Abstract: A method of testing security of an electronic device against a combination of a side-channel attack and a fault-injection attack implemented during a method of cryptographic processing that includes: delivering a message signature based on a secret parameter and implementing a recombination of at least two intermediate values according to the Chinese remainder theorem; and verifying the signature on the basis of at least one public exponent. The method of testing includes: transmitting a plurality of messages to be signed by said electronic device; disturbing each message, including modifying the message by inserting an identical error for each message, before executing a step of determining one of the intermediate values; and analyzing physical measurements, obtained during the step of verifying the signature as a function of the message to be signed, the identical error for each message, and an assumption of a value of part of the secret parameter.

Abstract: A secure element includes a boot program comprises instructions for the execution a startup step to determine if a non-volatile memory stores an active operating system, and, in the affirmative, to launch execution of the operating system, an authentication step of a updater device, as a function of first authentication data determined by a secure element and second authentication data received from the updater device, and, in response to the authentication step, a storage step of a new operating system received from the update, device in the non-volatile memory and an activation step of the new operating system, when said instructions are executed by a microprocessor.

Abstract: This microcircuit card includes means for detecting an attack on the card, command means (130) capable of charging a charge pump (120) capable of applying a programming voltage (UP) to command a write operation into a cell (110) of a nonvolatile memory when an attack is detected, and a capacitor (140) arranged so as to be supplied with power during normal operation and to supply said charge pump (120) with power only when an attack is detected. The card (100) being characterized in that said capacitor (140) also supplies power to the command means (130) when an attack is detected.

Abstract: A microcircuit card (200) includes means for detecting an attack on the card, and command means (130) capable of blowing a fuse (250) of the card when an attack is detected.

Abstract: The invention relates to a secure data processing method comprising the steps of generating (E204; E304) a first random value (A1); executing (E206; E306) a first cryptographic algorithm (FK) using the first random value (A1); generating (E208; E308) a second random value (A2); executing (E210; E310) a second cryptographic algorithm (FK; GK) using the second random value (A2); and generating a result (V) to verify that the first algorithm (FK) was properly executed.

Abstract: A data processing method comprises the following steps: determining a first result data word from a first input data word and a first secret data word; obtaining a first compressed data word from the first result data word or the first input data word using a compression algorithm; determining a second result data word from a second input data word and a second secret data word; obtaining a second compressed data word from the second result data word using the compression algorithm; comparing the first compressed data word and the second compressed data word.

Abstract: A method for securing a program against attacks by error, i.e. in a chip card, wherein at least one jump instruction, including a relative address chosen from a plurality of possible relative addresses, is identified in the program, wherein the at least one jump instruction makes it possible to reach a targeted address inside the memory area extending before and after the jump instruction and regrouping the plurality of possible relative addresses, inside the memory area, wherein an instruction to be preserved is identified and, in order to secure at least the instruction, at least one first non-operative batch including at least one instruction is inserted, the insertion being carried out in such a way as to ensure that the insertion is compatible with maintenance of the address targeted by the jump instruction inside the memory area and that the insertion is compatible with the normal running of the program.

Abstract: This microcircuit card includes means for detecting an attack on the card, command means (130) capable of charging a charge pump (120) capable of applying a programming voltage (UP) to command a write operation into a cell (110) of a nonvolatile memory when an attack is detected, and a capacitor (140) arranged so as to be supplied with power during normal operation and to supply said charge pump (120) with power only when an attack is detected. The card (100) being characterized in that said capacitor (140) also supplies power to the command means (130) when an attack is detected.

Abstract: A method for protecting an electronic entity with encrypted access, against DFA (Differential Fault Analysis) attacks which includes: storing the result of a selected step (Rm, Kn) of an iterative process forming part of the cryptographic algorithm and in performing once more at least part of the steps of the iterative process up to a new computation of a result corresponding to the one which has been stored, comparing the two results and denying distribution of an encrypted message (MC) if they are different.

Abstract: A method of cryptographic processing of data (X), in particular a method protected against fault injection attacks, and an associated device. The processing includes at least one transformation (100, 1001-1006) of an input data item (s) into a result data item (s?). In this case the method includes a step (E204) of verifying the transformation including the following steps: obtaining (E206) a first data item (DV(s?)) that is compressed by applying a compression operation (110, MDV, ADV) to the result data item (s?); obtaining (E208) a second compressed data item (DV(s)) that is compressed by applying the compression operation (110, MDV, ADV) to the input data item (s); determining (E210) a verification data item (DV(s)?) by applying the transformation (100, 1001-1006) to the second compressed data item (DV(s)) and; comparing (E212) the verification data item and the first compressed data item.

Abstract: A method for protecting an electronic entity with encrypted access, against DFA (Differential Fault Analysis) attacks which includes: storing the result of a selected step (Rm, Kn) of an iterative process forming part of the cryptographic algorithm and in performing once more at least part of the steps of the iterative process up to a new computation of a result corresponding to the one which has been stored, comparing the two results and denying distribution of an encrypted message (MC) if they are different.

Abstract: The invention concerns a method for reproducing digital content including the following steps: receiving (E222) an identifier (Id?) of the digital content from a secure electronic entity; extracting (E226) a digital watermark of the digital content; controlling (E232) the reproduction of the content based on a comparison between the extracted watermark and the identifier. The invention concerns a reproducing device, an electronic entity and related systems.

Abstract: A method for protecting an electronic entity with encrypted access, against DFA (Differential Fault Analysis) attacks which includes: storing the result of a selected step (Rm, Kn) of an iterative process forming part of the cryptographic algorithm and in performing once more at least part of the steps of the iterative process up to a new computation of a result corresponding to the one which has been stored, comparing the two results and denying distribution of an encrypted message (MC) if they are different.

Abstract: A secure data processing method includes the following steps: padding (E206) a memory area (MAC?) with a pad value (A); writing (E208) a first datum in the memory area (MAC?); in the area, reading (E210) a second datum with at least one part of the first datum as it was written in the memory area (MAC?); and executing an operation (E210) using the second datum.

Abstract: A data processing method, whereby an element is subjected to a first operation with a given operand. The method includes a step of updating by a second operation a first variable (B; a0; S?p, S?q) or a second variable (A; a1; Sp, Sq), depending on whether a corresponding bit of the operand=0 or 1; and a step of testing a relationship between a first value (B; a0; S?) derived from the first variable and a second value (A; a1; S) derived from the second variable. A related device is also disclosed.

Abstract: A method to mask static cell identifiers or static location area codes of a mobile network a mobile terminal and a masking module integrated in equipment belonging to the architecture of the network under consideration, of generating all or part of dynamic cell identifiers or dynamic location area codes from static identifiers or codes so as to make their geographical conversion impossible for an outside service other than services authenticated by the operator. The disclosed embodiments propose a masking device to mask static identifiers or codes including either a module masking static identifiers or codes, integrated in a BSC for GPS or GPRS or in a RNC for UMTS, or another masking module masking all or part of the static identifiers or codes integrated in network equipment close to the operator's platform.

Abstract: A data processing method comprises the following steps: determining a first result data word from a first input data word and a first secret data word; obtaining a first compressed data word from the first result data word or the first input data word using a compression algorithm; determining a second result data word from a second input data word and a second secret data word; obtaining a second compressed data word from the second result data word using the compression algorithm; comparing the first compressed data word and the second compressed data word.

Abstract: An exchange of information between a communication entity e.g. a mobile telephone and the operator server upon which it is dependent, in order to carry out authentication operations by exchanging keys and using cryptography algorithms. According to the invention, an algorithm is used, comprising: algorithmic treatments using, as input data, all or part of a random number and operating keys derived from two keys, and a combined treatment using data derived from algorithmic treatments in order to provide results to enable the linkage.

Abstract: Method for security loading of at least one residual memory space including at least one program, in particular in a smart card, consists in carrying out successive cycles for selecting (E13, E23, E33) at least one type of data from a predetermined authorized data set, wherein said authorized data set excludes at least one type of data corresponding to a determined instruction, and in introducing (E14, E24, E34) the at least one type of data selected from the at least one residual memory space in such a way that at least one part of the residual memory space is loaded.

Abstract: A method for securing a program against attacks by error, i.e. in a chip card, wherein at least one jump instruction, including a relative address chosen from a plurality of possible relative addresses, is identified in the program, wherein the at least one jump instruction makes it possible to reach a targeted address inside the memory area extending before and after the jump instruction and regrouping the plurality of possible relative addresses, inside the memory area, wherein an instruction to be preserved is identified and, in order to secure at least the instruction, at least one first non-operative batch including at least one instruction is inserted, the insertion being carried out in such a way as to ensure that the insertion is compatible with maintenance of the address targeted by the jump instruction inside the memory area and that the insertion is compatible with the normal running of the program.