The present invention relates to an integrated circuit providing an authentication function in a smart card.
Conventional smart cards, also known as integrated-circuit cards, comprise an embedded integrated circuit such as a microcontroller having a central processing unit (CPU), a rewritable non-volatile data memory for storing data, and a masked read-only memory (ROM) for storing programs. In many smart cards, an authentication function is implemented by means of key data stored in the non-volatile data memory and an algorithm stored as a program in the masked ROM. Running on the CPU, the program uses the key data and other data, such as random-number data, to generate authentication data, which are then used to authenticate the identity of the card, or the identity of a host device with which the card communicates. A high degree of security can be provided by the use of long keys and complex algorithms. An integrated circuit comprising a CPU, however, has the disadvantages of being comparatively large and expensive.
If the CPU is not needed for other processing, an integrated circuit employing hard-wired logic for authentication can overcome these disadvantages, but the algorithms that can readily be implemented in hard-wired logic are limited in complexity, and do not provide a high level of security. Since a person who succeeds in penetrating a single card can sometimes compromise the security of an entire system, a system using cards with hard-wired authentication logic is at considerable risk.
Another problem with integrated circuits of both of the above types is that the authentication algorithm is unalterable, or at least, the algorithm cannot be altered easily. Alterations can be made only by modifying the photolithography masks used in manufacturing the integrated circuit, which is an expensive and time-consuming undertaking.