1. Field of the Invention
The invention relates to a data carrier data carrier for the transfer of communication data via at least two interface means having first interface means for receiving a first communication signal, and having second interface means for receiving a second communication signal, and having processing means to which a first clock signal derived from the first communication signal or a second clock signal derived from the second communication signal can be applied for the processing of the transferred communication data and having reset means for resetting the processing by the processing means.
2. Description of Related Art
Such a data carrier of the type defined in the opening paragraph is known from the document EP 0 945 828 and is formed by a transponder of a smart card. In a contact-bound mode of operation the known data carrier is adapted to transfer communication data from or to a write/read station via a contact pad of the smart card The contact pad and the input stages arranged after the contact pad form first interface means which can inter alia receive a first communication signal from the write/read station, from which communication signal a first clock signal is derived.
In a contactless mode of operation the known data carrier is adapted to transfer communication data from or to a transmitting/receiving station via an antenna stage of the smart card. With the antenna stage a high frequency second communication signal can be received. The antenna stage and the input stages arranged after the antenna stage form second interface means. One of these input stages is a voltage supply stage for the voltage supply to the module of the data carrier and another input stage is a clock derivation stage by means of which a second clock signal of a second clock frequency is derived from the second communication signal.
The known data carrier further has processing means which include a central processing unit and a memory and which are adapted to process and store the communication data. For this purpose, either the first clock signal, the second clock signal or an additional internally generated third clock signal can be applied to the central processing unit, to define the processing frequency of the central processing unit.
The known data carrier further includes reset means to which reset information for resetting the processing in the central processing unit in the contactless mode of the voltage supply stage and the clock derivation stage of the second interface means. The voltage supply stage supplies reset information when it is not possible to generate an adequate supply voltage and the clock derivation stage supplies reset information when it is not possible to derive a second clock signal.
In the contact-bound mode the processing means can be reset by reset information received from the write/read station via the contact pad. Resetting of the processing of the processing means causes the processing of the communication data to be reset and the processing sequence to be repeated from the beginning. It has been found that the known data carrier has the drawback that in the contact-bound mode the processing clock applied to the processing means is not tested at all and in the contactless mode it is not tested whether the processing clock lies within given frequency thresholds, in order to guarantee a maximal security for the communication data processed by the processing means, which communication data may be security-related data. This is particularly important because by means of so-called voltage contrast analysis method a hacker could detect communication data processed and stored in a data carrier by applying a processing clock signal of very low clock frequency to the processing means and determining the variations of the potential at particular positions of the hardware of the data carrier with the aid of the electron microscope.
It is an object of the invention to provide a data carrier in which even in the case of a simultaneous communication via both interface means a constantly high level of security is achieved for communication data processed and stored in the data carrier. According to the invention, in order to achieve this object with a data carrier of the type defined in the opening paragraph, a first frequency sensor is included, which is adapted to supply fist frequency reset information to the reset means when a first clock frequency of the first clock signal or the frequency of the first communication signal lies below a first lower frequency threshold, and a second frequency sensor is included, which is adapted to supply second frequency reset information to the reset means when a second clock frequency of the second clock signal or the frequency of the second communication signal lies below a second lower frequency threshold, and the reset means are adapted to reset the processing by the processing means when the first clock signal is applied to the processing means and the first frequency reset information is received or when the second clock signal is applied to the processing means and the second frequency reset information is received.
Thus, it is achieved that the frequencies of the first and the second communication signal applied to the data carrier via the first interface means and the second interface means or the clock frequencies of the clock signals derived from the communication signals are checked to ascertain whether they are higher than given lower frequency thresholds. The frequency sensors supply frequency reset information to the reset means if the clock signal applied to the processing means as processing clock has a clock frequency that is too low.
This has the advantage that, also in the case of parallel communication via both interface means, the reset means reset the processing meansxe2x80x94resulting in a loss of communication data already processedxe2x80x94only when the clock frequency of the first or the second clock signal applied to the processing means as processing clock lies below the given lower frequency threshold and there is actually a security problem.
The measures defined in claim 2 have the advantage that the frequency sensors also check whether the clock frequencies of the first and the second clock signal or whether the frequency of the first and the second communication signal is higher than given upper frequency thresholds. This situation could give rise to impermissible operating conditions as a result of timing problems of the processing means, which conditions could be used by a hacker in order to detect security-related communication data.
The measures defined in claim 3 have the advantage that when neither via the first interface means nor via the second interface means a communication signal is received from which a clock signal could he derived and, as a consequence, no regular contactless or contact-bound communication with the write/read station or the transmitting/receiving station takes place, the reset means reset the processing means and thus preclude hacking of processed or stored communication data.
The measures defined in claim 4 have the advantage that it is not necessary to wait until the time of, for example, a few hundred microseconds required for power up upon a reset of the processing means has expired before the calculating stage 14 is again capable of processing communication data. Thus, the transmitting/receiving station or the write/read station can start the communication with the data carrier without any loss of time, which has the advantage that the communication can proceed more rapidly.
The measures defined in claim 5 have the advantage that, when the first frequency sensor indicates that the first clock frequency of the first clock signal is lower than the lower frequency threshold, the first clock derivation stage derives the first clock signal in a different manner so as to obtain a first clock signal whose first clock frequency is higher than the lower frequency threshold and is suitable as the first processing clock.
The measures defined in claim 6 have the advantage that the data carrier can be manufactured particularly cost-effectively.