1. Field of the Invention
The present invention relates to the authentication of an integrated circuit or of an electronic component or sub-assembly containing such a circuit by an authentication procedure using a secret datum contained in the integrated circuit. The present invention more specifically relates to authentication procedures based on the use of a private or secret datum or key by means of an external device. An example of application of the present invention is the field of smart cards, be they of prepaid count unit type or not.
2. Discussion of the Related Art
The various methods of authentication of a smart card or the like aim at avoiding the piracy or the falsification of a card, either by use of a discrete device reproducing the card or by piracy of a read terminal, or by large-scale reproduction of falsified smart cards.
The authentication methods with the highest performance use a private datum present in the integrated circuit to be authenticated and a so-called public datum or key, depending on this private datum and stored in an external device. The private datum is indirectly involved each time the integrated circuit requires authentication, without any “knowledge transfer”. In so-called “zero-knowledge” methods, the authentication occurs according to a protocol which, in a proved manner and under hypotheses recognized as being perfectly reasonable by the scientific community, reveals nothing of the secret key of the entity, the signature of which must be authenticated. Examples of known authentication methods to which the present invention applies are described in French patent application No. 2716058 and in U.S. Pat. No. 4,995,082 which are incorporated herein by reference.
The disadvantage of using a private datum, which is anyhow indispensable to make out or differentiate electronic assemblies or sub-assemblies, for example, smart cards, from one another, is that this datum is a datum stored in the component to be identified. Such a datum is for example capable of being pirated by examination of the storage element of this datum in the smart card, or by pirating of the registers in which the datum is stored, etc. The private datum further more generally is immutable for a given smart card, to enable repeated authentication thereof. This results in a fragility of the authentication function.
In an application to prepaid smart cards (for example, telephone unit cards), if the private datum is the same for an entire smart card family, this allows for large-scale piracies.
In practice, it is not the actual private datum which is sent, but rather a calculation result taking account of this private datum, a number which is a function of a random number chosen by the integrated circuit and communicated to the external circuit, and a random number chosen by the external device and communicated to the card. The result is then checked by the external device to authenticate the card.
The present invention aims at improving integrated circuit authentication procedures and systems using a private datum coming from the integrated circuit.
The present invention more specifically aims at improving or optimizing the anti-fraud security of electronic devices using an integrated circuit provided with a private datum by preventing the extraction of this private datum by various attacks against the integrated circuit.
To achieve these and other objects, the present invention provides a method for extracting a private datum from an integrated circuit taking part in an authentication procedure by means of an external device taking this private datum into account, the private datum being generated on request and made ephemeral.
According to an embodiment of the present invention, upon each generation of the private datum, a lifetime of this private datum is initialized and this datum is deleted from at least one first storage element containing it, at the end of this lifetime.
According to an embodiment of the present invention, the generation of the private datum and the initialization of its lifetime are started by a same signal.
According to an embodiment of the present invention, the lifetime of the private datum is reduced along its generations.
According to an embodiment of the present invention, the lifetime is variable.
According to an embodiment of the present invention, the private datum is obtained at least partially from a physical parameter network.
According to an embodiment of the present invention, the physical parameter network is programmable.
According to an embodiment of the present invention, the physical parameter network is programmed, at least partially, by a word provided by a storage element.
According to an embodiment of the present invention, the physical parameter network is programmed, at least partially, by noise.
According to an embodiment of the present invention, the physical parameter network is also controlled outside periods of generation of the private datum.
According to an embodiment of the present invention, the private datum is obtained at least from a first datum stored in the integrated circuit and from a second datum generated on request by the physical parameter network.
According to an embodiment of the present invention, the second datum is made ephemeral.
According to an embodiment of the present invention, the number of bits of the first and second data are close to each other, and preferably equal.
The present invention also provides an integrated circuit, including means for implementing the method.
According to an embodiment of the present invention, the circuit includes a is circuit for resetting at least one storage element.
According to an embodiment of the present invention, the reset circuit is formed of one or several delay elements initialized by a control signal of generation of the private datum.
According to an embodiment of the present invention, the delay introduced by at least one delay element of the reset circuit is variable.
The foregoing objects, features and advantages of the present invention, will be discussed in detail in the following non-limiting description of specific embodiments in connection with the accompanying drawings, in which: