This invention relates to a method for protection from attacks on a processor smart card or from its unauthorized use in a network for communication, preferably a GSM network, according to the preamble of claim 1, and to a corresponding smart card according to the preamble of claim 9.
In GSM systems it is known that for using the smart card (Subscriber Identity Module SIM) the card user must first identify himself as a legitimate user by means of a Personal Identification Number (PIN). To avoid abuse at this point it is known to transmit the PIN to the card user by having PIN/PUK letters produced by the card manufacturer or card personalizer and handing over said PIN/PUK letters to the card user.
Another, system-relevant security measure is the sealing of the PIN/PUK letter by the card manufacturer or card personalizer. The intactness of the seal on the PIN/PUK letter indicates to the card user that the secret numbers applied to the PIN/PUK letter by the card manufacturer cannot be known to any other card user. Since the secret numbers on the PIN/PUK letter were chosen randomly by the card manufacturer or card personalizer and are stored only in the secret memory of the SIM card, the card user can assume that by opening the PIN/PUK letter only he himself acquires knowledge of the secret numbers.
To avoid abuse upon PIN entry, it is known for PIN entry to provide an error counter that temporarily prevents further use of the card when a permissible number of abortive attempts is exceeded. To protect from unnecessary blocking of a card by inadvertent false entry of the PIN, it is known to provide on the card a Personal Unblocking Key (PUK) which can be used to define a new PIN and which reenables the card for use in the network. To avoid abuse upon PUK entry, it is known to provide an error counter which definitively prevents further use of the card when a permissible number of abortive attempts is exceeded.
In the known prior art, the card user is given the possibility of replacing the PIN defined by the card manufacturer or card personalizer by a self-chosen value. The value of the PUK cannot be changed by the card user. To be able to inform the card user of the PUK if the PIN/PUK letter is lost or inaccessible but the PIN inadvertently blocked, it is known to store the PUK additionally in a data base centrally with the network operator for all issued cards as a special service in some GSM networks. At the card user's request and after a check of the card user's identity, the PUK is transmitted to the card user for enabling the PIN.
Such a system also involves the danger that, by unauthorized opening of the PIN/PUK letter and for example by reprinting of the PIN/PUK letter or by manipulation of the PIN/PUK letter seal, the legitimate card user believes that he is the first user of the card although an illegitimate card user has already put the card into operation temporarily at the expense of the legitimate card user.