公开(公告)号：WO00054454A1

公开(公告)日：2000-09-14

申请号：PCT/FR2000/000283

申请日：2000-02-07

IPC: G06K19/073 ,  G09C1/00 ,  H04L9/06

CPC classification number: H04L9/0625 ,  G06F2207/7219 ,  H04L9/003

Abstract: In an electronic component using a secret key cryptographic algorithm K whereof the operation comprising several successive computing cycles T1, T16 to supply from initial input data L0, R0 applied at the first cycle, final output data L16, R16 at the last cycle, the method consists in applying a first random value u to the computing means designed for each cycle (TCM) to obtain in output unpredictable data (a(+)u). The invention is characterised in that it consists further in applying a second random value v to said initial input data L0 and R0 applied in input of the first cycle T1.

Abstract translation: 在使用秘密密钥加密算法K的电子部件中，包括从第一周期应用的初始输入数据L0，R0提供的若干连续计算周期T1，T16的操作，最后一个周期的最终输出数据L16，R16， 包括将第一随机值u应用于为每个周期设计的计算装置（TCM），以获得输出不可预测的数据（a（+）u）。 本发明的特征在于，其进一步包括将第二随机值v应用于在第一周期T1的输入中应用的所述初始输入数据L0和R0。

公开(公告)号：WO00054230A1

公开(公告)日：2000-09-14

申请号：PCT/EP2000/001453

申请日：2000-02-23

IPC: G06F1/00 ,  G06F21/55 ,  G06F21/77 ,  G06K19/073 ,  G07F7/10

CPC classification number: G07F7/1008 ,  G06F21/755 ,  G06F21/77 ,  G06F2207/7219 ,  G06K19/073 ,  G06K19/07363 ,  G06Q20/341 ,  G07F7/082

Abstract: Inferences to the processed data of the internal microchip can be effected on the contacts of the external power supply for a smart card by using appropriate measuring techniques - Differential Power Analysis (DPA). In order prevent misusage of smart cards, the DPA has to be effectively disabled. The invention permits a disabling of a DPA by decoupling the power supply voltage for the active computer chip from the external power supply for the smart card during calculation of confidential data. The technical solution can be attained by means of an integrated battery, a direct current stabilization, or by an integrated HF switched-mode power supply unit. When using direct current stabilization or an HF switched-mode power supply unit, the power supply voltage for the active computer chip can be conducted over a randomly controlled electronic switch so that the pulses still to be measured on the smart card contacts are additionally concealed.

Abstract translation: 设置有到外部电源的一个智能卡的接触内部微芯片可能的处理过的数据合适的测量结论 - （DPA）差分功率分析。 要排除的智能卡被滥用时，DPA必须被有效地防止。 利用本发明，一个DPA防止了机密数据从外部电源向所述智能卡的计算期间为活动的计算机芯片的电源电压是分开。 技术方案可以通过一个集成的电池，一个直流电压稳定化或集成RF开关电源来实现。 当使用直流电压稳定化，或RF开关模式电源，可以制成用于随机控制的电子开关上的活性计算机芯片的供给电压，使得附加的模糊尚未被测量到智能卡中的联系人的脉冲实现。

公开(公告)号：WO00024156A1

公开(公告)日：2000-04-27

申请号：PCT/FR1999/002199

申请日：1999-09-15

IPC: G06F12/14 ,  G06F21/06 ,  G06F21/24 ,  G09C1/00 ,  H04L9/06 ,  H04L9/10

CPC classification number: H04L9/0625 ,  G06F2207/7219 ,  H04L9/003

Abstract: The invention concerns a countermeasure method in an electronic component using a secret key K cryptographic algorithm with sixteen computing cycles to supply an encrypted message (C) from an input message (M), each cycle using first means TC0 to supply an output information from an input information, Said method consists in applying by selection a sequence with the first means or another sequence with other means TC1, TC2 to a group G1 comprising the first three cycles at least and another group G4 comprising the last three cycles at least. Whatever the sequence, the output result of the last cycle of each group is the same for the same input message (M).

Abstract translation: 本发明涉及使用具有16个计算周期的秘密密钥K密码算法的电子部件中的对策方法，以从输入消息（M）提供加密消息（C），每个周期使用第一装置TC0来提供来自 所述方法包括通过选择具有第一装置或另一序列的序列与其他装置TC1，TC2至少包括前三个周期的组G1以及至少包括最后三个周期的另一组G4进行选择。 无论什么序列，每个组的最后一个周期的输出结果对于相同的输入消息（M）是相同的。

公开(公告)号：WO00024155A1

公开(公告)日：2000-04-27

申请号：PCT/FR1999/002172

申请日：1999-09-13

IPC: G06F12/14 ,  G06F21/06 ,  G06F21/24 ,  G06K19/07 ,  G09C1/00 ,  H04L9/06 ,  H04L9/10

CPC classification number: H04L9/0625 ,  G06F2207/7219 ,  H04L9/003

Abstract: The invention concerns a countermeasure method in an electronic component using a secret key K cryptographic algorithm, wherein the algorithm implementation comprises the use of first means TC0 for supplying output data from input data, the output information and/or derived data being manipulated by critical instructions. Said countermeasure method provides for the use of other means TC1 and/or TC2, such that the output information and the derived data are unpredictable.

Abstract translation: 本发明涉及使用秘密密钥K密码算法的电子部件中的对策方法，其中所述算法实现包括使用第一装置TC0从输入数据提供输出数据，输出信息和/或由关键指令操纵的导出数据 。 所述对策方法提供使用其他装置TC1和/或TC2，使得输出信息和导出的数据是不可预测的。

公开(公告)号：WO00019385A1

公开(公告)日：2000-04-06

申请号：PCT/EP1999/007023

申请日：1999-09-20

IPC: B42D15/10 ,  G06F12/14 ,  G06F21/06 ,  G06F21/24 ,  G06K19/073 ,  G07F7/10

CPC classification number: G07F7/1008 ,  G06F2207/7219 ,  G06K19/07363 ,  G06Q20/341 ,  G07F7/082

Abstract: A data carrier device (3) includes data storage means (13) for storing key data (SD), processing means (14) for processing key data (SD), data bus means (15) which include a data bus (16) with a number of N parallel data leads which connects the data storage means (13) to the processing means (14), and via which N-bit key data (SD) can be transmitted in parallel during each transmission operation, and power supply means (E) for supplying the data carrier device (3) with power (UB); transmission data (ÜD-SD), containing key data (SD), can be stored in the data storage means (13) and the data bus means (15) are arranged to transmit N-bit transmission data (ÜD-SD) in each transmission operation, which transmission data (ÜD-SD) has a number of M bits of value 1 which is always the same and independent of the key data (SD); the data bus means (15) have a power consumption which is independent of the key data (SD) and include selection means (29, 31) which are arranged to select, after a transmission operation, a number of K bits, constituting the key data (SD), from the total number of N transmitted bits of the transmission data (ÜD-SD).

Abstract translation: 数据载体装置（3）包括用于存储密钥数据（SD）的数据存储装置（13），用于处理密钥数据（SD）的处理装置（14），包括数据总线（16）的数据总线装置（15） 将数据存储装置（13）连接到处理装置（14）的多个N个并行数据引线，并且可以在每个传输操作期间并行传输N位密钥数据（SD），以及电源装置（ E）用于向数据载体装置（3）提供电力（UB）; 包含密钥数据（SD）的传输数据（ÜD-SD）可被存储在数据存储装置（13）中，数据总线装置（15）被安排成在每个传输数据（ÜD-SD）中发送N位传输数据 传输操作，哪个传输数据（ÜD-SD）具有总是相同且独立于密钥数据（SD）的值为1的M位数; 数据总线装置（15）具有独立于密钥数据（SD）的功耗，并且包括选择装置（29,31），其被选择在传输操作之后选择构成密钥的K个比特数 数据（SD），从发送数据的N个发送位的总数（ÜD-SD）。

公开(公告)号：WO00019367A1

公开(公告)日：2000-04-06

申请号：PCT/EP1999/007025

申请日：1999-09-21

IPC: G06F1/04 ,  G06F21/72 ,  G06F21/75 ,  G06K19/073 ,  G09C1/00 ,  H04L9/06

CPC classification number: G06K19/073 ,  G06F21/72 ,  G06F21/75 ,  G06F2207/7219 ,  H04L9/003 ,  H04L2209/08 ,  H04L2209/12

Abstract: The invention relates to a data processing device (100) and to a method for operating a data processing device, notably a chip card. The device comprises an integrated circuit (10) which in accordance with a first clock pulse carries out useful calculations, notably cryptographic operations. To this end a second clock pulse is randomly derived from the first clock pulse and supplied to the integrated circuit (10) instead of the first clock pulse. Distances between the edges of the second clock pulse vary randomly over time. To this end the invention provides for a clock control unit (14) which is linked to the integrated circuit (10) as well as for a random generator (12) which is connected to the clock pulse control unit (14). The clock control unit (14) is configured such that it generates a second clock (20) in accordance with the random generator (12) and the first clock pulse (18), and the second clock pulse varies randomly and controls the integrated circuit (10).

Abstract translation: 本发明涉及一种数据处理装置（100）和用于与集成电路（10），其响应于第一时钟信号Nutzrechenoperationen操作数据处理装置，特别是智能卡的方法，特别是加密操作，执行。 这里，第二时钟信号是随机从所述第一时钟信号导出的并且代替集成电路供给（10）的第一时钟信号，其中所述第二时钟信号的时钟脉冲边沿之间的距离在随机随时间变化的。 为了这个目的，一个与所述集成电路（10）设置连接到时钟控制单元（14）和连接到所述随机数发生器（12），到定时控制单元（14），其中，所述时钟控制单元（14）响应于所述随机数发生器（12）设计成使得它与 生成任意变化的第一时钟信号（18）的第二时钟信号（20）和所述集成电路（10）的驱动器。

公开(公告)号：WO99067766A3

公开(公告)日：2000-04-06

申请号：PCT/US1999/012739

申请日：1999-06-03

IPC: H04L9/06 ,  G09C1/12

CPC classification number: H04L9/0618 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L63/1441 ,  H04L2209/122

Abstract: Cryptographic devices that leak information about their secrets through externally monitorable characteristics (such as electromagnetic radiation and power consumption) may be vulnerable to attack, and previously-known methods that could address such leaking are inappropriate for smartcard and many other cryptographic applications. Methods and apparatuses are disclosed for performing computations in which the representation of data, the number of system state transitions at each computational step, and the Hamming weights of all operands are independent of computation inputs, intermediate values, or results. Exemplary embodiments (figure 6) implemented using conventional hardware elements such as electronic components (611, 613) and logic gates (610, 620, 630, 640) as well as software executing on conventional microprocessors are described.

Abstract translation: 本发明涉及其中存在的对他们的秘密信息盗用通过可以从外部进行监测（例如，电磁辐射和功耗）和特性的风险的加密设备 谁容易受到攻击。 本发明还涉及可以处理这种泄漏并且未被证明用于智能卡和许多不同应用的已知方法。 是本发明的主题提供了用于数据的表示执行计算的方法和设备，系统状态转换中的计算的每个状态和数量所有操作数的汉明权是独立的输入端 计算，中间值或结果。 本发明还涉及使用诸如电子组件，逻辑门等的硬件（泄漏）元件的某些实施例。 以及运行在常规（泄漏）微处理器上的软件。 智能卡和其他防篡改设备极大地提高了对涉及外部监视的加密攻击的抵抗力。

公开(公告)号：WO99067919A2

公开(公告)日：1999-12-29

申请号：PCT/US1999/012734

申请日：1999-06-03

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/32

CPC classification number: H04L9/0625 ,  G06F21/556 ,  G06F21/602 ,  G06F21/755 ,  G06F2207/7219 ,  H04L9/003 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/127

Abstract: Methods and apparatuses are disclosed for improving DES and other cryptographic protocols against external monitoring attacks by reducing the amount (and signal-to-noise ratio) of useful information leaked during processing. An improved DES implementation of the invention instead uses two 56-bit keys (K1 and K2) and two 64-bit plaintext messages (M1 and M2), each associated with a permutation (i.e., K1P, K2P and M1P, M2P) such that K1P {K1} XOR K2P {K2} equals the "standard" DES key K, and M1P {M1} XOR M2P {M2} equals the "standard" message. During operation of the device, the tables are preferably periodically updated, by introducing fresh entropy into the tables faster than information leaks out, so that attackers will not be able to obtain the table contents by analysis of measurements. The technique is implementable in cryptographic smartcards, tamper resistant chips, and secure processing systems of all kinds.

Abstract translation: 公开了用于通过减少在处理期间泄露的有用信息的量（和信噪比）来改善DES和其他加密协议以防外部监视攻击的方法和装置。 本发明的改进的DES实施方案改为使用两个56位密钥（K1和K2）和两个64位明文消息（M1和M2），每个与置换相关联（即，K1P，K2P和M1P，M2P），使得 K1P {K1} XOR K2P {K2}等于“标准”DES密钥K，M1P {M1} XOR M2P {M2}等于“标准”消息。 在设备的操作期间，优选地通过将新鲜的熵引入到表中比信息泄漏出来更周期地更新表，使得攻击者将不能通过分析测量获得表的内容。 该技术可在加密智能卡，防篡改芯片和各种安全处理系统中实现。

公开(公告)号：WO9948217A2

公开(公告)日：1999-09-23

申请号：PCT/US9905832

申请日：1999-03-16

Applicant: NETSCHOOLS CORP ,  GREAVES THOMAS W ,  MILEWSKI RICHARD A ,  SCHADE FRED B

Inventor： GREAVES THOMAS W ,  MILEWSKI RICHARD A ,  SCHADE FRED B

IPC: G06F1/00 ,  G06F11/00 ,  G06F21/88 ,  H04B

CPC classification number: G06F11/0757 ,  G06F21/88 ,  G06F2207/7219

Abstract: A method for controlling physical security of a computer removably coupled to a network wherein a security administrator associated with a server invokes a timer in a client computer and disables the client computer if the computer is not operated within the network with a frequency preset by the security administrator. Techniques are provided in the client computer to inhibit breach of the security of the timer.

Abstract translation: 一种用于控制可移动地耦合到网络的计算机的物理安全性的方法，其中与服务器相关联的安全管理员在客户端计算机中调用定时器，并且如果计算机在网络内没有以安全性预设的频率来操作，则禁用客户端计算机 管理员。 在客户端计算机中提供技术以抑制违反定时器的安全性。

公开(公告)号：WO98058305A1

公开(公告)日：1998-12-23

申请号：PCT/GB1998/001705

申请日：1998-06-11

IPC: G06F21/88 ,  G06F1/00

CPC classification number: G06F21/88 ,  G06F2207/7219

Abstract: A computer system (10) comprises computer apparatus (12) incorporating the first and second electronic components (20, 22) and is electrically connected to a security device (14) which is associated with a non-volatile store (16) and components (12 and 14) are interconnected via a security bus (18). The security device (14) is used to protect at least one of the first electronic component (20) and the second electronic component (22) from theft and unauthorised re-use. Typically component (20) is a microprocessor for generating instructions and component (22) is a memory module for receiving instructions and outputting signals in consequence, the components (20, 22) being interconnected by a further bus (24).

Abstract translation: 计算机系统（10）包括结合有第一和第二电子部件（20,22）的计算机设备（12），并且电连接到与非易失性存储器（16）和组件（16）相关联的安全设备（14） 12和14）经由安全总线（18）互连。 安全装置（14）用于保护第一电子部件（20）和第二电子部件（22）中的至少一个免受盗窃和未授权的重新使用。 通常，组件（20）是用于产生指令的微处理器，并且组件（22）是用于接收指令并输出信号的存储器模块，因此组件（20,22）由另外的总线（24）互连。