Data processing method and device

US 9,454,663 B2
Filed: 03/18/2013
Issued: 09/27/2016
Est. Priority Date: 08/17/2004
Status: Active Grant

First Claim

Patent Images

1. A data processing method implemented in an electronic apparatus for securing a microcircuit card against fault generation attacks comprising the following steps performed by a microprocessor of the microcircuit card during a same execution of a computer program by the microprocessor:

verifying a criterion indicative of normal running of the method to detect a fault generation attack on the microcircuit card;

updating an error flag when the verifying step result is negative, thereby detecting a fault generation attack on the microcircuit card;

testing the error flag; and

a processing executed when the step of testing the error flag indicates the verifying step result is negative and a fault generation attack is detected on the microcircuit card,wherein the processing step is separated from the verifying step by an intermediate step of non-null duration performed prior to testing the error flag,wherein a first action is performed when the verifying step result is positive and prior to testing the error flag, wherein the intermediate step includes performing at least one second action having a same first external signature observable by an observer external to the microcircuit card as the first action,wherein a third action is performed after testing the error flag when the verifying step result is positive and wherein the processing step includes performing at least one fourth action having a same second external signature observable by the observer external to the microcircuit card as the third action,wherein said third and fourth actions comprise writing data in a physical memory and wherein said fourth action comprises the writing of at least one of;

blocking data preventing any subsequent use of the electronic apparatus, anddata representative of a detected anomaly when the verifying step result is negative, said data representative of the detected anomaly enabling an analysis of a problem encountered by said electronic apparatus,wherein the same first external signature is a same electrical consumption signature or a same electromagnetic radiation signature of the electronic apparatus generated by the first action and by the second action and the same second external signature is a same electrical consumption signature or a same electromagnetic radiation signature of the electronic apparatus generated by the third action and by the fourth action.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing method pertains to a step (E308) including in verifying a criterion indicative of the normal running of the method and a step (E320) including in processing performed in case of negative verification. The processing step (E230) is separated from the verifying step (E308) by an intermediate step (E312, E314) of non-null duration. The intermediate step (E312, E314) and/or the processing step (E320) includes at least one action (E314) performed in case of positive verification. The invention also concerns a corresponding device.

Citations

20 Claims

1. A data processing method implemented in an electronic apparatus for securing a microcircuit card against fault generation attacks comprising the following steps performed by a microprocessor of the microcircuit card during a same execution of a computer program by the microprocessor:
- verifying a criterion indicative of normal running of the method to detect a fault generation attack on the microcircuit card;
  
  updating an error flag when the verifying step result is negative, thereby detecting a fault generation attack on the microcircuit card;
  
  testing the error flag; and
  
  a processing executed when the step of testing the error flag indicates the verifying step result is negative and a fault generation attack is detected on the microcircuit card,wherein the processing step is separated from the verifying step by an intermediate step of non-null duration performed prior to testing the error flag,wherein a first action is performed when the verifying step result is positive and prior to testing the error flag, wherein the intermediate step includes performing at least one second action having a same first external signature observable by an observer external to the microcircuit card as the first action,wherein a third action is performed after testing the error flag when the verifying step result is positive and wherein the processing step includes performing at least one fourth action having a same second external signature observable by the observer external to the microcircuit card as the third action,wherein said third and fourth actions comprise writing data in a physical memory and wherein said fourth action comprises the writing of at least one of;
  
  blocking data preventing any subsequent use of the electronic apparatus, anddata representative of a detected anomaly when the verifying step result is negative, said data representative of the detected anomaly enabling an analysis of a problem encountered by said electronic apparatus,wherein the same first external signature is a same electrical consumption signature or a same electromagnetic radiation signature of the electronic apparatus generated by the first action and by the second action and the same second external signature is a same electrical consumption signature or a same electromagnetic radiation signature of the electronic apparatus generated by the third action and by the fourth action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The data processing method of claim 1, wherein the second action is performed at a time the first action would be performed when the verifying step result is positive.
  - 3. The data processing method of claim 1, wherein the second action is different from the first action.
  - 4. The data processing method of claim 1, wherein a number of instructions used in the first action and in the second action is the same.
  - 5. The data processing method of claim 1, wherein the type of instruction used by the first action and by the second action is the same.
  - 6. The data processing method of claim 1, wherein the first action includes accessing a first area of said physical memory and wherein the second action includes accessing a second area of said physical memory different from the first area.
  - 7. The data processing method of claim 1, wherein said physical memory is a rewritable semiconductor memory.
  - 8. The data processing method of claim 7, wherein said physical memory is in an external device.
  - 9. The data processing method of claim 8, wherein the external device is a user terminal.
  - 10. The data processing method of claim 1, wherein the first action is performed in a secure step.
  - 11. The data processing method of claim 10, wherein the secure step includes a cryptographic algorithm.
  - 12. The data processing method of claim 1, wherein the criterion is negative if an anomaly is detected.
  - 13. The data processing method of claim 1, wherein the criterion is negative if an attack is detected.
  - 14. The data processing method of claim 1, wherein the criterion is negative if a functional error is detected.
  - 15. The data processing method of claim 1, implemented by a microprocessor of a microcircuit card.
  - 16. The data processing method of claim 1, wherein the fourth action is performed at a time the third action would be performed when the verification is positive.
  - 17. The data processing method of claim 1, wherein a number of instructions used in the third action and in the fourth action is the same.
  - 18. The data processing method of claim 1, wherein a type of instruction used by the third action and by the fourth action is the same.
  - 19. The data processing method of claim 1, wherein the third action includes accessing a third area of a said physical memory and wherein the fourth action includes accessing a fourth area of said physical memory different from the third area.

20. A data processing device comprising:
- a microcircuit card with a microprocessor;
  
  the microprocessor having the following means that are operative during a same execution of a computer program by the microprocessor,means for verification of a criterion indicative of normal operation of the device to detect a fault generation attack on the microcircuit card;
  
  means for updating an error flag when the verification is negative, thereby detecting a fault generation attack on the microcircuit card;
  
  means for testing the error flag;
  
  processing means activated when the means for testing the error flag indicates that the verification is negative and a fault generation attack is detected on the microcircuit card; and
  
  separation means for separating the operation of the verification means from the operation of the processing means with an intermediate step of a non-null duration performed prior to testing the error flag,wherein the microprocessor is configured to perform a first action prior to testing the error flag when the means for verification indicates a positive result, and wherein said separation means is configured to perform a second action having a same external signature observable by an observer external to the microcircuit card as the first action,wherein the microprocessor is configured to perform a third action after testing the error flag when the means for verification indicates the positive result, and wherein the processing means is configured to perform a fourth action having a same second external signature observable by the observer external to the microcircuit card as the third action,wherein said third and fourth actions write data in a physical memory and wherein said fourth action writes at least one of;
  
  blocking data preventing any subsequent use of the device, anddata representative of a detected anomaly when the verification is negative, said data representative of the detected anomaly enabling an analysis of a problem encountered by said device,wherein the same first external signature is a same electrical consumption signature or a same electromagnetic radiation signature of the device generated by the first action and by the second action and the same second external signature is a same electrical consumption signature or a same electromagnetic radiation signature of the device generated by the third action and by the fourth action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IDEMIA France (Advent International Corporation)
Original Assignee
Oberthur Technologies SA (Advent International Corporation)
Inventors
Chamberot, Francis
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US13/845,914
Publication Number

US 20130219522A1
Time in Patent Office

1,289 Days
Field of Search

713/194
US Class Current

1/1
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 21/60 Protecting data

Data processing method and device

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing method and device

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links