Classifications

• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
  • G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
  • G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
  • G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
  • G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
  • G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
• • G—PHYSICS
  • G01—MEASURING; TESTING
  • G01R—MEASURING ELECTRIC VARIABLES; MEASURING MAGNETIC VARIABLES
  • G01R31/00—Arrangements for testing electric properties; Arrangements for locating electric faults; Arrangements for electrical testing characterised by what is being tested not provided for elsewhere
  • G01R31/28—Testing of electronic circuits, e.g. by signal tracer
  • G01R31/317—Testing of digital circuits
  • G01R31/31719—Security aspects, e.g. preventing unauthorised access during test

Definitions

• the present invention relates to methods which make it possible to protect integrated circuits against fraudulent use by unauthorized persons. It applies in particular to integrated circuits intended to be used in "smart cards", as well as to specialized circuits known under the name of ASIC which often represent the main part of the performance of the equipment in which they are integrated. All these circuits include at least one memory and a greater or lesser number of logic circuits which may possibly go as far as constituting a microprocessor.
• the mounting circuits in cards is delicate but does not present excessive difficulties and personalization of the card is very simple because the data stored in the memory is not particularly confidential, since it is mostly readable in cards regularly put into circulation. As for testing purposes, before assembly and personalization, all the memory cells must be accessible in read / write mode, it suffices to write this data there.
• the invention provides a method of protecting an integrated circuit against fraudulent use, this integrated circuit comprising a memory and logic circuits for managing this memory, mainly characterized in that:
• the content of at least one secret memory address is physically determined from the geometry of at least one of the manufacturing masks of the circuit, so that this content represents a code secret which makes it possible to lock at least the writing or at least the reading of at least part of this memory; and to then unlock the memory, the secret code contained in the secret address is read and a code identical to the management logic circuits is presented to compare them.
• FIG. 2 a diagram also partial and didactic of the memory and an associated register of a circuit according to the invention.
• FIG. 1 has been made to explain the method according to the invention and is unrelated to the physical reality of the components of the integrated circuit provided with protection means making it possible to implement the method according to the invention.
• the organs used in the normal operation of the circuit and known in themselves have also not been shown.
• This integrated circuit therefore comprises a memory 101 in which a program and data necessary for its normal use will be recorded, and organs not shown which allow the exploitation of these data and the progress of the program.
• the content of the words in the memory is written from a write input and is presented after reading on a read output.
• the address selection for written and read words is made by an address entry.
• At least one determined word of memory has been written, the secret address of which is part of protection, a specific secret code.
• This registration is done by physical means when setting up the circuit, for example by adequately configuring at least one of the manufacturing masks.
• This word 102 is common to a whole manufacturing batch, this batch being able for example to be a set of semiconductor wafers or, for high security applications, only all the circuits of a single wafer.
• the length of the code is variable, again according to the desired degree of security, and if this length exceeds that of a single word, several words are used, possibly disjoint in memory, that is to say located at addresses not contiguous.
• the starting logic When the circuit is energized, the starting logic, not shown, positions a flip-flop 103, the output of which is connected to the logic test circuits 104 and to two doors 105 and 106, which respectively block the write input and the read output, i.e. access to memory for the user at this time.
• the data which are thus read, and which are blocked at output by the gate 106, are applied to a comparator 107 which moreover receives on an input code the code to be recognized to unblock the access to the circuit.
• the comparator recognizes the identity of the external code and of the content of the word read in the memory and it sends a signal "yes" to the flip-flop 103. This then changes state, releases the test logic and opens doors 105 and 106. We can then proceed to test the circuit and pre-personalize it. At the end of this step, the memory therefore includes an area in which the pre-personalization data are written.
• circuit 108 which feeds back on the flip-flop for the 'force him to stay in the right position.
• This circuit is for example a simple EPROM memory cell. It can be located in various places and for example be part of the startup logic, or even be directly integrated into the circuits that constitute the scale.
• a better solution consists in configuring the control logic of the integrated circuit in such a way that the word 102 disappears from the list of addressable words while replacing it with another, the last in memory for example. The configuration of this logic will then be done either by command from the blocking circuit 108, or from the output of the rocker
• fuses can also be used.
• the preferred solution consists in using, as shown in FIG. 2 here also in a purely explanatory manner, a separate register from the main memory to record the secret code.
• the memory 201 is identical to the memory 101, except that all of its words are blank.
• the secret code is contained in a separate register 202 (or possibly a separate memory) the address of which is the same as that of the word 102 in memory 101.
• the addressing of this register ⁇ e therefore takes place at the same time as that of the corresponding word in memory 201, represented by dotted lines in the figure.
• the content of register 202 is therefore read during the step of unlocking the integrated circuit and its content is transferred to the comparator 107 and the gate 106 through an AND gate 209 and an OR gate 210.
• the content of the word with the same address of the memory 201 is also applied to the gate OR 210, which is unimportant at this stage since this content is zero.
• Other provisions, giving an equivalent result, would make it possible not to read this word.
• test and pre-personalization The rest of the operation (test and pre-personalization) is identical to what has been described previously.
• any other embodiment can be used which complies with the logic rules described above, for example a fuse located on the output of the register 202, or on the read command thereof, or a switching circuit at the door place 210.
• the main protection resides in the prohibition of writing, then secondly in that of the output of reading, and finally in the blocking of the test functions.
• the main protection resides in the prohibition of writing, then secondly in that of the output of reading, and finally in the blocking of the test functions.
• the invention is not limited to integrated circuits intended for cards with fleas. It also extends, for example, to ASIC type circuits, the use of which is reserved for the user who has defined the specifications.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Hardware Design (AREA)
• Computer Security & Cryptography (AREA)
• General Engineering & Computer Science (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=9409852

Family Applications (1)

Country Status (6)

Families Citing this family (16)

Family Cites Families (14)

• 1991
  • 1991-02-19 FR FR9101933A patent/FR2673016B1/fr not_active Expired - Fee Related
• 1992
  • 1992-02-18 EP EP92906646A patent/EP0572515A1/de not_active Ceased
  • 1992-02-18 US US08/090,117 patent/US5740403A/en not_active Expired - Fee Related
  • 1992-02-18 WO PCT/FR1992/000157 patent/WO1992015074A1/fr not_active Ceased
  • 1992-02-18 JP JP4506387A patent/JPH0769951B2/ja not_active Expired - Fee Related
  • 1992-02-18 CA CA002104373A patent/CA2104373A1/fr not_active Abandoned

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events