A smart card typically contains rewritable read-only memory (ROM) of the Flash or electrically erasable programmable ROM (EEPROM) type, a processor or microcontroller, and volatile memory known as read-only memory (RAM).
Access rights ensure the confidentiality of data contained in the card, where such confidentiality is essential in multiple applications, such as for example bank cards, or the subscriber identity module (SIM) cards used in mobile telephones.
When the card is engaged in an appliance, execution of commands such as reading or writing data is possible only providing special conditions are satisfied.
By way of example, these conditions may be prior authorization by verifying a code, or indeed setting up a secure channel between the card reader and the terminal from which the commands are issued.
Access rights that enable it to be determined whether the required conditions are satisfied for executing a command are themselves managed by a rights evaluation program referred to as a “mask”, which program is pre-stored in the memory of the card and is executed by its processor.
When a request is received to execute a command such as reading a data set, the rights evaluation program begins by identifying the access rights that are associated with the data.
These rights are stored in the card and they define the conditions that are required in order to execute each command on the target data: for example, authentication by verification of a code is necessary for executing a read command.
The program then determines whether the conditions in question are satisfied by consulting a register referred to as the card security state register, which register is stored in the card and contains an updated list of previously validated events.
By way of example, these events may be authentication by verifying a code, successfully establishing a secure communications channel between the card and the terminal with which it is interacting, or some other event, each event being in a so-called “valid” state if the event has been accomplished successfully.
In practice, it is found that known programs and architectures for managing access rights do not give entire satisfaction.
This is due to the fact that the general structure of access rights is complex since each data set stored in the card, e.g. each file, possesses its own access rights.
Furthermore, for a given file, these rights define conditions that are not the same from one command to another.
Furthermore, for a given command to be executed on a given file, conditions may differ depending on whether the card is communicating with a terminal via an electrical contact, or via a wireless connection.
Reading a file may require authorization, while writing to the file may also require a secure channel to be set up, and deleting the file may require separate authentication using another code that is different from the first.
For another file, reading, writing, and deleting may be performed without it being necessary to satisfy any condition.
Thus, each file possesses its own rights, and the access rights system may also be complex in itself since it may involve a multitude of conditions such as a plurality of authentication levels using different codes, setting up secure channels, etc.
Furthermore, it is possible for these conditions to be combined: for example, the right to write data in a file may be granted providing: a first level of authentication has been performed and a secure channel has been set up, or else if a second level of authentication has been performed successfully.
Thus, access rights occupy a large amount of memory space in the card, even though the memory capacity of a smart card is itself restricted. Furthermore, the time required to execute the program for evaluating rights is penalized by the fact that multiple reads need to be performed to determine whether or not a command may be executed on a given file.
Several standards, such as the ISO 7816-4 or ISO 7816-9 standards, describe mechanisms for managing access rights, but they all present shortcomings: they are not very open, and they give rise to rights evaluation times that are too long.