1. Field of the Invention
The invention relates to a method for securing a predetermined operation, particularly the pre-initialization phase of an embedded microchip system, through the secure loading of a dedicated-use encryption key.
It applies more particularly to a smart card.
The invention also relates to an embedded system for implementing the method.
In the context of the invention, the term “pre-initialization” is meant in a general sense. It particularly relates to the manufacturing phase of a traditional smart card, or to the phase preceding the initialization phase of a so-called open smart card.
Likewise, the term “embedded system” refers to various systems or devices having in common the fact of using a microchip comprising data storage and data processing means, generally constituted by a microprocessor or a microcontroller. Such an embedded system can be constituted, in particular, by a smart card.
To illustrate the concept, we will consider hereinafter the preferred application of the invention, i.e., the pre-initialization of a smart card.
2. Description of the Related Art
In most smart card-based applications, various functions related to security are devolved to the smart cards. This term itself covers various concepts: confidentiality, authentication, etc.
For this reason, written into a nonvolatile part of the aforementioned storage means of the microchip, in permanent (using “Read Only Memory” or “ROM”), or semi-permanent (“Electrically Erasable Programmable Read Only Memory” or “EEPROM”) fashion, is so-called secret data required for these functions: encryption algorithm, secret encryption keys, identification data, etc.
Among this data, there is a so-called fabrication key that traditionally makes it possible to secure all of the steps for pre-initializing the smart card.
Normally, the manufacture of a smart card takes place in two main phases. During the first phase, a microchip is manufactured by a first entity, which will hereinafter be called the “chip manufacturer.” During a second phase, this microchip is packaged, then integrated into a substrate, i.e. an approximately rectangular piece of plastic, which constitutes the smart card per se. This operation is generally performed by a second entity, different from the first, which will hereinafter be called the “card manufacturer.”
A third entity, which will hereinafter be called a “pre-personalizer,” performs the aforementioned pre-initialization operation.
In the prior art, almost systematically, the fabrication key that secures all of the steps in the pre-initialization of a smart card is written in unencrypted form, and without prior authentication by the card manufacturer. This operating mode poses several problems:                if cards are stolen during their transport from the chip manufacturer to the card manufacturer, there is no guaranteed software security: the cards can be preinitialized fraudulently and then used maliciously;        a defrauder producing a card that is in any way cloned can insert it into the card-making chain without being detected; and        simple online espionage makes it possible to obtain the fabrication key, transmitted in unencrypted fashion.        
One solution would be to have the fabrication key written by the chip manufacturer during a so-called probe operation, but this solution is very costly, since the secret data must be changed for each card (non-static data), which moreover is detrimental to the production rate of the chip manufacturer. This costly method is therefore not realistic, and because of this, is practically never implemented.