Chip cards have been used for a long time, especially to identify or authenticate a product, an account and/or a person. The chip, or microprocessor, therefore has a specific transistor structure, which defines a processing logic and memory zones, of which at least part are secured, containing secret data.
This secret data, also known as secured or critical data, is protected by different types of protective measures, for example to prevent the cloning of cards in which they are stored, or information being obtained (such as a secret identification code) permitting fraudulent use of a stolen card.
For example, one security technique consists of storing this data in memory zones that are not accessible and non-modifiable.
There are also protective measures called counter-measures, which consist of masking the current consumption of a card to “outside observers”, when the card is in use, by scrambling this consumption or by presenting a chaotic current consumption, that is not representative of the actual consumption of current in the card.
Indeed, failing access to the critical data, a malevolent person may obtain, by observing the consumption of current of a card when in use, useful information about the logic operations carried out.
The implementation of these counter-measures therefore permits the current consumption of a card to be masked when it is in use.
This technique corresponds for example to the activation of additional logic operations, that are not required for the operation of the card, and which cause additional consumption of current, that is not representative of the actual operation of the card.
These counter-measures may be systematically activated during the operation of the card, in order to protect the critical data that may be handled during the operation.
One disadvantage of this technique of the prior art lies in the fact that the activation of these counter-measures is costly in terms of energy consumption of the card.
Furthermore, another disadvantage lies in the fact that the activation of additional operations is costly in terms of the size of the code.
Finally, this security technique based on the activation of counter-measures is also costly in terms of time spent for programming.
There is another security technique which uses counter-measures, limiting the above disadvantages, which consists of only activating the counter-measures at certain moments during the operation of the card.
For example, the main program which carries out the operation of the card may be modified so as to plan the activation of counter-measures at moments that are defined as critical. For example, these moments may correspond to parts of the program code, or programmed actions, which handle data that is identified as critical. These critical moments are identified by the author of the program.
One disadvantage of this technique lies in the fact that it does not guarantee that all of the critical data is secured, as the program may have forgotten to identify part of the code as critical, or has misjudged the security level of an action or part of the code.