1. Field of the Invention
The present invention generally relates to electronic circuits and, more specifically, to the protection of information contained in an electronic circuit. The information may be digital quantities supposed to remain secret (that is, within the electronic circuit), for example, access codes or passwords, or specific steps of algorithms and, more generally, any digital data not to be communicated in uncontrolled fashion.
The present invention more specifically applies to mechanisms of authentication of electronic circuits, of applications executed by electronic circuits or of their users, by means of a code or a key interpreted by these circuits. An example of application relates to circuits containing a mechanism of user authentication by verification of a user code received by the circuit. Another example of application relates to the protection of authentication, ciphering, or signature keys against possible hacking attempts.
The present invention will be described hereafter in relation with an example of application to smart cards, but it more generally applies to any electronic circuit containing information with a controlled circulation, be the circuit on a smart card, isolated, or assembled on an electronic board of a more complex device.
2. Discussion of the Related Art
On use of a smart card, for example, of bank or mobile phone type, the user is authenticated by keying in a code (PIN code) on a keyboard of a device (for example, a bank terminal or the cellular phone) capable of communicating this code to the electronic circuit of the card for comparison with a reference code. One of the objects of the user authentication by the card is to avoid for the user code to be stored elsewhere than in the actual card.
Authentication mechanisms generally do not enable making the difference between the keying in of too many codes in a fraud attempt or when the user has forgotten his code. In the case of an incidental blocking of the electronic circuit by the authorized user, a first solution is to replace the card. Such a solution is expensive since the card is disposed of. Another solution is, for the provider of the card, to send a specific control signal thereto to unlock it. Such a solution however requires an appropriate infrastructure to unlock the card.
More generally, the above-described protection authentication mechanisms amount to detecting an abnormal circuit operation (considering that a lack of authentication is abnormal) and to blocking the circuit or some of its functions after a given number of detections, to protect information contained in the circuit.