The present invention relates to secure processing of information, and especially a method and an apparatus for providing secure encryption of information to be kept safe from access by e.g. fraudulent persons.
In a number of applications, encryption is used prior to transmitting sensitive information over xe2x80x9copenxe2x80x9d communication channels. This information often relates to money transactions but may be any type of more or less security critical information relating to money transactions or other types of transactions. In some of these transactions, not even all of the circuitry at which this information is entered or generated may be assumed secure or safe from third parties. In this situation, the often very sensitive keys on which the encryption is based may be accidentally divulged. In order to prevent that, so-called security or safety modules are provided wherein the encryption takes place and wherein the encryption keys are stored in a secure manner. This xe2x80x9csecure mannerxe2x80x9d often incorporates enclosing the encryption means and the means holding the keys within an enclosure together with means for detecting attempts to divulge the keys or encryption procedure. These detecting means could upon such detection delete the keys and encryption procedure or otherwise render these unreadable. In this manner, once the information has been entered into the holding means, it only re-exits in encrypted form.
Another similar process to be performed securely is the authentication of a message. An authentication may be performed by performing an operation on the messagexe2x80x94which may have been sent in clear textxe2x80x94the result of which operation is encrypted and transmitted to the receiver who decrypts the result and compares it to a similar operation performed at the receiver. If the results match, the message has not been altered during transmission.
Naturally, encryption and decryption as well as generating the authentication information and the authentication step at the receiver should be performed securely, as all these operations involve the sensitive methods and keys.
However, it has recently been observed that the processing of information within a microprocessor can be monitored via monitoring its power consumptionxe2x80x94as well as by monitoring the microprocessors I/O ports. In this manner, the methods by which the information is encrypted, i.e. encryption algorithms and possibly the encryption keys may be determined by fraudulent persons or other unauthorised third parties and, accordingly, seriously reduce the overall security of the system.
It was recently published that monitoring the power consumption of the processor may reveal such security sensitive information. It has also been found that there exist at least two other mechanisms that may reveal information pertaining to me processing of the microprocessor. The I/O ports of the processor are capacitively coupled to many other parts of the microprocessor whereby signals relating to e.g. encryption processing of the processor may be accidentally transferred to the I/O ports. Another mechanism that also may transfer these""signals to the I/O ports of the processor is a typical common voltage supply line between the CPU part of the microprocessor and the I/O ports of the processor. Ripple voltages on this common supply line, originating from current pulses that supplies power to logic circuitry of the CPU, will also modulate the voltage supplies of the I/O ports so that measuring fluctuations of I/O port output voltages may accidentally reveal information as to the processing of the processor.
The present invention provides simple and innovative solutions to these above-mentioned problems. Different solutions have prior been proposed relating to different manners of altering the actual encryption method, in order for the divulged information to be less clear. However, to rapidly modify existing apparatuses and methods, the present invention enables the use of existing and fully verified encryption methods.
Another object of the invention is to provide a method of modifying the existing apparatus so as to utilise a relatively small amount of additional hardware which can be integrated within the relatively small volume of the shielding means.
Consequently, in a first aspect, the invention relates to an apparatus for secure processing of information according to claim 1.
In the context of money transaction machines, ATMs, vending machines etc., the means for providing the information to be processed may be a keyboard from which a PIN code to be encrypted is providedxe2x80x94or circuitry external to the holding means providing other information to be encrypted, such as information that is used in a money transaction. The means for providing the information may also comprise a bi-directional serial data bus that transfers the information between a chip-card reader or station and the processing means in the form of a chip-card processor arranged on a chip card.
Accordingly, an apparatus according to the present invention may also be a chip-card. A chip-card comprises a chip-card processor arranged on or buried within the card, typically in a dent or indentation moulded or drilled in the plastic carrier of the card. The chip card processor is often encapsulated by a lump of protective material such as a lump of epoxy coating to keep moisture and other contamination away from processor and functioning as the holding means of the chip-card processor in the present context. A chip card processor typically comprises a CPU part or CPU circuit block to perform encryption/decryption algorithms as well as performing various xe2x80x9chouse holdingxe2x80x9d tasks such as reading from and writing to a volatile and/or non-volatile memory, communication over I/O parts etc. required to make the chip-card provide a specified functionality. Optionally, the chip card processor may additionally comprise an encryption processor which may relieve a part of the CPU workload by calculating the often complex encryption/decryption algorithms such as algorithms based on private key-public key coding forms. These algorithm calculations as well as their associated key clearly comprise processing of security critical information that should be hidden from unauthorised third parties. The calculation of the algorithms may be entirely performed by the encryption processor, if one is available within the processing means, or alternatively only partly, depending on the calculation workload associated with a particular algorithm with respect to the processing power of the CPU and the encryption processor.
According to a preferred embodiment of the invention, the encryption processor performs substantially all of the required security critical or secret processing while being supplied with power from the second power supplying means during these security critical operations. In this embodiment, the CPU may be provided with power from the first power supply means since it is not performing any security critical operation. By supplying power to the CPU from the first supply, the power stored in the second power supply may allow more processing steps to be performed in the encryption processor before the power storing capability of that supply is exhausted. Accordingly, in this embodiment, the encryption processor may advantageously perform substantially all of the required secret processing so that monitoring the power consumption of the first power supply does not reveal any information as to the security critical processing steps, encryption keys and algorithms utilised by the chip-card processor.
The second power supplying means may comprise one or several capacitors integrated on the chip-card processor. This makes monitoring of the power consumption of such integrated capacitor(s) very difficult, due to the extremely small size of integrated circuit blocks and capacitors and their associated power wiring. Furthermore, the surface of the chip-card processor may be covered with a highly resistant coating that even makes micro-probing of the chip difficult or impossible. According to an alternative embodiment, a dedicated capacitor substrate, holding one or several capacitors, and abutting the chip-card processor may provide the second power supplying means. This solution may be advantageous if the integrated capacitors on the chip-card processor are not capable of providing a sufficient amount of power for the processing means which perform the security critical processing.
The holding means may make physical access to the processing means difficult or impossible, such as holding means provided by a metal casing or housing or a hard lump of epoxy coating. Instead of making access impossible, the holding means may cause unauthorised opening thereof to break certain parts of circuitry therein. Also, the circuitry therein may provide functions and/or comprise means for erasing or otherwise making encryption keys and methods unreadable when an attempt to gain access to them has been detected. In that situation, the holding means would act also to merely prevent accidental opening which would cause immediate destruction of the operability of the encrypting means.
Thus, by providing a power storing means within the holding means, power does not need to be provided from the outside of the holding means to the processing means when the processing is performed. In that manner, the above-mentioned detection of parameters of the processing method may be avoided.
Often, the first power supplying means are a number of wires, and, optionally, also a number of electrical contact pads, transporting power generated outside the holding means to the inside of the holding means. In prior art apparatuses, the power received from these wires would directly feed e.g. the processing means in the holding means. According to the invention, this direct supplying of power may now be prevented, at least in time intervals wherein Use security critical part of the processing is performed. Thereby, these wires do not accidentally relay information to the outside of the holding means about the processing of the processing means.
Preferably, the second power supplying means are adapted to supply power to the processing means or at least the part of the processing means, when the switching means prevent power feeding from the first power supplying means to the processing means or at least the part of the processing means.
In order to prevent any relaying of the abovementioned information relating to the operation of the processing means to the outside of the holding means via the operation of the storing means, the controlling means are preferably also adapted to control the switching means to prevent power from being fed from the first power supplying means to the power storing means while they prevent power feeding from the first power supplying means to the processing means.
Normally, it would only be required to provide xe2x80x9cinternal poweringxe2x80x9d to the processing means or the at least part of the processing means during the periods of time where the processing means perform security critical processing of Information. Therefore, the controlling means are preferably also adapted to control the switching means to re-establish power feeding from the first power supplying means to the processing means or the at least part of the processing means after they have performed the security critical processing. In that situation, it may also be advantageous that the controlling means are also adapted to control the switching means to re-establish power feeding from the first power supplying means to the power storing means, when the processing means or the at least part of the processing means have performed the security critical processing.
Normally, the apparatus further comprises means for outputting the processed information for transferring it to e.g. a receiving party for decryption in the case where the processing comprises a security critical processing such as encryption and/or for check of authenticity.
Normally, the processing means will be adapted to be controlled by a set of instructions. In that situation, it will be preferred that the set of instructions comprises one or several preventing instructions making the controlling means control the switching means to prevent power feeding from the first power supply means to the processing means or the least part of the processing means. The set of instructions which is associated with a particular application will often comprise a subset of instructions which performs the security critical part of the processing. This security critical subset of instructions is preferably preceded by the preventing instruction. This subset of instructions would often be the software handling the actual security critical processing and accordingly any, information about this should be prevented from leaking.
Preferably, the set of instructions furthermore comprises a re-establishing instruction subsequent to the security critical subset of instructions the re-establishing instruction making the controlling means control the switching means to re-establish the power feeding from the first power supplying means to the processing means and optionally to the power storing means.
Thus, in fact, using the present invention, the security critical information as well the subset of instructions performing the security critical processing (often comprising an encryption/decryption algorithm) may remain unaltered, and the only modification required of the software controlling the processing means may be the introduction of the preventing and re-establishing instructions before and after the security critical part of the processing.
Even though the prevention of feeding of power to the processing means would ensure that information relating to the processing process is not divulged via the power consumption, it may be preferred that the switching means are adapted to, when preventing power feeding from the first power supplying means to the processing means, remove a galvanic connection of the first power supplying means between the outside of the holding means and the processing means, and similarly that the switching means are also adapted to, when preventing power feeding from the first power supplying means to the storing means, remove a galvanic connection of the first power supplying means between the outside of the holding means and the storing means.
Preferably, the power storing means are selected from the group consisting of: a battery, a capacitor, and an inductor and switching means are preferably selected from the group consisting of: relays, transistors, and diodes.
A simple operation of the xe2x80x9cswitchingxe2x80x9d of power supplying means may be obtained when the storing means and second power supplying means are adapted to automatically provide power to the processing means or the at least part of the processing means, when the switching means operates to prevent feeding of power from the first power supplying means to the processing means or the at least part of the processing means. In this manner, the one switching means may suffice in order to perform the switching. An alternative it solution is obtained when the apparatus comprises an additional switching means adapted to provide and/or prevent power from the storing means and the second power supplying means to the processing means or the at least part of the processing means, when the switching means operate to prevent feeding of power from the first power supplying means to the processing means or the at least part of the processing means. In that manner, two switching means are provided, the operation of which may e.g. be co-ordinated.
In general, the security critical processing of the information may be any processing involving security sensitive algorithms or data. Most of such processing involves encryption, decryption, authenticity check or the generation of data for use in a subsequent authenticity check.
In a second aspect, the present invention relates to a method of secure processing information using the above-mentioned apparatus, the method comprising
providing the information to be processed,
operating the switching means in order to prevent power feeding from the first power supplying means to the processing means or the at least part of the processing means,
supplying power to the processing means or the at least part of the processing means from the power storing means using the second power supplying means, and
processing the information using the processing means or the at least part of the processing means.
Preferably, the switching means also prevent power from being fed from the first power supplying means to the power storing means, while also preventing power feeding from the first power supplying means to the processing means or the at least part of the processing means.
As mentioned above, it is also preferred that the switching means re-establish power feeding from the first power supplying means to the processing means or the at least part of the processing means, when they have performed the security critical processingxe2x80x94and that the switching means re-establish power feeding from the first power supplying means to the power storing means, when the processing means or the at least part of the processing means have performed the security critical processing.
Also, normally, the method would further comprise the step of outputting the processed information or at least part of the information after the processing thereof, as the information is now in a non-readable format for third parties and may thus securely be transmitted to the intended recipient, if encryption/decryption forms part of the processing.
When processing means comprises means for controlling the operation of the switching means, the method preferably comprises the step that the controlling means prevent power feeding to the processing means or the at least part of the processing means and optionally the power storing means before the processing means performs the security critical part of the processing.
Preferably, the security critical processing steps are performed when the processing means is solely powered by the power storing means. When performing non-secret processing tasks as e.g. the above-mentioned xe2x80x9chouse-holdingxe2x80x9d tasks, the processor means may however be powered by the first power supplying means to the extent that these non-secret tasks do not involve sensitive or security critical operations or information. Normally, the method furthermore comprises the step of supplying power from the first power supplying means to the storing means before the step of operating the switching means in order to prevent feeding of power from the first power supplying means to the processing means or the at least part of the processing means. In that manner, the power storing means will be charged before power is required therefrom.
A simple operation is obtained, when power is automatically provided from the storing means to the processing means or the at least part of the processing means, when the switching means operate to prevent feeding of power from the first power supplying means to the processing means or the at least part of the processing means.
Alternatively, the apparatus may further comprise an additional switching means, and the method comprising providing, using the additional switching means, power from the storing means and the second power supplying means to the processing means or the at least part of the processing means, when the switching means operate to prevent feeding of power from the first power supplying means to them.
As is clear from the above, the present invention prevents that security critical information, or optionally any other information, will be revealed via the power consumption and at the same time makes it possible to retain most of the original apparatus. The modifications to be performed comprise the addition of a few electrical components and possibly a few additions to the existing software running on the processor means of the apparatus.
Also, the processing of the information will often incorporate an encryption or decryption of the information that has to be kept secret or an authenticity check or the generation of data for use in an authenticity check.
Consequently, in a third aspect, the invention relates to a method of altering an existing apparatus for secure processing of information, the apparatus comprising:
means for providing the information to be processed,
means for processing the information,
means for holding or encapsulating the processing means,
first means for supplying power from a position outside the holding means to the processing means.
In the situation where the processing means is controllable by a set of instructions comprising a subset of adjacent instructions making the processing means or the at least part of the processing means perform the security critical processing, the present method preferably comprises introducing in the set of instructions a first preventing instruction preceding the subset of instructions, the preventing instruction being adapted to make the controlling means make the switching means prevent power feeding from the power supplying means to the processing means or the at least part of the processing means.
Also, in that situation the method further preferably comprises inserting a first re-establishing instruction subsequent to the subset of instructions, the re-establishing instruction being adapted to make the controlling means make the switching means re-establish power feeding from the first power supplying means to the processing means or the at least part of the processing means.
As described above, the controlling means are preferably also adapted to control the switching means to prevent power from being fed from the first power supplying means to the power storing means. In that situation, the method may comprise providing controlling means adapted to control the switching means to prevent power from being fed from the first power supplying means to the power storing means and inserting a second preventing instruction preceding the subset of instructions, the second preventing instruction being adapted to make the switching means prevent power feeding from the first power supplying means to the power storing means.
In that situation, the controlling means will typically also be adapted to control the switching means to re-establish power feeding from the first power supplying means to the storing means, whereby the method would comprise inserting a second re-establishing instruction subsequent to the subset of instructions, the second re-establishing instruction being adapted to make the switching means re-establish power feeding from the first power supplying means to the power storing means.
In a further aspect, the invention relates to an apparatus for securely processing information, according to claim 36.
Thus, this aspect addresses the problem of revealing security critical information via I/O ports or other ports of the processing means.
Most often, the signals output from such processing means during normal I/O operation will have a frequency lower than the information output accidentally via capacitive coupling within the processing means.
Consequently, the predetermined signals may be signals having a frequency above 100 kHz, such as above 200 kHz, preferably above 300 kHz, such as above 500 kHz, preferably above 700 kHz, such as above 800 kHz, preferably above 900 kHz, such as above 1 MHz, preferably above 1.5 MHz.
As the predetermined signals will often be correlated to the clock frequency of the processing means when the processing means is a processing means operating in accordance with a clock frequency, the predetermined signals may be signals having a frequency above 0.01% of the clock frequency, such as above 0.02% of the clock frequency, preferably above 0.05% of the clock frequency, such as above 0.08% of the clock frequency, preferably above 0.1% of the clock frequency, such as above 0.12% of the clock frequency, preferably above 0.15% of the clock frequency, such as above 0.17% of the clock frequency, preferably above 0.2% of the clock frequency.
In one embodiment, the preventing or attenuating means may comprise filtering means, such as low pass filtering means, adapted to remove or attenuate the predetermined signals.
In the case of a low pass filter, the filter may have a cut off frequency being below a lowest frequency of the predetermined signals, such as below 0.9 times the frequency of the predetermined signals, preferably below 0.8 times the frequency of the predetermined signals, such as below 0.6 times the frequency of the predetermined signals, preferably below 0.5 times the frequency of the predetermined signals, such as below 0.3 times the frequency of the predetermined signals, preferably below 0.1 times the frequency of the predetermined signals.
Alternatively, the preventing means or attenuating means may comprise switching means adapted to prevent or attenuate any signals along the transporting means. Such a switching means may be selected from the group consisting of: a transistor, a relay and a diode.
The controlling means are adapted to control the preventing means to prevent the predetermined signals while the processing means processes the security critical part of the information. They need not perform this task constantly, i.e. during processing steps where e.g. xe2x80x9chouse holdingxe2x80x9d tasks are performed by the processing means. However, if the signals to be output during normal I/O operation of the processor spans across a large frequency range, it may be the simplest to simply provide means constantly performing the preventing. Alternatively, the preventing are performed at those time intervals, where it is required that information cannot leak e.g. during security critical processing. Thus, in that situation, the controlling means are adapted to control the preventing means to initiate preventing at a point in time before a point in time where the processing means initiate the processing of the information. In that situation, the controlling means are adapted to control the preventing means to stop preventing at a point in time after a point in time where the processing means has finished the processing of the security critical information.
Naturally, the apparatus will normally comprise means for outputting the processed information or at least a part of the information.
The processing means may be adapted to be controlled by a set of instructions, the instructions comprising a preventing instruction making the controlling means instruct the switching means to prevent the predetermined signals. Also, normally the set of instructions comprises a subset of instructions making the processing means perform the security critical processing, the subset of instructions being preceded by the preventing instruction, and preferably the set of instructions furthermore comprises a re-establishing instruction subsequent to the subset of security critical instructions, the re-establishing instruction making the controlling means stop preventing the predetermined signals.
In order to fully ensure that the predetermined signals are prevented from flowing, the preventing means may be adapted to, when preventing the predetermined signals, remove a galvanic connection of the transmitting means between the outside of the holding means and the processing means.
Many types of security critical processing may be contemplated. However, some of the most widely used are an encryption, a decryption, an authentication or an authentication check of the information.
Another aspect of the invention relates to a method of securely processing information using the apparatus according to the above aspect, the method comprising
providing the information to be processed,
operating the preventing means in order to prevent the predetermined signals, and
processing the information using the processing means.
In one situation, the preventing means prevent transportation of the predetermined signals, when the processing means perform the processing.
The processing means comprise means for controlling the operation of the preventing means, and the method may comprise the step that the controlling means operate the preventing means so as to prevent the predetermined signals before the processing means performs the security critical processing.
In that situation, it would be suitable if the method comprises the step that the controlling means operate the preventing means so as to re-establish flow of the predetermined signals, when the processing means has performed the security critical processing.
A last aspect of the invention relates to a method of altering an existing apparatus for securely processing information, the apparatus comprising:
means for providing the information to be processed,
means for processing the information,
means for holding or encapsulating the processing means, and
means for transport information from the outside of the holding means to the processing means or from the processing means to the outside of the holding means.
Preferably, when the processing means is controllable by a set of instructions comprising a subset of adjacent instructions making the processing means perform the security critical processing, the method would comprise introducing in the set of instructions a first preventing ion preceding the subset of instructions, the preventing instruction being adapted to make the controlling means make the preventing or attenuating means prevent or attenuate the predetermined signals.
In that situation, preferably the method would also further comprise inserting a first re-establishing instruction subsequent to the subset of instructions, the re-establishing instruction being adapted to make the controlling means make the preventing or attenuating means not prevent or attenuate the predetermined signals.
Further scope of the applicability of the present invention will become apparent from the detailed description given hereinafter. However, it should be understood that the detailed description and specific examples, while indicating preferred embodiments of the invention, are given by way of illustration only, since various changes and modifications within the spirit and scope of the invention will become apparent to those skilled in the art from this detailed description.