Abstract: The method for protecting a logic or mathematical operator of the NOR operator type, able to be used for executing a program in a microprocessor electronic module wherein the execution of the NOR operator is replaced by the execution (CAL-XORSEC(1) of a sequence Si operations having for final result a result identical to that of the XOR function. The sequence of operations Si composed of elementary operations with AND, OR and NOT is selected at each XOR operator from a set of eight equivalent sequences (S1 to S8) after determination CAL-NDO) of an order number ND0=1 according to the parameters of the program and/or a random parameter R supplied by a pseudo-random number generator (14).

Abstract: The inventive method for controlling access to data which is used by reference in a program execution system (including processes and aims) during the program execution consists in memorising by the system the totality of references obtainable by said program with the aid of means considered legal, before any operation which can be prohibited if it relates to values which are not legal references, in verifying by the system whether said values are amongst the legal references memorized for the program and in accepting or rejecting the operation, respectively.

Abstract: A method for secure loading of a key dedicated to securing a predetermined operation into memory of a microchip of an embedded system includes, as a first step, authenticating a security device by generating a first random number using the microchip, transmitting the first random number to the security device, generating a second random number in the security device, generating a first cryptogram from the first and second random numbers by applying an asymmetric signature algorithm using an asymmetric secret key, transmitting at least the first cryptogram to the microchip, and authenticating the security device by verifying the first cryptogram using the public key.

Abstract: The method for protecting a logic or mathematical operator of the NOR operator type, able to be used for executing a program in a microprocessor electronic module wherein the execution of the NOR operator is replaced by the execution (CAL-XORSEC(1) of a sequence Si operations having for final result a result identical to that of the XOR function. The sequence of operations Si composed of elementary operations with AND, OR and NOT is selected at each XOR operator from a set of eight equivalent sequences (S1 to S8) after determination CAL-NDO) of an order number NDO=1 according to the parameters of the program and/or a random parameter R supplied by a pseudo-random number generator (14).

Abstract: The invention concerns a method for secure storage of a piece of so-called sensitive data, for example an encryption key, in a memory (M) of an embedded microchip system, particularly a smart card (CP). The memory (M) comprises two physically distinct storage devices (1, 2), for example a permanent memory of the “ROM” type (1), and a second, re-programmable memory of the “EEPROM” type (2). The piece of sensitive data is divided into at least two parts (d, d?), in a given logical configuration, each of these parts being stored in one of the distinct storage devices (1, 2). An additional piece of verification data, a checksum or hash data, can also be stored in the first storage device (1), at the same time as the first sensitive data part (d). The invention also concerns an embedded microchip system, particularly a smart card (CP).

Abstract: The inventive method for controlling access to data which is used by reference in a program execution system (including processes and aims) during the program execution consists in memorising by the system the totality of references obtainable by said program with the aid of means considered legal, before any operation which can be prohibited if it relates to values which are not legal references, in verifying by the system whether said values are amongst the legal references memorised for the program and in accepting or rejecting the operation, respectively.

Abstract: This invention concerns an optimised management method for allocating memory space of an onboard system to a data structure and a corresponding onboard system. The object code packets and the data packets being discriminated, and the memory being subdivided into addressable elementary memory blocks, the method consists in allocating (A1) to the object code packets a set of elementary memory blocks located in a first memory space (MS1) to addresses substantially adjacent and to the data packets another set of elementary memory blocks located in a second memory range (MS2). This enables to avoid fragmentation of the memory zone, during successive installations/deinstallations and to implement very easily an optimal defragmentation procedure, adapted to each type of data, code or application data.

Abstract: The invention concerns a method for dynamically allocating memory workspace of an onboard system to a data structure identified by an identification number (ID_Ak) and the corresponding onboard system. The storage area of the onboard system being subdivided into elementary memory blocks (BL1), the method is implemented on the basis of an allocation instruction and an erasure instruction. To allocate (A) an elementary memory block, the method consists in assigning an identification number (ID-Ak) to the block concerned. To erase (E) an elementary storage block, the method consists in assigning an arbitrary value (AAAA) different from any identification number. The system is applicable to onboard systems, such as multi-application microprocessor cards.

Abstract: The invention relates to a method of securing computer systems involving the logical containment of data. More specifically, the invention relates to a method of securing computer systems, which offers the possibility of executing codes that manipulate data which must be processed separately. The inventive method essentially involves the use of the following: (i) a memory manager for managing memory allocation units which can be typically a fixed-size page or a variable-size block, and (ii) memory allocation owners and requesters which can be typically user applications of the operating system of the computer system or the actual operating system. The system involves the separation of the aforementioned data by the owner and the encryption of same with a dedicated key.

Abstract: The invention relates to a method of securing computer systems comprising at least one code interpretation module and memory capacity for storing the code to be interpreted. For said purpose, the invention consists in making more difficult attacks involving physical measures and/or requiring a synchronisation with the interpreted code, by introducing variants into the interpreted code runtimes and the measurable physical prints.

Abstract: The invention concerns a method for dynamically allocating memory workspace of an onboard system to a data structure identified by an identification number (ID_Ak) and the corresponding onboard system.

Abstract: This invention concerns an optimised management method for allocating memory space of an onboard system to a data structure and a corresponding onboard system. The object code packets and the data packets being discriminated, and the memory being subdivided into addressable elementary memory blocks, the method consists in allocating (A1) to the object code packets a set of elementary memory blocks located in a first memory space (MS1) to addresses substantially adjacent and to the data packets another set of elementary memory blocks located in a second memory range (MS2). This enables to avoid fragmentation of the memory zone, during successive installations/deinstallations and to implement very easily an optimal defragmentation procedure, adapted to each type of data, code or application data.

Abstract: The invention concerns a method and an embedded microchip system (8) for the secure execution of an instruction sequence of a computer application in the form of typed objects or data, particularly written in “Java” language. The memory (1) is organized into a first series of elementary stacks (2, 3) for storing instructions. Each typed object or datum is associated with one or more so-called typing bits specifying the type. These bits are stored in a second series of elementary stacks (4, 5) that correspond one-to-one with with the stacks (2, 3) of the first series. Before executing predetermined types of instructions, a continuous verification is performed, prior to the execution of these instructions, of the matching between a type indicated by the latter and an expected type, indicated by the typing bits. If they do not match, the execution is stopped.

Abstract: The invention concerns the securing of the pre-initialization phase of a smart card (CP) with a mutual authentication of this card (CP) storing a symmetric secret key (KM) and an asymmetric public key (n), and a security device (3) storing the same secret key (KM) and the asymmetric secret key (Kpq) corresponding to the public key (n). The card (CP) and the device (3) supply random numbers (NaC). The device (3) is authenticated by transmitting to the card (CP) a cryptogram (SR) derived from the two random numbers using an asymmetric algorithm. The card (CP) is authenticated by calculating a secret session key derived from the random number (NaC), using a symmetric algorithm and the secret key (KM), and by transmitting to the device (3) a cryptogram (CC) derived from the second random number, using the symmetric algorithm and the session key. The dedicated key (KF), encrypted by the session key (KS), is transmitted to the card.