WO2005006156A2 - Integrated circuit comprising an ordinary module and a secured module that are connected via a protected line - Google Patents

Integrated circuit comprising an ordinary module and a secured module that are connected via a protected line Download PDF

Info

Publication number
WO2005006156A2
WO2005006156A2 PCT/FR2004/001775 FR2004001775W WO2005006156A2 WO 2005006156 A2 WO2005006156 A2 WO 2005006156A2 FR 2004001775 W FR2004001775 W FR 2004001775W WO 2005006156 A2 WO2005006156 A2 WO 2005006156A2
Authority
WO
WIPO (PCT)
Prior art keywords
module
ordinary
secure
bus
sec
Prior art date
Application number
PCT/FR2004/001775
Other languages
French (fr)
Other versions
WO2005006156A3 (en
Inventor
Arnaud Dehamel
Bruno Bernard
Frank Lhermet
Original Assignee
Innova Card
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Innova Card filed Critical Innova Card
Publication of WO2005006156A2 publication Critical patent/WO2005006156A2/en
Publication of WO2005006156A3 publication Critical patent/WO2005006156A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Definitions

  • the present invention relates to an integrated circuit comprising an ordinary module and a secure module connected by a protected link.
  • the field of the invention is that of secure electronic components, in particular that of integrated circuits used to carry out confidential transactions.
  • Such a circuit often comprises two modules, an ordinary module and a secure module.
  • Each module comprises at least one master element and at least one slave element, the various elements of a module being connected by a bus.
  • a master element sends requests to a slave element. Such a request is for example a write or read access.
  • the slave element does not have the ability to issue requests. It can only satisfy a request received either by itself or by transmitting it to another master element.
  • the information travels in clear on a bus which will therefore usually be described.
  • the information which passes through the secure module is protected: it is scrambled on transmission and unscrambled on reception on a bus that will be called secure.
  • the scrambling operation consists in concealing the information conveyed by the secure bus, whether it be addresses or data. This concealment is carried out by any known encryption technique such as substitution, transposition or more commonly encryption using a public key or private key algorithm. In the latter case, the scrambling can be dynamic, which means that the key shared by the different elements of the module is regularly modified.
  • the secure module is not autonomous. To operate, it must exchange information with the ordinary module, so that the ordinary bus and the secure bus are directly connected.
  • this integrated circuit whose protection of the secure module is reinforced during the exchange of information between this module and the ordinary module.
  • this integrated circuit comprises an ordinary module and a secure module connected by an interconnection link, this secure module comprising at least one master element and at least one slave element connected by a secure bus; moreover, this interconnection link incorporates a protection module connected on the one hand to the ordinary module and on the other hand to the secure bus.
  • the protection module isolates the secure module from the ordinary module.
  • the elements of the secure module are each provided with a scrambling member for scrambling respectively descrambling the information transmitted respectively received on the secure bus.
  • the ordinary module comprising at least one master element and one slave element connected by an ordinary bus
  • the protection module comprises in a first branch a first slave element connected to the ordinary bus and to a first master element itself also connected to the secure bus, this first branch also being provided with a jamming member.
  • the requests transmitted to the secure module by the ordinary module circulate in clear on the ordinary bus and are scrambled on the secure bus.
  • the protection module includes a filtering member in the first branch.
  • the protection module comprises in a second branch a jamming member.
  • the protection module further comprises in this second branch a second slave element connected to the secure bus and to a second master element itself connected to the ordinary bus.
  • the clock frequencies of the ordinary module and of the secure module are different.
  • the integrated circuit according to the invention comprises an ordinary module ORD, a secure module SEC and a protection module PROT for interconnecting the two preceding modules.
  • the ordinary module ORD comprises a master element MO1, a first SO1, a second SO2, a third SO3 and a fourth SO4 slave elements.
  • An ordinary OBUS bus connects these five elements and the protection module PROT.
  • the secure module SEC comprises a first MS1 and a second MS2 master elements respectively provided with a first BM1 and a second BM2 jamming members. It also includes a first SS1, a second SS2 and a third SS3 slave elements respectively provided with a third BS1, a fourth BS2 and a fifth BS3 jamming members.
  • An SBUS secure bus connects these five elements and the PROT protection module.
  • These scrambling members are each provided to scramble respectively descramble the information transmitted respectively received on the secure bus SBUS by the element to which it belongs. Naturally, they all apply the same scrambling operation.
  • a first embodiment of the protection module PROT is now exposed.
  • This module comprises, in a first branch, a first master element MS3 connected via a first scrambling member BM3 to the secure bus SBUS and a first slave element SO5 connected to the ordinary bus OBUS.
  • the first master element MS3 and the first slave element SO5 can be directly connected but, preferably, a filtering member FL is interposed between them.
  • the protection module comprises, in a second branch, a second master element MO2 connected on the one hand to the ordinary bus OBUS and on the other hand to a second slave element SS4 which is itself connected to the secure bus SBUS via a second jamming member BS4.
  • the second master element MS2 of the secure module SEC requires the reading of data at the third slave element SO3 of the ordinary module ORD, it begins by scrambling the corresponding request by means of the second scrambling member BM2 of the secure module SEC.
  • This scrambled request is sent to the second slave element SS4 of the protection module PROT to be descrambled by means of the second scrambling member BS4 of this same module and transmitted to the second master element MO2 always of the same module.
  • This second master element routes the request to the third slave element SO3 of the ordinary module ORD which executes it to return the required data in plain text.
  • the second master element MO2 of the protection module PROT transmits this data to the second slave element SS4 of this same module which scrambles it by means of the second scrambling member BS4 before injecting it on the secure bus SBUS, intended for the second master element MS2 of the SEC secure module.
  • the master element MO1 of the ordinary module ORD requires the writing of a data item in the second slave element SS2 of the secure module SEC, it begins by addressing the corresponding request to the first slave element SO5 of the protection module PROT. If there is no filtering unit, this request is transmitted directly to the first master element MS3 of this same module. However, it is preferable to have a filtering device between these last two elements SO5, MS3, which device performs various checks such as:
  • the filtering unit then routes the request to the first master element MS3 of the protection module PROT which scrambles this request by means of the first scrambling member BM3 of this same module before injecting it on the secure bus SBUS intended for the second element SS2 slave of the SEC secure module.
  • the latter is then able to proceed with the required writing.
  • the protection of the SEC secure module can be further improved by adopting two different clock frequencies for this SEC module and for the ordinary ORD module. With reference to FIG. 3, a second embodiment of the protection module is exposed which applies when the ordinary module ORD and the secure module SEC have the same clock frequency.
  • this module comprises, in a first branch, a first master element MS3 connected via a first scrambling member BM3 to the secure bus SBUS and a first slave element SO5 connected to the ordinary bus SHELL.
  • the first master element S3 and the first slave element SO5 can be connected directly but, preferably, a filtering member FL is interposed between them.
  • This module now comprises in a second branch only a second jamming member BS4 connected to the ordinary bus OBUS and to the secure bus SBUS.
  • the master elements MS1, MS2 of the secure module SEC can directly access the slave elements SO1, SO2, SO3, SO4 of the ordinary module ORD without passing through a slave element and an intermediate master element.

Abstract

The invention relates to an integrated circuit comprising an ordinary module ORD and a secured module SEC that are connected via an interconnection link, said secured module SEC comprising at least one master element MS1, MS2 and at least one slave element SS1, SS2, SS3 that are connected via a secured bus SBUS. In addition, this interconnection link incorporates a protection module PROT that is connected to an ordinary module ORD and to the secured bus SBUS.

Description

Circuit intégré comportant un module ordinaire et un module sécurisé raccordés par une liaison protégée La présente invention concerne un circuit intégré comportant un module ordinaire et un module sécurisé raccordés par une liaison protégée. Le domaine de l'invention est celui des composants électroniques sécurisés, notamment celui des circuits intégrés utilisés pour réaliser des transactions confidentielles. Un tel circuit comporte souvent deux modules, un module ordinaire et un module sécurisé. Chaque module comprend au moins un élément maître et au moins un élément esclave, les différents éléments d'un module étant reliés par un bus. Dans le langage courant de l'homme du métier, un élément maître émet des requêtes à destination d'un élément esclave. Une telle requête est par exemple un accès en écriture ou en lecture. L'élément esclave, quant à lui, n'a pas la possibilité d'émettre des requêtes. Il peut seulement satisfaire à une requête reçue soit de lui-même soit en la transmettant à un autre élément maître. Dans le module ordinaire, les informations transitent en clair sur un bus que l'on qualifiera donc d'ordinaire. Par contre, les informations qui transitent dans le module sécurisé sont protégées : elles sont brouillées à l'émission et débrouillées à la réception sur un bus que l'on qualifiera de sécurisé. L'opération de brouillage consiste à dissimuler les informations véhiculées par le bus sécurisé, qu'il s'agisse d'adresses ou de données. Cette dissimulation est réalisée par une quelconque technique de chiffrement connue telle que substitution, transposition ou plus couramment cryptage à l'aide d'un algorithme à clé publique ou à clé privée. Dans ce dernier cas, le brouillage peut être dynamique, ce qui signifie que la clé partagée par les différents éléments du module est régulièrement modifiée. Le module sécurisé n'est pas autonome. Pour fonctionner, il lui faut échanger des informations avec le module ordinaire, si bien que le bus ordinaire et le bus sécurisé sont reliés directement. Ces informations échangées entre les deux modules circulent en clair sur le bus sécurisé car, par hypothèse, le module ordinaire n'est pas apte à désembrouiller des informations préalablement brouillées dans le module sécurisé. On comprend bien qu'il s'agit là d'une dégradation du niveau de protection prévu pour le module sécurisé. La présente invention a ainsi pour objet un circuit intégré dont la protection du module sécurisé est renforcée lors d'échange d'informations entré ce module et le module ordinaire. Selon l'invention, ce circuit intégré comporte un module ordinaire et un module sécurisé raccordés par une liaison d'interconnexion, ce module sécurisé comprenant au moins un élément maître et au moins un élément esclave reliés par un bus sécurisé ; de plus, cette liaison d'interconnexion incorpore un module de protection raccordé d'une part au module ordinaire et d'autre part au bus sécurisé. Ainsi, le module de protection isole le module sécurisé du module ordinaire. De plus, les éléments du module sécurisé sont chacun pourvus d'un organe de brouillage pour brouiller respectivement désembrouiller les informations émises respectivement reçues sur le bus sécurisé. Avantageusement, le module ordinaire comprenant au moins un élément maître et un élément esclave reliés par un bus ordinaire, le module de protection comporte dans une première branche un premier élément esclave raccordé au bus ordinaire et à un premier élément maître lui-même par ailleurs raccordé au bus sécurisé, cette première branche étant également pourvue d'un organe de brouillage. Les requêtes transmises au module sécurisé par le module ordinaire circulent en clair sur le bus ordinaire et sont brouillées sur le bus sécurisé. En outre, le module de protection comporte un organe de filtrage dans la première branche. De préférence, le module de protection comporte dans une deuxième branche un organe de brouillage. Les requêtes transmises au module ordinaire par le module sécurisé circulent en clair sur le bus ordinaire et sont brouillées sur le bus sécurisé. De même, le module de protection comporte de plus dans cette deuxième branche un deuxième élément esclave raccordé au bus sécurisé et à un deuxième élément maître lui-même raccordé au bus ordinaire. Selon un mode de réalisation privilégié, les fréquences d'horloge du module ordinaire et du module sécurisé sont différentes. La présente invention apparaîtra maintenant avec plus de détails dans le cadre de la description qui suit d'exemples de réalisation donnés à titre illustratif en se référant aux figures annexées qui représentent : - la figure 1 , un circuit intégré comportant un module ordinaire et un module sécurisé, - la figure 2, un premier mode de réalisation d'un module de protection, et - la figure 3, un deuxième mode de réalisation d'un module de protection. Les sous-ensembles présents dans plusieurs figures sont affectés d'une seule et même référence. En référence à la figure 1 , le circuit intégré selon l'invention comporte un module ordinaire ORD, un module sécurisé SEC et un module de protection PROT pour interconnecter les deux modules précédents. Le module ordinaire ORD comprend un élément maître MO1 , un premier SO1 , un deuxième SO2, un troisième SO3 et un quatrième SO4 éléments esclaves. Un bus ordinaire OBUS relie entre eux ces cinq éléments et le module de protection PROT. Le module sécurisé SEC comprend un premier MS1 et un second MS2 éléments maîtres respectivement pourvus d'un premier BM1 et d'un second BM2 organes de brouillage. Il comprend aussi un premier SS1 , un second SS2 et un troisième SS3 éléments esclaves respectivement pourvus d'un troisième BS1 , d'un quatrième BS2 et d'un cinquième BS3 organes de brouillage. Un bus sécurisé SBUS relie entre eux ces cinq éléments et le module de protection PROT. Ces organes de brouillage sont prévus chacun pour brouiller respectivement désembrouiller les informations émises respectivement reçues sur le bus sécurisé SBUS par l'élément auquel il appartient. Naturellement, ils appliquent tous la même opération de brouillage. En référence à la figure 2, un premier mode de réalisation du module de protection PROT est maintenant exposé. Ce module comprend, dans une première branche, un premier élément maître MS3 raccordé par l'intermédiaire d'un premier organe de brouillage BM3 au bus sécurisé SBUS et un premier élément esclave SO5 raccordé au bus ordinaire OBUS. Le premier élément maître MS3 et le premier élément esclave SO5 peuvent être reliés directement mais, de préférence, un organe de filtrage FL est interposé entre eux. Le module de protection comprend, dans une deuxième branche, un deuxième élément maître MO2 raccordé d'une part au bus ordinaire OBUS et d'autre part à un deuxième élément esclave SS4 qui est lui-même raccordé au bus sécurisé SBUS par l'intermédiaire d'un deuxième organe de brouillage BS4. Pratiquement, lorsque le second élément maître MS2 du module sécurisé SEC requiert la lecture d'une donnée au troisième élément esclave SO3 du module ordinaire ORD, il commence par brouiller la requête correspondante au moyen du second organe de brouillage BM2 du module sécurisé SEC. Cette requête brouillée est adressée au deuxième élément esclave SS4 du module de protection PROT pour être désembrouillée au moyen du deuxième organe de brouillage BS4 de ce même module et transmise au deuxième élément maître MO2 toujours du même module. Ce deuxième élément maître achemine la requête au troisième élément esclave SO3 du module ordinaire ORD qui l'exécute pour lui retourner la donnée requise en clair. Le deuxième élément maître MO2 du module de protection PROT transmet cette donnée au deuxième élément esclave SS4 de ce même module qui la brouille au moyen du deuxième organe de brouillage BS4 avant de l'injecter sur le bus sécurisé SBUS, à destination du second élément maître MS2 du module sécurisé SEC. De même, lorsque l'élément maître MO1 du module ordinaire ORD requiert l'écriture d'une donnée dans le deuxième élément esclave SS2 du module sécurisé SEC, il commence par adresser la requête correspondante au premier élément esclave SO5 du module de protection PROT. S'il n'y a pas d'organe de filtrage, cette requête est transmise directement au premier élément maître MS3 de ce même module. Il est toutefois préférable de disposer un organe de filtrage entre ces deux derniers éléments SO5, MS3, organe qui procède à différents contrôles tels que :The present invention relates to an integrated circuit comprising an ordinary module and a secure module connected by a protected link. The field of the invention is that of secure electronic components, in particular that of integrated circuits used to carry out confidential transactions. Such a circuit often comprises two modules, an ordinary module and a secure module. Each module comprises at least one master element and at least one slave element, the various elements of a module being connected by a bus. In common parlance of those skilled in the art, a master element sends requests to a slave element. Such a request is for example a write or read access. The slave element, meanwhile, does not have the ability to issue requests. It can only satisfy a request received either by itself or by transmitting it to another master element. In the ordinary module, the information travels in clear on a bus which will therefore usually be described. On the other hand, the information which passes through the secure module is protected: it is scrambled on transmission and unscrambled on reception on a bus that will be called secure. The scrambling operation consists in concealing the information conveyed by the secure bus, whether it be addresses or data. This concealment is carried out by any known encryption technique such as substitution, transposition or more commonly encryption using a public key or private key algorithm. In the latter case, the scrambling can be dynamic, which means that the key shared by the different elements of the module is regularly modified. The secure module is not autonomous. To operate, it must exchange information with the ordinary module, so that the ordinary bus and the secure bus are directly connected. This information exchanged between the two modules circulates in clear on the secure bus because, by assumption, the ordinary module is not able to descramble information previously scrambled in the secure module. It is clear that this is a degradation of the level of protection provided for the secure module. The present invention thus relates to an integrated circuit whose protection of the secure module is reinforced during the exchange of information between this module and the ordinary module. According to the invention, this integrated circuit comprises an ordinary module and a secure module connected by an interconnection link, this secure module comprising at least one master element and at least one slave element connected by a secure bus; moreover, this interconnection link incorporates a protection module connected on the one hand to the ordinary module and on the other hand to the secure bus. Thus, the protection module isolates the secure module from the ordinary module. In addition, the elements of the secure module are each provided with a scrambling member for scrambling respectively descrambling the information transmitted respectively received on the secure bus. Advantageously, the ordinary module comprising at least one master element and one slave element connected by an ordinary bus, the protection module comprises in a first branch a first slave element connected to the ordinary bus and to a first master element itself also connected to the secure bus, this first branch also being provided with a jamming member. The requests transmitted to the secure module by the ordinary module circulate in clear on the ordinary bus and are scrambled on the secure bus. In addition, the protection module includes a filtering member in the first branch. Preferably, the protection module comprises in a second branch a jamming member. The requests transmitted to the ordinary module by the secure module circulate in clear on the ordinary bus and are scrambled on the secure bus. Likewise, the protection module further comprises in this second branch a second slave element connected to the secure bus and to a second master element itself connected to the ordinary bus. According to a preferred embodiment, the clock frequencies of the ordinary module and of the secure module are different. The present invention will now appear in more detail in the context of the following description of exemplary embodiments given by way of illustration with reference to the appended figures which represent: - Figure 1, an integrated circuit comprising an ordinary module and a secure module, - Figure 2, a first embodiment of a protection module, and - Figure 3, a second embodiment of a protection module protection. The subsets present in several figures are assigned a single reference. With reference to FIG. 1, the integrated circuit according to the invention comprises an ordinary module ORD, a secure module SEC and a protection module PROT for interconnecting the two preceding modules. The ordinary module ORD comprises a master element MO1, a first SO1, a second SO2, a third SO3 and a fourth SO4 slave elements. An ordinary OBUS bus connects these five elements and the protection module PROT. The secure module SEC comprises a first MS1 and a second MS2 master elements respectively provided with a first BM1 and a second BM2 jamming members. It also includes a first SS1, a second SS2 and a third SS3 slave elements respectively provided with a third BS1, a fourth BS2 and a fifth BS3 jamming members. An SBUS secure bus connects these five elements and the PROT protection module. These scrambling members are each provided to scramble respectively descramble the information transmitted respectively received on the secure bus SBUS by the element to which it belongs. Naturally, they all apply the same scrambling operation. With reference to FIG. 2, a first embodiment of the protection module PROT is now exposed. This module comprises, in a first branch, a first master element MS3 connected via a first scrambling member BM3 to the secure bus SBUS and a first slave element SO5 connected to the ordinary bus OBUS. The first master element MS3 and the first slave element SO5 can be directly connected but, preferably, a filtering member FL is interposed between them. The protection module comprises, in a second branch, a second master element MO2 connected on the one hand to the ordinary bus OBUS and on the other hand to a second slave element SS4 which is itself connected to the secure bus SBUS via a second jamming member BS4. In practice, when the second master element MS2 of the secure module SEC requires the reading of data at the third slave element SO3 of the ordinary module ORD, it begins by scrambling the corresponding request by means of the second scrambling member BM2 of the secure module SEC. This scrambled request is sent to the second slave element SS4 of the protection module PROT to be descrambled by means of the second scrambling member BS4 of this same module and transmitted to the second master element MO2 always of the same module. This second master element routes the request to the third slave element SO3 of the ordinary module ORD which executes it to return the required data in plain text. The second master element MO2 of the protection module PROT transmits this data to the second slave element SS4 of this same module which scrambles it by means of the second scrambling member BS4 before injecting it on the secure bus SBUS, intended for the second master element MS2 of the SEC secure module. Similarly, when the master element MO1 of the ordinary module ORD requires the writing of a data item in the second slave element SS2 of the secure module SEC, it begins by addressing the corresponding request to the first slave element SO5 of the protection module PROT. If there is no filtering unit, this request is transmitted directly to the first master element MS3 of this same module. However, it is preferable to have a filtering device between these last two elements SO5, MS3, which device performs various checks such as:
- autorisation pour l'élément maître MO1 du module ordinaire ORD, l'émetteur de la requête, d'écrire dans le deuxième élément esclave SS2 du module sécurisé SEC, l'élément visé par cette requête, ou,authorization for the master element MO1 of the ordinary module ORD, the sender of the request, to write in the second slave element SS2 of the secure module SEC, the element targeted by this request, or,
- autorisation de modifier des données dans la zone accédée. L'organe de filtrage achemine ensuite la requête au premier élément maître MS3 du module de protection PROT qui brouille cette requête au moyen du premier organe de brouillage BM3 de ce même module avant de l'injecter sur le bus sécurisé SBUS à destination du deuxième élément esclave SS2 du module sécurisé SEC. Ce dernier est alors en mesure de procéder à l'écriture requise. On peut encore améliorer la protection du module sécurisé SEC en adoptant deux fréquences d'horloge différentes pour ce module SEC et pour le module ordinaire ORD. En référence à la figure 3, un deuxième mode de réalisation du module de protection est exposé qui s'applique lorsque le module ordinaire ORD et le module sécurisé SEC ont la même fréquence d'horloge. Tout comme dans le mode de réalisation précédent, ce module comprend, dans une première branche, un premier élément maître MS3 raccordé par l'intermédiaire d'un premier organe de brouillage BM3 au bus sécurisé SBUS et un premier élément esclave SO5 raccordé au bus ordinaire OBUS. Le premier élément maître S3 et le premier élément esclave SO5 peuvent être reliés directement mais, de préférence, un organe de filtrage FL est interposé entre eux. Ce module comprend maintenant dans une deuxième branche uniquement un deuxième organe de brouillage BS4 raccordé au bus ordinaire OBUS et au bus sécurisé SBUS. Ici, les éléments maître MS1 , MS2 du module sécurisé SEC peuvent accéder directement aux éléments esclaves SO1, SO2, SO3, SO4 du module ordinaire ORD sans passer par un élément esclave et un élément maître intermédiaires. Les exemples de réalisation de l'invention présentés ci-dessus ont été choisis pour leur caractère concret. Il ne serait cependant pas possible de répertorier de manière exhaustive tous les modes de réalisation que recouvre cette invention. En particulier, toute étape ou tout moyen décrit peut-être remplacé par une étape ou un moyen équivalent sans sortir du cadre de la présente invention. - authorization to modify data in the accessed area. The filtering unit then routes the request to the first master element MS3 of the protection module PROT which scrambles this request by means of the first scrambling member BM3 of this same module before injecting it on the secure bus SBUS intended for the second element SS2 slave of the SEC secure module. The latter is then able to proceed with the required writing. The protection of the SEC secure module can be further improved by adopting two different clock frequencies for this SEC module and for the ordinary ORD module. With reference to FIG. 3, a second embodiment of the protection module is exposed which applies when the ordinary module ORD and the secure module SEC have the same clock frequency. As in the previous embodiment, this module comprises, in a first branch, a first master element MS3 connected via a first scrambling member BM3 to the secure bus SBUS and a first slave element SO5 connected to the ordinary bus SHELL. The first master element S3 and the first slave element SO5 can be connected directly but, preferably, a filtering member FL is interposed between them. This module now comprises in a second branch only a second jamming member BS4 connected to the ordinary bus OBUS and to the secure bus SBUS. Here, the master elements MS1, MS2 of the secure module SEC can directly access the slave elements SO1, SO2, SO3, SO4 of the ordinary module ORD without passing through a slave element and an intermediate master element. The embodiments of the invention presented above have been chosen for their specific nature. However, it would not be possible to exhaustively list all the embodiments covered by this invention. In particular, any step or any means described may be replaced by a step or equivalent means without departing from the scope of the present invention.

Claims

REVENDICATIONS
1) Circuit intégré comportant un module ordinaire ORD et un module sécurisé SEC raccordés par une liaison d'interconnexion, ce module sécurisé SEC comprenant au moins un élément maître MS1 , MS2 et au moins un élément esclave SS1, SS2, SS3 reliés par un bus sécurisé SBUS, caractérisé en ce que ladite liaison d'interconnexion incorpore un module de protection PROT raccordé d'une part audit module ordinaire ORD et d'autre part audit bus sécurisé SBUS.1) Integrated circuit comprising an ordinary ORD module and a secure SEC module connected by an interconnection link, this secure SEC module comprising at least one master element MS1, MS2 and at least one slave element SS1, SS2, SS3 connected by a bus secure SBUS, characterized in that said interconnection link incorporates a protection module PROT connected on the one hand to said ordinary module ORD and on the other hand to said secure bus SBUS.
2) Circuit selon la revendication 1 , caractérisé en ce que les éléments MS1 , MS2, SS1, SS2, SS3 dudit module sécurisé SEC sont chacun pourvus d'un organe de brouillage BM1 , BM2, BS1 , BS2, BS3 pour brouiller respectivement désembrouiller les informations émises respectivement reçues sur ledit bus sécurisé SBUS.2) Circuit according to claim 1, characterized in that the elements MS1, MS2, SS1, SS2, SS3 of said secure module SEC are each provided with a jamming member BM1, BM2, BS1, BS2, BS3 to jam respectively descramble the information transmitted respectively received on said secure bus SBUS.
3) Circuit selon la revendication 2 caractérisé en ce que, ledit module ordinaire ORD comprenant au moins un élément maître MO1 et un élément esclave SO1 , SO2, SO3, SO4 reliés par un bus ordinaire OBUS, ledit module de protection PROT comporte dans une première branche un premier élément esclave SO5 raccordé audit bus ordinaire OBUS et à un premier élément maître MS3 lui-même par ailleurs raccordé audit bus sécurisé SBUS, cette première branche étant également pourvue d'un organe de brouillage BM3.3) Circuit according to claim 2 characterized in that said ordinary module ORD comprising at least one master element MO1 and a slave element SO1, SO2, SO3, SO4 connected by an ordinary bus OBUS, said protection module PROT comprises in a first connects a first slave element SO5 connected to said ordinary bus OBUS and to a first master element MS3 itself also connected to said secure bus SBUS, this first branch also being provided with a jamming member BM3.
4) Circuit selon la revendication 3, caractérisé en ce que, ledit module de protection PROT comporte de plus un organe de filtrage FL dans ladite première branche.4) Circuit according to claim 3, characterized in that, said protection module PROT further comprises a filtering member FL in said first branch.
5) Circuit selon l'une quelconque des revendications 2 à 4, caractérisé en ce que ledit module de protection PROT comporte dans une deuxième branche un organe de brouillage BS4.5) Circuit according to any one of claims 2 to 4, characterized in that said protection module PROT comprises in a second branch a jamming member BS4.
6) Circuit selon la revendication 5 caractérisé en ce que, ledit module de protection PROT comporte de plus dans cette deuxième branche un deuxième élément esclave SS4 raccordé audit bus sécurisé SBUS et à un deuxième élément maître MO2 lui-même par ailleurs raccordé audit bus ordinaire OBUS.6) Circuit according to claim 5 characterized in that, said protection module PROT further comprises in this second branch a second slave element SS4 connected to said secure bus SBUS and to a second master element MO2 itself also connected to said ordinary bus OBUS.
7) Circuit selon l'une quelconque des revendications 3, 4 ou 6, caractérisé en ce que les fréquences d'horloge dudit module ordinaire ORD et dudit module sécurisé SEC sont différentes. 7) Circuit according to any one of claims 3, 4 or 6, characterized in that the clock frequencies of said ordinary module ORD and of said secure module SEC are different.
PCT/FR2004/001775 2003-07-09 2004-07-08 Integrated circuit comprising an ordinary module and a secured module that are connected via a protected line WO2005006156A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR03/08371 2003-07-09
FR0308371A FR2857534B1 (en) 2003-07-09 2003-07-09 INTEGRATED CIRCUIT COMPRISING A REGULAR MODULE AND A SECURED MODULE CONNECTED BY A PROTECTED LINK

Publications (2)

Publication Number Publication Date
WO2005006156A2 true WO2005006156A2 (en) 2005-01-20
WO2005006156A3 WO2005006156A3 (en) 2005-06-30

Family

ID=33522879

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2004/001775 WO2005006156A2 (en) 2003-07-09 2004-07-08 Integrated circuit comprising an ordinary module and a secured module that are connected via a protected line

Country Status (2)

Country Link
FR (1) FR2857534B1 (en)
WO (1) WO2005006156A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009540410A (en) * 2006-06-08 2009-11-19 トムソン ライセンシング Electronic board with security function and method for ensuring security of electronic board
CN104317752A (en) * 2014-11-21 2015-01-28 中国人民解放军国防科学技术大学 Condition type triggering high-speed synchronous collecting and recording system with expandable channels

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5828753A (en) * 1996-10-25 1998-10-27 Intel Corporation Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package
US5933854A (en) * 1995-05-31 1999-08-03 Mitsubishi Denki Kabushiki Kaisha Data security system for transmitting and receiving data between a memory card and a computer using a public key cryptosystem
EP1030237A1 (en) * 1999-02-15 2000-08-23 Hewlett-Packard Company Trusted hardware device in a computer
US20020169968A1 (en) * 1999-12-02 2002-11-14 Berndt Gammel Microprocessor configuration with encryption
US20030005313A1 (en) * 2000-01-18 2003-01-02 Berndt Gammel Microprocessor configuration with encryption
US6523118B1 (en) * 1998-06-29 2003-02-18 Koninklijke Philips Electronics N.V. Secure cache for instruction and data protection
US20030048900A1 (en) * 2001-08-30 2003-03-13 Samsung Electronics Co., Ltd. Semiconductor integrated circuit having encrypter/decrypter function for protecting input/output data transmitted on internal bus

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5933854A (en) * 1995-05-31 1999-08-03 Mitsubishi Denki Kabushiki Kaisha Data security system for transmitting and receiving data between a memory card and a computer using a public key cryptosystem
US5828753A (en) * 1996-10-25 1998-10-27 Intel Corporation Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package
US6523118B1 (en) * 1998-06-29 2003-02-18 Koninklijke Philips Electronics N.V. Secure cache for instruction and data protection
EP1030237A1 (en) * 1999-02-15 2000-08-23 Hewlett-Packard Company Trusted hardware device in a computer
US20020169968A1 (en) * 1999-12-02 2002-11-14 Berndt Gammel Microprocessor configuration with encryption
US20030005313A1 (en) * 2000-01-18 2003-01-02 Berndt Gammel Microprocessor configuration with encryption
US20030048900A1 (en) * 2001-08-30 2003-03-13 Samsung Electronics Co., Ltd. Semiconductor integrated circuit having encrypter/decrypter function for protecting input/output data transmitted on internal bus

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009540410A (en) * 2006-06-08 2009-11-19 トムソン ライセンシング Electronic board with security function and method for ensuring security of electronic board
CN104317752A (en) * 2014-11-21 2015-01-28 中国人民解放军国防科学技术大学 Condition type triggering high-speed synchronous collecting and recording system with expandable channels
CN104317752B (en) * 2014-11-21 2015-08-12 中国人民解放军国防科学技术大学 The extendible conditional of a kind of passage triggers high speed synchronous sample register system

Also Published As

Publication number Publication date
FR2857534B1 (en) 2005-10-28
WO2005006156A3 (en) 2005-06-30
FR2857534A1 (en) 2005-01-14

Similar Documents

Publication Publication Date Title
EP0035448B1 (en) Method and system for transmitting confidential information
CN100440236C (en) Method and system for providing drm license
CN1890618B (en) Connection linked rights protection
FR2750554A1 (en) CONDITIONAL ACCESS SYSTEM AND CHIP CARD PROVIDING SUCH ACCESS
OA12034A (en) Mechanism of pairing between a receiver and a security module.
EP1261969A1 (en) Device for reading, recording and restoring digital data in a copy-protection system for said data
KR970019580A (en) Accounting device, information receiving device and communication system
FR2751817A1 (en) CONDITIONAL ACCESS SYSTEM USING MESSAGES WITH MULTIPLE ENCRYPTION KEYS
KR960700482A (en) Protected Distribution Protocol for Keying and Certificate Meterial
US20060155983A1 (en) Method of local data distribution preserving rights of a remote party
FR2829266A1 (en) Smart card has encryption-decryption circuits for protection of data transmitted between its processor and on-board memory, by encryption of all data that is to be passed over the chip internal bus
EP1368716A2 (en) Anti-cloning method
FR2837046A1 (en) PROTOCOL FOR REGISTRATION, INVALIDATION AND / OR DELETION OF RIGHTS OF ACCESS TO CONFUSED INFORMATION AND CORRESPONDING ACCESS CONTROL MODULE
EP0656576A1 (en) Apparatus for securing computer systems, particularly the one used in PCs
WO2005006156A2 (en) Integrated circuit comprising an ordinary module and a secured module that are connected via a protected line
EP1100056B1 (en) Online payment transaction method using a prepaid card, and associated card
EP0906709A1 (en) Mobile radiotelephony terminal with controlled utilisation
EP1419640B1 (en) Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
FR2831008A1 (en) SYSTEM FOR PROVIDING INFORMATION ON A PUBLIC TRANSPORT NETWORK VIA THE INTERNET
CA1243738A (en) Method and system for enciphering and deciphering information between a transmitting device and a receiving device
FR2764454A1 (en) CONDITIONAL ACCESS SYSTEM WITH PROGRAMMABLE ACCESS MODE
CN101036097B (en) Method for computer-controlled rights management for systems comprising at least two different data processing units
WO2005069622A1 (en) Method for updating rights of access to conditional access data
EP1502382B8 (en) Network access control method
EP1752936A1 (en) Method of downloading ticketing keys

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION PURSUANT TO RULE 69 EPC (EPO FORM 1205A OF 030506)

122 Ep: pct application non-entry in european phase