The present invention relates to a process for protecting components of smart cards from fraudulent use, wherein the component is locked as long as an unlock order formed by a secret key has not been applied thereto.
At the present time, to produce a smart card according to the traditional process, one necessarily has to go through the following different stages:
I. Manufacture of the component, or "chip", at the silicon foundry. PA0 II. Mounting the component at the smart card maker's.
1. Masking of the read-only memory, or ROM, (operating system) and of the different functionalities of the component, diffusion, testing, etc.
2. Writing of a unique number N (different for each component) and of a secret key SK in the programmable non-volatile memory of the component (EPROM, EEPROM, FLASH, etc.);
3. Component under the control of the operating system;
4. Delivery of the silicon wafers on which the components are produced to the smart card maker.
1. Reception of the silicon wafers;
2. Mounting in a plastic card;
3. Unlocking the component by means of the secret key SK;
4. Customization of the programmable non-volatile memory of the card according to the applications contemplated;
5. Delivery of the finished product to the client.
It can be seen that, after stage I.1., the component is under the control of the operating system (ROM), which blocks any order received, as long as the unlock order formed by the secret key SK has not functioned correctly. This unlock command is only sent to the card, in fact, in stage II.3., at the smart card maker's.
However, it can also be seen that the silicon foundry writes the secret key SK in the component in stage I.2. and thus necessarily knows this key, which is generally transmitted thereto in a protected form by the smart card maker. Subsequently, dishonest foundry personnel could well unlock the component as from stage I.2., and use it for fraudulent purposes.