1. Field of the Invention
The invention presented describes a system and procedure for protecting against analytical espionage of secret information on electronic devices, in particular chip cards.
2. Description of the Related Art
Secret codes are stored on chip cards. These are used to protect access to functions and data which are relevant to security. In this, non-coded data is converted into coded data by means of a secret code.
To encode and decode, one or two codes are needed. If the spy, for example, finds out the secret code of an encoding algorithm, then he will be able to decode the encoded and thus protected data, to find out the content of the data and to change it if required.
There are many procedures to find out the codes on a chip card. One of these procedures involves finding out the codes using monitoring techniques specially developed for this. In this, as many encoding operations as possible are initiated in order to be able to find out the codes from the monitored information. In doing so, the analysis of the secret data is carried out using measurements, for example, of the current supply to the chip card. These measurements are, however, superimposed with noise. This requires the continually repeated use of the code, in order to be able to filter out the superimposed noise.
Safety precautions against this type of monitoring measure basically consist of the codes having to be protected against monitoring. There are several procedures for this using the current state of the art.
In one protection procedure, the chip card contains a fault counter. The fault counter starts to count if the chip card establishes a faulty use of the code, e.g. a mis-hit authentication using the wrong code. When the fault counter reaches a certain limit, further use of the code or the chip card is blocked.
One disadvantage of this procedure is that only faulty use is counted. Fault-free use is not counted. Therefore, this procedure cannot protect from attacks which find out the codes through fault-free use of modern monitoring techniques. This particularly affects the espionage of secret information by authorised users.
The German patent DE 19506921 describes such a procedure for a mobile data carrier, in particular a chip card. The mobile data carrier communicates with a data input and output device. The secret data which is entered into the data input and output device is compared to the secret data stored on the chip card. If the comparison detects a fault, then the counter counts upwards. After a certain number of faulty attempts, any continued use will be blocked automatically.
Another protection mechanism consists of limiting the number of uses of a code through a use counter. In this, valid uses are also counted. One disadvantage of this design is that in the case of too small a number of permitted uses being set, the card can also be blocked for authorised use, and in the case of too large a number of uses being set, the card and/or the code can be spied using analytical methods.
The Japanese patent 10069435 describes one such mechanism which counts, by means of a counter, the operations executed after activation of the card and which blocks the card on the maximum value being exceeded.
It is therefore an object of the present invention to provide a procedure and system for protection against espionage of secret information which avoid the disadvantages of the above-stated procedures.
This object is achieved by the present invention, as defined in the appended claims. The preferred design forms of the invention presented can be found in the subclaims.
One aspect of the present invention contemplates a procedure for protecting against analytical espionage of secret information. In accordance with this aspect of the invention, a counter is allocated to the secret information to establish the number of uses of the secret information. After it is set to a starting value, the counter value is increased by a defined value on each use of the secret information. The incrementing step may be repeated until either a defined event occurs or a defined maximum value is reached. The counter is reset to the starting value (which may be a new starting value) when the defined event occurs. On reaching the defined maximum value, the use of the secret information is blocked.
The use of the secret information may be unblocked on the presentation of a defined event and the counter value reset to the starting value.
Several secret pieces of information may be allocated to a counter. The event may be any technical, economic or organisational condition which can be accessed by the presence of a yes/no decision, and may consist of one or more part events which are combined with one another using an AND or OR function.
The same event may be allocated to different counters. The occurrence of an event in different counters may cause an increase in the counter value. Also, the occurrence of an event may lead to an increase in the counter value in one counter and to the resetting of the counter value to the starting value in another counter.
The secret information may be a code for encoding data, which may be stored in a chip card. The secret information may also be a secret function for executing safety-relevant operations on the chip card.
In another aspect, the present invention contemplates an electronic device for storing and processing secret information containing the procedure described above. The electronic device may be a chip card or security module.
In yet another aspect, the present invention contemplates a data carrier containing a program for executing the procedure described above.
The advantages of the present invention are that by automatically resetting the counter to its starting point on the entry of a defined event, an additional re-initialization through offices authorised for this becomes unnecessary. As each code can have its own allocated counter, different numbers of uses can be established for each code with regard to its function. As a chip card can contain any number of codes for the most widely varied applications, the block is only limited to the affected application.
The use of the chip card is therefore not blocked as a whole. The events allow different security and user requirements simply to be tailored to the respective application area.
The invention presented will be described in greater detail using a preferred design example in connection with drawings, which show the following: