The invention lies in the field of protecting USB keys.
More precisely, the invention seeks to protect a function that is executed on a USB key against a malicious attack coming from the host station to which the key is connected.
The protected function may be of any type. In particular, it may be a function giving read or write access to a mass memory contained in the USB key, or it may be an authentication function.
One type of attack that may concern USB keys is known to the person skilled in the art as a “denial-of-service” attack. In general, such attacks consist in sending erroneous data to the USB key in order to stimulate the execution of the function on board the key for a malicious purpose.
For example, it is known to use USB keys (also known as “dongles” or as hardware locks) to authenticate the user of a software application that is being executed on the host station to which the key is connected, and possibly to block execution of said application in the event of authentication failing. By way of example, authentication may consist in comparing a code input by the user via the host station with a value stored in the USB key. In this first example, a denial-of-service attack may consist in sending successive erroneous codes to the USB key, until the software application is blocked.
USB keys are also known that are suitable for encrypting a message received from the host station by using a secret key. In this second example, a denial-of-service attack may consist in sending messages to the USB key in large numbers and/or at high frequency, i.e. in numbers or at a frequency greater than normal conditions of use.
One known solution for combating denial-of-service attacks (in particular for combating unwanted “spam” mail) is known under the name “Captcha” and consists in verifying that the data sent by a computer is indeed input by a human user and is not generated automatically by a software robot executing on the computer.
Unfortunately, those solutions are not perfect, and software robots of ever-higher performance are succeeding in recognizing the deformed letters at a good success rate.