/856,191 patent/US6726108B1/en not_active Expired - Fee Related
- 1999-11-04 CN CNB998134155A patent/CN1154961C/zh not_active Expired - Fee Related
- 1999-11-04 JP JP2000582978A patent/JP2002530758A/ja not_active Abandoned
- 1999-11-04 EP EP99954054A patent/EP1131799A1/fr not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4879645A (en) * | 1984-03-31 | 1989-11-07 | Kabushiki Kaisha Toshiba | Data processing device with high security of stored programs |
US5550919A (en) * | 1993-05-26 | 1996-08-27 | Gemplus Card International | Method and device for limiting the number of authentication operations of a chip card chip |
FR2716021A1 (fr) * | 1994-02-09 | 1995-08-11 | Gemplus Card Int | Procédé et système de transaction par carte à puce. |
Also Published As
Publication number | Publication date |
---|---|
CN1154961C (zh) | 2004-06-23 |
US6726108B1 (en) | 2004-04-27 |
AU1051300A (en) | 2000-06-05 |
CN1326580A (zh) | 2001-12-12 |
FR2786006B1 (fr) | 2001-10-12 |
JP2002530758A (ja) | 2002-09-17 |
FR2786006A1 (fr) | 2000-05-19 |
EP1131799A1 (fr) | 2001-09-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1269440B1 (fr) | Membrane elastomere anti-intrusion pour boitiers electroniques securises | |
EP0531241B1 (fr) | Système électronique à accès contrÔlé | |
EP0675614A1 (fr) | Dispositif de mise en oeuvre d'un système d'échange sécurisé de données du genre RSA limité à la signature numérique et la vérification des messages | |
EP2082364A1 (fr) | Terminal de paiement electronique biometrique et procede de transaction | |
EP2449497A1 (fr) | Procede de detection d'une tentative d'attaque, support d'enregistrement et processeur de securite pour ce procede | |
WO2000030047A1 (fr) | Dispositif pour la limitation de fraudes dans une carte a circuit integre | |
EP0776498B1 (fr) | Dispositif de clavier securise | |
FR2920561A1 (fr) | Borne de lecture d'informations contenues dans une memoire d'un objet portable et procede de fonctionnement de cette borne. | |
EP0791877B1 (fr) | Dispositif électronique délivrant une référence temporelle sûre pour la protection d'un logiciel | |
EP1609326B1 (fr) | Procede de protection d'un terminal de telecommunication de type telephone mobile | |
EP1436792B1 (fr) | Protocole d'authentification a verification d'integrite de memoire | |
EP3198540A1 (fr) | Procédé d'auto-détection d'une tentative de piratage d'une carte électronique de paiement, carte, terminal et programme correspondants | |
WO2000074008A1 (fr) | Systeme de tele-paiement securise par signature numerique pour carte de paiement | |
WO2003056524A1 (fr) | Carte a puce autoverrouillable et dispositif de securisation d'une telle carte | |
EP2356608B1 (fr) | Procede et dispositif de diagnostic de la premiere reception d'un identifiant, procede de detection, support d'enregistrement et programme d'ordinateur pour ce procede | |
EP1544818A1 (fr) | Terminal sécurisé | |
EP1493072B1 (fr) | Procede et dispositif de protection de donnees numeriques stockees dans une memoire | |
EP3032450B1 (fr) | Procédé de contrôle d'une authenticité d'un terminal de paiement et terminal ainsi sécurisé | |
EP0996102B1 (fr) | Procédé de contrôle d'un terminal muni d'un connecteur de carte à micromodules à contacts | |
EP1862952A1 (fr) | Dispositif électronique sécurisé | |
WO2012041623A1 (fr) | Dispositif de protection, terminal de paiement électronique et tête de lecture magnétique correspondants | |
WO2016142487A1 (fr) | Touche sécurisée de clavier analogique, procédé et module de détection d'intrusion, terminal de paiement électronique, programme et support d'enregistrement correspondants | |
FR2870019A1 (fr) | Plate forme electronique a acces securise, et procede de securisation | |
EP1254439A1 (fr) | Systeme de tele-paiement securise par signature numerique pour carte de paiement | |
WO2003050756A2 (fr) | Lutte contre la reproduction frauduleuse des cartes a puce et des terminaux de lecture de ces cartes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 99813415.5 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2000 10513 Country of ref document: AU Kind code of ref document: A |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1999954054 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2000 582978 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09856191 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1999954054 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
CFP | Corrected version of a pamphlet front page |
Free format text: UNDER (54) PUBLISHED TITLE REPLACED BY CORRECT TITLE |