1. Field of the Invention
The invention relates to a chip card having a card body and a semiconductor chip which is accommodated within the card body and on which a control circuit and a semiconductor memory device, which is electrically coupled to the control circuit, are constructed in an integrated manner, which control circuit is supplied with a supply voltage generated by a voltage supply circuit and with a clock generated by a clock supply circuit, which is arranged separately from the control circuit, the supply voltage having an operating voltage value lying within predetermined operating voltage limits, and the supply clock having an operating clock value lying within predetermined operating clock limits.
2. Description of the Related Art
The possible applications of chip cards, which are generally constructed in the check card format, have become extremely diverse, because of a high functional flexibility, and are increasing further with the rising computing power and memory capacity of the available integrated circuits. In addition to the currently typical fields of application of such chip cards in the form of health insurance cards, flex-time registration cards, telephone cards, the future will yield, in particular, applications in electronic payment transactions, in computer-controlled access monitoring, in protected data storage and the like. When microcontrollers are used on chip cards, it is necessary in most cases to observe very high security requirements, in order effectively to prevent unauthorized access to confidential data about the chip card holder or manipulation of amounts of money. In the previously known chip cards, protective elements are therefore incorporated, which can be subdivided, in terms of the mode of operation, into passive and active protective mechanisms, and which are described, for example, in the handbook having the title "Chipkarten" [chip cards], Carl Hanser Verlag, 1995, pages 208-213.
Passive protective mechanisms are essentially based directly on the technology of semiconductor manufacture. For example, in order to check the chips during the semiconductor production and in order to execute the internal test programs, all microcontrollers have a so-called test mode, in which the semiconductor circuits can be tested still on the wafer or in the module at the manufacturer's. This test mode allows modes of access to the memory which are strictly forbidden later, with the result that the changeover from the test mode into the user mode must be tendered irreversible. This is generally effected using polysilicon fuses on the chip. Furthermore, it is known to arrange the internal buses on the chip, which connect the processor to three different memory types ROM, EEPROM and RAM, are thus not led to the outside and with which thereafter contact cannot be made even using very complicated methods, in a confused and many times mutually interchanged position via encoded arrangements of the individual bus lines. There is therefore no possibility for an unauthorized user to listen in to, or to influence, the address, data or control bus of the microcontroller and thereby to read out memory contents. Furthermore, by accommodating the semiconductor memory not in the uppermost and thus most easily accessible layers but in the lower silicon layers, it is made impossible or more difficult to read out the content of a read-only memory bit by bit using an optical microscope. A further risk is represented by the analysis of electrical potentials on the chip during operation. Given a sufficiently high sampling frequency, there is the possibility of measuring charge potentials, that is to say voltages, on very small crystal regions and in this way of drawing conclusions about the data contents of the semiconductor memory of the random access type (RAM) during operation, and hence of obtaining access to confidential data about the chip card holder. This can be prevented in a certain way by means of an additional metallization layer over the corresponding memory cells. If, for example, this metal layer is removed using a chemical method, the chip is no longer serviceable, since the metallization layer is needed as electric voltage feed for the correct functioning of the chip.
Furthermore, active protective mechanisms in chip cards are known, which are intended to prevent unauthorized access to data contents. For example, a sensor circuit may be provided which, via a resistance or capacitance measurement, establishes whether the passivation layer which is applied to the silicon chip to prevent oxidation on the chip surface is still present, this layer having to be removed when manipulations are undertaken on the chip. If the passivation layer is no longer present or is damaged, either an interrupt in the chip software is triggered or the entire chip is switched off by the hardware, with the result that all dynamic analyses are reliably prevented. Furthermore, it is known to provide on the chip card microcontroller a voltage monitoring circuit which ensures a defined switching off of the module if the operating voltage exceeds or falls below the upper or lower limits, respectively. In this way, the software receives the safeguard that operation in the limit ranges, in which the chip is no longer completely serviceable, is impossible. A further known sensor, which is partly based on voltage detection, is constituted by the so-called power-on detection. This detection, likewise present in the chip, of a power-on state independently of the reset signal ensures that the chip is always set in a defined range when switched on. Furthermore, it is known for a functional subassembly for underfrequency detection to be constructed on the chip in an integrated manner. This prevents the applied clock being slowed down in an inadmissible way. The clock supply to the chip card generally runs externally, so that the internal computing speed is determined completely from the outside. There would thus, in theory, be the possibility of driving the microcontroller from the outside in single-step operation. This would lead to possible unauthorized analyses, primarily in the measurement of current consumptions and electric potentials on the chip.
The common feature of all the protective measures which have been previously disclosed for preventing unauthorized access to confidential data contents in chip cards is that, following triggering of the relevant protective measure, the chip card as a whole is no longer serviceable.