Electrical computers and digital processing systems: support – Data processing protection using cryptography – Computer instruction/address encryption
Reexamination Certificate
1999-08-20
2004-04-20
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Computer instruction/address encryption
C713S159000, C713S193000, C380S205000, C380S216000, C380S268000
Reexamination Certificate
active
06725374
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to a method for the execution of an encryption program for the encryption of data in a microprocessor-based portable data carrier. A data carrier of this type is, for example, a chip card which is connected with a corresponding card terminal or data exchange equipment for data exchange and energy supply.
2. Description of the Related Art
Microprocessor chip cards which are able to encode data by means of an encryption program are employed in the form of, for example, bank cards or access authorization cards in mobile radio networks to the GMS standard. The encryption of data and information in this field is attributed an ever increasing importance. The requirements which are imposed on the encoding security against attacks consequently become more demanding.
Portable data carrier chip cards are generally not provided with their own energy supply, e.g. in the form of a battery or a solar cell. The energy supply of the portable data carrier is effected by the data exchange equipment which is also used for the communication. The surface of chip cards comprises electrical contact areas in order to enable communication with the data exchange equipment via corresponding contacts within same. One of these contact areas is intended for the delivery of the supply voltage and the supply current. Another contact area serves as a ground connection, one is used for the serial bi-directional data communication from and to the data exchange equipment, one provides for the supply of the clock signal, and still another contact area is intended for the receipt of a reset signal.
Portable data carriers typically comprise an integrated semiconductor module which includes a microprocessor with a read only memory (ROM), a random access memory (RAM) in which the operating system or portions of same are stored, and an electrically erasable programmable read only memory (EEPROM). The portable data carrier thus represents a microcomputer unit which, however, requires an external (external from the portable data carrier) voltage and current supply. The microprocessor provides the processing circuits for the execution of programs, in particular of encryption programs which are stored in the EEPROM and/or the ROM. Here, secret codes which are not accessible from outside are stored as well. The codes are used for the coding or encryption of data. Due to the fact that the encryption programs (algorithms) as such are mostly known, the security with respect to the coding of data is restricted to the secret codes. The encrypted data is thus a function of the encryption program depending on the uncoded data (plain text) and at least one secret code:
D
encry'ed
=S(K
code
, data);
where S is the coding program, D
encry'ed
is the encrypted data, and K
code
indicates the secret code.
An encryption program of this type which is generally known, for example, is the so-called DES algorithm. An encryption program of this type consists of several serial program levels (function blocks) which, in turn, have several subprograms, with the sequence of execution of certain subprograms having no influence on the result of the encryption. These are referred to as parallelisationable subprograms which, however, are executed sequentially in the portable data carrier. Sub-programs in this sense can be: procedures, routines and commands.
Due to the physical construction and the physical properties of the semiconductor chips which are employed in the portable data carriers, the current or power consumption of the portable data carrier is not constant during the execution of programs, but rather is subject to fluctuations over time. It has been found that the fluctuations of the supply current correlate with certain program commands and with the binary structure (number of zeros and ones) of the data to be processed. The fluctuations might even occur in synchronism with the clock which operates the portable data carrier. For an unauthorized user who is familiar with the technique, it is quite simple to record these fluctuations of the supply current which is fed from the data exchange equipment to the portable data carrier by means of a persistent storage oscillograph by means of a measuring resistor installed in the supply line, with the voltage drop across same is recorded by said oscillograph. In view of the design of encryption programs in portable data carriers, the attacker has the possibility to draw conclusions with respect to the used secret codes and/or the encrypted data via the recording of the current fluctuations during the execution of the encryption program. This is facilitated by the fact that the encryption programs including the subprograms used therein are known as such. If an attacker records the current fluctuations for a plurality of encryptions with different data each, he will be able to draw conclusions as to the used code(s) from differences in the respective current fluctuation characteristics. For this purpose, the attacker may utilize analytical means and correlation methods which are known from mathematics. If the attacker was successful in finding the secret code in this manner, the encryption security is no longer ensured because the encryption programs as such are known. In particular, in the case of symmetrical encryption programs which use one single code for encoding and decoding, the attacker would be in a position to decode encrypted data.
Such an attack on the security of portable data carriers is referred to as differential power analysis (DPA). As a solution of this problem, C
2
-Intern, Issue No. 67, dated Jul. 15, 1998, (hereby incorporated by reference) proposes to provide an additional electronic circuit in the portable data carrier which is intended to compensate the current fluctuations so that an attacker can no longer determine same and draw conclusions therefrom.
This solution is, however, very expensive because it requires the implementation of an additional electronic component. Due to the fact that the chip card market, in particular, is a mass market, the price pressure is correspondingly high so that such an expensive solution is not acceptable.
SUMMARY OF THE INVENTION
It is therefore the object of the invention to render portable data carriers of the above mentioned type more secure in an effective, simple and economical manner against an attack on the security in data encryption.
The method according to the present invention comprises the steps of: connecting a portable data carrier with a data exchange equipment for data communication; randomly permuting a serial order of execution of at least two of a plurality of parallelisationable subprograms of an encryption program; and executing the encryption program with parallelisationable subprograms in a serial order pursuant to the step of randomly permuting.
At least one random number may be generated in a random number generator of the portable data carrier to randomly permute the serial order. The random number generator may be implemented as a program in the portable data carrier. Alternatively, the random number may be transmitted from the data exchange equipment to the portable data carrier.
The step of randomly permuting may comprise randomly permuting a serial order of execution of at least two of a plurality of parallelisationable subprograms in each of a plurality of successive program sequence levels within the encryption program.
Alternatively, the step of randomly permuting may comprise randomly permuting a serial order of execution of at least two of a plurality of parallelisationable subprograms in at least one of a plurality of successive program sequence levels within said encryption program.
The serial order of a program sequence level may be permuted immediately prior to entering said program sequence level.
The step of randomly permuting may further comprise the steps of: storing the serial order of execution in a table provided in the portable data carrier; generating a first and a second random number, the first
Doppmeler Werner
Jahnich Michael
Wueppenhorst Guido
Foley & Lardner
Orga Kartensysteme GmbH
Peeso Thomas R.
LandOfFree
Method for the execution of an encryption program for the... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for the execution of an encryption program for the..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for the execution of an encryption program for the... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3223715