Method for secure storage of sensitive data in a memory of an embedded microchip system, particularly a smart card, and embedded system implementing the method

US 7,260,727 B2
Filed: 06/08/2001
Issued: 08/21/2007
Est. Priority Date: 06/08/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for secure storage of sensitive data in a memory of an embedded microchip system, said microchip including in said memory at least two physically distinct storage devices, said method comprising:

providing said sensitive data, which is constituted by a binary word with a length equal to a given number of bytes,processing said sensitive data, by dividing said binary word into at least two parts in a given logical configuration, andstoring said divided at least two parts of said binary word into respective ones of said at least two physically distinct storage devices, so as to require a reconstruction of said binary word in said embedded microchip system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention concerns a method for secure storage of a piece of so-called sensitive data, for example an encryption key, in a memory (M) of an embedded microchip system, particularly a smart card (CP). The memory (M) comprises two physically distinct storage devices (1, 2), for example a permanent memory of the “ROM” type (1), and a second, re-programmable memory of the “EEPROM” type (2). The piece of sensitive data is divided into at least two parts (d, d′), in a given logical configuration, each of these parts being stored in one of the distinct storage devices (1, 2). An additional piece of verification data, a checksum or hash data, can also be stored in the first storage device (1), at the same time as the first sensitive data part (d).

The invention also concerns an embedded microchip system, particularly a smart card (CP).

Citations

11 Claims

1. A method for secure storage of sensitive data in a memory of an embedded microchip system, said microchip including in said memory at least two physically distinct storage devices, said method comprising:
- providing said sensitive data, which is constituted by a binary word with a length equal to a given number of bytes,processing said sensitive data, by dividing said binary word into at least two parts in a given logical configuration, andstoring said divided at least two parts of said binary word into respective ones of said at least two physically distinct storage devices, so as to require a reconstruction of said binary word in said embedded microchip system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1, wherein said at least two parts are different parts of a single secret.
  - 3. A method according to claim 1, wherein said at least two parts comprises a first part of said sensitive data that constitutes a first secret and a second part of said sensitive data derived from said first part so as to constitute an additional secret.
  - 4. A method according to claim 1, wherein a first part of said sensitive data includes a first binary word constituted by blocks of bytes of a same length as said sensitive data, wherein said first part includes a string of correct bytes and altered bytes, distributed in said first binary word in a predetermined configuration, and wherein a second part of said sensitive data includes a second binary word with a length equal to a number of said altered bytes and constituted by bytes that correspond one-to-one with said altered bytes, so that said altered bytes can be corrected and said sensitive data can be reconstructed from said first part and said second part.
  - 5. A method according to claim 4, wherein said sensitive data is an encryption key.
  - 6. A method according to claim 1, wherein said sensitive data is divided into first and second parts which are respectively stored in said first and second physically distinct storage devices and wherein said method further comprises:
    - performing a checksum operation on said sensitive data, concomitant with storage of said second part into said second storage device, said checksum operation generating informational data;
      
      storing said informational data in said first storage device;
      
      reading said informational data;
      
      performing an additional checksum operation on said sensitive data; and
      
      performing a comparison between said informational data read in said reading step and a result of said additional checksum operation in order to certify integrity of said sensitive data.
  - 7. A method according to claim 1, wherein said sensitive data is divided into first and second parts which are respectively stored in said first and second physically distinct storage devices, and wherein said method further comprises:
    - performing a hash operation on said sensitive data, concomitant with storage of said second part into said second storage device, said hash function generating informational data;
      
      storing said informational data in said first storage device;
      
      reading said informational data;
      
      performing an additional hash operation on said sensitive data; and
      
      performing a comparison between said informational data read in said reading step and a result of said additional hash operation in order to certify integrity of said sensitive data.
  - 8. A method according to claim 7, wherein said hash operation includes applying an “
    - SHA-1”
      
      algorithm to said sensitive data.

9. An embedded microchip system comprising:
- in said microchip, storage means for storing sensitive data, said storage means comprising at least two physically distinct storage devices, wherein said sensitive data is a binary word divided into at least two parts with given configurations, each of said at least two physically distinct storage devices storing a respective one of said at least two parts of sensitive data, and means for reconstructing said sensitive data being provided in said embedded microchip system.
- View Dependent Claims (10, 11)
- - 10. A system according to claim 9, wherein said storage means includes a first read-only storage device, and a second electrically erasable re-programmable read-only storage device, and wherein each of said first and second storage devices store a respective one of said two parts of said sensitive data.
  - 11. A system according to claim 9, further comprising a smart card which includes said first storage device and said second storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CP8 Technologies (Thales SA)
Original Assignee
CP8 Technologies (Thales SA)
Inventors
Fougeroux, Nicolas, Hameau, Patrice, Bole, Benoit
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
Cervetti, David Garcia

Application Number

US10/049,022
Publication Number

US 20020108051A1
Time in Patent Office

2,265 Days
Field of Search

713/189, 713/193, 713/194, 726/26
US Class Current

713/189
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G07F 7/082   Features insuring the integ...

G07F 7/1008   Active credit-cards provide...

Method for secure storage of sensitive data in a memory of an embedded microchip system, particularly a smart card, and embedded system implementing the method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method for secure storage of sensitive data in a memory of an embedded microchip system, particularly a smart card, and embedded system implementing the method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links