The invention relates to integrated circuit devices for incorporation in portable articles, and in particular in portable articles having the smart card format.
Smart cards are generally used in applications where it is essential for confidential data to be stored and processed in a secure manner. For example, such cards can be used for applications in the fields of health, and pay TV, or indeed as xe2x80x9celectronic pursesxe2x80x9d.
They comprise a plastic card body in which an integrated circuit device is incorporated. The device is either an electronics module including an integrated circuit chip or the integrated circuit chip itself.
An integrated circuit chip typically includes a central processor unit (CPU) which uses bus lines to control and distribute data and addresses involving storage in memories of said chip that may be volatile or non-volatile.
The logic gates constituting the integrated circuits are made with CMOS technology. They are constituted by PMOS transistors and by NMOS transistors. The gates draw current whenever the transistors change from a conductive state to a non-conductive state, or vice versa. Furthermore, the connections between the gates, in particular the bus lines, constitute capacitances which likewise draw electrical current while they are being charged. This applies in particular when the bus lines are required to carry logic state 1.
Thus, the current drawn by an integrated circuit device as a function of time varies depending on the tasks performed by such device.
Monitoring current as a function of time thus provides an electrical signature representative of the activity of the integrated circuit device. By analyzing the electrical signature, and more specifically analyzing its amplitude as a function of time, this can reveal information about that activity. Such analysis enables attackers to gain access to confidential information, e.g. secret keys, that are carried by the bus lines and that are contained in the memories of the integrated circuit, or indeed to follow the flow of instructions opening the way to attack secrets by analyzing times that are characteristic of the current drawn by the integrated circuit during a transaction.
For the purpose of avoiding signatures being analyzed in this way, some methods in the state of the art propose using algorithms that enable operations to be triggered at instants that are pseudo-random. Other methods propose generating noisy power supply currents that are rich in random information, or indeed in erroneous operations.
The above-mentioned methods in the state of the art suffer from numerous drawbacks. In particular, they monopolize certain resources of the device which could be used for performing other operations. In addition, such methods are not reliable since techniques for analyzing the current drawn in sequences stimulated by particular commands are highly effective. They make it possible to ultimately obtain the looked-for confidential information.
One object of the present invention is to make confidential data stored in memory more secure by making analysis of the electrical signatures of integrated circuit devices more difficult.
This and other objects are attained in accordance with one aspect of the invention which is directed to an integrated circuit device adapted to be incorporated in a portable article having a memory, in particular an article of a card format. The device comprises a central processor unit; at least one memory; at least one data input/output pad; n address bus lines connecting the central processor unit to the memory and/or to the input/output pad to carry address bits; and p data bus lines connecting the central processor unit to the memory and/or to the input/output pad for conveying data bits. At least one line from the address bus lines and the data bus lines is associated with an additional line for conveying bits that are complementary to the bits conveyed over the at least one line.
Thus, by transferring two data items, e.g. 1 on one data (or address) bus line and 0 on its corresponding additional line, the same amount of current is drawn as would be drawn by transferring a data pair comprising 0 on the same data (or address) bus line and 1 on its corresponding additional line. As a result, the current drawn is always the same and it is no longer possible to determine the nature of the bits transported on the bus lines by analyzing the electrical signature of the device in operation.