Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0813—Specific details related to card security
  • G07F7/082—Features insuring the integrity of the data on or in the card
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
  • G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
  • G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F12/00—Accessing, addressing or allocating within memory systems or architectures
  • G06F12/14—Protection against unauthorised use of memory or access to memory
  • G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
  • G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
  • G06F2207/7219—Countermeasures against side channel or fault attacks
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2101—Auditing as a secondary aspect

Definitions

• the present invention relates to securing a computer against external manipulation, in particular securing the data present in the computer core or central processing unit (CPU).
• This invention is used in particular with chip cards, since these have to be particularly secured against manipulation from outside.
• the object of the present invention is to propose a way in which the computer can be better secured against external manipulation.
• the object is achieved according to the invention by a method, by a central processing unit for carrying out this method and by a computer or a chip card with such a central processing unit in accordance with the features of the independent claims.
• Advantageous refinements of the invention are specified in the subclaims.
• the invention is based on the fact that by securing the data present in the computer core, that is to say in the central processing unit (CPU) of the computer, against external manipulation, the security of the computer can be increased, since the data are present in the computer core unencrypted and therefore are easy to manipulate.
• a check sum is determined after processing a command by the CPU from several register contents of the CPU by mathematical linkage, for example by exclusive-OR linkage (XOR linkage), and is stored in a memory as the final check sum.
• XOR linkage exclusive-OR linkage
• a checksum is formed again, that is the initial checksum.
• processor type 8051 the Accu, B-Accu, Datapointer (DPTR, DPL, DPH), registers (R0 to R7) of the register banks, program status word (PSW), stack pointer (SP), special function register (SPR) and the like.
• PSW program status word
• SP stack pointer
• SPR special function register
• a counter can also be started when a command is loaded, which counts the clock cycles that are necessary to process the command.
• the counter is preferably constructed in terms of hardware. Logic takes the number of clock cycles required for processing from the command opcode and converts this into a counter value. The counter then runs in parallel with the executed command. It is checked whether the command to be processed is processed within the specified clock cycles. In the event that the command was not processed within the specified period, the clock supply is set, for example, so that further processing of commands is no longer possible. Alternatively, a reset can also be triggered and the central unit can thus be reset. The same measures can be taken if the command has been processed prematurely, ie if the command counter has not yet reached its limit value and a new operation code has already been recognized.
• the logical linking of the safety-relevant registers can be implemented by hardware or software.
• the checksum formation between two successive commands can take place, for example, on the basis of random or defined events or continuously.
• Fig. 1 shows the structure of a microcontroller using the example of an 8051 processor
• FIG. 2 shows a logic for linking several areas of the central processing unit.
• Fig. 1 shows the structure of an 8051 processor, which is an 8-bit processor. While known encryption methods protect the data from manipulation by bus or memory encryption, the data is in the core of the computer, ie in the central processing unit or CPU, unencrypted. With the method according to the invention it is now determined whether one or more registers of the CPU have been manipulated.
• FIG. 2 shows, by way of example, those security-relevant areas of the CPU that could be manipulated, namely stack pointer SP, battery AC, B battery BAC, register RO to R7, data pointer DPL and DPH to the lower and upper areas of the internal RAM. These registers are logically linked together to form a checksum.
• two 8-bit registers are linked to one another by an exclusive-OR gate (XOR). The XOR combination results in the register RO and a new 8-bit pattern, which in turn is XOR-linked with the 8-bit pattern resulting from the XOR combination in the registers R1 and R7.
• XOR exclusive-OR gate
• an 8-bit pattern is finally obtained, which serves as a checksum and is referred to in FIG. 2 as "initial checksum".
• XOR combination which in particular is advantageous in terms of effort, of course, other embodiments can be selected to form the checksum.
• the checksum changes immediately if the content of a register changes. That is, .
• the checksum may change several times. Only the checksum after processing a command and before processing the next command are decisive for the implementation of the method, since these two checksums (final checksum of one command and initial checksum of the next command) are compared with one another in a comparator. The comparison is carried out as follows: The checksum that arises at the end of the processing of a first command is stored as a final checksum in a memory on the CPU.
• the initial checksum is formed in parallel with the loading of this second command, as described at the beginning.
• a first step a. The initial checksum is compared with the final checksum stored in the memory from the previously processed first command by means of a comparator. In the event that the CPU has not been tampered with, the start and end checksums match and the value of the comparison result is zero.
• the comparator outputs a signal, on the basis of which, in a second step b.) After the second command has been processed, the checksum that is present is stored in the memory as a new final checksum. That is, , the processing of the second command is not interrupted in this case.
• the CPU can be tampered with.
• the output signal of the comparator then causes an error message c) instead of the second step b.), which in the case shown in FIG. 2 causes the command processing to be terminated.
• the processor can be stopped, a security sensor can be activated or, in the case of a chip card, the chip card can be retained by the terminal.
• the security mechanism described above can also be implemented purely in software, in that the checksums are determined on the one hand at the end of an instruction processing and on the other hand at the beginning of the next instruction processing and compared with one another.
• the corresponding pro For example, grams can be stored in the ROM or EPROM of the processor and the final checksum can be stored in the bit-addressable RAM of the processor.
• the described method need not be carried out before every command to be processed.
• One embodiment of the invention provides that the implementation of the method depends on a random or a defined event. According to a first embodiment, the method can be triggered as a function of time.
• the method can be triggered in that the content of one or more registers of the CPU corresponds to a predetermined pattern.
• a still further embodiment of the invention provides that the method is triggered each time a predetermined number of commands have been processed.
• An embodiment is preferred according to which the method is only triggered if there is a longer, defined period of time between the command, after the execution of which the checksum has been stored in the memory as an end checksum, and the initial checksum at the beginning of the processing of the next command lies. This saves valuable computing capacity when executing a program with many commands. If one assumes that manipulation of the CPU, in particular in the case of chip cards, does not take place while the program is running, but if the chip card is removed from the chip card terminal, manipulation of the CPU can nevertheless be reliably determined by means of this last-described embodiment.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Computer Hardware Design (AREA)
• Software Systems (AREA)
• General Engineering & Computer Science (AREA)
• Business, Economics & Management (AREA)
• Computer Networks & Wireless Communication (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Mathematical Physics (AREA)
• Accounting & Taxation (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Storage Device Security (AREA)
• Detection And Correction Of Errors (AREA)
• Executing Machine-Instructions (AREA)
• Information Transfer Systems (AREA)
• Hardware Redundancy (AREA)
• Saccharide Compounds (AREA)
• Pharmaceuticals Containing Other Organic And Inorganic Compounds (AREA)

Priority Applications (6)

Applications Claiming Priority (2)

Publications (1)

Family

ID=7905707

Family Applications (1)

Country Status (10)

Cited By (2)

Families Citing this family (12)

Citations (2)

Family Cites Families (6)

• 1999
  • 1999-04-23 DE DE19918620A patent/DE19918620A1/de not_active Withdrawn
• 2000
  • 2000-04-19 US US09/926,376 patent/US6959391B1/en not_active Expired - Lifetime
  • 2000-04-19 RU RU2001130347/09A patent/RU2249247C2/ru not_active IP Right Cessation
  • 2000-04-19 ES ES00926991T patent/ES2190966T3/es not_active Expired - Lifetime
  • 2000-04-19 EP EP00926991A patent/EP1190319B1/de not_active Expired - Lifetime
  • 2000-04-19 AU AU45526/00A patent/AU4552600A/en not_active Abandoned
  • 2000-04-19 CN CNB008066345A patent/CN1173264C/zh not_active Expired - Fee Related
  • 2000-04-19 JP JP2000614120A patent/JP4693245B2/ja not_active Expired - Fee Related
  • 2000-04-19 AT AT00926991T patent/ATE235082T1/de not_active IP Right Cessation
  • 2000-04-19 DE DE50001510T patent/DE50001510D1/de not_active Expired - Lifetime
  • 2000-04-19 WO PCT/EP2000/003530 patent/WO2000065442A1/de not_active Ceased

Patent Citations (2)

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events