WO2003075233A2 - Smart card and method for avoiding software bug on such a smart card - Google Patents

Smart card and method for avoiding software bug on such a smart card Download PDF

Info

Publication number
WO2003075233A2
WO2003075233A2 PCT/FR2003/000637 FR0300637W WO03075233A2 WO 2003075233 A2 WO2003075233 A2 WO 2003075233A2 FR 0300637 W FR0300637 W FR 0300637W WO 03075233 A2 WO03075233 A2 WO 03075233A2
Authority
WO
WIPO (PCT)
Prior art keywords
code
memory
data
addresses
central unit
Prior art date
Application number
PCT/FR2003/000637
Other languages
French (fr)
Other versions
WO2003075233A3 (en
Inventor
Jean-Luc Dauvois
Original Assignee
Canal + Technologies
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canal + Technologies filed Critical Canal + Technologies
Priority to JP2003573612A priority Critical patent/JP2005519403A/en
Priority to KR10-2004-7013516A priority patent/KR20050007436A/en
Priority to AU2003224229A priority patent/AU2003224229A1/en
Priority to MXPA04008351A priority patent/MXPA04008351A/en
Priority to EP03720652A priority patent/EP1485885A2/en
Publication of WO2003075233A2 publication Critical patent/WO2003075233A2/en
Publication of WO2003075233A3 publication Critical patent/WO2003075233A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0833Card having specific functional components
    • G07F7/084Additional components relating to data transfer and storing, e.g. error detection, self-diagnosis
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C29/00Checking stores for correct operation ; Subsequent repair; Testing stores during standby or offline operation
    • G11C29/70Masking faults in memories by using spares or by reconfiguring
    • G11C29/78Masking faults in memories by using spares or by reconfiguring using programmable devices
    • G11C29/84Masking faults in memories by using spares or by reconfiguring using programmable devices with improved access time or stability
    • G11C29/846Masking faults in memories by using spares or by reconfiguring using programmable devices with improved access time or stability by choosing redundant lines at an output stage

Definitions

  • the present invention relates to a smart card, and to a method for avoiding logical "software" (or software) flaw on such a smart card.
  • a component for a smart card used for example in the field of digital television to control the right of a user to have access to a program, has a memory code part, which cannot be modified once the component has been realized. An error in the code loaded in this memory, due to a non-exhaustive test or a software flaw, cannot therefore be corrected.
  • the code provided by the designer is directly embedded in the silicon ("masked code"), for example by using an ionization process.
  • masked code the code provided by the designer is directly embedded in the silicon
  • a software flaw or "bug”
  • the smart cards being with customers, it is very difficult to solve this problem simply. In general there is no other solution than recovering the chip cards and changing them.
  • a solution of the known art consists in loading a correction code into a data memory located in the component of the smart card. Such a loading can take place during the personalization of the card, or by remote sending, for example directly to a subscriber to a decoder service.
  • the "hidden code" in code memory provides all the places where a problem could potentially exist, for example:
  • the correction code must also be large. It can then have a much larger size than necessary. - Intervention in places not provided for in the original code is not possible.
  • the invention therefore aims to overcome such drawbacks by making it possible to correct software flaws on the component of a smart card during the operation of this smart card.
  • the invention relates to a smart card, the component of which comprises a central processing unit, a code memory in which an original code is stored comprising at least one software flaw which cannot be corrected, a data / code memory in an area of which a substitution code free of software flaws is stored, as well as the addresses of the software flaw (s), a mechanism for intercepting the addresses of the central unit which checks the hardware addresses which execute, characterized in that the address interception mechanism comprises an address interception and substitution block which makes it possible to divert the central unit when it detects an address or a set of address of software flaw and a data multiplexer allowing the central processing unit to take into account either the data in the memory code if there is no diversion, ie the data from the data / code memory.
  • the data / code memory can be an E 2 PROM memory, a flash memory or a FeRAM memory.
  • the code memory can be a ROM memory or a flash memory.
  • the invention also relates to a software flaw avoidance method which cannot be corrected in the code stored in a code memory of the component of a smart card, said component further comprising a central unit, a data / code memory, and a mechanism for intercepting the addresses of the central unit which verifies the hardware addresses which are executed, characterized in that it comprises the following steps: there is at least one software flaw in the code memory of said component,
  • the present invention has the following advantages: - diversion locations do not have to be planned in advance,
  • the method of the invention makes it possible to correct software flaws during the production process but also during the operation itself of the component, and this without having previously provided for software interceptions in the code.
  • This process combining hardware and software also offers real flexibility.
  • the single figure illustrates an embodiment of a smart card according to the invention.
  • the invention consists, in order to correct one or more logical flaws of a code stored "masked code" in a smart card, to provide a mechanism for intercepting the addresses of the central unit 10 of this smart card, which checks the hardware addresses that run.
  • the chip card component thus comprises: - a central unit 10,
  • MDC 14 data / code memory
  • E 2 PROM Electrically Erasable Programmable Read Only Memory
  • flash memory for example an EPROM (EPROM)
  • FeRAM memory Feroelectric Random Access Memory
  • MC code memory
  • ROM type read-only memory
  • flash in which the original code is stored
  • the mechanism 11 for intercepting the addresses of this central unit 10 which includes a block 12 for intercepting and substituting addresses, and a data multiplexer 13, allowing the central unit to take into account the data of the memory 14 or the data of memory 16,
  • the interception mechanism 11 makes it possible to carry out a logical address interception function. In the event of a software fault, this logic function reroutes the central unit 10 to the code for substitution called "Bug Free", that is to say free from logical flaws, previously memorized in memory 14.
  • the user finds that the original code of the smart card contains at least one software flaw, he sends a correction code free of logical flaw and the addresses of the software flaw (s), in the case of a signal sent remotely for example, to correct these.
  • Address interception is not limited to a single address but can concern a set of contiguous addresses or not.
  • the logic flaw avoidance method of the invention therefore comprises the following steps:
  • the mechanism 11 for intercepting the addresses of the central unit 10 has the list of addresses to be substituted previously stored, as well as a substitution code in an area 15 of the data / code memory 14, this list being, for example, stored in a substitution table.
  • the address interception block 12 analyzes the hardware address which is executed to see if there is no consistency of this with an address of the substitution table:
  • correction code is therefore loaded beforehand with one or more diversion addresses in data / code memory 14. Therefore, only information of much smaller size is loaded than in the devices of the prior art.
  • code stored in memory 14 is run in a completely transparent manner for the central unit 10.
  • the invention therefore consists in loading data into code data 14 of a table and a substitution code, this loading being able to take place remotely, and in carrying out an interception of the addresses of central unit 10, the unfolding the substitution code, in the event of weak logic, then taking place transparently for the central unit 10.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Business, Economics & Management (AREA)
  • Quality & Reliability (AREA)
  • Strategic Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
  • Stored Programmes (AREA)

Abstract

The invention concerns a smart card whereof the component includes a central unit (10), a code memory (16) wherein is stored an original code comprising at least a software bug which cannot be corrected, a data/code memory (14) in a zone (15) of which are stored a substitution code free of software bug, as well as the addresses of the software bug(s), a mechanism (11) for intercepting the central unit addresses which verifies the hardware addresses which are executed, wherein the mechanism (11) intercepting the addresses includes an address intercepting and substituting unit (12) which enables the central unit to be rerouted when it detects an address or a set of addresses of software bug and a data multiplexer (13) enabling either the memory code data (16) when there is no rerouting, or the data of the data/memory code (14) to be taken into account by the central unit (10). The invention also concerns a method for avoiding a software bug in such a smart card.

Description

CARTE A PUCE ET PROCEDE D ' EVITEMENT DE FAILLE LOGIQUE SUR UNE TELLE CARTE A PUCE CHIP CARD AND METHOD FOR AVOIDING FAULTY LOGIC ON SUCH A CHIP CARD
DESCRIPTIONDESCRIPTION
DOMAINE TECHNIQUETECHNICAL AREA
La présente invention concerne une carte à puce, et un procédé d'évitement de faille logique "software" (ou logicielle) sur une telle carte à puce.The present invention relates to a smart card, and to a method for avoiding logical "software" (or software) flaw on such a smart card.
ETAT DE LA TECHNIQUE ANTERIEURESTATE OF THE PRIOR ART
Un composant pour carte à puce, utilisée par exemple dans le domaine de la télévision numérique pour contrôler le droit d'un utilisateur à avoir accès à un programme, comporte une partie mémoire code, qui n'est pas modifiable une fois que le composant a été réalisé. Une erreur dans le code chargé dans cette mémoire, due à un test non exhaustif ou à une faille logicielle, ne peut donc être corrigée.A component for a smart card, used for example in the field of digital television to control the right of a user to have access to a program, has a memory code part, which cannot be modified once the component has been realized. An error in the code loaded in this memory, due to a non-exhaustive test or a software flaw, cannot therefore be corrected.
En effet lorsque ce composant est ainsi réalisé, le code fourni par le concepteur est directement incrusté dans le silicium ("code masqué"), par exemple en utilisant un processus d'ionisation. En cas de faille logicielle (ou "bug") constatée après masquage il n'y a souvent d'autre alternative que de régénérer un nouveau code et donc un nouveau masque, ce qui est très lourd en terme de durée, par exemple plusieurs mois. De même en cas de découverte d'une faille logicielle en exploitation, les cartes à puce étant chez les clients, il est très difficile de régler ce problème simplement. En général il n'existe pas d'autre solution que de récupérer les cartes à puce et de les changer.When this component is thus produced, the code provided by the designer is directly embedded in the silicon ("masked code"), for example by using an ionization process. In the event of a software flaw (or "bug") observed after masking there is often no other alternative than to regenerate a new code and therefore a new mask, which is very heavy in terms of duration, for example several months . Similarly, if a software flaw is discovered in operation, the smart cards being with customers, it is very difficult to solve this problem simply. In general there is no other solution than recovering the chip cards and changing them.
Une solution de l'art connu consiste à charger un code de correction dans une mémoire données située dans le composant de la carte à puce. Un tel chargement peut avoir lieu lors de la personnalisation de la carte, ou par envoi à distance par exemple directement chez un abonné à un service de décodeur. Dans une telle solution, on prévoit dans le "code masqué" en mémoire code tous les endroits où pourrait potentiellement exister un problème, par exemple :A solution of the known art consists in loading a correction code into a data memory located in the component of the smart card. Such a loading can take place during the personalization of the card, or by remote sending, for example directly to a subscriber to a decoder service. In such a solution, the "hidden code" in code memory provides all the places where a problem could potentially exist, for example:
- à chaque appel de fonction,- at each function call,
- à chaque test conditionnel,- on each conditional test,
- dans chaque module ou fonction un peu importante.- in each somewhat important module or function.
On envoie alors un code de correction pour être chargé en mémoire données, en indiquant à quels endroits du code d'origine chargé en mémoire code "code masqué", ce code de correction doit être exécuté. Une telle solution présente donc les inconvénients suivants :A correction code is then sent to be loaded into the data memory, indicating where in the original code loaded into the "hidden code" code memory, this correction code must be executed. Such a solution therefore has the following drawbacks:
- le fait de prévoir au préalable les endroits où peut se poser un problème entraîne une augmentation de la taille du code d'origine de manière non nécessaire,- the fact of providing in advance the places where a problem may arise causes an increase in the size of the original code unnecessarily,
- dans le cas où un problème a lieu dans un module de taille importante, le code de correction doit, lui aussi, être de taille importante. Il peut alors avoir une taille beaucoup plus importante que nécessaire. - Une intervention en des endroits non prévus du code d'origine n'est pas possible.- in the event that a problem occurs in a large module, the correction code must also be large. It can then have a much larger size than necessary. - Intervention in places not provided for in the original code is not possible.
Ainsi les cartes à puce de l'art antérieur ne sont pas satisfaisantes en ce qui concerne : - leur fonctionnement,Thus the smart cards of the prior art are not satisfactory as regards: - their operation,
- la prise en compte de failles logicielles,- taking into account software flaws,
- la sécurité.- Security.
L'invention a donc pour objectif de pallier de tels inconvénients en permettant de corriger des failles logicielles sur le composant d'une carte à puce durant l'exploitation de cette carte a puce.The invention therefore aims to overcome such drawbacks by making it possible to correct software flaws on the component of a smart card during the operation of this smart card.
EXPOSÉ DE L'INVENTION L'invention concerne une carte à puce dont le composant comprend une unité centrale, une mémoire code dans laquelle est mémorisé un code d'origine comportant au moins une faille logicielle qui ne peut être corrigée, une mémoire données/code dans une zone de laquelle sont mémorisés un code de substitution exempt de faille logicielle, ainsi que les adresses de la (ou des) faille (s) logicielle (s) , un mécanisme d'interception des adresses de l'unité centrale qui vérifie les adresses matérielles qui s'exécutent, caractérisé en ce que le mécanisme d' interception des adresses comporte un bloc d' interception et de substitution des adresses qui permet de dérouter l'unité centrale lorsqu'il détecte une adresse ou un ensemble d'adresse de faille logicielle et un multiplexeur de données permettant à l'unité centrale de prendre en compte soit les données de la mémoire code s'il n'y a pas de déroutement, soit les données de la mémoire données/code.PRESENTATION OF THE INVENTION The invention relates to a smart card, the component of which comprises a central processing unit, a code memory in which an original code is stored comprising at least one software flaw which cannot be corrected, a data / code memory in an area of which a substitution code free of software flaws is stored, as well as the addresses of the software flaw (s), a mechanism for intercepting the addresses of the central unit which checks the hardware addresses which execute, characterized in that the address interception mechanism comprises an address interception and substitution block which makes it possible to divert the central unit when it detects an address or a set of address of software flaw and a data multiplexer allowing the central processing unit to take into account either the data in the memory code if there is no diversion, ie the data from the data / code memory.
Avantageusement, la mémoire données/code peut être une mémoire E2PROM, une mémoire flash ou une mémoire FeRAM. La mémoire code peut être une mémoire ROM ou une mémoire flash.Advantageously, the data / code memory can be an E 2 PROM memory, a flash memory or a FeRAM memory. The code memory can be a ROM memory or a flash memory.
L'invention concerne également un procédé d'évitement de faille logicielle qui ne peut être corrigée dans le code mémorisé dans une mémoire code du composant d'une carte à puce, ledit composant comportant en outre une unité centrale, une mémoire données/code, et un mécanisme d'interception des adresses de l'unité centrale qui vérifie les adresses matérielles qui s'exécutent, caractérisé en ce qu'il comprend les étapes suivantes : on constate au moins une faille logicielle dans la mémoire code dudit composant,The invention also relates to a software flaw avoidance method which cannot be corrected in the code stored in a code memory of the component of a smart card, said component further comprising a central unit, a data / code memory, and a mechanism for intercepting the addresses of the central unit which verifies the hardware addresses which are executed, characterized in that it comprises the following steps: there is at least one software flaw in the code memory of said component,
- on charge un code de substitution exempt de faille logicielle, et les adresses de la (ou des) faille (s) dans la mémoire données/code, on compare l'adresse matérielle qui s'exécute aux adresses ainsi chargées en mémoire données/code , -on prend en compte soit les données de la mémoire code si le résultat de la comparaison est négatif, soit les données de la mémoire données/code si le résultat de la comparaison est positif.- we load a substitution code free of software flaws, and the addresses of the flaw (s) in the data / code memory, we compare the hardware address that is running with the addresses thus loaded in data memory / code, -we take into account either the data in the code memory if the result of the comparison is negative, or the data in the data / code memory if the result of the comparison is positive.
La présente invention présente les avantages suivants : - les endroits de déroutement n'ont pas à être prévus à l'avance,The present invention has the following advantages: - diversion locations do not have to be planned in advance,
- la taille mémoire est optimisée, ce qui permet de réduire le coût,- the memory size is optimized, which reduces the cost,
- il y a un gain en vitesse, l'intervention de 1 ' intercepteur matériel étant transparente pour l'unité centrale,- there is a gain in speed, the intervention of the hardware interceptor being transparent to the central unit,
- il y a un gain en taille de code et donc en temps de développement.- there is a gain in code size and therefore in development time.
Le procédé de l'invention permet de corriger des failles logicielles durant le processus de production mais aussi durant l'exploitation elle-même du composant, et ceci sans avoir au préalable prévu des interceptions logicielles dans le code. Ce procédé alliant matériel et logiciel offre de plus une réelle souplesse .The method of the invention makes it possible to correct software flaws during the production process but also during the operation itself of the component, and this without having previously provided for software interceptions in the code. This process combining hardware and software also offers real flexibility.
BRÈVE DESCRIPTION DES DESSINSBRIEF DESCRIPTION OF THE DRAWINGS
La figure unique illustre un exemple de réalisation d'une carte à puce selon l'invention.The single figure illustrates an embodiment of a smart card according to the invention.
EXPOSÉ DÉTAILLÉ DE MODES DE RÉALISATION PARTICULIERSDETAILED PRESENTATION OF PARTICULAR EMBODIMENTS
L'invention consiste, pour corriger une ou plusieurs failles logiques d'un code mémorisé "code masqué" dans une carte à puce, à prévoir un mécanisme d'interception des adresses de l'unité centrale 10 de cette carte à puce, qui vérifie les adresses matérielles qui s'exécutent. Comme illustré sur la figure, le composant de la carte à puce comprend ainsi : - une unité centrale 10,The invention consists, in order to correct one or more logical flaws of a code stored "masked code" in a smart card, to provide a mechanism for intercepting the addresses of the central unit 10 of this smart card, which checks the hardware addresses that run. As illustrated in the figure, the chip card component thus comprises: - a central unit 10,
- une mémoire 14 données/code (MDC) , par exemple une mémoire E2PROM ( "Electrically Erasable Programmable Read Only Memory"), une mémoire flash, ou une mémoire FeRAM ( "Ferroelectric Random Access Memory"), dans une zone 15 de laquelle est mémorisé un code de substitution,a 14 data / code memory (MDC), for example an E 2 PROM memory ("Electrically Erasable Programmable Read Only Memory"), a flash memory, or a FeRAM memory ("Ferroelectric Random Access Memory"), in a zone 15 from which a substitution code is stored,
- une mémoire code (MC) 16, de type ROM (Mémoire en lecture seule) , ou flash, dans laquelle est mémorisé le code d'origine,- a code memory (MC) 16, of ROM type (read-only memory), or flash, in which the original code is stored,
- le mécanisme 11 d'interception des adresses de cette unité centrale 10, qui comporte un bloc 12 d'interception et de substitution des adresses, et un multiplexeur de données 13, permettant à l'unité centrale de prendre en compte les données de la mémoire 14 ou les données de la mémoire 16,the mechanism 11 for intercepting the addresses of this central unit 10, which includes a block 12 for intercepting and substituting addresses, and a data multiplexer 13, allowing the central unit to take into account the data of the memory 14 or the data of memory 16,
- un bus de données 17, reliant l'unité centrale 10 et le multiplexeur 13,a data bus 17, connecting the central unit 10 and the multiplexer 13,
- un bus de données MDC 18, reliant le multiplexeur 13 et la mémoire 14,an MDC data bus 18, connecting the multiplexer 13 and the memory 14,
- un bus de données MC 19, reliant le multiplexeur 13 et la mémoire 16,a data bus MC 19, connecting the multiplexer 13 and the memory 16,
- un bus adresses MDC 20, reliant le mécanisme 11 et la mémoire 14, - un bus adresses unité centrale 21, reliant l'unité centrale 10, le mécanisme 11 et la mémoire 16.- an MDC address bus 20, connecting the mechanism 11 and the memory 14, - a central unit address bus 21, connecting the central unit 10, the mechanism 11 and the memory 16.
Le mécanisme d'interception 11 permet de réaliser une fonction logique d'interception d'adresse. En cas de faille logicielle, cette fonction logique déroute l'unité centrale 10 vers le code de substitution dit "Bug Free", c'est-à-dire exempt de faille logique, préalablement mémorisé en mémoire 14.The interception mechanism 11 makes it possible to carry out a logical address interception function. In the event of a software fault, this logic function reroutes the central unit 10 to the code for substitution called "Bug Free", that is to say free from logical flaws, previously memorized in memory 14.
Ainsi, lorsque l'utilisateur constate que le code d'origine de la carte à puce comporte au moins une faille logicielle, il envoie un code de correction exempt de faille logique et les adresses de la ou des failles logicielles, dans le cas d'un signal émis à distance par exemple, pour corriger celles-ci.Thus, when the user finds that the original code of the smart card contains at least one software flaw, he sends a correction code free of logical flaw and the addresses of the software flaw (s), in the case of a signal sent remotely for example, to correct these.
Lorsque le mécanisme d'interception 11 détecte une adresse ou un ensemble d'adresses de faille logicielle, il y a un déroutement du code d'origine vers le code corrigé.When the interception mechanism 11 detects an address or a set of addresses of software flaw, there is a diversion from the original code to the corrected code.
Un tel fonctionnement peut être totalement indépendant de l'unité centrale 10. L'interception d'adresse ne se limite pas à une seule adresse mais peut concerner un ensemble d'adresses contiguës ou non.Such operation can be completely independent of the central unit 10. Address interception is not limited to a single address but can concern a set of contiguous addresses or not.
Le procédé d'évitement de faille logique de l'invention comporte donc les étapes suivantes :The logic flaw avoidance method of the invention therefore comprises the following steps:
- à l'initialisation, le mécanisme 11 d'interception des adresses de l'unité centrale 10 dispose de la liste des adresses à substituer mémorisée au préalable ainsi qu'un code de substitution dans une zone 15 de la mémoire données/code 14, cette liste étant, par exemple, mémorisée dans une table de substitutio .on initialization, the mechanism 11 for intercepting the addresses of the central unit 10 has the list of addresses to be substituted previously stored, as well as a substitution code in an area 15 of the data / code memory 14, this list being, for example, stored in a substitution table.
- lorsque l'unité centrale 10 positionne une adresse, le bloc d'interception d'adresses 12 analyse l'adresse matérielle qui s'exécute pour voir s'il n'y a pas de cohérence de celle-ci avec une adresse de la table de substitution :- when the central unit 10 positions an address, the address interception block 12 analyzes the hardware address which is executed to see if there is no consistency of this with an address of the substitution table:
• s'il n'y a pas cohérence, le programme continue à être déroulé à partir de 16, • s'il y a cohérence, il y a alors substitution d'une adresse mémorisée dans la mémoire données/code 14 à l'adresse qui s'exécute et le code de substitution est exécuté à partir de celle-ci.• if there is no consistency, the program continues to run from 16, • if there is consistency, there is then substitution of an address stored in the data / code memory 14 for address that runs and the substitution code is run from it.
On charge donc au préalable le code de correction avec une ou plusieurs adresses de déroutement en mémoire données/code 14. On ne charge donc que des informations de taille beaucoup plus réduite que dans les dispositifs de l'art antérieur. De plus, le code mémorisé en mémoire 14 est déroulé de façon totalement transparente pour l'unité centrale 10.The correction code is therefore loaded beforehand with one or more diversion addresses in data / code memory 14. Therefore, only information of much smaller size is loaded than in the devices of the prior art. In addition, the code stored in memory 14 is run in a completely transparent manner for the central unit 10.
L'invention consiste donc à réaliser le chargement en mémoire données code 14 d'une table et d'un code de substitution, ce chargement pouvant avoir lieu à distance, et à réaliser une interception des adresses de l'unité centrale 10, le déroulement du code de substitution, en cas de faible logique, ayant alors lieu de façon transparente pour l'unité centrale 10. The invention therefore consists in loading data into code data 14 of a table and a substitution code, this loading being able to take place remotely, and in carrying out an interception of the addresses of central unit 10, the unfolding the substitution code, in the event of weak logic, then taking place transparently for the central unit 10.

Claims

REVENDICATIONS
1. Carte à puce dont le composant comprend une unité centrale (10) , une mémoire code (16) dans laquelle est mémorisé un code d'origine comportant au moins une faille logicielle qui ne peut être corrigée, une mémoire données/code (14) dans une zone (15) de laquelle sont mémorisés un code de substitution exempt de faille logicielle, ainsi que les adresses de la (ou des) faille (s) logicielle (s) , un mécanisme (11) d'interception des adresses de l'unité centrale qui vérifie les adresses matérielles qui s'exécutent, caractérisé en ce que le mécanisme (11) d'interception des adresses comporte un bloc (12) d'interception et de substitution des adresses qui permet de dérouter l'unité centrale lorsqu'il détecte une adresse ou un ensemble d'adresses de faille logicielle et un multiplexeur de données (13) permettant à l'unité centrale (10) de prendre en compte soit les données de la mémoire code (16) s'il n'y a pas de déroutement, soit les données de la mémoire données/code (14) .1. Smart card, the component of which comprises a central unit (10), a code memory (16) in which an original code is stored comprising at least one software flaw which cannot be corrected, a data / code memory (14 ) in a zone (15) of which are stored a substitution code free of software flaws, as well as the addresses of the software flaw (s), a mechanism (11) for intercepting the addresses of the central unit which checks the hardware addresses which are executed, characterized in that the address interception mechanism (11) comprises an address interception and substitution block (12) which makes it possible to divert the central unit when it detects an address or a set of software flaw addresses and a data multiplexer (13) allowing the central unit (10) to take into account either the data of the code memory (16) if it there is no diversion, i.e. the data in the memory do years / code (14).
2. Carte à puce selon la revendication 1, dans lequel la mémoire données/code (14) est une mémoire E2PR0M, une mémoire flash ou une mémoire FeRAM.2. Smart card according to claim 1, in which the data / code memory (14) is an E 2 PR0M memory, a flash memory or a FeRAM memory.
3. Carte à puce selon la revendication 1, dans laquelle la mémoire code (16) est une mémoire ROM ou une mémoire flash. 3. Smart card according to claim 1, in which the code memory (16) is a ROM memory or a flash memory.
4. Procédé d'évitement de faille logicielle qui ne peut être corrigée dans le code mémorisé dans une mémoire code (16) du composant d'une carte à puce, ledit composant comportant en outre une unité central (10) , une mémoire données/code (14) , et un mécanisme (11) d'interception des adresses de l'unité centrale qui vérifie les adresses matérielles qui s'exécutent, caractérisé en ce qu'il comprend les étapes suivantes : on constate au moins une faille logicielle dans la mémoire code (16) dudit composant,4. Method for avoiding a software flaw which cannot be corrected in the code stored in a code memory (16) of the component of a smart card, said component further comprising a central unit (10), a data memory / code (14), and a mechanism (11) for intercepting the addresses of the central unit which verifies the hardware addresses which are executed, characterized in that it comprises the following steps: there is at least one software flaw in the code memory (16) of said component,
- on charge un code de substitution exempt de faille logicielle, et les adresses de la (ou des) faille (s) dans la mémoire données/code, on compare l'adresse matérielle qui s'exécute aux adresses ainsi chargée en mémoire données/code ,- we load a substitution code free of software flaws, and the addresses of the flaw (s) in the data / code memory, we compare the hardware address that is running with the addresses thus loaded in data memory / coded ,
-on prend en compte soit les données de la mémoire code si le résultat de la comparaison est négatif, soit les données de la mémoire données/code si le résultat de la comparaison est positif. -we take into account either the data in the code memory if the result of the comparison is negative, or the data in the data / code memory if the result of the comparison is positive.
PCT/FR2003/000637 2002-03-01 2003-02-27 Smart card and method for avoiding software bug on such a smart card WO2003075233A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP2003573612A JP2005519403A (en) 2002-03-01 2003-02-27 Method for avoiding logic bug of smart card and smart card
KR10-2004-7013516A KR20050007436A (en) 2002-03-01 2003-02-27 Smart card and method for avoiding software bug on such a smart card
AU2003224229A AU2003224229A1 (en) 2002-03-01 2003-02-27 Smart card and method for avoiding software bug on such a smart card
MXPA04008351A MXPA04008351A (en) 2002-03-01 2003-02-27 Smart card and method for avoiding software bug on such a smart card.
EP03720652A EP1485885A2 (en) 2002-03-01 2003-02-27 Smart card and method for avoiding software bug on such a smart card

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR02/02620 2002-03-01
FR0202620A FR2836736A1 (en) 2002-03-01 2002-03-01 CHIP CARD AND METHOD FOR AVOIDING FAULTY LOGIC ON SUCH A CHIP CARD

Publications (2)

Publication Number Publication Date
WO2003075233A2 true WO2003075233A2 (en) 2003-09-12
WO2003075233A3 WO2003075233A3 (en) 2004-03-04

Family

ID=27741362

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2003/000637 WO2003075233A2 (en) 2002-03-01 2003-02-27 Smart card and method for avoiding software bug on such a smart card

Country Status (7)

Country Link
EP (1) EP1485885A2 (en)
JP (1) JP2005519403A (en)
KR (1) KR20050007436A (en)
AU (1) AU2003224229A1 (en)
FR (1) FR2836736A1 (en)
MX (1) MXPA04008351A (en)
WO (1) WO2003075233A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008025900A1 (en) * 2006-08-30 2008-03-06 Viaccess Security processor and recording method and medium for configuring the behaviour of this processor

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2471004A1 (en) * 1979-11-30 1981-06-12 Dassault Electronique Control of access to semiconductor memories - uses access controller requiring validating inputs before opening and gate linking address bus and address decoder circuits
GB2136992A (en) * 1983-03-18 1984-09-26 Georg V Coza Method and System of Ensuring Integrity of Data in an Electronic Memory
US4945535A (en) * 1987-08-25 1990-07-31 Mitsubishi Denki Kabushiki Kaisha Information processing unit
US5353253A (en) * 1992-10-14 1994-10-04 Mitsubishi Denki Kabushiki Kaisha Semiconductor memory device
EP0645714A1 (en) * 1993-09-20 1995-03-29 STMicroelectronics S.A. Dynamic redundancy circuit for integrated circuit memory
US5758056A (en) * 1996-02-08 1998-05-26 Barr; Robert C. Memory system having defective address identification and replacement
US5935258A (en) * 1997-03-04 1999-08-10 Micron Electronics, Inc. Apparatus for allowing data transfers with a memory having defective storage locations

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2471004A1 (en) * 1979-11-30 1981-06-12 Dassault Electronique Control of access to semiconductor memories - uses access controller requiring validating inputs before opening and gate linking address bus and address decoder circuits
GB2136992A (en) * 1983-03-18 1984-09-26 Georg V Coza Method and System of Ensuring Integrity of Data in an Electronic Memory
US4945535A (en) * 1987-08-25 1990-07-31 Mitsubishi Denki Kabushiki Kaisha Information processing unit
US5353253A (en) * 1992-10-14 1994-10-04 Mitsubishi Denki Kabushiki Kaisha Semiconductor memory device
EP0645714A1 (en) * 1993-09-20 1995-03-29 STMicroelectronics S.A. Dynamic redundancy circuit for integrated circuit memory
US5758056A (en) * 1996-02-08 1998-05-26 Barr; Robert C. Memory system having defective address identification and replacement
US5935258A (en) * 1997-03-04 1999-08-10 Micron Electronics, Inc. Apparatus for allowing data transfers with a memory having defective storage locations

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008025900A1 (en) * 2006-08-30 2008-03-06 Viaccess Security processor and recording method and medium for configuring the behaviour of this processor
FR2905543A1 (en) * 2006-08-30 2008-03-07 Viaccess Sa SECURITY PROCESSOR AND METHOD AND RECORDING MEDIUM FOR CONFIGURING THE BEHAVIOR OF THIS PROCESSOR.
TWI499268B (en) * 2006-08-30 2015-09-01 Viaccess Sa Security processor and method and recording medium for configuring the behaviour of this processor
US9332297B2 (en) 2006-08-30 2016-05-03 Viaccess Security processor and recording method and medium for configuring the behaviour of this processor

Also Published As

Publication number Publication date
JP2005519403A (en) 2005-06-30
MXPA04008351A (en) 2004-11-26
KR20050007436A (en) 2005-01-18
FR2836736A1 (en) 2003-09-05
WO2003075233A3 (en) 2004-03-04
AU2003224229A1 (en) 2003-09-16
EP1485885A2 (en) 2004-12-15
AU2003224229A8 (en) 2003-09-16

Similar Documents

Publication Publication Date Title
EP1386230A2 (en) Method and system for managing shared-library executables
EP0272165A1 (en) Reconfigurable computing arrangement
EP1811778A1 (en) Verfahren für Aktualisierung des microprogramme eines Sicherheitsmoduls
FR2596595A1 (en) DOMINO TYPE MOS LOGIC HOLDER
FR2880963A1 (en) Software breakpoint inserting system for e.g. flash memory, has debugging program that allows to position software breakpoint in non-volatile memory circuit, and management unit that manages breakpoints positioned in circuit
EP1955248B1 (en) Adaptable security module
FR2643478A1 (en) MAP WITH INTEGRATED CIRCUIT
FR2670595A1 (en) Integrated circuit card
WO2003075233A2 (en) Smart card and method for avoiding software bug on such a smart card
FR3089322A1 (en) Management of access restrictions within a system on chip
EP2212824A2 (en) Verification of data read in memory
EP1006532B1 (en) Secure EEPROM with UV erasure detection means
EP1141903A1 (en) Device and method for initialising an applicative programme of an integrated circuit card
FR2990533A1 (en) Program execution monitoring method for smart card, involves performing set of operations, and arranging processing unit to generate interruption of execution of program according to result of set of operations
FR2707773A1 (en) Integrated circuit of the hidden mask microcontroller type containing a generic test program, test station and corresponding manufacturing method.
EP3423978A1 (en) Method for displaying an animation during the starting phase of an electronic device, and associated electronic device
EP0112427B1 (en) Programmable logic controller
EP3832469A1 (en) Secure electronic system comprising a processor and a memory component; associated programmable component
EP1005686B1 (en) Method for detecting fraudulent use of electronic phonecards
FR2963455A1 (en) PROTECTING SECRET KEYS
EP3962149A1 (en) Gateway of information exchanges between processing units, associated devices and method
FR3011658A1 (en) METHOD IN MICROCIRCUIT AND ASSOCIATED DEVICE
EP0932303A1 (en) Consumer electronic equipment provided with fast memory access means
WO2009004234A1 (en) Anomaly detection in service entity traffic in a packet network
FR2973150A1 (en) METHOD OF MASKING A PASSAGE AT THE END OF LIFE OF AN ELECTRONIC DEVICE AND DEVICE COMPRISING A CORRESPONDING CONTROL MODULE

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2003720652

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: PA/a/2004/008351

Country of ref document: MX

WWE Wipo information: entry into national phase

Ref document number: 2003573612

Country of ref document: JP

Ref document number: 1020047013516

Country of ref document: KR

Ref document number: 1929/CHENP/2004

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2003804935X

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 2003720652

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020047013516

Country of ref document: KR

WWW Wipo information: withdrawn in national office

Ref document number: 2003720652

Country of ref document: EP