1. Field of the Invention
The invention concerns integrated circuits. It can be applied particularly, but not exclusively, to integrated circuits for memory cards and especially to circuits wherein the essential element is a electrically erasable programmable memory requiring electronic security mechanisms.
2. Description of the Prior Art
Security is needed in a great many applications where it is sought to make the information stored in a memory incapable of being read or incapable of being modified by the user of the card. This is the case, for example, with bank cards or in other applications where the integrated circuit is used to perform transactions or operations of a financial nature. This is also the case with access control operations or operations for checking the identity of a user etc.
In other applications, a security system may be necessary to modify or prohibit certain functions of the circuit, depending on the user.
For convenience's sake, the explanation of the present invention is given with reference to an application of an integrated circuit for a memory card requiring security mechanisms that give protection against access to certain zones or certain functions of the circuit.
In practice, the integrated circuit is first marketed by a manufacturer of integrated circuits. The card is then marketed by a party who shall be called the "issuing party" and the card is used by an ultimate "user". The term "issuing party" is used herein in the context of applications such as banking applications where the bank "issues" chip cards having a monetary value. However, the term "issuing party" should not be restricted to applications of this type, and it shall hereinafter designate any person or organization or firm that installs a security mechanism after having configured certain functions or items of data of the card and before giving the card to the ultimate user. The issuing party will have access to certain functions of the circuit and the ultimate user will have access to other functions (as a rule, he will have access to more restricted functions).
The following operations are necessary before the card is given to the ultimate user: the manufacture of the integrated circuit, the testing of the integrated circuit, the supply of the tested circuit to the issuing party, the fitting of the integrated circuit into the card by the issuing party or by the issuing party's supplier, the introduction of data or the setting up of a particular configuration of the integrated circuit (customizing for example) by the issuing party in accordance with the needs of the ultimate user, the activation by the issuing party of a security mechanism (present in the integrated circuit) that bars access by the ultimate user to certain zones of the circuit, notably certain memory zones.
For the integrated circuit manufacturer, the problem takes the following form: all the functions and pieces of data of the integrated circuit have to be tested, for the manufacturer cannot deliver defective circuits to his customer, namely the "issuing party". The manufacturer therefore performs tests, notably on all the memory zones and on the various functions of the circuit.
The invention is based on the observation that the tests carried out up till now are incomplete for they do not enable the manufacturer to check the functioning of the circuit in the exact configuration in which it is seen by the user, i.e. after the processing operations performed by the issuing party (the setting up of various configurations, the introduction of data and the activation of a protection lock).
This difficulty also exists when, in certain applications, the manufacturer himself sets up a security mechanism which he activates after the tests on the circuit, before delivering this circuit to the issuing party. For, in practice, the manufacturer cannot test the circuit in the exact configuration in which it is received by the issuing party, i.e. a configuration in which the security mechanism is activated.
The difficulties get added to one another when the manufacturer and the issuing party activate a security mechanism each.
The security mechanisms are irreversible logic locks which change the functions of the circuit when they are activated: for example, they bar access to certain parts of the integrated circuit.