WO1999035554A2 - Method and apparatus for protection of data on an integrated circuit by using memory cells to detect tampering - Google Patents

Method and apparatus for protection of data on an integrated circuit by using memory cells to detect tampering Download PDF

Info

Publication number
WO1999035554A2
WO1999035554A2 PCT/IB1998/001969 IB9801969W WO9935554A2 WO 1999035554 A2 WO1999035554 A2 WO 1999035554A2 IB 9801969 W IB9801969 W IB 9801969W WO 9935554 A2 WO9935554 A2 WO 9935554A2
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
memory
γçó
information
memory element
Prior art date
Application number
PCT/IB1998/001969
Other languages
French (fr)
Other versions
WO1999035554A3 (en
Inventor
Michael A. Epstein
Original Assignee
Koninklijke Philips Electronics N.V.
Philips Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V., Philips Ab filed Critical Koninklijke Philips Electronics N.V.
Publication of WO1999035554A2 publication Critical patent/WO1999035554A2/en
Publication of WO1999035554A3 publication Critical patent/WO1999035554A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • G06F21/87Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card

Definitions

  • a method and apparatus protects data on an integrated circuit to prevent disclosure of information from the card when an error or modification has been detected or reprogramming.
  • a smart card is a card similar in size to a typical credit card; however, it has a chip embedded in it. By adding a chip to the card, the smart card acquires power to serve many different uses including access-control and value exchange.
  • a smart card may be used to store valuable information such as private keys, account numbers, passwords, or valuable personal information. Additionally, it permits performance of processes that are to be kept private, such as performing a public key or private key encryption.
  • An integrated circuit chip in the card typically allows protection of information being stored from damage or theft since, unlike magnetic stripe cards which carry information on the outside of the card, the information is internal.
  • integrated circuits particularly when used in smart cards, may allow release of information when an error is intentionally introduced through such methods as radiating or microwaving the smart card.
  • a smart card may generally include a processor such as an 8051 by Intel company for processing, a decrypter/encrypter using such technology as RS A, and a memory storing a key for use by the decrypter/encrypter although "memory cards" may include only memory.
  • the present invention provides a tampering check to prevent tampering of the integrated circuit.
  • the present invention checks "canaries” such as registers, to determine if they are "alive", i.e., producing a respective predetermined value. If the values from the "canaries" are not the respective predetermined values or comparison results are not as predetermined, information is not released from the smart card.
  • Figure 1 illustrates an example of a smart card including the present invention
  • Figure 2 illustrates an example of a smart card including a second embodiment invention.
  • FIG. 1 illustrates a general layout of a smart card.
  • a smart card 100 may typically include cells such as a processor, for example, an Intel 8051 processor 102, a decrypter/encrypter using such technology as RSA 104, and a memory element storing a key such as a private key 106.
  • cells such as a processor, for example, an Intel 8051 processor 102, a decrypter/encrypter using such technology as RSA 104, and a memory element storing a key such as a private key 106.
  • “canaries” or memory elements such as register elements, buffers, flip flops or memories such as SRAMS, E 2 cells 108 or other types of cells comparable to the cell concerned about being "hit" with radiation, etc., are physically distributed over the smart card to insure complete coverage and protection of the entire smart card.
  • the "canaries” should preferably be more sensitive than other cells so as to prevent corruption of only the "canaries” although “canaries” as sensitive as the other cells would also allow
  • the "canaries" are set to respective known states.
  • the memory which holds the key also holds reference values which are the same values as the respective known states.
  • the known states can be the same value or different values for each of the "canaries” or a subset of the "canaries".
  • the values can be prestored or can be calculated based on the key stored in the smart card memory.
  • a comparator present in the processor 102 compares the state of the "canary" with the respective reference value for that "canary", producing a comparison result which is, if the comparator is a separate element, provided to the processor 102.
  • the processor 102 takes the comparison result and using software, releases the output or prevents release of the output.
  • hardware 114 could be added to the output of the processor 102 to allow or prevent release of the output based on the comparison result. If the values match, output from the smart card is released externally. If the values do not match, the output is not released externally. Additionally, often memory elements will "zero" (set all bits to zero) or "set"
  • the comparator could check if each memory element is zeroed or set and bar release of information if either condition occurs.
  • Outputs from the "canaries" can also be compared against each other and checked that they are the same number, be added (or perform some other function) and compared to a prespecified number, or check that each is a prespecified number.
  • a known constant built into the comparator should be of such quality that it is not affected by the radiation or other external influences. Indeed, any element providing a reference value or prespecified function, etc. should be of such quality that it is not affected by the radiation or other external influences.
  • the number of comparators may be varied or may be used in various combinations to insure that the smart card has not be affected by radiation or other tampering.
  • One such example is shown in Figure 2.
  • Another alternative would have the canary outputs programmable with a preset pattern to randomize the output and protect against tampering.
  • the invention allows detection of tampering of an integrated circuit.
  • the invention may be included in a subsystem or may be a separate subsystem.
  • One skilled in the art may easily use differing numbers of "canaries” or have each "canary" output more than one value. Additional modifications may easily be made by one skilled in the art.
  • the present invention may be used on smart cards having only memory and no processor.
  • the output of the canaries could be checked by a comparator in one of the methods or a method similar to those detailed above, and the output from the memory could be enabled or disabled based on the output of the comparator.

Abstract

Memory elements are physically distributed throughout a smart card. Each of these memory elements has a preset value or preset programmable value. Before release of information, the preset value of each memory element is checked to determine if the smart card has been tampered with by such methods as radiating or microwaving the card. If tampering is detected, information is barred from being released.

Description

Method and apparatus for protection of data on an integrated circuit by using memory cells to detect tampering.
A method and apparatus protects data on an integrated circuit to prevent disclosure of information from the card when an error or modification has been detected or reprogramming.
A smart card is a card similar in size to a typical credit card; however, it has a chip embedded in it. By adding a chip to the card, the smart card acquires power to serve many different uses including access-control and value exchange. A smart card may be used to store valuable information such as private keys, account numbers, passwords, or valuable personal information. Additionally, it permits performance of processes that are to be kept private, such as performing a public key or private key encryption.
An integrated circuit chip in the card typically allows protection of information being stored from damage or theft since, unlike magnetic stripe cards which carry information on the outside of the card, the information is internal. However, integrated circuits, particularly when used in smart cards, may allow release of information when an error is intentionally introduced through such methods as radiating or microwaving the smart card.
A smart card may generally include a processor such as an 8051 by Intel company for processing, a decrypter/encrypter using such technology as RS A, and a memory storing a key for use by the decrypter/encrypter although "memory cards" may include only memory.
A study by Bellcore has concluded that microwaving a smart card can produce a soft error in the decrypter/encrypter or memory as reported in "Smart Card Insecurity: Bellcore Advisory", IAC Newsletter DB, Sept. 30, 1996; Edge Publishing. By looking at the answer released by the smart card, one can analyze the released answer and based on that answer, determine the key stored in the memory, thus allowing access to private information.
The present invention provides a tampering check to prevent tampering of the integrated circuit. The present invention checks "canaries" such as registers, to determine if they are "alive", i.e., producing a respective predetermined value. If the values from the "canaries" are not the respective predetermined values or comparison results are not as predetermined, information is not released from the smart card.
Figure 1 illustrates an example of a smart card including the present invention; and
Figure 2 illustrates an example of a smart card including a second embodiment invention.
Figure 1 illustrates a general layout of a smart card. Specifically, a smart card 100 may typically include cells such as a processor, for example, an Intel 8051 processor 102, a decrypter/encrypter using such technology as RSA 104, and a memory element storing a key such as a private key 106. Additionally, "canaries" or memory elements such as register elements, buffers, flip flops or memories such as SRAMS, E2 cells 108 or other types of cells comparable to the cell concerned about being "hit" with radiation, etc., are physically distributed over the smart card to insure complete coverage and protection of the entire smart card. The "canaries" should preferably be more sensitive than other cells so as to prevent corruption of only the "canaries" although "canaries" as sensitive as the other cells would also allow detection of tampering.
In one embodiment, the "canaries" are set to respective known states. The memory which holds the key, also holds reference values which are the same values as the respective known states. The known states can be the same value or different values for each of the "canaries" or a subset of the "canaries". The values can be prestored or can be calculated based on the key stored in the smart card memory.
When a user attempts to use the smart card and retrieve an output, a comparison is performed between each of the "canary" known states and their respective reference values stored in the memory.
A comparator present in the processor 102, or as a separate element 110, compares the state of the "canary" with the respective reference value for that "canary", producing a comparison result which is, if the comparator is a separate element, provided to the processor 102. The processor 102 takes the comparison result and using software, releases the output or prevents release of the output. Alternatively, hardware 114 could be added to the output of the processor 102 to allow or prevent release of the output based on the comparison result. If the values match, output from the smart card is released externally. If the values do not match, the output is not released externally. Additionally, often memory elements will "zero" (set all bits to zero) or "set"
(set all bits to one) when one tampers with the integrated circuit. Thus, the comparator could check if each memory element is zeroed or set and bar release of information if either condition occurs.
Outputs from the "canaries" can also be compared against each other and checked that they are the same number, be added (or perform some other function) and compared to a prespecified number, or check that each is a prespecified number.
A known constant built into the comparator, should be of such quality that it is not affected by the radiation or other external influences. Indeed, any element providing a reference value or prespecified function, etc. should be of such quality that it is not affected by the radiation or other external influences.
Alternatively, the number of comparators may be varied or may be used in various combinations to insure that the smart card has not be affected by radiation or other tampering. One such example is shown in Figure 2.
Another alternative would have the canary outputs programmable with a preset pattern to randomize the output and protect against tampering.
As can now be readily appreciated, the invention allows detection of tampering of an integrated circuit. The invention may be included in a subsystem or may be a separate subsystem. One skilled in the art may easily use differing numbers of "canaries" or have each "canary" output more than one value. Additional modifications may easily be made by one skilled in the art.
Moreover, the present invention may be used on smart cards having only memory and no processor. The output of the canaries could be checked by a comparator in one of the methods or a method similar to those detailed above, and the output from the memory could be enabled or disabled based on the output of the comparator. It will thus be seen that the objects set forth above among those made apparent from the preceding description, are efficiently attained and, since certain changes may be made in the above constructions without departing from the spirit and scope of the invention, it is intended that all matter contained in the above description or shown in the accompanying drawings shall be interpreted as illustrative and not limiting sense. It is also to be understood that the following claims are intended to cover all of the generic and specific features of the invention herein described and all statements of the scope of the invention which, as a matter of language, might be said to fall therebetween.

Claims

CLAIMS:
1. A smart card comprising:
ΓÇó a memory ( 106) storing a key;
ΓÇó an encrypter/decrypter (104) for encrypting information supplied by the smart card and decrypting information received by the smart card using the key; ΓÇó a plurality of memory elements (108), each memory element (108) storing a respective preset value; and
ΓÇó a comparator (110) for comparing the respective value of each memory element (108) with a reference value from said memory (106), said comparator (110) barring information from being supplied if any of the respective values of the memory elements (108) does not match the respective reference value.
2. A smart card comprising:
ΓÇó a memory (106) storing information;
ΓÇó at least one memory element (108), each memory element (108) storing a respective preset value; and
ΓÇó at least one comparator (110) for comparing respective values of each memory element (108) in a preset manner to acquire at least one comparison result to produce an enabling signal, said enabling signal barring information from being supplied if any of the at least one comparison results does not match an at least one respective reference value.
3. A smart card as recited in Claim 2, wherein at least one of said at least one memory elements (108) is a programmable memory.
4. A method for preventing a smart card from providing information if the smart card has been tampered with, said method comprising the steps of:
ΓÇó setting at least one memory element (108) to a preset value;
ΓÇó comparing each respective set value of said at least one memory element (108) to a respective reference value;
ΓÇó producing a comparison result based on said comparing; and enabling or disabling output of information from said smart card based on said comparison result.
PCT/IB1998/001969 1997-12-30 1998-12-07 Method and apparatus for protection of data on an integrated circuit by using memory cells to detect tampering WO1999035554A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US66897A 1997-12-30 1997-12-30
US09/000,668 1997-12-30

Publications (2)

Publication Number Publication Date
WO1999035554A2 true WO1999035554A2 (en) 1999-07-15
WO1999035554A3 WO1999035554A3 (en) 1999-09-16

Family

ID=21692522

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB1998/001969 WO1999035554A2 (en) 1997-12-30 1998-12-07 Method and apparatus for protection of data on an integrated circuit by using memory cells to detect tampering

Country Status (1)

Country Link
WO (1) WO1999035554A2 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003098660A2 (en) * 2002-05-15 2003-11-27 Giesecke & Devrient Gmbh Method for securing the memory content of ic cards
WO2004064071A2 (en) * 2003-01-14 2004-07-29 Koninklijke Philips Electronics N.V. Tamper-resistant packaging and approach using magnetically-set data
EP1450232A1 (en) * 2003-02-18 2004-08-25 SCHLUMBERGER Systèmes Method for code secure execution against attacks
WO2005050664A1 (en) * 2003-11-24 2005-06-02 Koninklijke Philips Electronics N.V. Data retention indicator for magnetic memories
EP1577734A2 (en) * 2004-02-19 2005-09-21 Giesecke & Devrient GmbH Procédé pour le fonctionnement sûr d'un support de données portable
FR2884330A1 (en) * 2005-04-11 2006-10-13 St Microelectronics Sa Integrated circuit protecting method for chip card, involves comparing data word before exiting circuit with respect to value stored in circuit, and generating error signal in case of identity between value and data in output standby
EP1750217A1 (en) * 2005-08-04 2007-02-07 Giesecke & Devrient GmbH Protection of stored contents of a data carrier
US7498644B2 (en) 2002-06-04 2009-03-03 Nds Limited Prevention of tampering in electronic devices
US8583880B2 (en) 2008-05-15 2013-11-12 Nxp B.V. Method for secure data reading and data handling system
DE102016200850A1 (en) * 2016-01-21 2017-07-27 Siemens Aktiengesellschaft Method for operating a safety-relevant device and device
DE102016200907A1 (en) * 2016-01-22 2017-07-27 Siemens Aktiengesellschaft Method for operating a safety-relevant device and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5185717A (en) * 1988-08-05 1993-02-09 Ryoichi Mori Tamper resistant module having logical elements arranged in multiple layers on the outer surface of a substrate to protect stored information
US5237609A (en) * 1989-03-31 1993-08-17 Mitsubishi Denki Kabushiki Kaisha Portable secure semiconductor memory device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5185717A (en) * 1988-08-05 1993-02-09 Ryoichi Mori Tamper resistant module having logical elements arranged in multiple layers on the outer surface of a substrate to protect stored information
US5237609A (en) * 1989-03-31 1993-08-17 Mitsubishi Denki Kabushiki Kaisha Portable secure semiconductor memory device

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003098660A3 (en) * 2002-05-15 2004-04-22 Giesecke & Devrient Gmbh Method for securing the memory content of ic cards
WO2003098660A2 (en) * 2002-05-15 2003-11-27 Giesecke & Devrient Gmbh Method for securing the memory content of ic cards
US7498644B2 (en) 2002-06-04 2009-03-03 Nds Limited Prevention of tampering in electronic devices
WO2004064071A2 (en) * 2003-01-14 2004-07-29 Koninklijke Philips Electronics N.V. Tamper-resistant packaging and approach using magnetically-set data
WO2004064071A3 (en) * 2003-01-14 2005-06-23 Koninkl Philips Electronics Nv Tamper-resistant packaging and approach using magnetically-set data
EP1450232A1 (en) * 2003-02-18 2004-08-25 SCHLUMBERGER Systèmes Method for code secure execution against attacks
WO2005050664A1 (en) * 2003-11-24 2005-06-02 Koninklijke Philips Electronics N.V. Data retention indicator for magnetic memories
EP1577734A2 (en) * 2004-02-19 2005-09-21 Giesecke & Devrient GmbH Procédé pour le fonctionnement sûr d'un support de données portable
EP1577734A3 (en) * 2004-02-19 2009-10-07 Giesecke & Devrient GmbH Procédé pour le fonctionnement sûr d'un support de données portable
EP1713023A1 (en) * 2005-04-11 2006-10-18 St Microelectronics S.A. Protection of data contained in an integrated circuit
FR2884330A1 (en) * 2005-04-11 2006-10-13 St Microelectronics Sa Integrated circuit protecting method for chip card, involves comparing data word before exiting circuit with respect to value stored in circuit, and generating error signal in case of identity between value and data in output standby
US7806319B2 (en) 2005-04-11 2010-10-05 Stmicroelectronics Sa System and method for protection of data contained in an integrated circuit
EP1750217A1 (en) * 2005-08-04 2007-02-07 Giesecke & Devrient GmbH Protection of stored contents of a data carrier
US8583880B2 (en) 2008-05-15 2013-11-12 Nxp B.V. Method for secure data reading and data handling system
DE102016200850A1 (en) * 2016-01-21 2017-07-27 Siemens Aktiengesellschaft Method for operating a safety-relevant device and device
DE102016200907A1 (en) * 2016-01-22 2017-07-27 Siemens Aktiengesellschaft Method for operating a safety-relevant device and device

Also Published As

Publication number Publication date
WO1999035554A3 (en) 1999-09-16

Similar Documents

Publication Publication Date Title
US5533123A (en) Programmable distributed personal security
EP0743602B1 (en) Circuit device for function usage control in an integrated circuit
EP0787328B1 (en) Method for verifying the configuration of a computer system
US5513261A (en) Key management scheme for use with electronic cards
US5960084A (en) Secure method for enabling/disabling power to a computer system following two-piece user verification
US5887131A (en) Method for controlling access to a computer system by utilizing an external device containing a hash value representation of a user password
CA1288492C (en) Method of controlling the operation of security modules
CA2026739C (en) Transaction system security method and apparatus
US20070297606A1 (en) Multiple key security and method for electronic devices
US20080022396A1 (en) Memory data protection device and IC card LSI
US5881155A (en) Security device for a semiconductor chip
US20030196100A1 (en) Protection against memory attacks following reset
NO309887B1 (en) Secure memory card
US20130254559A1 (en) Access-controlled data storage medium
WO1999035554A2 (en) Method and apparatus for protection of data on an integrated circuit by using memory cells to detect tampering
US5764761A (en) Eletronic assembly with integrated circuit devices including lock circuitry
US10296738B2 (en) Secure integrated-circuit state management
US20020144121A1 (en) Checking file integrity using signature generated in isolated execution
US7073071B1 (en) Platform and method for generating and utilizing a protected audit log
US7171563B2 (en) Method and system for ensuring security of code in a system on a chip
EP3907633B1 (en) System and method for obfuscating opcode commands in a semiconductor device
CN1430153A (en) Method and equipment for protecting circuit numeric portion
US7688637B2 (en) Memory self-test circuit, semiconductor device and IC card including the same, and memory self-test method
JPS61151793A (en) Ic card security protection system
CN117528501B (en) Anti-cracking RFID tag, initializing method and reading method thereof

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): JP

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): JP

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

122 Ep: pct application non-entry in european phase