[go: up one dir, main page]

HK1073001B - Microcircuit card whereof the performances can be modified after customization - Google Patents

Microcircuit card whereof the performances can be modified after customization Download PDF

Info

Publication number
HK1073001B
HK1073001B HK05106615.7A HK05106615A HK1073001B HK 1073001 B HK1073001 B HK 1073001B HK 05106615 A HK05106615 A HK 05106615A HK 1073001 B HK1073001 B HK 1073001B
Authority
HK
Hong Kong
Prior art keywords
card
command
performance characteristic
physical memory
modifying
Prior art date
Application number
HK05106615.7A
Other languages
German (de)
French (fr)
Chinese (zh)
Other versions
HK1073001A1 (en
Inventor
Huot Jean-Claude
Jayet Stéphane
Original Assignee
Idemia France
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from FR0212340A external-priority patent/FR2845502B1/en
Application filed by Idemia France filed Critical Idemia France
Publication of HK1073001A1 publication Critical patent/HK1073001A1/en
Publication of HK1073001B publication Critical patent/HK1073001B/en

Links

Description

The present invention relates to a microcircuit board whose performance can be modified after a step of personalization of the board, and a process for configuration of such a board.
Err1:Expecting ',' delimiter: line 1 column 82 (char 81)
Some operations can be performed on microcircuit boards after the customization step. For example, US Patent 6,273,335 describes a method and system for blocking or unblocking an application in a microcircuit board using an automatic authentication mechanism based on comparison of PIN numbers and passwords.
The invention has a preferred but not limited application in the field of mobile telecommunications microcircuit boards such as GSM compliant SIM cards or similarly compliant cards such as CDMA, TDMA or UMTS standards. In this context, the invention allows the performance of a customized mobile telecommunications card already assigned to a mobile telephone subscriber to be modified.
The change in the clock frequency of a microcircuit board is already known to the professional when it is made before the stage of personalization of the board.
Such a process is particularly used during the development phases of a microcircuit board, phases during which the boards are tested with different clock frequencies, the clock frequency of the board being then frozen before the customization is completed.
However, according to the above art, although applications can be installed after the card is personalised, as described, for example, in patent application WO 00/25278, the change in the performance of the card cannot be made after the card is personalised.
It would, however, be desirable to be able to modify the performance of a microcircuit board after customization, particularly after it has been placed on the market, or more generally after it has been allocated to a user.
For this purpose, the invention relates to a microcircuit board as defined in claim 1.
Correspondingly, the invention relates, in a second aspect, to a process for the configuration of a microcircuit board as defined in claim 11.
In the context of the present invention, a performance of a microcircuit board that can be modified by a configuration process in accordance with the present invention is to be understood as any hardware or software feature that is pre-existing in the board and not accessible after customization.
The invention thus allows the performance of a microcircuit board to be improved or degraded by sending the above command after customization, the card being already assigned to a user.
In a preferred mode of execution, these means of authentication include cryptographic means to verify whether the order has been encrypted with a predetermined authentication key.
These means of verification may use a hash function according to an algorithm such as MD4, MD5 or SHA-1.
Thus, according to this advantageous feature, changes to the card's performance require knowledge of the authentication key, which can be kept secret by an operator, the card manufacturer or any third party who thus reserves the possibility to change the card's performance.
In one embodiment, the above-mentioned authentication key is associated with the modification of a predetermined performance of a predetermined card.
According to another characteristic, the means of modification are adapted to determine which performance of the board is to be modified according to a predetermined order received in the order.
This feature allows, depending on the predetermined order received in the command, to modify one or more characteristics of the card.
In a particularly advantageous way, the means of reception are adapted to receive the order by SMS or similar protocol such as MMS (multimedia service).
This embodiment thus allows the modification of at least one performance of the card through a mobile telecommunications network.
Of course, in other modes of execution, the order can be received by the receiving means via a wired network or locally.
According to a preferred embodiment of the card according to the invention, the means of modification are adapted to change the size of a usable area of a physical memory of the card.
This feature allows the card's storage capacity to be increased, for example to allow new applications to be downloaded onto the card.
In a preferred variant of this embodiment, changing the size of the usable area of physical memory is done by creating or destroying at least one specific file contained in physical memory, or changing the size of at least one specific file contained in physical memory.
This file can be a file specifically created to occupy a physical memory space or a data file used by a microcircuit board application.
In another preferred embodiment, the means of modifying at least one performance are adapted to modify, reversibly or not, a clock frequency of the card.
Depending on this particular feature, the computing speed of a processor or cryptographic component of the card can be increased, which allows more complex processing of the digital data received by the microcircuit board.
In another embodiment, the means of modifying at least one performance are adapted to allow or prevent, reversibly or not, the use of at least one software function of the card.
This particular feature allows the validation of software applications originally planned on the card but invalidated before the end of its personalisation.
Such a software function may be, for example, a cryptographic function such as a digital data signature control function.
Similarly, in another embodiment, the means of modifying the performance of the card are adapted to allow or prevent, in a reversible or non-reversible manner, the use of all or part of an electronic circuit of the card, such as a cryptographic unit.
Cryptographic processing which was carried out by software can thus be advantageously accelerated by the use of this cryptographic unit.
In a preferred embodiment, the microcircuit board according to the invention also has synchronization means suitable for verifying the uniqueness of the control.
This particular feature makes it advantageous to avoid dishonest use of the microcircuit board by preventing a second time consideration of an order already received and copied fraudulently.
The advantages and special features of the configuration process of the invention are similar to those described above for the microcircuit board of the invention and will not be mentioned here.
Other aspects and advantages of the present invention will be more clearly seen by reading the descriptions of a particular embodiment which will follow, this description being given by way of non-limiting example is made by reference to the attached drawings on which: Figure 1 shows schematically the architecture of a microcircuit board according to the invention; Figure 2 shows a control according to the present invention in a preferred embodiment; and Figure 3 shows, in the form of an organization diagram, the main steps of a configuration process according to the invention in a preferred embodiment.
Figure 1 shows in a schematic manner the architecture of a microcircuit board 100 according to the invention.
The microcircuit board 100 consists mainly of a CPU processor which is conventionally combined with a number of RAM, ROM and EEPROM types.
ROM memory contains in particular instructions for a computer program suitable for implementing a configuration process according to the present invention, the main steps of which will be described later in reference to Figure 3.
Similarly, RAM has registers necessary for the execution of this program.
The microcircuit board 100 also contains a physical memory, e.g. an EEPROM type memory, the size of which can be changed after customization of a usable area 110.
The microcircuit board 100 also contains an electronic circuit 120, which is made up in the embodiment described here by a cryptographic unit.
The microcircuit board 100 also receives a signal from a CLOCK clock external to the board, which is supplied to the various components of the board.
In the particular embodiment described here, the microcircuit board 100 has a PLL (Phase Lock Looping) component known to the professional and enabling signals at different clock frequencies to be derived from the signal of the external clock CLOCK.
Specifically, in the embodiment described herein, the usable area 110 of the EEPROM memory has a mult_horl register to store a multiplier factor applied to the frequency of the CLOCK external clock signal.
When the microcircuit board is powered on, the CPU reads this mult_horl register and programs the PLL component with the value contained in this register, the clock signal output from the PLL component being then applied to certain components of the board.
In the embodiment described here, the PLL component thus allows the computational speed of the CPU and the cryptographic unit 120 to be changed.
The microcircuit board 100 of the invention has RX receivers for a 200 command which will now be described in a preferred embodiment by reference to Figure 2.
The 200 command contains a field 210 containing a predetermined order, the analysis of which determines which performance of the 100 card needs to be changed.
In the embodiment example described here, the performance of the microcircuit board 100 that can be changed after customization are, the size of the usable area 110 of the EEPROM physical memory, the clock signal frequency, a software function f implemented by the CPU and the electronic circuit 120.
In the preferred embodiment described herein, the 210-order is one octet of which: the first bit (bit1) and second bit (bit2) represent an order to create or destroy a usable area 110, or an order to change the size of the usable area 110 of the physical EEPROM of the microcircuit board 100; the third bit (bit3) and fourth bit (bit4) are a factor multiplier of the frequency of the clock signal provided by the external clock CLOCK; the fifth bit (bit5) represents an order to use or not to use a software function f of the card; the sixth bit (bit6) represents an order to use or not to use the electronic circuit 120 and the seventh and eighth bits are not used;
In the preferred embodiment described herein, the RX receiver means are adapted to receive the 200 command according to the SMS protocol, e.g. by means of the ENVELOPE command of this protocol, and to store this 200 command in a RAM RAM area.
The microcircuit board 100 also contains means of authenticating a transmitter of the command 200.
In a preferred embodiment, authentication means include cryptographic means to verify whether the 200 command has been encrypted with a predetermined AUTH authentication key, the AUTH authentication key being stored in an AUTH part of the usable area 110 of the EEPROM at the time of card customization.
These cryptographic means may consist of a computer program executed by the CPU, which contains instructions for implementing a public key decryption algorithm such as the RSA algorithm known to the professional.
In the preferred embodiment described herein, the microcircuit board 100 shall also have synchronization devices 130 suitable for verifying the uniqueness of the 200 command, so as to prevent a 200 command already received and fraudulently copied from being taken into account a second time in an unauthorized manner.
The synchronisation means 130 may in particular consist of an electronic circuit implementing the verification test E35 described below by reference to Figure 3.
Depending on a preferred embodiment, the CPU determines, from the command 200, the performance (s) of the microcircuit board 100 to be modified.
In particular, if the couplet (bit1, bit2) consisting of the first bit1 and the second bit2 of the order 210 is equal to (1,1), this means that the size of the usable area 110 of the EEPROM physical memory should, if possible, be increased.
In practice, and in the preferred embodiment described here, the microcircuit board 100 has, before customization, a computer file FICHIER_VOID in the EEPROM physical memory such that when the couplet (bit1, bit2) is equal to (1, 1), the CPU destroys this file FICHIER_VOID thus freeing up part of the EEPROM physical memory.
Alternatively, when the couplet (bit1, bit2) is equal to (1,1), the size of the usable area of the EEPROM physical memory is (if possible) increased by decreasing the size of the FICHIER_VOID file in a predetermined manner, for example by 16 kilobytes.
Similarly, in the preferred embodiment described here, when the couplet (bit1, bit2) is equal to (0,0), this means that the size of the usable area 110 of the EEPROM physical memory should be decreased if possible, this being done by increasing (if possible) the size of the FICHIER_VOID file in a predetermined manner, for example by 16 kilobytes.
Alternatively, when the couplet (bit1, bit2) is equal to (0,0), this means that a FICHIER_VOID file should be created, if possible, at a predetermined address and size in the EEPROM physical memory.
In the embodiment described here, receipt of a 200 command whose couplet (bit1, bit2) is (1,0) or (0,1) is without effect.
In accordance with ISO 7816, modification of the characteristics (creation, destruction, resize) of the FICHIER_VOID file may require a specific CLEF key 220 received in command 200, as shown in Figure 2.
In another preferred embodiment, several files of the same type can be previewed before card customization, which allows the size of the usable area of the EEPROM physical memory to be increased, gradually, by destroying these files.
On the other hand, when the microcircuit board 100 receives the order 210, the CPU processor obtains, by reading the third bit3 and fourth bit4 bits of this order 210, a clock multiplier factor.
In the preferred embodiment described here, this clock multiplier factor is 1, 2 and 3 respectively for the couplet values (bit3, bit4) equal to (0,1), (1,0), (1,1) respectively.
In the particular embodiment described here, this multiplier factor is stored in the mult_horl register of the usable area 110 of the EEPROM, this register being read by the CPU on power-on to set the PLL component.
In the embodiment described herein, the microcircuit board shall have modification means suitable to enable or prevent the use of a software function f of the board.
In practice, the ROM memory has a computer program that can invoke this software function f when a soft register of the usable area 110 of the non-volatile EEPROM memory contains the value 1.
Upon receipt of the 200 command, the CPU reads and writes into the soft register the value of the fifth bit bit5 of the predetermined order received in the 200 command.
In the example described here, the software function is a cryptographic function or a control function of a digital data signature received by the RX receiving means.
The microcircuit board 100 shall also have modification means suitable to enable or prevent the use of all or part of an electronic circuit 120 on the board.
In the embodiment described herein, this electronic circuit 120 contains a cryptographic unit.
In practice, the use of this electronic circuit 120 is possible after writing the value 1 in a hard register of this component, the value of this register being modified by the CPU with the content of the sixth bit bit6 of the predetermined order.
In the example described here, changing the clock frequency, allowing or preventing the use of the software function or electronic component are reversible operations; in another embodiment, at least one of these operations may not be reversible.
We shall now describe, with reference to Figure 3, the main steps of a configuration process according to the invention in a preferred mode of implementation.
The configuration process involves a first step E10 of customization, which is known to the professional and will be described in detail here.
In any case, this personalisation step involves writing into a memory part of the card, for example into the EEPROM, data specific to that card or a user of that card.
In the example described here, this personalisation step involves in particular writing the AUTH authentication key value into an EEPROM of the microcircuit board 100.
This personalisation step also includes the creation of the FICHIER_VOID file and its key 220 in EEPROM.
Step E10 is followed by step E20 of receipt of the 200 command described above with reference to Figure 2.
Step E20 is followed by a verification step E30 in which the CPU authenticates a sender of the 200 command. This authentication step is performed, in the embodiment described here, by checking whether the 200 command has been encrypted with a predetermined AUTH authentication key, the AUTH authentication key being stored in a register in the EEPROM memory at the time of card customization.
If this is not the case, the test E30 shall be negative and this test shall be followed by the E20 step of receipt of a previously described order.
On the other hand, if the issuer of the 200 command is authenticated as authorised to issue the 200 command, the result of the test E30 is positive.
This test is then followed by an E35 test to verify the uniqueness of the 200 command. This verification test E35 prevents a 200 command already received and fraudulently copied from being taken into account a second time in an unauthorised manner.
As is known, this verification test E35 can be implemented by incorporating a message number in each order 200, with this number incremented for each order, and comparing this number received in a particular order 200 with the value of the number received in the previous order 200.
If the 200 command has already been received, the result of the E35 verification test is negative, which is then followed by the E20 step of receipt of a 200 command already described.
On the other hand, if the 200 command is received for the first time, the result of the E35 verification test is positive.
This test is then followed by a step E40 in which the size of the usable area 110 of the EEPROM physical memory is changed according to the values of the first and second bits (bit1, bit2) of the predetermined order 210 received in the command 200.
According to the various embodiments described above with reference to Figure 1, this step E40 is performed by creating, destroying the FICHIER_VOID file contained in the EEPROM physical memory, or by changing the size of this FICHIER_VOID file.
Step E40 of changing the size of the usable area 110 of the EEPROM physical memory is followed by step E60 in which the external clock frequency multiplier factor CLOCK is stored in the mult_horl register of the usable area 110 of the EEPROM memory, this register being read by the CPU on power-on to set the PLL component, which has the effect of reversively changing the clock frequency of the card.
As described above, the multiplier factor of this clock frequency is determined by the value of the third bit bit3 and the fourth bit bit4 of the predetermined 210-order.
The clock rate change step E60 is followed by a step E70 in which the CPU writes to the soft register of non-volatile EEPROM the value of the fifth bit bit5 of the order 210.
As described above, when this soft register stores the value 1, a software function f e.g. a cryptographic function such as a digital data signature control function is made accessible in that it can be invoked by a computer program stored in ROM or EEPROM.
Step E70 is followed by step E80 in which the CPU stores in the hard register of the electronic circuit 120 the value of the sixth bit bit6 of the predetermined order.
When this hard register stores the value 1, the use of this electronic circuit 120 is permitted. In the preferred embodiment described here, this electronic circuit 120 is a cryptographic unit.
Step E80 is followed by step E20 of receipt of an order already described.

Claims (19)

  1. A microcircuit card (100) comprising means (RX) for receiving a command (200) and means for modifying at least one characteristic of the performance of said card on reception of said command, wherein the modification means can be used after a step (E10) of personalization of said card, and also comprise cryptographic means for authenticating a sender of said command, said at least one performance characteristic targeting at least one characteristic pre-existing in said card, said reception means (RX) being characterized in that they are adapted to receive said command (200) in accordance with an SMS type protocol.
  2. The microcircuit card according to claim 1, characterized in that said authentication cryptographic means comprise an authentication key.
  3. The microcircuit card according to claim 1 or 2, characterized in that the modification means are adapted to determine said at least one performance characteristic as a function of a predetermined order (210) received in said command (200).
  4. The microcircuit card according to any one of claims 1 to 3, characterized in that said means for modification of at least one performance characteristic are adapted to modify the size of a usable area (110) of a physical memory (EEPROM) of said card.
  5. The microcircuit card according to claim 4, characterized in that said modification of the size of a usable area (110) of a physical memory (EEPROM) is effected by creating or destroying at least one specific file (FICHIER_VOID) comprised in said physical memory, or by modifying the size of at least one specific file (FICHIER_VOID) comprised in said physical memory.
  6. The microcircuit card according to any one of claims 1 to 5, characterized in that said means for modification of at least one performance characteristic are adapted to modify a clock frequency of said card, reversibly or not.
  7. The microcircuit card according to any one of claims 1 to 6, characterized in that said means for modification of at least one performance characteristic are adapted to allow or prevent the use of at least one software function (f) of said card, reversibly or not.
  8. The microcircuit card according to any one of claims 1 to 7, characterized in that said means for modification of at least one performance characteristic are adapted to allow or prevent the use of all or part of an electronic circuit (120) of said card, reversibly or not.
  9. The microcircuit card according to claim 8, characterized in that said electronic circuit (120) is a cryptographic unit.
  10. The microcircuit card according to any one of claims 1 to 9, characterized in that it further comprises synchronization means (130) adapted to verify that said command (200) is unique.
  11. A method of configuring a microcircuit card (100) comprising the following successive steps:
    personalizing (E10) said card;
    receiving (E20) a command (200);
    cryptographically authenticating (E30) the sender of said command (200); and
    modifying (E40, E60, E70, E80) at least one characteristic of the performance of the card on reception of said command (200), said at least one performance characteristic targeting at least one characteristic pre-existing in said card, the method being characterized in that said step (E20) of receiving a command (200) is in accordance with an SMS type protocol.
  12. The configuration method according to claim 11, characterized in that, during said modifying step (E40, E60, E70, E80), said at least one performance characteristic is determined as a function of a predetermined order (210) received in said command (200).
  13. The configuration method according to any one of claims 11 to 12, characterized in that, during said step (F40) of modifying at least one performance characteristic, the size of a usable area (110) of a physical memory (EEPROM) of said card is modified.
  14. The configuration method according to claim 13, characterized in that, during said modification of the size of a usable area (110) of a physical memory (EEPROM), at least one specific file (FICHIER_VOID) included in said physical memory is created or destroyed or the size of at least one specific file (FICHIER_VOID) included in said physical memory is modified.
  15. The configuration method according to any one of claims 11 to 14, characterized in that, during said step (E60) of modifying at least one performance characteristic, a clock frequency of said card is modified, reversibly or not.
  16. The configuration method according to any one of claims 11 to 15, characterized in that, during said step (E70) of modifying at least one performance characteristic, the use of at least one software function (f) of said card is allowed or prevented, reversibly or not.
  17. The configuration method according to any one of claims 11 to 16, characterized in that, during said step (E80) of modifying at least one performance characteristic, the use of all or part of an electronic circuit (120) of said card is allowed or prevented, reversibly or not.
  18. The configuration method according to claim 17, characterized in that said electronic circuit (120) is a cryptographic unit.
  19. The configuration method according to any one of claims 11 to 18, characterized in that it comprises, prior to said step (E40) of modifying at least one performance characteristic, a step (E35) of verifying that said command (200) is unique.
HK05106615.7A 2002-10-04 2003-09-29 Microcircuit card whereof the performances can be modified after customization HK1073001B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR02/12340 2002-10-04
FR0212340A FR2845502B1 (en) 2002-10-04 2002-10-04 MICROCIRCUIT CARD WHOSE PERFORMANCES MAY BE MODIFIED AFTER CUSTOMIZATION.
PCT/FR2003/002854 WO2004032042A1 (en) 2002-10-04 2003-09-29 Microcircuit card whereof the performances can be modified after customization

Publications (2)

Publication Number Publication Date
HK1073001A1 HK1073001A1 (en) 2005-09-16
HK1073001B true HK1073001B (en) 2017-06-30

Family

ID=

Similar Documents

Publication Publication Date Title
EP2115655B1 (en) Virtual secure on-chip one time programming
JP4423711B2 (en) Semiconductor memory device and semiconductor memory device operation setting method
US7299358B2 (en) Indirect data protection using random key encryption
US20030014663A1 (en) Method for securing an electronic device, a security system and an electronic device
US20060174352A1 (en) Method and apparatus for providing versatile services on storage devices
CN117203655A (en) Technology that utilizes resource locators to perform a series of actions via contactless cards
JP2004104539A (en) Memory card
WO2009062965A2 (en) System and method for secure firmware update of a secure token having a flash memory controller and a smart card
EP1769355A2 (en) Secure data backup and recovery
EP2078272B1 (en) Protecting secret information in a programmed electronic device
EP1668472A2 (en) Secure protection method for access to protected resources in a processor
WO2002001368A2 (en) Embedded security device within a nonvolatile memory device
WO2007030213A2 (en) Method for securely exchanging public key certificates in an electronic device
WO2009057092A1 (en) Caching for structural integrity schemes
US20030103629A1 (en) Generation of secret quantities of integrated circuit indentification
WO2002041267A1 (en) Method for loading and customizing data and programmes loaded in a smart card
JP2005502140A (en) Chip card initialization
CN100395771C (en) Microcircuit card capable of modifying its performance after customization
HK1073001B (en) Microcircuit card whereof the performances can be modified after customization
US20050005077A1 (en) Method, data processing device, and loading device for loading data into a memory with complete memory occupancy
RU2251752C2 (en) Semiconductor memory board and data-reading device
US10318766B2 (en) Method for the secured recording of data, corresponding device and program
Giessmann Specification of the Security Target TCOS Identity Card Version 1.1 Release 1-PI/P60D144 Version: 1.1. 1/20141124
Chip Security Policy for DAL C3 2 Applet Suite on Axalto Cyberflex Access 64Kv1