Method of protecting against attacks and circuit therefor

Field for the invention

The invention relates to a method of protecting against unauthorized attacks on data contained in memories or in memory modules and to a circuit of a memory module.

State of the art

So-termed smart card chips have data stored thereon which are secret in part and which represent important and confidential information serving, for example, for identification and/or for the authorization of processes. Such data may be used, for example, for access to locations or services. Thus, for example, a door opener may be authorized to afford an owner of a smart card containing certain data access to a restricted area through a reading of the access data. Another possibility is, for example, to authorize and carry out money transactions or to control financial assets on the basis of a smart card.

The secret data should accordingly not be accessible to outsiders, otherwise these data could be improperly used. In particular key data, which serve for coding and decoding information that is transmitted to external destinations, should be safeguarded against unauthorized access.

Various possibilities are known for obtaining access to such data that are to be protected, for example through malfunctions in the access from the outside to the memory or through direct manipulations of the electronic circuit, whereby memory access can be purposely changed so as to obtain access to the data that are to be protected. In such a case it is also possible that other physical addresses are affected, which will lead to a compromising malfunctioning program stream.

Access to memories of security-sensitive circuits can be protected against purposeful attacks by means of protection mechanisms. WO 2004/049349 A2 in this connection describes a protection mechanism against light attacks during inactive phases in a reading process. WO 2004/046927 Al discloses a special redundant storage of data. WO

2004/047172 Al discloses an electronic circuit for fending off attacks by means of light.

A memory cell can be selected by means of address decoding by address decoders, whereupon the contents of said cell are read in a memory access operation. An attack on these address decoders, which cannot always be effectively prevented or even

spotted by the above protection mechanisms, may result in a plurality of memory cells, an incorrect memory cell, or no memory cell at all being selected.

Short description of the invention, object, solution, advantages It is an object of the present invention to provide a method by which an attack on address decoders can be reliably recognized. Another object of the invention is to provide a circuit capable of recognizing such attacks.

According to the invention, the object as regards the circuit is achieved by the characteristic features of claim 1. The circuit according to the invention presents a memory module that comprises a memory matrix, a column decoder, and a line decoder, the circuit of the memory module in addition comprising a validation circuit, wherein said validation circuit is capable of reconstructing an address from selection signals and comparing this address with the original address or carrying out a plausibility test, whereupon a validation signal can be given if the addresses match or the plausibility thereof is established. It is particularly advantageous if the selection signal is a signal applied to the memory matrix of the memory module.

It is also useful if an attack can be identified on the basis of a deviation between the reconstructed address and the original address.

It is highly advantageous, moreover, if the validation circuit comprises its own read amplifier which renders possible a simultaneous reading.

According to the invention, the object as regards the method is achieved by the characteristic features of claim 5. According to this claim, the method is a method of protecting against unauthorized attacks on data contained in memories or in a memory module, with data being stored in a memory module, which memory module comprises a memory matrix for the storage of data, and with a column decoder and a line decoder, wherein the circuit of the memory module in addition comprises a validation circuit, which validation circuit reconstructs an address from selection signals and compares this address with the original address or carries out a plausibility test, whereupon a validation signal is given if the addresses match or the plausibility thereof is established. It is useful in this connection if the selection signal is a signal applied to the memory matrix of the memory module. It is also useful if an attack can be identified on the basis of a deviation between the reconstructed address and the original address.

The present invention thus relates to a method of verifying a decoded address during a memory access operation, preferably in real time, so as to recognize any attacks on the address decoder. The invention also relates to a method of reliably recognizing such attacks.

Advantageous further embodiments are described in the dependent claims.

Short description of the drawings

The invention will be described in more detail below with reference to an embodiment and the accompanying drawings, in which:

Fig. 1 shows a memory module;

Fig. 2 shows a circuit arrangement according to the prior art; Fig. 3 shows a circuit arrangement according to the invention; and Fig. 4 is a block diagram of a circuit for clarifying the procedure according to the method.

Preferred embodiment of the invention

Fig. 1 diagrammatically shows a memory module 1 in the form of a block diagram. The memory module is formed here by a memory matrix A, 2, a column decoder CD, 3, and a line decoder RD, 4. According to the invention, the circuit of the memory module 1 is complemented by a validation circuit V, 5. The validation circuit V, 5 reconstructs through calculation an address from the selection signals supplied to the matrix A, 2 and either compares this address with the original address adr or carries out a plausibility test, issuing a validity signal va in the case of a match or plausibility, as applicable. The reference "data" is used for the data input and/or data output and the reference "adr" for the input for the addresses.

Fig. 2 shows an example of a circuit for a decoder test according to the prior art. The circuit 10 essentially consists of a memory cell 11, in which e.g. a word can be stored, a ROM cell 12 for the decoder test, and a read amplifier 13. The memory circuit 10 here is a circuit that can be programmed comparatively slowly only. Such circuits often comprise special circuit arrangements for testing the address decoding function in order to reduce the testing time. For this purpose, a fixedly coded data word R is selected by the line decoder along with the other data in an extra column in each of the n lines of the memory, cf. signal wl,

which can be read out in a special testing mode via the original read path, cf. the control signal test. This word may, but need not necessarily, have the same word width w as the data words proper.

Fig. 3 shows a circuit according to the invention, wherein an additional circuit is modified according to the invention such that, during normal reading via the read amplifier S, 13 having an output value dout, this fixedly coded word R is read out simultaneously via its own read amplifier T, 14 for the test bus which has an output value tout. Thus a conclusion can be drawn from this word as to the actually selected line. A line can be identified from the output value by the read amplifier in this manner. Said conclusion may be unequivocal or may at least be sufficient for a plausibility test. A comparison with the address applied to the module then renders it possible to generate a validity signal; in the case of an unequivocal result the reconstructed address itself may also be supplied as additional information, if so desired. The reference wl here represents the line selection and bl the bit line, tbl the test bus bit line, tl the test bus, dout the data outputs, and tout the data output for the address validation code.

In an equivalent manner, a validation circuit is constructed for the column decoder, which circuit tests the decoded column of the m columns during the read access. The circuit according to the invention serves to protect the memory module provided therewith. Any memory module that contains security-sensitive or secret data may advantageously be protected from attacks in principle. The present invention offers a highly efficient method by which it can be ensured that only those memory cells that are wanted are actually read out in that the decoded address is subjected to a validity test or the original address is reconstructed for the purpose of comparison. It can be applied to all memories organized in matrix form such as, for example, RAM, ROM, EEPROM, and Flash. Fig. 4 shows a block diagram 20 in which block 21 represents the input of selection signals or data. In block 22, an address is reconstructed from these data or selection signals. In block 23, this address is compared with the original address and/or a plausibility test is carried out. In the case in which the addresses match and/or a plausibility of the address is established a validity signal will be given in block 24.