A description is given hereinafter, by way of example, of the use of these chip cards as payment cards which are, in a known way, used for example to pay for purchases at a retailer's or to withdraw banknotes from an automatic cash dispenser (ATM).
Other applications, such as accessing a web site or a service, are of course also known and processed in the same way. Likewise, it is understood that the “chip card” concept can be generally applied to other types of portable objects fitted with a secure micro-processor.
The specifications of chip cards operating with an electrical contact are laid down under international standard ISO 7816 from the “International Organisation for Standardisation”. These specifications are public and accessible to all, and therefore among others to ill-intentioned persons.
In particular, the standard ISO 7816-4 specifies the content of messages (commands, responses) between a chip card and a card reader and the structures of the data contained in these messages (making communications secure). The basic commands for reading, writing and updating the data on a chip card by a card reader, and which will be called hereinafter “standard and public commands”, are for example:                a security command (verify a personal identification number, known as a PIN, for example);        a personalisation command (write into the memory);        a payment command (debit, credit);        a cryptography command (sign a data block, verify the signature, generate a key);        a file management command (select, read, write, create).        
The EMV (Europay, Mastercard and Visa (trademarks)) international security standard, which is specific to the banking sector, lays down the rules necessary for international interoperability between payment cards and card reader terminals, enabling transactions to be made in a secure way, whatever payment card issuer and whatever card reader terminal is involved.
A counterfeiter (fraudster) having extracted from a lawful or genuine card (in other words a card issued by authorised chip card manufacturers) the information allowing him to reproduce its logic behaviour, can, from the aforementioned public specifications, program a commercially available electronic circuit to produce a cloned or fake card (hereinafter referred to as a “clone”).
Attempts have previously been made to prevent the cloning of genuine payment cards through the use of cryptographic keys, by assigning to a payment card a personal identification number (PIN), a confidential code or secret code, which is supposed to be known only to the bearer (authorised user) of the payment card.
1. Drawbacks of the Prior Art
A technique of this kind does not however afford full guarantees against the cloning of payment cards, since a confidential code associated with a payment card may be disclosed either at the card embedder's (card manufacturer's) when the card is personalised, or at the card issuer's (service provider such as a telephone operator or a banking institution for example) out of malicious intent or as a result of an attack by a fraudster.
A cloned payment card, if it has been efficiently programmed, is hard to tell apart from a genuine payment card, since their logic behaviours are identical, even if they do not comprise the same electronic circuit, and there has hitherto been no effective detection method in existence capable of detecting cloned payment cards.