1. Field of the Invention
The present invention relates to a process for making secure the writing of sensitive data into the EEPROM data storage memory of a memory card, and, to a memory card or microchip card for the implementation of said process.
2. Description of the Related Art
In a memory card, especially of the electronic-cash type, that is to say containing information of a financial nature, a reserve of money, a credit, or in a card containing any confidential information, one of the main problems is to guarantee the integrity of the data present in memory, following an untimely wrenching out of the card, a fault in the supply to the processing terminal, or a program failure.
Thus, in the event of a problem as exemplified above, it is not known what becomes of the data present in memory, nor which data have been correctly updated or confirmed; the data may then take values which are erroneous, random or disproportionate as compared with the actual values.
For example, the amount of the available credit registered on a payment card or that figuring on a restaurant access card could be cancelled out or modified following an untimely wrenching out or a failure.
However, the invention also pertains to any microchip card containing a confidential or sensitive item of information or datum capable of being corrupted, altered or modified through clumsy or untimely handling, a programing error or a failure affecting its physical or logical modules.
Thus, one of the main objects of the invention is to recover the sensitive data or information items and restore them to the reliable state which they were in before the incident occurred and, to do this, the process is characterized in that it consists, during each write, in performing the following operations in succession:
a) registering the start address of the data area of the card to which a write is to be performed into an address field of the memory; PA1 b) reading the data present in this data area of the memory; PA1 c) storing the read data in a save area of the memory; PA1 d) writing the "WRITE IN PROGRESS" datum into a flag area of the memory; PA1 e) performing the write to the data area of the a memory; and PA1 (f) writing the "NO WRITE IN PROGRESS" datum into the flag area of the memory. PA1 This makes it possible to save a copy of the initial data before any modification or updating, whilst retaining and updating the information item upon the occurrence or the absence of difficulty during processing. PA1 a) reading the "FLAG" datum in the flag area of the memory and normally continuing the program for operating the card in the event that this datum is equal to "NO WRITE IN PROGRESS", and PA1 b) if the "FLAG" datum is equal to "WRITE IN PROGRESS": PA1 a data area for performing writes thereto, PA1 an address field for registering therein the start address for the said writes, PA1 a save area for temporarily storing therein already-written data, PA1 a flag area for writing thereto the "WRITE IN PROGRESS" datum or the "NO WRITE IN PROGRESS" datum.
Advantageously, the process according to the invention consists, during each powering-up of the microchip card, in performing the following operations:
copying the data stored in the save area of the memory into the data area, beginning with the address specified in the address field, then PA2 writing the "NO WRITE IN PROGRESS" datum into the flag area of the memory.
Thus, in the event of difficulty, for example caused by a disruption in the execution of the process, the initial situation is restored, and in the event of the absence of difficulty, the program carries on normally.
The process according to the invention can advantageously be implemented in a memory card and, in this case, there are provided, in the EEPROM data storage memory (non-volatile, erasable and reusable memory):
Thus, the microchip card retains a copy of the sensitive data and, during each write of the said sensitive data or during each powering-up, the data are restored to their initial state if the program reveals that an anomaly has occurred, such as an untimely wrenching out, a drop or stoppage in voltage, or any event likely to adversely affect the security of the processing or of the sensitive data concerned.