Registers – Records – Conductive
Reexamination Certificate
2002-08-14
2004-02-17
Lee, Michael G. (Department: 2876)
Registers
Records
Conductive
C235S380000, C235S382000, C235S375000, C235S383000, C380S046000, C380S047000, C380S030000
Reexamination Certificate
active
06691921
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to an information processing device, and more particularly to a tamper proof device such as an integrated circuit card (IC card) having a high degree of security.
2. Description of the Related Art
The IC cards are intended for holding information that must not be tampered by encrypting data with secret encryption keys and decrypting the encrypted text. An IC card has no internal power source and becomes operable only when inserted into a card reader/writer by which it is powered. When it becomes operable, the IC card receives commands from the card reader/writer and transfers data as commanded. The general descriptions of IC cards can be found in books such as IC Card, Junichi Mizusawa, The Institute of Electronics, Information and Communication Engineers, published by Ohm.
As shown in
FIG. 1
, an IC card
101
includes an IC card chip
102
. An IC card generally has a set of contacts, through which power is supplied and data communication is performed.
The structure of an IC card chip is basically the same as that of a microprocessor. As shown in
FIG. 2
, the IC card chip is organized into a central processing unit (CPU)
201
, a memory unit
204
, an I/O port
207
, and a coprocessor
202
. The central processing unit (CPU)
201
performs logic and arithmetic operations, and the memory unit
204
stores programs and data. The I/O port
207
communicates with external card reader/writers. The coprocessor
202
is specifically used for performing modulo arithmetic, such as operations required in the RSA public key cipher. There are also many IC card processors without coprocessors. A data bus
203
provides links among these components.
The memory unit includes a read-only memory (ROM), a random access memory (RAM), and an electrically erasable programmable read-only memory (EEPROM). ROM is not modifiable, and mainly stores program code. RAM is rewritable, but its contents are lost when power is off. RAM therefore cannot be used to retain data after the IC card is withdrawn from the reader/writer such that its power supply is stopped. EEPROM is rewritable, and it retains its contents even without power. EEPROM is used to store data that must sometimes be rewritten and must be retained even when the IC card is removed from the reader/writer. EEPROM is used, for example, in a prepaid card that retains data indicating the amount of use, which has to be rewritten at every use and must be retained after the card is withdrawn from the card reader/writer.
IC cards store programs and data inside an enclosed IC card chip so as to store important information and perform cryptographic processing. The degree of difficulty in deciphering cryptographic processing in IC cards has been considered to be similar to the difficulty of deciphering cryptographic algorithms. It is suggested, however, that there is a risk that information being cryptographically processed in IC cards and the cryptographic keys used for such processing may be inferred through observation and analysis of current consumption during the cryptographic processing, which is easier than deciphering cryptographic algorithms. The current consumption can be observed by measuring current that is supplied from the card reader/writer. Such risks are described in ‘8.5.1.1 Passive protective mechanisms’ p.263 of Smart Card Handbook written by W. Rankl & W. Effing, John Wiley & sons Co.
The CMOS circuits in an IC card chip consume current when their output changes from ‘1’ to ‘0’, and vice versa. The data bus
203
has a particularly large electrical capacitance such that it draws a large current when the value placed on it changes from ‘1’ to ‘0’, or vice versa. This suggests the possibility that observation of the current consumption can reveal the operations inside the IC card chip.
FIG. 3
is a graph showing current consumption waveforms over one processing cycle in an IC card chip. The waveforms vary as indicated with lines
301
and
302
depending on the data being processed. The variations are caused by differences in data carried on the data bus
203
and data being processed in the CPU
201
.
Therefore, it is possible to infer which component is operating or what kind of data is being processing from the current consumption.
As countermeasures against such risks, the prior art provides two general methods: one method keeps the values of current consumption constant; the other method changes the current consumption while performing the same processing. An example of the former method provides a positive data bus, a negative data bus and a plurality of arithmetic units, which perform dummy and real operations concurrently to keep the current consumption constant regardless of the input data and operational results (PCT WO 99/67766). This method, however, raises problems of increased hardware scale, such as a doubling of the bus width and a quadrupling of the number of arithmetic units. As an example of the latter method, a method for encrypting data transferred on the bus or stored in memory has been suggested (JP-A-5731/2001). This method imposes a programming restriction, however, because the difference in life time of a plurality of data sharing the same key information places a limitation on the timing of updating of the encryption key.
SUMMARY OF THE INVENTION
An object of the present invention is to reduce the correlation between data being processed and current consumption in an IC card microprocessor chip without adding substantial hardware scale or programming restrictions.
According to one aspect of the invention, the information processing device includes a memory unit; an arithmetic unit; first encryption means for encrypting data written into/read from the memory unit or data input into/output from the arithmetic unit with a first cryptographic algorithm into first data including first key data and first encrypted data; and transfer means for transferring the first data into/from the memory unit or the arithmetic unit such that only encrypted data is transferred thereby.
According to another aspect of the invention, the information processing device includes an arithmetic unit; first encryption means for encrypting data to be input into the arithmetic unit into first data including first key data and first encrypted data; at least one decoder for decrypting the first data; at least one encoder for encrypting output of the arithmetic unit into second data including second key data and second encrypted data; transfer means for transferring data into/from the arithmetic unit such that only encrypted data is transferred thereby. The decoder and the encoder are disposed close to the arithmetic unit so as to reduce current consumption therebetween.
According to a third aspect of the invention, the information processing device includes a memory unit; an arithmetic unit; first encryption means for encrypting data written into/read from the memory unit or data input into/output from the arithmetic unit with a first cryptographic algorithm into first data including first key data and first encrypted data; and second encryption means for encrypting the first data with a second cryptographic algorithm into second data including second key data and second encrypted data to be stored in at least one of ROM/EEPROM and RAM of the memory unit.
REFERENCES:
patent: 4278837 (1981-07-01), Best
patent: 4630201 (1986-12-01), White
patent: 4764959 (1988-08-01), Watanabe et al.
patent: 4827113 (1989-05-01), Rikuna
patent: 4956863 (1990-09-01), Goss
patent: 5323323 (1994-06-01), Gilham
patent: 5764772 (1998-06-01), Kaufman et al.
patent: 5889622 (1999-03-01), Wille et al.
patent: 6182104 (2001-01-01), Foster et al.
patent: 6233339 (2001-05-01), Kawano et al.
patent: 6363210 (2002-03-01), Owashi et al.
patent: 6408075 (2002-06-01), Ohki et al.
patent: 6414558 (2002-07-01), Ryan et al.
patent: 6419159 (2002-07-01), Odinak
patent: 2001-005731 (1999-06-01), None
patent: WO 99/67766 (1999-06-01), None
Endo Takashi
Kaminaga Masahiro
Nakada Kunihiko
Tsukamoto Takashi
Watanabe Takashi
A. Marquez, Esq. Juan Carlos
Fisher Esq. Stanley P.
Hitachi , Ltd.
Lee Michael G.
Nguyen Kimberly
LandOfFree
Information processing device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Information processing device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Information processing device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3289275