Abstract: A method for secure loading of a key dedicated to securing a predetermined operation into memory of a microchip of an embedded system includes, as a first step, authenticating a security device by generating a first random number using the microchip, transmitting the first random number to the security device, generating a second random number in the security device, generating a first cryptogram from the first and second random numbers by applying an asymmetric signature algorithm using an asymmetric secret key, transmitting at least the first cryptogram to the microchip, and authenticating the security device by verifying the first cryptogram using the public key.

Abstract: The invention concerns a method for secure storage of a piece of so-called sensitive data, for example an encryption key, in a memory (M) of an embedded microchip system, particularly a smart card (CP). The memory (M) comprises two physically distinct storage devices (1, 2), for example a permanent memory of the “ROM” type (1), and a second, re-programmable memory of the “EEPROM” type (2). The piece of sensitive data is divided into at least two parts (d, d?), in a given logical configuration, each of these parts being stored in one of the distinct storage devices (1, 2). An additional piece of verification data, a checksum or hash data, can also be stored in the first storage device (1), at the same time as the first sensitive data part (d). The invention also concerns an embedded microchip system, particularly a smart card (CP).

Abstract: The invention relates to a process for securely comparing two main storage registers, comprising defining an auxiliary storage register (A), calculating a first sum of the words composing the auxiliary storage register, comparing the words of the two main storage registers, randomly selecting one of the words of the auxiliary storage register, and modifying the value of the selected word by a first predetermined value if said words of the main storage registers are identical, and modifying the value of said selected word by a second predetermined value if said words of the main storage registers are different, calculating a second sum (SA2) of the words of the auxiliary storage register, and modifying the second sum by a value equal to said first value multiplied by the number of words (n) of the main storage registers, and comparing said first and second sums (SA1, SA2). The invention also relates to the associated security module.

Abstract: The invention concerns the securing of the pre-initialization phase of a smart card (CP) with a mutual authentication of this card (CP) storing a symmetric secret key (KM) and an asymmetric public key (n), and a security device (3) storing the same secret key (KM) and the asymmetric secret key (Kpq) corresponding to the public key (n). The card (CP) and the device (3) supply random numbers (NaC). The device (3) is authenticated by transmitting to the card (CP) a cryptogram (SR) derived from the two random numbers using an asymmetric algorithm. The card (CP) is authenticated by calculating a secret session key derived from the random number (NaC), using a symmetric algorithm and the secret key (KM), and by transmitting to the device (3) a cryptogram (CC) derived from the second random number, using the symmetric algorithm and the session key. The dedicated key (KF), encrypted by the session key (KS), is transmitted to the card.

Abstract: The invention concerns a method for secure storage of a piece of so-called sensitive data, for example an encryption key, in a memory (M) of an embedded microchip system, particularly a smart card (CP). The memory (M) comprises two physically distinct storage devices (1, 2), for example a permanent memory of the “ROM” type (1), and a second, re-programmable memory of the “EEPROM” type (2). The piece of sensitive data is divided into at least two parts (d, d′), in a given logical configuration, each of these parts being stored in one of the distinct storage devices (1, 2). An additional piece of verification data, a checksum or hash data, can also be stored in the first storage device (1), at the same time as the first sensitive data part (d).

Abstract: The invention relates to a process for the secure processing of a sensitive logical element (S2) in a storage register (30) containing several words (31-38), each formed of several logical elements (L1-L8, S1-S8). The process comprises: defining a first auxiliary word containing several logical elements randomly defining the position of a sensitive word (36) among the words of the storage register, which is intended to store the sensitive logical element (S2), and within the sensitive word, the position of the sensitive logical element among the logical elements of the sensitive word, the other words (31-35, 37, 38) of the storage register constituting decoy words; and using the first auxiliary word to select the sensitive word (36) and storing the sensitive logical element (S2) in its position within the sensitive word.