Abstract: A method for protecting data against power analysis attacks includes at least a first phase of executing a cryptographic operation for ciphering data in corresponding enciphered data through a secret key. The method includes at least a second phase of executing an additional cryptographic operation for ciphering additional data in corresponding enciphered additional data. An execution of the first and second phases is undistinguishable by the data power analysis attacks. Secret parameters are randomly generated and processed by the at least one second phase. The secret parameters include an additional secret key ERK for ciphering the additional data in the corresponding enciphered additional data.

Abstract: A method is for executing n data updates in an IC Card which has memory pages supporting m erase operations per page, with m<n. The method includes the step of allocating a cyclic elementary file including N records, each record associated to a memory page of the IC Card, and the cyclic elementary file indexing a less recently updated record which is erased before writing data to be updated.

Abstract: A method is for controlling access to a data file of an IC card and may include storing a plurality of access conditions to be evaluated for accessing the data file, and enabling access to the file if the access conditions are satisfied. The method may further include ordering the access conditions to be evaluated in a Reverse Polish Notation inside a memory queue of the IC card, and evaluating the access conditions starting from a head of the memory queue.

Abstract: A method for pre-programming an IC card may include transmitting a memory image of a gold version sample IC card to the IC card and storing the memory image in a memory of the IC card. The method may further include dividing the memory image into memory blocks of set size to be transmitted separately to the IC card and by the fact that the storing may include writing at least one memory block in the memory while one or more memory blocks are transmitted.

Abstract: A method may defrag a memory for an IC card having a plurality of files stored in memory portions, each file including respective links to one or more other files. The method may include detecting a start address of a first free memory portion of the memory, detecting an address of a memory portion following the start address and storing one file to be moved, detecting files including links to the address of the file to be moved, moving the file to be moved to the start address of the first free memory portion, updating the links to point at the start address, and repeating the above steps until at least two free memory portions following the moved files are separated by one or more of files.

Abstract: A key session derivation is provided during a mutual authentication between a master IC card storing a master key, and a user IC card storing a key-seed. The master IC card and the user IC card are connected through a communication interface for a communication session. A first random number associated to the user IC card is generated. First and second sub keys are derived from the key-seed. First and second session sub keys are respectively derived through the first sub key in combination with the first random number, and through the second sub key in combination with the first random number. The first and second session sub keys are joined in at least a session key for the communication session.

Abstract: An authentication method between a first IC card and a second IC card interconnected through a terminal includes transmitting an identification number from the second IC card to the first IC card for deriving and storing a key in the first IC card. An authentication number is generated and stored in the first IC card, and is transmitted to the second IC card. The authentication number is encrypted inside the second IC card, and is transmitted to the first IC card. The encrypted authentication number is decrypted through the derived key, and is compared with the authentication number. The second IC card is authorized if the encrypted authentication number in the first IC card is equal to the authentication number. At least one of the transmissions includes an identification and/or authentication number to authorize the first IC card from the second IC card. The identification and/or authentication numbers include a reverse authentication number.

Abstract: A method is for executing n data updates in an IC Card which has memory pages supporting m erase operations per page, with m<n. The method includes the step of allocating a cyclic elementary file including N records, each record associated to a memory page of the IC Card, and the cyclic elementary file indexing a less recently updated record which is erased before writing data to be updated.

Abstract: A method for pre-programming an IC card may include transmitting a memory image of a gold version sample IC card to the IC card and storing the memory image in a memory of the IC card. The method may further include dividing the memory image into memory blocks of set size to be transmitted separately to the IC card and by the fact that the storing may include writing at least one memory block in the memory while one or more memory blocks are transmitted.

Abstract: Key diversification is performed during a mutual authentication between a SAM integrated circuit (IC) card storing a master key, and a user IC card storing an identification number. The user IC card is connected to the SAM IC card through a communications interface. The key diversification includes deriving sub keys from the master key, and computing ciphered strings through corresponding cryptographic computations on a string obtained by an elaboration on the identification number with the sub keys. A diversification key is generated by linking together a combination of bytes of the ciphered strings.

Abstract: A method is for controlling access to a data file of an IC card and may include storing a plurality of access conditions to be evaluated for accessing the data file, and enabling access to the file if the access conditions are satisfied. The method may further include ordering the access conditions to be evaluated in a Reverse Polish Notation inside a memory queue of the IC card, and evaluating the access conditions starting from a head of the memory queue.

Abstract: A method may defrag a memory for an IC card having a plurality of files stored in memory portions, each file including respective links to one or more other files. The method may include detecting a start address of a first free memory portion of the memory, detecting an address of a memory portion following the start address and storing one file to be moved, detecting files including links to the address of the file to be moved, moving the file to be moved to the start address of the first free memory portion, updating the links to point at the start address, and repeating the above steps until at least two free memory portions following the moved files are separated by one or more of files.

Abstract: A method for protecting data against power analysis attacks includes at least a first phase of executing a cryptographic operation for ciphering data in corresponding enciphered data through a secret key. The method includes at least a second phase of executing an additional cryptographic operation for ciphering additional data in corresponding enciphered additional data. An execution of the first and second phases is undistinguishable by the data power analysis attacks. Secret parameters are randomly generated and processed by the at least one second phase. The secret parameters include an additional secret key ERK for ciphering the additional data in the corresponding enciphered additional data.

Abstract: An authentication method between a first IC card and a second IC card interconnected through a terminal includes transmitting an identification number from the second IC card to the first IC card for deriving and storing a key in the first IC card. An authentication number is generated and stored in the first IC card, and is transmitted to the second IC card. The authentication number is encrypted inside the second IC card, and is transmitted to the first IC card. The encrypted authentication number is decrypted through the derived key, and is compared with the authentication number. The second IC card is authorized if the encrypted authentication number in the first IC card is equal to the authentication number. At least one of the transmissions includes an identification and/or authentication number to authorize the first IC card from the second IC card. The identification and/or authentication numbers include a reverse authentication number.

Abstract: Key diversification is performed during a mutual authentication between a SAM integrated circuit (IC) card storing a master key, and a user IC card storing an identification number. The user IC card is connected to the SAM IC card through a communications interface. The key diversification includes deriving sub keys from the master key, and computing ciphered strings through corresponding cryptographic computations on a string obtained by an elaboration on the identification number with the sub keys. A diversification key is generated by linking together a combination of bytes of the ciphered strings.

Abstract: A key session derivation is provided during a mutual authentication between a master IC card storing a master key, and a user IC card storing a key-seed. The master IC card and the user IC card are connected through a communication interface for a communication session. A first random number associated to the user IC card is generated. First and second sub keys are derived from the key-seed. First and second session sub keys are respectively derived through the first sub key in combination with the first random number, and through the second sub key in combination with the first random number. The first and second session sub keys are joined in at least a session key for the communication session.