The invention finds a very advantageous application in that it makes it possible to protect against fraud of integrated circuit chips with hard-wired logic, in particular chips which are fitted to prepaid cards used in diverse transactions such as the setting up of telephone communications, the payment for objects in an automatic dispenser, the renting of parking slots from a parking meter, the payment for a service such as public transport or such as the making available of infrastructures (tolls, museums, libraries, etc.), or the chips which are fitted to radiofrequency tags (“RFID tags”) used in the tracing of pallets, mass-consumption products, bank notes, etc.
At present, chips with hard-wired logic are apt to experience various types of fraud. A first type of fraud consists in duplicating the card without authorization, the term cloning often being used to characterize this operation. A second type of fraud consists in modifying the data attached to a card, in particular the amount of the credit registered in the card. To combat these frauds, cryptography is employed, on the one hand to ensure the authentication of the card by means of an authentication and/or to ensure the authentication of the data by means of a digital signature and, on the other hand to ensure as appropriate the confidentiality of the data by means of an encryption. Cryptography involves two entities, which are in the case of authentication a verifier and an object to be verified, and said cryptography may be either symmetric or asymmetric. When it is symmetric (or based on a “secret key”, the two terms being synonymous), the two entities share exactly the same information, in particular a secret key. When it is asymmetric (or based on a “public key”, the two terms being synonymous), one of the two entities possess a pair of keys, one of which is secret and the other public; there is no shared secret key. In numerous systems, in particular when the chip is of “hard-wired logic” type, only symmetric cryptography is implemented with prepaid cards, since asymmetric cryptography remains slow and expensive. The first authentication mechanisms developed in symmetric cryptography consist in calculating once and for all an authentication value, different for each card, in storing it in the memory of the card, in reading it at each transaction and in verifying it by interrogating an application of the network supporting the transaction where the authentication values already allocated are either stored or recalculated. These mechanisms ensure insufficient protection since the authentication value can be snooped, reproduced and replayed fraudulently given that it is always the same for a given card, thus making it possible to effect a clone of this card. To combat clones, passive mechanisms for authenticating cards are replaced by active authentication mechanisms which may moreover ensure the integrity of the data.
The general principle of symmetric active authentication mechanisms is as follows: during authentication, the electronic chip and the application calculate an authentication value which is the result of a function applied to a list of arguments that is determined at each authentication. The list of arguments may comprise a random number, that is to say a data item determined by the application at each authentication, a data item contained in the electronic chip and a secret key known to the electronic chip and to the application. When the authentication value calculated by the electronic chip is identical to the authentication value calculated by the application, the electronic chip is deemed to be authentic and the transaction between the electronic chip and the application is authorized.
Such authentication mechanisms are widely known but the majority require calculational capabilities at least equal to those of a microprocessor. These mechanisms are therefore suitable for microprocessor cards, but rarely for hard-wired logic chips, which have much more rudimentary means of calculation.
A first stage was reached when it was possible to integrate symmetric active authentication mechanisms into hard-wired logic chips. For example, FR-A-2 826 531 describes a method making it possible to specify such mechanisms. It will be noted that the authentication value produced by these mechanisms may also be interpreted as a sequence of pseudo-random bits and, by varying at least one of the input parameters, the method of calculating the authentication value then becomes a method of generating pseudo-random bits.
However, the secret key mechanisms make it necessary for the verification unit, in charge of the authentication of the chip, for example present in a public telephone, an electronic payment terminal, or else a public transport gateway, to know the secret key owned by said chip. This results in a major drawback, namely that if one wishes this unit to be able to authenticate any chip whatsoever, linked with the application, either it must store the secret keys of all the chips, or it must store a base key, also called a mother key or master key, making it possible to retrieve the secret key from any chip whatsoever. In both cases, each of these units stores sufficient information to be able to retrieve the secret keys of all the chips issued, and therefore stores sufficient information to be able to manufacture clones of any one of them. Therefore, a successful intrusion against any one of the verification units would wreck the security of the application as a whole.
There therefore exists an urgent need to be able to integrate an active mechanism of authentication with public key into a hard-wired logic chip, in particular in applications deploying a large number of chips, this generally being the case for applications using hard-wired logic chips, since they are very cheap.
Such mechanisms do not exist since the public key schemes generally require numerous operations pertaining to large numbers, thereby rendering them a priori unsuitable for integration into hard-wired logic chips, in which the silicon area is extremely small, and whose calculation logic reduces to the hard-wiring of extremely elementary operations. Moreover, these elementary operations are generally carried out in series, in the sense that the operands are introduced sequentially bit by bit, and that this introduction progressively modifies the state of an internal register whose final value serves as basis for the calculation of the result of the function.
For example, it is known to calculate an authentication value y by carrying out the operation y=r+s·c (or y=r−s·c), where r denotes a random item, s a secret key belonging to an asymmetric pair of keys (s, p), and c is a so-called “challenge” value chosen by the application, which cannot exceed a certain threshold, the value of r always having to remain greater than the number which is added to it (or subtracted from it). This entails the execution of at least one multiplication between a priori arbitrary integers s,c. Such a multiplication is, however, a relatively complex operation, outside the scope of most hard-wired logic chips.
An aim of the present invention is to define a method of calculating a cryptographic value, for example an authentication value, which is such that the chip does not have to explicitly carry out a multiplication operation and that the security level obtained is relatively significant, for example of the order of 32 bits, this being an extremely widespread level of security, especially in the protection of financial transactions.