1. Field of the Invention
The present invention relates to security modules, as employed for example for pay TV applications, credit cards, telephone cards or as TPM plug-in cards, and refers in particular to securing the algorithm code that is employed for the communication between security module and terminal against external attacks.
2. Description of the Related Art
With the increasing advent of cashless payment traffic and the increase of information network-technology even in individual households, such as e.g. in case of pay TV applications, there is an increasing demand for cryptographic algorithms in order to be able to perform digital signatures, authentications and encryption tasks. Known cryptographic algorithms comprise asymmetric encryption algorithms, such as e.g. the RSA algorithm, symmetric encryption processes, such as e.g. the DSE process, as well as processes based on elliptic curves.
In order to be able top perform the computations prescribed by the cryptographic algorithms in everyday life with an acceptable speed on the one hand and in as convenient manner for the user as possible on the other hand, chip cards, such as smart cards or signature cards, are employed comprising an individually provided cryptographic processor for implementing the cryptographic algorithm. Depending on the particular application or use, the cryptographic processor must be capable of performing authentications, signatures, certifications and encryptions or decryptions in accordance with different cryptographic algorithms. In addition to implementation of the cryptographic algorithms, the chip card contains stored, chip card-specific information, such as a secret key and, in case of a credit card, the credit card number, the account number and the balance and, in case of a pay TV smart card, a smart card ID, a customer ID and other customer-specific information. A chip card enables the user of the chip card to carry out certain transactions, such as e.g. debiting, on specifically provided terminals or other end apparatus, such as pay TV decoders, in simple and efficient manner. In this regard, the cryptographic algorithms implemented on the chip card provide for protection of the chip card traffic against criminal manipulations.
For protecting chip card terminal systems against criminal manipulations, specific protocols are employed between the terminal and the chip card, comprising e.g. mutual authentication as well as encryption and decryption operations making use of the cryptographic algorithms implemented in the cryptographic processor. A problem with conventional chip cards is that the algorithms used for the secret functions, e.g. for encryption, are fixedly provided on the chip card in the form of fixed wiring and/or in a stored form and are thus susceptible to being determined by spying performed by potential attackers. Determining cryptographic algorithms implemented in chip cards by an attacker comprises, for example, the chemical removal of the circuit structure of the cryptographic processor and the optical analysis of the exposed semiconductor structures. If an attacker, by way of the chip card in his possession, succeeds in obtaining the cryptographic algorithm implemented therein, the attacker will be in the position, due to his knowledge of the cryptographic algorithm and thus by the possibility of implementing the same, to carry out certain attacks against the chip card in order to obtain the secret data, such as the secret key or other data of crucial security of the chip card. When the underlying cryptographic algorithm is known, the attacks have a by far greater chance of success, and consequently the security chain of the chip card traffic is at risk.
With conventional chip cards, the problem of spying is counteracted merely by specific hardware processes or technologies, such as by the hidden contact process. In the case of this process, attempts are made to prevent the optical analysis, of removed semiconductor structures. By preventing such an optical analysis, one can prevent the occurrence of a conclusion relating to the underlying electronic circuit by means of hidden contacts and by the use of specific layout libraries for the underlying gates, in which different gates, such as AND gates and OR gates, differ from each other merely by different doping. These hardware concealing measures indeed increase the expenditure required by a potential attacker for finding out the underlying cryptographic algorithms, but on the other hand also increase the circuitry and design expenditure, and the chip area, and thus the costs of the cryptographic processor and the chip card, respectively.
A chip card with increased security against foreign attacks and reduced circuit expenditure is very attractive for chip card manufacturers in particular with regard to the high market potential and the large numbers of pieces in which chip cards are produced.