WO2006090231A2 - Method to secure writing in memory against attacks by radiation or other - Google Patents

Method to secure writing in memory against attacks by radiation or other Download PDF

Info

Publication number
WO2006090231A2
WO2006090231A2 PCT/IB2006/000344 IB2006000344W WO2006090231A2 WO 2006090231 A2 WO2006090231 A2 WO 2006090231A2 IB 2006000344 W IB2006000344 W IB 2006000344W WO 2006090231 A2 WO2006090231 A2 WO 2006090231A2
Authority
WO
WIPO (PCT)
Prior art keywords
data item
program
data
attribute
storage means
Prior art date
Application number
PCT/IB2006/000344
Other languages
French (fr)
Other versions
WO2006090231A3 (en
Inventor
Nicolas Giraud
Pascal Gombocz
Original Assignee
Axalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Axalto Sa filed Critical Axalto Sa
Publication of WO2006090231A2 publication Critical patent/WO2006090231A2/en
Publication of WO2006090231A3 publication Critical patent/WO2006090231A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits

Definitions

  • This invention concerns a method and a device to secure an electronic assembly implementing a program to be protected. More precisely, the purpose of the method is to propose a defence against attacks by radiation, flash, light, laser, glitch or other and more generally against any attack disturbing the execution of the program instructions.
  • attacks for example by injecting faults via laser, glitch or electromagnetic radiation modify the instruction codes executed by the processor or the addresses of the data to be processed.
  • the program instructions may be replaced by instructions producing a different effect: for example, the attacks may convert any instruction codop into an inoperative instruction code (codop 00h, BRSETO, NOP or AVR depending on the microprocessor). Consequently, certain sections of the code fail to execute or execute irregularly: a security processing sequence in an operating system for smart cards may be made inoperative by an attacker. The attacks may disturb the processor operation and cause untimely jumps in the program memory.
  • this type of attack may delete intermediate processing on data used in subsequent processing or modify program pointers to data to be processed.
  • the result is that sensitive operations are executed with data other than that planned by the program designers.
  • the fact that a routine is executed with parameters other than those planned may have serious consequences in terms of security.
  • a defrauder could open access to areas of sensitive data, neutralise cryptographic operations and, for example, modify the loading of keys.
  • One objective of this invention is to propose an efficient defence to avoid executing a program with data other than that planned.
  • This invention concerns a method to secure an electronic assembly including processing means and storage means containing a program to be executed, characterised in that it consists in associating with at least one data item stored in said storage means at least one identification attribute used to classify said data item into a data family.
  • This invention also concerns an electronic module in which said method is implemented, a card comprising said module and a program to implement said method.
  • - figure 1 is a diagrammatic representation of an example of a device in which the method according to this invention is implemented;
  • - figures 2a and 2b are diagrammatic representations of part of the memory of the device according to this invention in, respectively, the absence and presence of an attack;
  • - figures 3a, 3b, 3c and 3d represent different steps of a cryptographic process and modifications in memory carried out at each of these steps according to the method subject of this invention.
  • the purpose of the method according to the invention is to secure an electronic assembly and for example a portable object such as a smart card implementing a program.
  • the electronic assembly comprises at least processing means such as a processor and storage means such as a memory.
  • the program to be secured is installed in the memory, for example ROM (Read Only Memory) type, of said assembly.
  • the electronic assembly described below corresponds to an onboard system comprising an electronic module 1 illustrated on figure l.
  • This type of module is generally realised as a monolithic integrated electronic microcircuit, or chip, which once physically protected by any known means can be assembled on a portable object such as for example a smart card, microcircuit or integrated circuit card (microprocessor card, etc.) or other card which can be used in various fields.
  • the electronic module 1 comprises a microprocessor CPU 3 with a two-way connection via an internal bus 5 to a non volatile memory 7 of type ROM, EEPROM (Electrical Erasable Programmable Read Only Memory), Flash, FeRam or other containing the program PRO 9 to be executed, a volatile memory 11 of type RAM, input/ output means I/O 13 to communicate with the exterior.
  • the program 9 comprises in particular routines to load data values in buffers in RAM memory 11, one or more computation processes such as a cryptographic computation function (for example a DES function).
  • the method according to the invention consists in ensuring that the program 9 uses the planned data during execution.
  • This invention consists in identifying sensitive data of the program by an attribute used to classify the data by a category, type, nature, use phase or other so that the data belongs to a given family and in checking the identification attribute during use.
  • the attribute is related to the function which uses the data and/ or to the use phase of said data in the program.
  • the attribute identifies the data item with respect to its use.
  • the data items are grouped into categories, classes such as for example input data, output data, etc. (classes corresponding to use phases), and/or the keys, scrambling data, etc. (classes corresponding to a function of the data item).
  • the attribute may also associate a data item with several classes.
  • the attribute associated with a key may correspond to the identifier of this key (MAC or other key): the data item therefore belongs to the class of MAC keys.
  • the key identifier occupies one byte: it is therefore possible to characterise the key on one extra byte.
  • the attribute belongs to two separate classes.
  • the attribute could be related to any other characteristics of the data, for example the owner.
  • the identification attribute is associated with the data item in memory (DATA) such that a pointer (P) to this data item points to the set formed by the data item and its attribute. If the pointer is modified (figure 2b), the data item pointed (DATA2) will be identified by another attribute or no attribute at all and incoherence between the expected data item and the data item pointed for the processing will be detected, thereby constituting a security defence.
  • the cryptographic algorithms may be subject to attacks by injecting faults designed to modify the data processed.
  • a disturbance on the pointer of the input message of a cryptographic computation function could allow the computation to be carried out with a false message corresponding to data stored in another area of the working memory, possibly an area at O.
  • the attacker could use this means to obtain a cryptogram with a chosen, or at least known, message.
  • a disturbance on the key loading operations or on the pointer of the key of a cryptographic computation function could be used to perform the computation with a false key corresponding to a key used in previous processing or to data stored in another area of the working memory. The attacker could use this means to cancel cryptographic operations or obtain a cryptogram with a chosen, or at least known, key.
  • a disturbance on the pointer of the output message of a cryptographic computation function could be used to avoid storing the result of the cryptographic operation at the place where it is expected by subsequent operations.
  • the attacker could use this means, in some cases, to delete the cryptographic operation from the functional point of view.
  • the invention applies by characterising the memory locations corresponding to the key and to the input and output messages with an attribute corresponding to the cryptographic computation function and taking into account the use of the parameter in the function.
  • the attribute is for example a "tag” byte prefixing the memory area in which the data item is stored.
  • the pointer on the data points to the memory area containing the "tag” and the data item.
  • the following values of the attributes associated with the data of the cryptographic computation are defined: 00: invalid data
  • FIG. 3a shows the following data items in memory: DATA 1 is the key K used in the cryptographic algorithm CRYPTO.
  • DATA 2 is the input message INPUT of said algorithm CRYPTO.
  • DATA 3 will contain the result RES obtained by the algorithm.
  • the attribute is initialised with the value 04 indicating that the memory area (buffer in RAM 11) does actually contain a key.
  • the routine to load the key into the input buffer of the cryptography algorithm therefore includes initialisation of the attribute associated with the key to the value planned by said loading routine.
  • One or more instructions must be added to the software loading routine (loading into RAM or other) of known type in order to assign a value to the attribute of the data item concerned (in this case the key) .
  • the attributes of the input message and of the key are checked.
  • Said routine includes a check on the attribute values.
  • One or more instructions must be added to the software routine of the computation process (in this case the DES) or of any other process of known type in order to check the values of the attributes loaded in the buffer by comparison with the values planned in said routine or stored in memory (7). If the attributes loaded in the buffer do not correspond to the values planned in the routine (04 or 01), a disturbance in program execution is detected and a security defence is triggered.
  • the attributes of the key and of the input message are initialised to 00, then the attribute of the output message is initialised to 02, indicating that the result of the cryptographic computation is available. This attribute will enable the function processing the result of the computation to check that the memory location does actually store the result of a cryptographic computation.
  • This mechanism can be used to detect the attacks mentioned above.
  • An attack intended to delete the key loading operation will be detected since the value of the attribute of the memory location which should contain the key will not be 04.
  • An attack intended to modify the key pointer will be detected since the memory area pointed by the modified pointer will have an attribute corresponding to the value present at this memory location instead of 04.
  • modifying the pointer of the output message will initialise the attribute to a value other than 01 in an area different from that reserved for this data item.
  • the attribute of the memory location containing the real output message will keep the value 00, so the attack will be detected when processing this result.
  • This mechanism can be extended systematically to the entire software program by associating to each data item an attribute corresponding to the function in which this data item is either an input parameter or an output parameter and by identifying the order number in the list of parameters.
  • the attributes of the input parameters are initialised when initialising the parameters (loading into RAM memory or into a buffer of a computation process) before calling the function (or computation process) and checked at the start of the function (the DES cryptographic function in the example illustrated above).
  • the attributes of the output parameters are initialised before the function return and checked after the function return. This mechanism can therefore be implemented in a compiler.
  • the code to initialise the attribute of the parameter to be protected and the code to check the attribute must be added.
  • An additional byte is required in RAM memory for each data item to be protected.
  • the value of the attribute is checked by a cryptographic hardware module, for example the DES hardware module.
  • the hardware module e.g. DES
  • the hardware module checks the value of the attribute.
  • the attribute is stored in memory (for example in EEPROM memory 7) permanently.
  • the attribute is defined and associated with a data item permanently, for example during the personalisation.
  • the attribute is predetermined and cannot be changed.
  • a key is stored in EEPROM together with the attribute identifying a key 04.
  • the key is loaded into RAM, the key is accompanied by its attribute.
  • the value of the attribute can be erased; in this case, the data item can no longer be used and its value must be obtained from EEPROM to launch a computation process.

Abstract

The method according to this invention concerns a method to secure an electronic assembly including processing means and storage means (7, 11) containing a program to be executed. The method consists in associating with at least one data item stored in said means (7,11) at least one identification attribute used to classify said data item into a data family. This invention also concerns the electronic module in which said method is implemented and the card comprising said module.

Description

METHOD TO SECURE WRITING IN MEMORY AGAINST ATTACKS BY RADIATION OR OTHER
This invention concerns a method and a device to secure an electronic assembly implementing a program to be protected. More precisely, the purpose of the method is to propose a defence against attacks by radiation, flash, light, laser, glitch or other and more generally against any attack disturbing the execution of the program instructions.
These attacks modify the instructions to be executed, the data used and/ or the addresses of said data, resulting in non-execution or incorrect execution of certain parts of the program or producing incorrect results.
TECHNICAL FIELD
When a program is executed by a microprocessor, attacks for example by injecting faults via laser, glitch or electromagnetic radiation modify the instruction codes executed by the processor or the addresses of the data to be processed. The program instructions may be replaced by instructions producing a different effect: for example, the attacks may convert any instruction codop into an inoperative instruction code (codop 00h, BRSETO, NOP or AVR depending on the microprocessor). Consequently, certain sections of the code fail to execute or execute irregularly: a security processing sequence in an operating system for smart cards may be made inoperative by an attacker. The attacks may disturb the processor operation and cause untimely jumps in the program memory.
In addition, this type of attack may delete intermediate processing on data used in subsequent processing or modify program pointers to data to be processed. In both cases, the result is that sensitive operations are executed with data other than that planned by the program designers. The fact that a routine is executed with parameters other than those planned may have serious consequences in terms of security. Through this type of attack, a defrauder could open access to areas of sensitive data, neutralise cryptographic operations and, for example, modify the loading of keys.
One objective of this invention is to propose an efficient defence to avoid executing a program with data other than that planned.
SUMMARY OF THE INVENTION
This invention concerns a method to secure an electronic assembly including processing means and storage means containing a program to be executed, characterised in that it consists in associating with at least one data item stored in said storage means at least one identification attribute used to classify said data item into a data family.
Consequently, when the program is executed, a check is carried out to ensure that the attribute of the data item used by the program corresponds to the planned data item. Otherwise, an attack is detected.
This invention also concerns an electronic module in which said method is implemented, a card comprising said module and a program to implement said method.
BRIEF DESCRIPTION OF THE DRAWINGS
Other purposes, features and advantages of the invention will appear on reading the description which follows of the implementation of the method according to the invention and of a mode of realisation of an electronic assembly designed for this implementation, given as a non- limiting example, and referring to the attached drawings in which:
- figure 1 is a diagrammatic representation of an example of a device in which the method according to this invention is implemented; - figures 2a and 2b are diagrammatic representations of part of the memory of the device according to this invention in, respectively, the absence and presence of an attack; - figures 3a, 3b, 3c and 3d represent different steps of a cryptographic process and modifications in memory carried out at each of these steps according to the method subject of this invention.
WAY OF REALISING THE INVENTION
The purpose of the method according to the invention is to secure an electronic assembly and for example a portable object such as a smart card implementing a program. The electronic assembly comprises at least processing means such as a processor and storage means such as a memory. The program to be secured is installed in the memory, for example ROM (Read Only Memory) type, of said assembly.
As a non-limiting example, the electronic assembly described below corresponds to an onboard system comprising an electronic module 1 illustrated on figure l.This type of module is generally realised as a monolithic integrated electronic microcircuit, or chip, which once physically protected by any known means can be assembled on a portable object such as for example a smart card, microcircuit or integrated circuit card (microprocessor card, etc.) or other card which can be used in various fields.
The electronic module 1 comprises a microprocessor CPU 3 with a two-way connection via an internal bus 5 to a non volatile memory 7 of type ROM, EEPROM (Electrical Erasable Programmable Read Only Memory), Flash, FeRam or other containing the program PRO 9 to be executed, a volatile memory 11 of type RAM, input/ output means I/O 13 to communicate with the exterior. In the example illustrated below, the program 9 comprises in particular routines to load data values in buffers in RAM memory 11, one or more computation processes such as a cryptographic computation function (for example a DES function).
The method according to the invention consists in ensuring that the program 9 uses the planned data during execution. This invention consists in identifying sensitive data of the program by an attribute used to classify the data by a category, type, nature, use phase or other so that the data belongs to a given family and in checking the identification attribute during use. According to the form of realisation described in detail in the following description, the attribute is related to the function which uses the data and/ or to the use phase of said data in the program. The attribute identifies the data item with respect to its use. The data items are grouped into categories, classes such as for example input data, output data, etc. (classes corresponding to use phases), and/or the keys, scrambling data, etc. (classes corresponding to a function of the data item). The attribute may also associate a data item with several classes. For example, the attribute associated with a key may correspond to the identifier of this key (MAC or other key): the data item therefore belongs to the class of MAC keys. The key identifier occupies one byte: it is therefore possible to characterise the key on one extra byte. In this case, the attribute belongs to two separate classes. The attribute could be related to any other characteristics of the data, for example the owner.
As shown on figure 2a, the identification attribute (TAG) is associated with the data item in memory (DATA) such that a pointer (P) to this data item points to the set formed by the data item and its attribute. If the pointer is modified (figure 2b), the data item pointed (DATA2) will be identified by another attribute or no attribute at all and incoherence between the expected data item and the data item pointed for the processing will be detected, thereby constituting a security defence.
The cryptographic algorithms may be subject to attacks by injecting faults designed to modify the data processed.
A disturbance on the pointer of the input message of a cryptographic computation function could allow the computation to be carried out with a false message corresponding to data stored in another area of the working memory, possibly an area at O.The attacker could use this means to obtain a cryptogram with a chosen, or at least known, message. A disturbance on the key loading operations or on the pointer of the key of a cryptographic computation function could be used to perform the computation with a false key corresponding to a key used in previous processing or to data stored in another area of the working memory. The attacker could use this means to cancel cryptographic operations or obtain a cryptogram with a chosen, or at least known, key.
A disturbance on the pointer of the output message of a cryptographic computation function could be used to avoid storing the result of the cryptographic operation at the place where it is expected by subsequent operations. The attacker could use this means, in some cases, to delete the cryptographic operation from the functional point of view.
In the special form of realisation described below and illustrated in figures 3a to 3d, the invention applies by characterising the memory locations corresponding to the key and to the input and output messages with an attribute corresponding to the cryptographic computation function and taking into account the use of the parameter in the function.
The attribute is for example a "tag" byte prefixing the memory area in which the data item is stored. The pointer on the data points to the memory area containing the "tag" and the data item. The following values of the attributes associated with the data of the cryptographic computation are defined: 00: invalid data
01 : computation input message 03: computation output message 04: cryptographic computation key
Before initialising the parameters of the cryptographic computation function, the memory locations in RAM 11 are characterised by the attribute 00 indicating that no valid data is available. Figure 3a shows the following data items in memory: DATA 1 is the key K used in the cryptographic algorithm CRYPTO.
DATA 2 is the input message INPUT of said algorithm CRYPTO. DATA 3 will contain the result RES obtained by the algorithm. As shown on figure 3b, when the value DATAl of the key K has been loaded into the planned location, i.e. in this case loaded into the input buffer memory (buffer in RAM 11) of a cryptography algorithm such as, for example, the DES algorithm, the attribute is initialised with the value 04 indicating that the memory area (buffer in RAM 11) does actually contain a key. The routine to load the key into the input buffer of the cryptography algorithm therefore includes initialisation of the attribute associated with the key to the value planned by said loading routine.
One or more instructions must be added to the software loading routine (loading into RAM or other) of known type in order to assign a value to the attribute of the data item concerned (in this case the key) .
Similarly, loading of the value DATA2 of the input message INPUT (figure 3c) is followed by initialisation of the attribute associated with the value 01.The attribute associated with the computation output message is left at value 00 indicating that no valid result is available.
When executing the cryptographic computation function and more especially in the example described when executing the DES software routine, the attributes of the input message and of the key are checked. Said routine includes a check on the attribute values. One or more instructions must be added to the software routine of the computation process (in this case the DES) or of any other process of known type in order to check the values of the attributes loaded in the buffer by comparison with the values planned in said routine or stored in memory (7). If the attributes loaded in the buffer do not correspond to the values planned in the routine (04 or 01), a disturbance in program execution is detected and a security defence is triggered. After the computation has been performed (figure 3d), the attributes of the key and of the input message are initialised to 00, then the attribute of the output message is initialised to 02, indicating that the result of the cryptographic computation is available. This attribute will enable the function processing the result of the computation to check that the memory location does actually store the result of a cryptographic computation.
This mechanism can be used to detect the attacks mentioned above. An attack intended to delete the key loading operation will be detected since the value of the attribute of the memory location which should contain the key will not be 04. An attack intended to modify the key pointer will be detected since the memory area pointed by the modified pointer will have an attribute corresponding to the value present at this memory location instead of 04. As for an attack intended to modify the pointer of the input message, modifying the pointer of the output message will initialise the attribute to a value other than 01 in an area different from that reserved for this data item. The attribute of the memory location containing the real output message will keep the value 00, so the attack will be detected when processing this result. This mechanism can be extended systematically to the entire software program by associating to each data item an attribute corresponding to the function in which this data item is either an input parameter or an output parameter and by identifying the order number in the list of parameters. The attributes of the input parameters are initialised when initialising the parameters (loading into RAM memory or into a buffer of a computation process) before calling the function (or computation process) and checked at the start of the function (the DES cryptographic function in the example illustrated above). The attributes of the output parameters are initialised before the function return and checked after the function return. This mechanism can therefore be implemented in a compiler.
To implement this mechanism, the code to initialise the attribute of the parameter to be protected and the code to check the attribute must be added. An additional byte is required in RAM memory for each data item to be protected. According to another form of realisation, the value of the attribute is checked by a cryptographic hardware module, for example the DES hardware module. In this case, there is no need to add code: the hardware module (e.g. DES) checks the value of the attribute.
According to a development of this invention, the attribute is stored in memory (for example in EEPROM memory 7) permanently. The attribute is defined and associated with a data item permanently, for example during the personalisation. The attribute is predetermined and cannot be changed. As an illustration, a key is stored in EEPROM together with the attribute identifying a key 04. When the key is loaded into RAM, the key is accompanied by its attribute. In RAM, the value of the attribute can be erased; in this case, the data item can no longer be used and its value must be obtained from EEPROM to launch a computation process.

Claims

1- Method to secure an electronic assembly including processing means and storage means (7, 11) containing a program to be executed, characterised in that it consists in associating with at least one data item stored in said storage means (7, 11) at least one identification attribute used to classify said data item into a data family.
2 -Method according to claim 1, characterised in that it consists in associating with at least one data item stored in said storage means at least one identification attribute used to classify said data item into a data family so as to detect an attack when the attribute does not correspond to the family expected when using said data item in the program.
3- Method according to claim 1 or 2, characterised in that the attribute identifies the data item with respect to its use in the program.
4- Method according to claim 3, characterised in that the attribute is related to the function of said data item in the program or a part of it and/ or to the use phase of this data item in said program or a part of it.
5- Method according to one of claims 1 to 4, characterised in that the attribute is stored in said storage means (7,11) with the corresponding data item such that an access in memory to the data item provides access to the corresponding attribute if any.
6- Method to secure an electronic assembly including processing means and storage means (7, 11) containing a program to be executed, characterised in that it consists, during the execution of said program using at least one data item, in checking that one or more identification attributes associated with said data item stored in said storage means and used to classify said data item into a data family correspond to the expected family(ies).
7- Method according to claim 6, characterised in that it consists, during the execution of said program using at least one data item, in checking that one or more identification attributes associated with said data item stored in said storage means and used to classify said data item into a data family correspond to the expected family(ies) so as to detect an attack when this is not the case.
8- Electronic module including processing means and storage means (7, 11) containing a program to be executed, characterised in that the storage means (7) comprise at least one identification attribute of a data item stored in said means (7) used to classify said data item into a data family and/ or in that it comprises means used to associate with at least one data item stored in said storage means (11) at least one identification attribute used to classify said data item into a data family.
9- Card characterised in that it comprises the electronic module according to claim 8.
10- Computer program comprising program code instructions to execute the steps of the method according to one of claims 1 to 7 when said program is run in an electronic module.
PCT/IB2006/000344 2005-02-25 2006-02-21 Method to secure writing in memory against attacks by radiation or other WO2006090231A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP05290446A EP1698958A1 (en) 2005-02-25 2005-02-25 Method for securing the writing in memory against radiation attacks or other attacks
EP05290446.3 2005-02-25

Publications (2)

Publication Number Publication Date
WO2006090231A2 true WO2006090231A2 (en) 2006-08-31
WO2006090231A3 WO2006090231A3 (en) 2007-04-12

Family

ID=34941969

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/000344 WO2006090231A2 (en) 2005-02-25 2006-02-21 Method to secure writing in memory against attacks by radiation or other

Country Status (2)

Country Link
EP (1) EP1698958A1 (en)
WO (1) WO2006090231A2 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4184201A (en) * 1978-04-26 1980-01-15 Sperry Rand Corporation Integrating processor element
US4879645A (en) * 1984-03-31 1989-11-07 Kabushiki Kaisha Toshiba Data processing device with high security of stored programs
US4962533A (en) * 1989-02-17 1990-10-09 Texas Instrument Incorporated Data protection for computer systems
EP0407060A2 (en) * 1989-06-30 1991-01-09 Novell, Inc. Method of providing mandatory secrecy and integrity file security in a computer system
DE10113828A1 (en) * 2001-03-21 2002-09-26 Infineon Technologies Ag Processor for secure data and command processing investigates called up command security marker and carries out called up command on called up data if marker has defined value
US6490720B1 (en) * 2001-05-11 2002-12-03 Sospita As Sequence numbering mechanism to ensure execution order integrity of inter-dependent smart card applications
EP1262857A2 (en) * 2001-05-15 2002-12-04 Fujitsu Limited Information processing apparatus and method of controlling an access level
WO2003048908A2 (en) * 2001-12-03 2003-06-12 Advanced Micro Devices, Inc. Method and apparatus for restricted execution of security sensitive instructions

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2757972B1 (en) * 1996-12-31 1999-02-19 Bull Cp8 METHOD FOR SECURING A SECURITY MODULE, AND RELATED SECURITY MODULE
FR2849230B1 (en) * 2002-12-24 2005-04-22 Francois Bangui METHOD AND APPARATUS FOR VERIFYING THE INTEGRITY OF A SOFTWARE APPLICATION WITHOUT AN ENCRYPTION / DECRYMENT KEY

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4184201A (en) * 1978-04-26 1980-01-15 Sperry Rand Corporation Integrating processor element
US4879645A (en) * 1984-03-31 1989-11-07 Kabushiki Kaisha Toshiba Data processing device with high security of stored programs
US4962533A (en) * 1989-02-17 1990-10-09 Texas Instrument Incorporated Data protection for computer systems
EP0407060A2 (en) * 1989-06-30 1991-01-09 Novell, Inc. Method of providing mandatory secrecy and integrity file security in a computer system
DE10113828A1 (en) * 2001-03-21 2002-09-26 Infineon Technologies Ag Processor for secure data and command processing investigates called up command security marker and carries out called up command on called up data if marker has defined value
US6490720B1 (en) * 2001-05-11 2002-12-03 Sospita As Sequence numbering mechanism to ensure execution order integrity of inter-dependent smart card applications
EP1262857A2 (en) * 2001-05-15 2002-12-04 Fujitsu Limited Information processing apparatus and method of controlling an access level
WO2003048908A2 (en) * 2001-12-03 2003-06-12 Advanced Micro Devices, Inc. Method and apparatus for restricted execution of security sensitive instructions

Also Published As

Publication number Publication date
EP1698958A1 (en) 2006-09-06
WO2006090231A3 (en) 2007-04-12

Similar Documents

Publication Publication Date Title
US8689338B2 (en) Secure terminal, a routine and a method of protecting a secret key
US20060047954A1 (en) Data access security implementation using the public key mechanism
US8224852B2 (en) Method for protecting product data from unauthorized access
EP1692594B1 (en) Method to secure the execution of a program against attacks by radiation or other
JP2007226839A (en) Memory unit and system for storing data structure
US7228463B2 (en) Method to secure the execution of a program against attacks by radiation or other
JP2003141488A (en) Microcontroller using high class programming language
US20080181407A1 (en) Method for protecting a control device against manipulation
WO2006064318A1 (en) Method to secure writing in memory against attacks by radiation or other means
US20070006224A1 (en) Controlled execution of a program used for a virtual machine on a portable data carrier
EP2876593A1 (en) Method of generating a structure and corresponding structure
Hamadouche et al. Subverting byte code linker service to characterize java card api
JP4378459B2 (en) Securing downloaded applications, especially on smart cards
EP1739519A1 (en) Method to secure the execution of a program against attacks by radiation or other
US20060289656A1 (en) Portable electronic apparatus and data output method therefor
Lackner et al. Towards the hardware accelerated defensive virtual machine–type and bound protection
WO2006090231A2 (en) Method to secure writing in memory against attacks by radiation or other
EP4002165A1 (en) Code flow protection with error propagation
US7806319B2 (en) System and method for protection of data contained in an integrated circuit
EP1456730B1 (en) Method and system for module chaining control in a modular software architecture
Bouffard et al. Heap Hop! Heap Is Also Vulnerable
JP6424633B2 (en) Electronic information storage medium, abnormality detection method, and program
CN113434247B (en) Safety protection method for JAVA card virtual machine
US7822953B2 (en) Protection of a program against a trap
JP7247638B2 (en) Electronic information storage medium, IC card, falsification check method, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06710417

Country of ref document: EP

Kind code of ref document: A2

WWW Wipo information: withdrawn in national office

Ref document number: 6710417

Country of ref document: EP