FIG. 1 shows an example of a numerical keypad comprising a matrix of keys connected to a processor 10. In this example, the matrix of keys comprises ten keys (associated with the digits 0 to 9), four rows (referenced LG0 to LG3) and three columns (referenced COL0 to COL2). Each key, when pressed, enables a row and a column of the matrix to be short-circuited. For example, when the key associated with the digit 6 is pressed, it short-circuits the row LG1 and the column COL1.
For the processor 10, the classic technique for managing a matrix of keys is to perform several successive iterations of a scan phase. As illustrated in FIG. 2, each iteration of the scan phase comprises the following steps for each of the rows LG0 to LG3 processed successively:                writing a predetermined logic value (logic level “0” in the example of FIG. 2) to the row; and        for each column COL0 to COL2, reading (symbolized by the letter “r” in FIG. 2) a logic value in the column to determine whether the column is short-circuited with the row, by comparison between the logic value read and the predetermined logic value.        
In other words, when the processor executes an iteration of the scan phase, it writes to the rows one by one and reads the columns simultaneously. The processor can thus detect the fact that only one key has been pressed or else that several keys have been pressed simultaneously.
In the example of FIG. 2, and here below in the description, the writing to the rows and the reading in the columns are done at logic level “0” in assuming that the rows and the columns are at the default logic value “1”. It is clear however that the principle remains the same if the use of the logic levels “0” and “1” is reversed (i.e. if the writing to the rows and the reading on the columns are done at the logic level “1” assuming that the rows and columns are at the default logic level “0”).
The above formulation, which is based on a matrix of keys (matrix M) and the notion of successive writing to the rows of this matrix M and simultaneous reading in the columns of this matrix M is considered to be a generic formulation. Indeed, there is an alternative in which writing is done successively in the columns of this matrix M and reading is done simultaneously in the rows of this matrix M. However, this alternative can be performed according to the previous formulation if we consider a new matrix M′ in which the rows correspond to the columns of the matrix M and the columns correspond to the rows of the matrix M.
In the example of FIG. 2, it is assumed that the key 6 is pressed. The processor therefore detects a short circuit between row LG1 and the column COL1 and deduces from this that the key 6 situated at the intersection between this row LG1 and this column COL1 has been pressed.
There is a need to make the classic technique for managing a matrix of keys (i.e. the classic keypad scan routine) secure.
This question is raised in the patent document FR2599525, which points to a risk that malicious individuals might try to intercept a confidential code when the operation passes from the keypad to means for the matrix analysis of the keypad, by row and by column. Later in the description, these means are also called a device for managing the matrix of keys, or again a processor. The document FR2599525 specifies that knowledge of the waveform of the signals of analysis of the keypad enable a snooper device to immediately make a trace-back to any confidential information struck on the keypad. To snoop on the keypad, it is enough to have a few connections (through probes) on the rows and columns of the matrix of keys of the keypad. Snooping on the signals present in the rows and columns of the matrix can also be done by analysis of electromagnetic rays known as electromagnetic analysis or EMA. However, it is assumed that the signals flowing within the device for managing the matrix of keys are relatively complex, thus making it difficult for them to be used to retrieve confidential information struck on the keypad. Consequently, the device for managing the matrix of keys is called a “protected module” in the document FR2599525.
In order to improve the security of the keypad, the document FR2599525 proposes that the device for managing the matrix of keys (“protected module”) should apply countermeasures to hinder the possibility of interception of any confidential information (a confidential code for example) struck on the keypad through snooping on the state of the rows and columns of the matrix of keys of the keypad.
More specifically, the technique proposed by the document FR2599525 combines the following:                a first mechanism for simulating: the protected module is provided with two-way links towards at least certain of the columns and rows of the keypad and the protected module comprises means for simulating a false activation of keys, at least some of the interrogation pulses being applied at the same time to at least one row and at least one column;        a mechanism for the true exploration of the keypad: the protected module explores the keypad key by key, in scrutinizing at each time a row or a column known as an “effectively analyzed” row or column, that receives no interrogation pulse (coming from the protected module). During this true exploration, the invention also proposes a complementary simulation when the protected module is in the presence of a non-transference of the start of the interrogation pulse to the column or row analyzed (i.e. one or more explored keys are not actuated): the protected module then responds to this condition by applying a dummy pulse to the column or row analyzed which ends with the interrogation pulse (the start of this pulse being, on the contrary, slightly delayed relative to the start of the interrogation pulse, given the decision time needed for the protected module);        a second simulation mechanism: the protected module carries out no true interrogation of a chosen key during a predetermined time corresponding to the normal time of actuation of a key and, during this same period, it creates a false response which can be attributed to this chosen key.        
Two embodiments of these mechanisms are proposed.
In the first embodiment, the protected module is provided with two-way links towards all the columns of the keypad:                for the first simulation mechanism, the protected module has a state of pure simulation in which it applies the interrogation pulse to a row and to all the columns of the keypad;        for the mechanism of true exploration of the keypad (key by key), the protected module applies the interrogation pulse to a row and to all the columns except to an analyzed column, the key effectively explored being defined by the interrogated row and the analyzed column.        
In the second embodiment, the protected module is provided with two-way links towards all the rows and all the columns of the keypad:                for the first simulation mechanism, the protected module has a pure simulation state in which it applies the interrogation pulse to all the rows and all the columns of the keypad;        for the mechanism of true exploration of the keypad (key by key), the protected module applies the interrogation pulse on the one hand to all the rows and columns except to an analyzed row, and, on the other hand, to all the rows and columns except to an analyzed column, the key effectively explored being defined by the row and the column analyzed.        
While the technique of the document FR2599525 improves the security of the keypad, it is however not optimal. Indeed, the duration and resources of computation needed for executing the mechanism of true exploration of the keypad are not optimized since this is a key-by-key exploration.
It will be noted that the second embodiment is even more costly in computation time and resources than the first embodiment since each key is explored in two steps, firstly through the row to which the explored key belongs and then through the column to which this explored key belongs. A greater number of sequences of interrogation signals therefore has to be generated in a same period of time so as not to lose information on the real state of the keypad.