1. Field of the Invention
The invention relates to a process for the storage and use of sensitive information in a security module, and the associated security module.
Firstly, the term xe2x80x9csensitive informationxe2x80x9d is defined as any information the knowledge of which has significant repercussions on the security of the operations implemented in the security module, for example:
cryptographic keys used in association with algorithms in operations for the encryption or decryption of a message, the authentication of a data item or a person, or the signature of a message;
an authentication code entered by a user at a terminal cooperating with the security module (for example, the PIN or personal identification number of the terminal user).
By extension, the term xe2x80x9csensitive informationxe2x80x9d also designates any information deemed confidential by the person holding it, for example a bank account number, a message, or even an entire document.
The term xe2x80x9csecurity modulexe2x80x9d is to be considered either in its conventional sense, in which it designates a device whose purpose, in a communication or information network, is to be held by an organization supervising the network, and to store in a protected way secret and fundamental parameters of the network such as cryptographic keys, or more simply, as designating a device allocated to various users of the network enabling each of them to have access to it, which device can also hold secret parameters. The security module can take the form of a portable device comprising a chip card, such as a bank card.
2. Description of Related Art
The invention is based on the observation that using hardware means accessible to anyone, a defrauder can observe the current consumption of the security module during the execution of a program or of instructions defined by a micro-wired logic in the security module, especially when it is based on CMOS technology. In particular, it is possible to identify the specific portions of the program that allow the reading of the information in EEPROM, particularly the sensitive information defined above.
Therefore, the object of the invention is to reinforce the security of the security modules as defined above, by ensuring the protection of the sensitive information, particularly during its transfer from an EEPROM to a RAM or vice versa, by encrypting it using a temporary protection key whose content varies at a given frequency, specifically a frequency that is a function of the degree of confidentiality of the sensitive information.
To this end, it relates to a process for storing sensitive information ISj in a security module comprising data processing means and data storage means, characterized in that it includes the steps comprised of:
having the sensitive information ISj encrypted by the security module using a temporary encrypting protection key CPi in a current version CPi(ai+1) supplied by the security module and an encryption algorithm stored with an associated decryption algorithm in said storage means;
having the security module store, in a nonvolatile memory of the latter, the sensitive information in encrypted form {overscore (ISj)}(ai+1) associated with identifying data defining a temporary decrypting protection key CPid in a current version CPid(ai+1) associated with said current version CPi(ai+1) of the temporary encrypting protection key CPi, said identifying data comprising a key identifier CPid and an update subscript (ai+1) which defines said current version CPid(ai+1) of the decrypting key from among several versions; and
if the temporary decrypting protection key CPid in its current version CPid(ai+1) is not already stored in said nonvolatile memory, having this version stored by the security module.
The invention also relates to a process for using sensitive information ISj in a security module comprising data processing means and data storage means, which sensitive information ISj is put into an encrypted form by the security module using a temporary encrypting protection key CPi in a current version CPi(ai+1) supplied by the security module and an encryption algorithm stored with an associated decryption algorithm in said storage means, the sensitive information in encrypted form {overscore (ISj)}(ai+1) being stored in a nonvolatile memory of the security module in association with identifying data defining a temporary decrypting protection key CPid in a current version CPid(ai+1) associated with said current version CPi(ai+1) of the temporary encrypting protection key CPi, said identifying data comprising a key identifier CPid and an update subscript (ai+1) which defines said current version CPid(ai+1) of the decrypting key from among several versions, characterized in that it includes the steps comprised of:
having the security module, at each request to use the sensitive information ISj issuing from inside or outside this module, select said current version CPid(ai+1) of the temporary decrypting protection key CPid associated with this sensitive information, using said identifying data;
having the security module decrypt the encrypted sensitive information {overscore (ISj)}(ai+1), using the current version CPid(ai+1) of the temporary decrypting protection key CPid and the decryption algorithm, and temporarily storing the sensitive information ISj in a decrypted form thus obtained, so that it disappears from the security module after a utilization of this sensitive information; and
having the security module use the sensitive information ISj in its decrypted form.
Lastly, the invention relates to a security module disposed to implement the above processes.