Abstract: The invention relates to a method and associated security module for protecting the processing of sensitive information in a security module with a monolithic structure, the module comprising information processing means (9) and means for storing (3, 4) information capable of being processed by said processing means. The method comprises the following steps: selecting a piece of sensitive information in the storage means; determining (7) a specific condition for the integrity of said information; reading the information and transmitting (1) it to the processing means; verifying (11) during the processing of the information that the specific condition is satisfied; and disabling the processing of the information if the specific condition is not satisfied.

Abstract: A method is described for authenticating a portable object that includes a processor and a memory. The memory contains at least one code defining operations capable of being executed by the portable object, as well as a one-way function. The method comprises an authentication of the portable object which includes sending the portable object an order so that the latter executes a calculation of a result by applying to the one way function at least part of the code. This result enters into the implementation of a given operation, the operation being performed successfully only when the portable object is authentic.

Abstract: The invention relates to a process for storing and using sensitive information in a security module and to a security module arranged to implement the process, and protect the sensitive information against fraudulent utilization. The sensitive information ISj is stored in a form {overscore (ISj)} encrypted using a temporary encrypting protection key CPi, whose content varies over time. The sensitive information {overscore (ISj)} is decrypted before being used in a given operation, using a temporary decrypting protection key CPid. Before the contents of the encrypting and decrypting keys are varied, the sensitive information {overscore (ISj)} is decrypted with the current decrypting key, and then it is re-encrypted with the new encryption key to obtain a new encrypted form, different from the previous one.

Abstract: The invention concerns a method for authenticating a portable object comprising information processing means and information storage means, the information storage means containing at least one code (i) defining operations capable of being executed by the portable object, as well as a one-way function.

Abstract: The invention relates to a process for protecting a security module (8) designed to cooperate with a data processing device (1), the module being designed to execute a set of operations including at least one sensitive operation (23).

Abstract: The invention relates to a method and an apparatus for producing a key that is common to two devices that belong to different sets and are intended to implement a common cryptographic procedure. Each device is assigned a mother key (KC, KP) and a daughter key (KP.sub.ck, KC.sub.pi). The daughter key is developed on the basis of the mother key of the other device and of an identification datum specific to the device. When the procedure is performed, the two devices exchange their identification datum (ck, pi), which when processed with the aid of the mother key held by the device will yield the daughter key (KC.sub.pi, KP.sub.ck) of the other device. The pair of keys formed by the daughter key already held and by the daughter key that is calculated constitutes the common key.

Abstract: This invention concerns a key protection device for smart cards and is characterized by the fact that:each input user key is coded using a random key and stored;protection data that corresponds to each coded user key's dependant data is generated and associated to each coded user key;a detection device is installed on the card that allows the user to verify the stored user key's integrity by comparing the protection data to verification data that is generated using the card's stored user key; andan interlock device that allows the user to block any further calculation using the stored key in the event that the verification data is not identical to the protection data.

Abstract: A method for generating a random number in a system utilizing portable objects, such as cards with electronic memories and data processing circuits, wherein the data processing circuits (TC) of the portable object are operable to generate a random number required for data processing, when the portable object is connected to a processing apparatus of the system. A calculation program recorded in the circuits of the portable object is executed taking into account parameters memorized in the memory (MC) of the object.

Abstract: In a data processing system using portable objects (1) such as cards incorporating memory chips (11, 12, 13, 14, 15) and a processing circuit (10), where a first memory zone (11) is electrically erasable and writable at the request of the processing circuits in the object, random numbers are generated taking into account a first parameter taken from the first zone (11) and at least one second parameter written in a second, nonvolatile zone (12) of the object, the content of this second zone being modified each time the first zone is erased such that the combination of parameters is never identical following the various erase operations on the first zone.

Abstract: A method for authentication by an external medium of a portable object such as a standardized credit card coupled to this medium. The portable object (2) calculates a result (R) which is at least a function of a secret key (S) and of a variable datum (E). This result (R) is sampled by the external medium (1), which compares it with a reference result (RO). This result (RO) is changed in a random manner, by being replaced by a new result (RO) calculated by a portable object (2) which has been authenticated based on the preceding reference result.

Abstract: The invention relates to a method for management of an electronic memory representing predetermined homogenous units, of the generic type comprising inscribing in memory a stop indicating the balance at the end of a transaction. In this method, the memory is divided into elements including a non-specific number of cells, and at the time of a transaction, the search for the stop is performed by determining at the outset the element in which it is located, and then the precise position that it occupies in this element. A new stop is then inscribed starting at the position of this previous stop, and then this previous stop is neutralized so that it will be ignored in later transactions. The invention is applicable to electronic payment devices.

Abstract: The present invention relates to a method for dispatching at least one predetermined secret key, in order to make the implementation of a provision of service secure, characterized in that it comprises transmitting a predetermined implementation key in encoded form from a security module (MSCl) having a predetermined rank to a security module (MSTl) or card (U) of a rank lower than the predetermined rank, this encoding comprises using an encoding algorithm and introducing the predetermined implementation key, as well as least one diversified key, this diversified key, necessary for the encoding, being obtained by a diversification algorithm by introducing both a basic key of this diversified key and diversification data originating from the module of lower rank, the predetermined encoded implementation key being decoded by the use, in a module of lower rank than the predetermined rank, of a decoding algorithm which is the inverse of the encoding algorithm.

Abstract: The invention relates to a method for authenticating an external authorizing datum by a portable object, such as a memory card.The authorizing datum (C1) entered into an apparatus (2) is enciphered with a predetermined datum (E) to yield a message (M) which is transmitted to a portable object (1). The object (1) deciphers the message (M), taking into account a reference authorizing datum (C1), in order to retrieve a datum (E'), which must be coherent with the datum (E).The invention applies in particular to the recognition of the carrier code of the owner of a credit card.

Abstract: The subject of the invention is a method for certifying the authenticity of a datum exchanged between two devices connected locally or at long distance by a transmission line.The transmitting device (2) fashions an enciphered message (M) on the basis of a parameter (X) at least one field (X1) of which must satisfy a predetermined condition and one field (X3) corresponds to the datum (d) to be transmitted. The receiving device (1) deciphers the message (M) in order to find a parameter (X') the field (X'1) of which must satisfy the same condition as the field (X1) for which the field (X'3) corresponds to the datum (d) transmitted.The invention is applicable in particular to credit cards.

Abstract: The subject of the invention is a method for diversification of a basic key and for authentication of a thus-diversified key as having been fashioned on the basis of a predetermined basic key, and a system for performing the method.An initializing system calculates a diversified key (Sd) on the basis of a basic key (Sb) processed by a biunique combination transformation (T). The key (Sd) recorded in the memory (M3) of a user card (CU3) is authenticated by an exploitation system (4), which calculates a certificate on the basis of the basic key (Sb), while the card (CU3) calculates a certificate on the basis of its key (Sd). These certificates must be identical, taken into account the properties of the transformation (T).The invention is applicable in particular to the secret keys recorded in memory cards.