公开(公告)号：WO2017032495A1

公开(公告)日：2017-03-02

申请号：PCT/EP2016/065852

申请日：2016-07-05

Applicant: GEMALTO SA ,  ISSM

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  COULON, Jean Roch ,  TEISSIER, Sylvere

IPC: H04L9/00 ,  G09C1/00

CPC classification number: H04L9/002 ,  G06F21/602 ,  G06F2221/2107 ,  G09C1/00 ,  H04L2209/12

Abstract: The present invention relates to a device (D) having a central processing unit (CPU), RAM memory (RAM) and at least two hardware elementary operations (HWi), using registers of greater size than the one of the central processing unit, said device (D) being such that construction of at least one part of RAM memory (RAM) is managed only by the hardware elementary operations (HWi), hardware elementary operations (HWi) themselves and masking of inputs/outputs/intermediary data are monitored by software instructions (SW), said software instructions (SW) being able to address different cryptographic functionalities using said hardware elementary operations (HWi) according to several ways depending on each concerned functionality, said software instructions (SW) being further able to address several levels of security in the execution of the different functionalities.

Abstract translation: 本发明涉及具有中央处理单元（CPU），RAM存储器（RAM）和至少两个硬件基本操作（HWi）的设备（D），使用比中央处理单元之一更大尺寸的寄存器 设备（D）使得至少一部分RAM存储器（RAM）的构造仅由硬件基本操作（HWi）来管理，硬件基本操作（HWi）本身和输入/输出/中间数据的屏蔽由 软件指令（SW），所述软件指令（SW）能够根据取决于每个相关功能的多种方式使用所述硬件基本操作（HWi）来解决不同的加密功能，所述软件指令（SW）还能够解决多个级别 的安全性在执行不同的功能。

公开(公告)号：WO2009083588A1

公开(公告)日：2009-07-09

申请号：PCT/EP2008/068334

申请日：2008-12-29

Applicant: GEMALTO SA ,  PERION, Fabrice ,  BROCOLINI, Carla ,  ROS, Frédéric

Inventor： PERION, Fabrice ,  BROCOLINI, Carla ,  ROS, Frédéric

IPC: G06K1/12 ,  H04L9/32

CPC classification number: H04L9/3231 ,  H04L9/3247

Abstract: The present invention concerns a method for printing a scanner readable code on a secure object, for example a passport. The secure object comprises a chip and a photograph of it's owner is printed on the secure object. According to the invention, the method comprises the steps of: i - generating a private key and a public key; ii - extracting low-level information from the photograph; iii - transforming this low-level information by executing a second pre-image resistant function; iv - signing the result of the transformation with the private key; v - transforming each block of data of the signed result in a corresponding color; vi - printing the colors on the secure object for obtaining the scanner readable code.

Abstract translation: 本发明涉及一种在安全对象（例如护照）上打印扫描器可读代码的方法。 安全对象包括芯片，并且其所有者的照片被打印在安全对象上。 根据本发明，该方法包括以下步骤：i - 产生私钥和公钥; ii - 从照片中提取低级信息; iii - 通过执行第二预影像抵抗功能来转换该低级信息; iv - 用私钥签名转换结果; v - 以相应的颜色转换签名结果的每个数据块; vi - 打印安全对象上的颜色，以获取扫描仪可读代码。

公开(公告)号：WO2013083485A1

公开(公告)日：2013-06-13

申请号：PCT/EP2012/074063

申请日：2012-11-30

Applicant: GEMALTO SA

Inventor： SALGADO, Stéphanie ,  PERION, Fabrice

IPC: H04L9/06 ,  G06F21/00 ,  G06F21/55 ,  H04L9/00

CPC classification number: H04L9/004 ,  G06F21/55 ,  G06F21/755 ,  H04L2209/26

Abstract: The present invention relates to cryptographic method that are resistant to fault injection attacks, to protect the confidentiality and the integrity of secret keys. For that, the invention describes a method to protect a key hardware register against fault attack, this register being inside an hardware block cipher BC embedded inside an electronic component, said component containing stored inside a memory area a cryptographic key K, characterized in that it comprises following steps: A.) loading the key Kram inside said register; B.) computing a value X such as K=BC(K,X); C.) after at least one sensitive operation, computing a value V such as V=BC(K,X); D.) matching the value V with the key Kram value stored in the memory area; E.) if the matching is not ok detecting that a fault occurs.

Abstract translation: 本发明涉及抵御故障注入攻击的密码方法，以保护秘密密钥的机密性和完整性。 为此，本发明描述了一种保护密钥硬件寄存器免受故障攻击的方法，该寄存器位于嵌入在电子部件内部的硬件块密码BC内，所述组件包含存储在存储器区域内的加密密钥K，其特征在于： 包括以下步骤：A.）将密钥加载到所述寄存器内; 计算诸如K = BC（K，X）的值X; 在至少一个敏感操作之后，计算诸如V = BC（K，X）的值V; D.将值V与存储在存储区域中的密钥克隆值进行匹配; 如果匹配不正确，则检测到故障发生。

公开(公告)号：WO2016128463A1

公开(公告)日：2016-08-18

申请号：PCT/EP2016/052824

申请日：2016-02-10

Applicant: GEMALTO SA ,  ISSM

Inventor： PERION, Fabrice ,  VILLEGAS, Karine ,  PEREZ CHAMORRO, Jorge Ernesto ,  COULON, Jean Roch

IPC: G06F7/58

CPC classification number: G06F7/58 ,  H04L9/0662

Abstract: The present invention relates to a method to generate a mask (M) of a predefined size of b*m bits, said method comprising the following steps: generating a random number of a limited number p of bits, providing the p bits random number as the input of a deterministic random number generator (RNG) that outputs a random number of length m, applying to the output random number of length m an expansion function (EFM) using an error correcting code function to multiply the length by b and obtain a mask (M) of a size of b*m bits, a reseeding function (RFM) being regularly applied to the random number generator (RNG).

Abstract translation: 本发明涉及一种生成预定大小的b * m比特的掩码（M）的方法，所述方法包括以下步骤：产生有限数量的比特的随机数，提供p比特随机数作为 输出一个确定性随机数发生器（RNG），该确定性随机数发生器（RNG）输出长度为m的随机数，使用纠错码功能将长度为m的扩展函数（EFM）的输出随机数应用于乘以b并获得一个 大小为b * m比特的掩码（M），定期地应用于随机数发生器（RNG）的重新赋值功能（RFM）。

公开(公告)号：WO2016091581A1

公开(公告)日：2016-06-16

申请号：PCT/EP2015/077552

申请日：2015-11-24

Applicant: GEMALTO SA

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  LEVEQUE, Sylvain

IPC: G06F9/48 ,  G06F21/55

CPC classification number: G06F9/30065 ,  G06F7/588 ,  G06F9/4881 ,  G06F21/52 ,  G06F21/602

Abstract: The present invention relates to a method to execute by a processing unit a sensitive computation using multiple different and independent branches (SB1, SB2) each necessitating a given number of processing unit time units to be executed, characterized in that it comprises the following steps of, at each execution of a sensitive computation: - generating at least as many identifiers as the number of branches, - associating each identifier to a unique branch, - generating (S1, S2) a random permutation of identifiers, the number of occurrences of each identifier in the permutation being at least equal to the number of central processing unit time units in the shortest of the branches, - by processing (S3) each identifier in the random permutation, determining successively the branch to execute by each successive central processing unit time units according to the identifier value, - for each identifier of the random permutation, executing (S11, S21) a central processing unit time unit for the branch determined according to the identifier value.

Abstract translation: 本发明涉及一种由处理单元执行使用多个不同且独立的分支（SB1，SB2）进行敏感计算的方法，每个分支都需要执行给定数量的处理单元时间单元，其特征在于包括以下步骤： 在每次执行敏感计算时： - 产生至少与分支数目一样多的标识符， - 将每个标识符与唯一分支相关联 - 生成（S1，S2）标识符的随机排列，每个 排列中的标识符至少等于最短分支中的中央处理单元时间单元的数量， - 通过处理（S3）随机置换中的每个标识符，依次确定每个连续的中央处理单元时间执行的分支 根据标识符值的单位， - 对于随机置换的每个标识符，执行（S11，S21）中央处理单元时间单位fo r根据标识符值确定分支。

公开(公告)号：EP3230859B1

公开(公告)日：2019-07-17

申请号：EP15801751.7

申请日：2015-11-24

Applicant: Gemalto SA

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  LEVEQUE, Sylvain

IPC: G06F7/58 ,  G06F9/30 ,  G06F21/52 ,  G06F21/60 ,  G06F9/48

公开(公告)号：EP3342091A1

公开(公告)日：2018-07-04

申请号：EP16736093.2

申请日：2016-07-05

Applicant: Gemalto SA ,  ISSM

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  COULON, Jean Roch ,  TEISSIER, Sylvere

IPC: H04L9/00 ,  G09C1/00

Abstract: The present invention relates to a device (D) having a central processing unit (CPU), RAM memory (RAM) and at least two hardware elementary operations (HWi), using registers of greater size than the one of the central processing unit, said device (D) being such that construction of at least one part of RAM memory (RAM) is managed only by the hardware elementary operations (HWi), hardware elementary operations (HWi) themselves and masking of inputs/outputs/intermediary data are monitored by software instructions (SW), said software instructions (SW) being able to address different cryptographic functionalities using said hardware elementary operations (HWi) according to several ways depending on each concerned functionality, said software instructions (SW) being further able to address several levels of security in the execution of the different functional ities.

公开(公告)号：EP3230859A1

公开(公告)日：2017-10-18

申请号：EP15801751.7

申请日：2015-11-24

Applicant: Gemalto SA

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  LEVEQUE, Sylvain

IPC: G06F9/48 ,  G06F21/55

CPC classification number: G06F9/30065 ,  G06F7/588 ,  G06F9/4881 ,  G06F21/52 ,  G06F21/602

Abstract: The present invention relates to a method to execute by a processing unit a sensitive computation using multiple different and independent branches (SB1,SB2) each necessitating a given number of processing unit time units to be executed, characterized in that it comprises the following steps of, at each execution of a sensitive computation: - generating at least as many identifiers as the number of branches, - associating each identifier to a unique branch, - generating (S1,S2) a random permutation of identifiers, the number of occurrences of each identifier in the permutation being at least equal to the number of central processing unit time units in the shortest of the branches, - by processing (S3) each identifier in the random permutation, determining successively the branch to execute by each successive central processing unit time units according to the identifier value, - for each identifier of the random permutation, executing (S11,S21) a central processing unit time unit for the branch determined according to the identifier value.

Abstract translation: 本发明涉及一种由处理单元执行使用多个不同且独立的分支（SB1，SB2）进行敏感计算的方法，每个分支需要执行给定数量的处理单位时间单元，其特征在于其包括以下步骤 ，在每次执行敏感计算时： - 生成至少与分支数量一样多的标识符， - 将每个标识符与唯一分支相关联， - 生成（S1，S2）标识符的随机置换，每个标识符的出现次数 标识符至少等于分支中最短分支中的中央处理单元时间单元的数目; - 通过处理（S3）随机置换中的每个标识符，连续地确定要由每个连续中央处理单元执行的分支时间 根据所述标识符值确定单元， - 对于所述随机置换的每个标识符，执行（S11，S21）中央处理单元时间单元fo r根据标识符值确定的分支。

公开(公告)号：EP3136645A1

公开(公告)日：2017-03-01

申请号：EP15306322.7

申请日：2015-08-27

Applicant: GEMALTO SA ,  ISSM

Inventor： VILLEGAS, Karine ,  PERION, Fabrice ,  COULON, Jean Roch ,  TEISSIER, Sylvere

IPC: H04L9/00 ,  G09C1/00

CPC classification number: H04L9/002 ,  G06F21/602 ,  G06F2221/2107 ,  G09C1/00 ,  H04L2209/12

Abstract: The present invention relates to a device (D) having a central processing unit (CPU), RAM memory (RAM) and at least two hardware elementary operations (HWi), using registers of greater size than the one of the central processing unit, said device (D) being such that construction of at least one part of RAM memory (RAM) is managed only by the hardware elementary operations (HWi), hardware elementary operations (HWi) themselves and masking of inputs/outputs/intermediary data are monitored by software instructions (SW), said software instructions (SW) being able to address different cryptographic functionalities using said hardware elementary operations (HWi) according to several ways depending on each concerned functionality, said software instructions (SW) being further able to address several levels of security in the execution of the different functional ities.

Abstract translation: 本发明涉及具有中央处理单元（CPU），RAM存储器（RAM）和至少两个硬件基本操作（HWi）的设备（D），使用比中央处理单元之一更大尺寸的寄存器，所述寄存器 设备（D）使得至少一部分RAM存储器（RAM）的构造仅由硬件基本操作（HWi）来管理，硬件基本操作（HWi）本身和输入/输出/中间数据的屏蔽由 软件指令（SW），所述软件指令（SW）能够根据取决于每个相关功能的多种方式使用所述硬件基本操作（HWi）来解决不同的加密功能，所述软件指令（SW）还能够解决多个级别 的安全性在执行不同的功能性。

公开(公告)号：EP2789119A1

公开(公告)日：2014-10-15

申请号：EP12791804.3

申请日：2012-11-30

Applicant: Gemalto SA

Inventor： SALGADO, Stéphanie ,  PERION, Fabrice

IPC: H04L9/06 ,  G06F21/00 ,  G06F21/55 ,  H04L9/00

CPC classification number: H04L9/004 ,  G06F21/55 ,  G06F21/755 ,  H04L2209/26

Abstract: The present invention relates to cryptographic method that are resistant to fault injection attacks, to protect the confidentiality and the integrity of secret keys. For that, the invention describes a method to protect a key hardware register against fault attack, this register being inside an hardware block cipher BC embedded inside an electronic component, said component containing stored inside a memory area a cryptographic key K, characterized in that it comprises following steps: A.) loading the key Kram inside said register; B.) computing a value X such as K=BC(K,X); C.) after at least one sensitive operation, computing a value V such as V=BC(K,X); D.) matching the value V with the key Kram value stored in the memory area; E.) if the matching is not ok detecting that a fault occurs.

Abstract translation: 本发明涉及抵御故障注入攻击的密码方法，以保护秘密密钥的机密性和完整性。 为此，本发明描述了一种保护密钥硬件寄存器免受故障攻击的方法，该寄存器位于嵌入在电子部件内部的硬件块密码BC内，所述组件包含存储在存储器区域内的加密密钥K，其特征在于： 包括以下步骤：A.计算诸如K = BC（K，X）的值X，B.将所述寄存器内的密钥K加载C.在至少一个敏感操作之后，计算诸如V = BC的值V （K，X），D.将值V与存储在存储区域中的密钥K值匹配，E.如果所述匹配不正确，则检测到故障发生。