The present invention relates in general terms to any electronic data processing means of which the functionalities, or services which are related thereto, are accessible by a confidential code, also referred to as a password or secret code, which is most often received by the processing means following keying-in on the keyboard of an accepting means of the processing means.
For example, the data processing means is a microcontroller card, also referred to as an integrated circuit card or smart card, such as a credit card for a bank terminal or an electronic purse card for a point-of-sale terminal, or for any other terminal such as a mobile radiotelephone terminal equipped with an add-on card reader, or else such as a SIM (Subscriber Identity Module) identity card in a mobile radiotelephone terminal.
More particularly, the invention relates to the security of controlling access to the functionalities of the smart card by, a confidential code received thereby so as to compare it with a secret confidential code associated with the smart card and currently pre-stored therein.
An attacker, an ill-intentioned person, wishing to know the secret confidential code of a smart card, can carry out a Single Power Analysis (SPA) by connecting a voltage-measuring apparatus to the electrical interface between the smart card and its accepting terminal.
In a smart card according to the prior art, the secret confidential code pre-stored in a non-volatile memory of the smart card is manipulated during verification of any confidential code presented with a view to authenticating the true holder of the smart card. In particular, the processor in the card reads the secret code from the non-volatile memory and compares it with the received code written temporarily into the RAM memory of the smart card.
Current smart cards thus present possibilities of leakages of information resulting from the recording of energy consumption characteristics of the smart card.