Patent number 8621617 is assigned to MORPHO (
The following quote was obtained by the news editors from the background information supplied by the inventors: "Such a card has an integrated circuit that generally comprises a microprocessor, a volatile memory, and a non-volatile memory. The non-volatile memory contains personal data such as the identity of the person to whom the card has been issued, a secret identification code, banking information, etc. . . . , and at least one main program enabling information to be exchanged between the card and a reader of a terminal to which the card is connected, such as an automatic teller machine (ATM) or a payment terminal. The main program implements a plurality of nested functions serving in particular to communicate various items of personal data to the terminal, to retrieve a code input by the user to the terminal, to perform calculations on the code, e.g. for cryptographic or authentication purposes, to communicate the result of authentication to the terminal, . . . . These functions are nested in the sense that while a first function is being executed, it calls a second function which in turn, while it is being executed, calls a third function, etc. . . . ; the return of execution to the second function and then to the first function takes place in succession after the ends of execution of the third function and of the second function respectively. In order to allow return to the calling function, the microprocessor manages a function call stack that enables it to store a return address each time a function is called so that, at the end of execution of the called function, the microprocessor recovers the address stored in the function call stack and positions its execution pointer at that address so as to continue with execution of the calling function.
"In such cards, one of the functions that is critical in terms of security consists in decrementing a counter on each failure of an authentication operation that consists in verifying that a code input to the terminal is indeed identical to the secret identification code stored in the integrated circuit of the card. With a bank card, this number of failures is generally set at three, while the code itself comprises four digits. The counter as decremented in this way is returned to its initial value after a successful verification of the code. In contrast, after three failures of code verification, the integrated circuit is blocked. There exists a fraudulent technique that consists in disturbing the operation of the card at the end of the authentication operation in order to prevent execution of the function that serves to decrement the counter. It can be understood that if that function is not performed, then a dishonest person can try out all possible combinations of four digits in order to find the correct combination.
"Another fraudulent technique consists in disturbing the operation of the microprocessor so as to give rise to unexpected behaviors of the microprocessor, possibly making it possible to recover data that ought normally to be kept secret. For example, it is possible to envisage that after a function has been called by a calling function, execution may be returned to the calling function before the called function has come to the end of its execution."
In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "To this end, the invention provides a method of securing execution of a main program that implements nested functions, the method comprising the steps of: executing a security management program arranged to update a list of current functions; informing the security management program of the beginning of execution of each function of the main program and updating the list of current functions; informing the security management program of the end of execution of each function; after being informed of each end of execution of a function, verifying that the function is indeed the function that was begun the most recently; and in the event of the verification failing, performing a protection action that is selected as a function of a security level associated with each function.
"Thus, the list held by the security management program serves to detect abnormal operation of the main program, and more particularly of its function calling.
"Preferably, and by way of example, the protection action consists in issuing a warning or in interrupting the main program.
"In a particular implementation, the list of functions is a table comprising a sequence of fields for receiving respective function identifiers, the method comprising the steps of: initializing the fields; and on being informed of the beginning of the execution of a function, writing the identifier of the function in the first available field.
"This implementation is particularly simple and effective and requires only limited use of computation and memory resources.
"Advantageously, the method includes the step, on being informed of the end of execution of a function called by a calling function, of storing the called function in memory and of causing the function calling the security manager to verify that the most-recently executed function is the called function.
"Other characteristics and advantages of the invention appear on reading the following description of a particular, non-limiting implementation of the invention."
URL and more information on this patent, see: Goncalves, Louis-Philippe; Roudiere, Guillaume; Decroix, David. Method of Securing Execution of a Program. U.S. Patent Number 8621617, filed
Keywords for this news article include: MORPHO, Electronics, Legal Issues, Microprocessors.
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- 3 Shot Dead in Venezuela Unrest
- Chinese May Have Spotted Malaysia Airlines Debris
- Several Texas Cities Top Job Search List
- Why Buffett Bets Big on Green Energy
- Wall Street Rally Heads Off 3rd Day of Decline
- Senate Committee OKs Bill to Sanction Russia
- Better Pay Means Bigger Profits: Strategist
- G7 Presses Russia to Pull Troops Out of Crimea
- Obama's 'Between Two Ferns' Appearance Has Conservatives Upset
- Jan Brewer Out on Term Limits