An electronic entity, such as a smart card, for example, which generally includes electronic circuits able to store information, includes means for communication with the exterior, in order in particular to exchange information held by the electronic entity with external devices, of the reader or terminal type.
Of the communication means widely used, a distinction is made between contact communication means, for which physical electrically conductive contact between the electronic entity and the terminal is a necessary condition for setting up communication, and remote (or contactless) communication means, thanks to which communication between the electronic entity and a reader is possible without physical contact between these two elements, by way of communication by means of an electromagnetic wave, generally with a range of the order of a few centimeters.
The use of error (or fault) counters in a secured microcircuit is known. These error counters are used, for example, in smart cards to monitor the use of a personal identification number (PIN).
For example, if an incorrect PIN is received by the card, a fault counter is incremented by one. If the next PIN is correct, the fault counter is reset to zero. If not, the counter is incremented again. In this way, the fault counter retains a count of the number of successive incorrect PINs. When the value of this counter reaches a certain limit, use of the card is blocked.
The cards are generally provided with a mechanism that authorizes access, by way of different secret codes, for unblocking a blocked card. These secret codes are normally held by the provider of the card, for example a bank. Thus the cardholder can (and must) turn to the provider of the card or a similar authority to unblock their card.
There is also known from the document WO 2007/012738 an electronic entity having contact communication means and remote communication means, together with means for authorizing an exchange via the remote communication means as a function of the previous reception of an instruction via the contact communication means, where appropriate with verification that an activation item of information is equal to a predetermined value.
A drawback of these procedures is apparent in the case of cards having a contactless interface, or more generally an interface that is easily accessible or more easily accessible than a second contact interface. An attacker could use the easily accessible interface to send a series of authentication requests with incorrect authentication codes, which would have the consequence of blocking the card without the cardholder being informed of it (denial of service (DoS) attack).
Such an attack effected on a large scale can cause considerable damage to cardholders and to card providers obliged to intervene to unblock cards blocked in this way.