The invention concerns a secure integrated circuit which includes parts of a confidential nature. The integrated circuit includes storage means in which confidential data is stored, such as an encryption programme and at least an encryption key, a microprocessor unit for executing the encryption programme, an oscillator stage supplying clock signals for clocking the flow of operations in the microprocessor unit, and a random number generator connected to the microprocessor unit. The oscillator stage is arranged to receive at least a random number produced by the random number generator so as to configure said oscillator stage so that it produces clock signals whose frequency depends on the random number received. The confidential data concerns, in particular mathematical functions to be protected, encryption programmes and personal access codes.
The invention also concerns a method for operating or activating the secure integrated circuit.
Secure integrated circuits are used particularly in specific electronic devices in which data of a confidential nature has to be protected. Said circuits can be applied for example in micro-computer units or in hard-wired logic circuits, such as badges or smart cards or within encoded data transmission fields.
Within the technical field of smart cards, such as bankcards, at least one secure integrated circuit is integrated in said card. Electric contact pads, which are connected to the integrated circuit, are made on the smart card so as to act as an interface with the read and/or write device for specific data. When the smart card is introduced into the read and/or write device, an encryption programme with an encryption key can be executed in the microprocessor unit as soon as the integrated circuit is switched on.
Usually, the execution time for the various instruction sequences of the programme, and the single frequency clock signals for clocking the operations processed in the microprocessor unit, are well defined. Consequently, unauthorised persons can fraudulently decipher several confidential data items relatively easily using encryption analysis techniques.
The analysis techniques used are for example of the DPA (Differential Power Analysis) type or the DFA (Differential Fault Analysis) type. The first of these techniques consists in measuring the amplitude of the current consumed across electric contact terminals of the integrated circuit during all the instruction sequences of the programme. This allows the single frequency of the clock signals to be found, on the one hand, and on the other hand the encryption key or keys used in the encryption programme to be found. The second technique consists in having the encryption programme executed several times and interrupting it at precise moments in order to disrupt it (determinist method). In this way, and on the basis of the good or bad calculation results obtained, it is possible to decode the encryption keys.
A person with ill intent can also analyse without too much difficulty the confidential data memory zones using a suitable test material given that the integrated circuit is usually clocked by single frequency clock signals. In order to do this, the metal pads and the protective passivation layer covering the secure integrated circuit have to be removed. After removal of the protective layers, test probes are placed on the memory zones, and several correlations between the various tested memory zones are carried out to find the stored confidential data.
Several technical solutions have already been proposed to prevent an ill-intentioned person from finding the confidential data via encryption analysis techniques. One solution consists for example in slowing down or speeding up the flow of the encryption programme using clock signals with a variable frequency. One can cite, for example, International Patent document No. WO 97/33217 which discloses a secure integrated circuit which is provided with decorrelation means for the flow of at least one instruction sequence of a main encryption programme. The integrated circuit mainly includes storage means, in which a main encryption programme and a secondary programme are stored, and a microprocessor unit connected to the storage means for operating the main programme and/or the secondary programme.
The decorrelation means of the integrated circuit include in particular an oscillator for providing internal clock signals at a constant frequency, and a random generator receiving the internal clock signals or the external clock signals via a logic selection circuit. The random number generator supplies randomly distributed pulse signals via a calibrator circuit to clock the operations in the microprocessor unit. It should be noted that the internal clock signals are non synchronised and phase shifted with respect to the external clock signals so as to allow the microprocessor unit to pass to decorrelated operation.
The decorrelation means also include a timer for providing interruption signals to the microprocessor unit to momentarily interrupt the flow of the main programme. The intervals of time between each interruption signal can be defined randomly by random numbers provided to the timer by the random number generator. Likewise, during an interruption, an interruption routine or a secondary programme may be executed so as to prevent any analysis of the integrated circuit's confidential data.
One drawback of the solution disclosed in document No. WO 97/33217 is that the internal clock signals are pulse signals at a constant frequency. Thus, the random number generator, which receives the internal clock signals, can only provide pulse signals of variable periodicity whose mean frequency is less than the internal clock signals. It should be noted that randomly distributed pulse signals are only obtained by randomly suppressing certain pulses of the internal clock signals without modifying the width of each clock pulse. In order not to slow down the sequence of operations of the main programme too much, it is thus necessary to have internal clock signals at a sufficiently high frequency, which constitutes another drawback.