DESCRIPTION

Field of application The present invention relates to a method and system for calculating a clock frequency of a clock signal inside an IC Card, such signal being received from a terminal, for example from an handset or a mobile phone. The invention also relates to a method and system for calculating a clock frequency of a clock signal provided by a clock of the IC Card. More particularly, the invention relates to a method and system of the type described above wherein the frequency calculated is used to measure time inside the IC Card.

Prior art

As known, an IC card receives electrical power and clock signal from a terminal. Thus, if the terminal is turned off or not connected to the IC Card, this does not receive a clock signal. Moreover, even when the IC Card is connected to the terminal and powered on, the clock signal is not continuously provided. Moreover, even when the IC Card is connected to the terminal and powered on, it does not know the clock frequency of the terminal.

On the other hand, the clock frequency may not be a priori known to the IC Card, since it may be connected to several terminals, providing different clock frequencies.

Thus, since the IC Card does not know the clock frequency, it cannot measure time. Even the most advanced IC cards include only two hardware timers, i.e. an incremental timer and a decrement timer. The decrement timer is loaded with a predetermined value and is decreased at every clock cycle; it may be configured to decrease a pre -scale -value at each clock cycle. Figure 1 schematically represents an IC card 140 and a terminal wherein the IC card is inserted. The terminal 100 comprises radio interface such as antenna 110, display 120, buttons 130. The terminal provides timer service 150 to IC card 140.

Figure 2 represents the internal hardware structure of the IC card. More particularly, the IC card 140 comprises a central processor unit (CPU) 200, a memory 210, a timer 220, an optional internal clock generator 230, an universal asynchronous receiver/ transmitter 240. The Card further includes interfaces for the terminal, i.e. an external clock interface 250, a data 260 interface and a power interface 270. The interface for data 260 is used for communicating data with the terminal 100 while the interface for power 270 is used for receiving electric power from external device 100.

In case the IC card 140 includes an internal clock 230, an application stored in the IC Card or the IC Card operative system may manage the use of the internal clock 230 independently on the external clock 250 of the terminal or the external clock 250 of the terminal. The internal clock 230 may be emitted by an internal hardware of the Card, such as an oscillator, or a PLL. The external clock 250 is generated outside the IC card 140, e.g by the terminal 100 through the corresponding interface 250. The frequency of the clock internally generated by the IC Card may not be a priori known to the IC Card as well, since it may depends on several electrical parameters strictly related to the IC production process, and so different for each IC Card because of the productivity tolerances and operating conditions, providing different clock frequencies among a well-defined clock frequency interval.

In other words, the problem affecting the known IC Card 140 is that it cannot detect the frequency of the clock at runtime. Moreover, different type of clock can be supplied to the IC card 140 depending on what clock is used at a specific time, i.e. the internal clock or an external clock. For what concern the internal clock frequency, if an internal clock is available, it could be known from the IC Card specification; however, due to the fluctuation of the power level and other operating conditions, for example the temperature, or due to several electrical parameters strictly related to the IC production process and production tolerances, the actual internal clock frequency can be different from the nominal frequency value of the specification and different for each IC Card. Additionally, as depicted in the figure 3, it is quite usual for a terminal to switch off the clock supply when no communication takes place in order to reduce the IC Card current absorption. During the interval 300, 320, the IC card 140 is switched on and can communicate APDU messages with the external device 100. During these time intervals, the timer 220 can be active. However, during the interval 310 when the IC card 140 is still switched on but the external clock is not generated by the terminal 100 for power savings, it is still possible to increase or decrease the timer value on the base of the clock signals it may continue to generate independently on the one possibly received from the terminal. The technical problem at the base of the present invention is to calculate the clock frequency of a clock signal and to precisely measure time inside an IC Card, not only when the IC Card is provided with an internal hardware clock but also when the IC Card is not provided with such internal clock and receives a signal of unknown frequency from a terminal, thus solving the limitations and drawbacks that currently affects the known IC Cards.

Summary of invention

The solution idea at the base of the present invention is to transmit at least two time stamps from the terminal to the IC Card, to read values of a timer of the IC Card when the time stamps are received, and to calculate the clock frequency of a clock signal transmitted by a terminal to the IC Card based on a comparison between a time difference of time stamps and a value difference of the timer.

The timer is increased or decreased at each clock cycle, independently on which clock signal is used by the IC Card, and thus, according to the invention, the number of times the timer has been increased or decreased in the time elapsed between the two time stamps is used for calculating the clock frequency provided by the terminal. Advantageously, once the clock frequency of the terminal is known inside the IC Card, the card may measure time on the base of the clock signals it receives from the terminal and apply the measure of time to several application, for example for improving the IC Card security. The same solution idea is applicable to precisely calculate the clock frequency of a clock signal provided by an internal clock of the IC Card.

According to this solution idea, the above mentioned technical problem is solved by a method for calculating a clock frequency f _c ik of a clock signal received by an IC Card from a terminal or an internal clock frequency f _cl k of a clock signal provided by the IC Card, characterized by comprising the step of:

- receiving a first time-stamp from the terminal;

- setting a first value of a timer of the IC Card and starting the timer of the IC Card, when the first time-stamp is received;

- receiving a second time-stamp;

- reading a second value of the timer, when the second time- stamp is received; and

- calculating the clock frequency comparing a difference between the second and the first timer values and a difference between the second and the first time stamps.

The steps of comparing comprises dividing the difference between the second and the first time stamps with difference between the second and the first timer values.

In an aspect of the invention, the difference between the second and first timer values is adjusted considering a number of clock cycles occurred between the receipt of the first time- stamp and the effective start time of the timer; preferably also a number of clock cycles occurred between the receipt of second time-stamp and the effective time in which the second value of the timer is read is used to adjust such difference between the second and first timer values is adjusted. According to an embodiment of the invention, the number of clock cycles occurred between the receipt of the first time-stamp and the effective start time of the timer or the reading of the timer is processed only once and it is substantially considered a constant value, which can be evaluated on the basis of the hardware performance and/ or CPU programming model of the IC Card; this constant value is associated to the delay to be considered for starting or reading the timer.

According to an aspect of the invention, the effective start time is associated to n _c iki /fcik and the effective time in which the second value is read is associated to n _c ik2/fcik, wherein n _c iki is a number of clock cycles occurred between the receipt of the first time-stamp and the start of the timer, and n _c ik2 is a number of clock cycles occurred between the receipt of said second time- stamp and the reading of the second value of the timer. More particularly, the effective start time is calculated adding nciki /fcik to the first time-stamp, and the effective time in which the second value is read is calculated adding n _c ik2/fcik to the second time- stamp t _S 2.

According to another aspect of the present invention, the method provides the steps of obtaining a first processing time which is associated to the clock cycles occurred between the receipt of the first time stamp and a setting of said first value of the timer, and the step of obtaining a second processing time associated to the clock cycles occurred between said receipt of the second time stamp and the reading of said second value of the timer; the step of calculating the clock frequency is adjusted including the first processing time and the second processing time.

According to the method, since there is a delay between the time when the first time stamp is received and when the timer is started, by reflecting the delay in the calculation of the frequency of the timer, the frequency can be measured more exactly. Furthermore, since there is a delay between the time when the second command is received and a second value of the timer is read, also this delay is considered to calculate more exactly the frequency. According to an embodiment, the first processing time and/or the second processing time are computed at run time inside the IC Card.

According to another embodiment, the first processing time and/ or the second processing time are set by a parameter of pre-personalization. According to a further embodiment, the first processing time and/ or the second processing time are computed at run time only once, after the connection of the IC Card with the terminal, and it is used as a constant value approximating each operation involving the start of the timer or the reading of the timer for calculating the clock frequency. In another aspect of the present invention, the first processing time and/ or the second processing time are computed at compile time. If an application is compiled, the assembly code for the application is generated. Since an execution time for each of the assembly code can be estimated, total amount of time can be estimated approximately by summing each execution time. By using a preset first and/ or second processing time, the calculation of the frequency can be simplified.

In a preferred embodiment, the steps of receiving the first time-stamp, starting the timer, reading the first value of the timer, receiving the second time-stamp, reading the second value of the timer, and calculating the frequency are repeated several times to measure the clock frequency.

According to this embodiment, the clock frequency is obtained averaging the frequency of the clock measured several times. The applicant has found that averaging the measure improves the precision of the clock frequency, and allows implementing strong protection based on time measure. In other words, this embodiment has an advantageous effect because the reliability of measurement improves and it can provide an estimation of the clock frequency variance.

Preferably, the first time-stamp and the second time-stamp are encrypted before transmission to the IC Card. This method feature avoids that an hacking terminal implements the method, forcing the IC Card to process a wrong clock frequency and thus wrong time measurements.

In an aspect of the invention, the clock frequency is processed with the following formula:

Wherein t _s i is the first time-stamp, t _S 2 is the second time-stamp, V2 is the second value of the timer, Vi is the first value of the timer, n _c iki is the number of clock cycles occurred between the receipt of the first time-stamp and the effective start of the timer and n _c ik2 is the number of clock cycles occurred between the receipt of the second time-stamp and the effective reading of the second value of the timer.

Advantageously, according to the invention, using two different time stamps, the IC card measures the frequency of the clock of the terminal even though the frequency is not a priori known or it varies due to the specific working conditions, for example for the temperature.

In another aspect of the present invention, the method further comprising obtaining a first absolute time from the terminal; counting the number of clock cycles elapsed; updating a current absolute time value based on the frequency of the timer, the first absolute time value, and the number of clock cycles.

Further advantages and features of the method and the IC card according to the present invention will be apparent from the description given here below only for exemplificative purpose and without limiting the scope of protection of the present invention. Brief description of the drawings

Figure 1 schematically represents an IC card and a terminal providing a clock frequency to the IC card, according to the prior art.

Figure 2 represents the internal hardware structure of the IC card of figure 1.

Figure 3 represents a timeline during switch on-off of the IC Card of figure 2.

Figure 4 schematically represents a timeline including the relevant steps for calculating the clock frequency, according to the present invention.

Figure 5 represents in a block diagram the method for calculating the clock frequency, according to the present invention.

Detailed description

With reference to figure 4, the method for calculating a clock frequency fcik of a clock signal received by an IC Card 140 from a terminal 100 is schematically represented. According to the invention, the IC card 140 requests to the terminal 100 to receive two commands comprising the time-stamp, i.e a first time stamp t _sl and second time stamp t _S 2. A first command including the first time stamp information t _sl is requested before the second command including the second time stamp information t _S 2. The request can be made by the IC card 140 to the external device or terminal 100. Alternatively, an external device 100 which knows the status of the IC card 140 may directly send the above commands without a request from the IC card 140.

At the reception of the first command, the IC card 140 starts the internal timer 220. The IC card 140 knows at compile time how many clock cycles n _c iki occurs between the time when the first command is received and the time when the timer effectively starts. Here below, n _c iki is also referred to as first processing time. In other words, the timer starts at Tl which is t _s i + tei , where t _€l = n _c iki / fcik. The first value of the timer at time . Ti is Vi . At the reception of the second command, the IC card 140 reads the second value of the timer which is V2. The IC card 140 knows at compile time how many clock cycles n _cl k2 occurs between the time when the second command is received and the time when the timer value V2 is read. The n _c ik2 may be referred to as a second processing time. The second value of the timer is read at T2 which is equal to t _S 2+te2, where t½2

= n _c lk2/ fclk.

With reference to figure 4, the relation among t _s i, Ti, t _S 2, and T2 is hereafter explained. At time t _sl 410, the first command is received by the IC card 140. At reception of the first command, the IC card 140 issues an instruction to start the timer 220. Since there exists some delay for the timer to be started, the timer 220 really starts at time Ti 420, when the value of the timer is Vi. Similarly, at time t _S 2 430, the second command is received by the IC card 140. On receipt of the second command, the IC card 140 issues an instruction to read the value of the timer 220. Since there exists some delay for the value to be read, at time T2 440, the value of the timer is read which is V2.

Preferably, according to the present invention, the IC card 140 calculates the internal clock frequency as:

The formula is explained below.

As mentioned above, the time when the timer starts Ti and the time when the value of the timer is read T2 are defined as: ^λ 1 ~~ ^l s2 ^ ^'

elk

By the definition of Ti, T2, Vi , V2 and f _c ik the following equation is derived:

elk

wherein f _cl k is the frequency of the clock to be calculated. From the above formulas, it is derives the following:

elk and thus the clock frequency:

Here, it is assumed that Vi, V2, n _c iki, n _c ik2 have the same time scale. If the scale is different, changes have to be made on the formula. Since there exists a delay between the time when the first command is received and when the timer is started, by reflecting the delay in calculating the frequency of the timer, the frequency is measured more exactly. Advantageously, according to the invention, knowing the internal clock frequency, one absolute time value and the elapsed number of clock cycles, it is possible in any moment to know and update the absolute time value on request and make it available to the application layer. Alternatively, the IC card 140 can simply act when a certain time interval is elapsed.

Instead of computing the value n _c iki , n _cl k2 at compile time, these values can be achieved by means of a proper measurement or a parameter to be set at pre-personalization. Figure 5, schematically represents an execution of the method according to the invention.

The first time stamp t _sl is " 15/ 12/2010, 16.47.00.030"; the second time stamp ts2 is "15/ 12/2010, 16.49.30.030"; the number of clock n _c iki, which is computed by the compiler off-line, is 7000; the number of clock n _c ik2 is 6000 (also in this case computed by the compiler off-line); the first timer value Vi is 100,000,000,000 and corresponds to the value of the timer register which is set at start, for example with an IC Card having a decreasing counter; V2 is 97,000,000,500 and corresponds to the value of the timer register when the second time stamp is received. According to the above values the clock frequency calculated according to the formula

is fcik = 19,999,996 Hz.

Once synchronization is complete, card is aware of the exact clock frequency and it can take benefit of the synchronization to supply new services. Example of service usage

Let's suppose that a policy specifies that every Phone Call can be at most 1 minute long.

With the above computed frequency clock, 1 minute is exactly: nclk_lmin = 19,999,996 * 60 = 1, 199,999,760 clock cycle

The above service of "one minute call" can then be realized as follows:

When the UICC receives the "CALL CONTROL" envelope, indicating the call is initiating, the register counter is set to 1, 199,999,760 - When the timer register reaches the 0 value, an interrupt will be issued to inform that the minute is over and the UICC requests the handset the call termination.

According to the present invention, the following advantageous effect can be achieved. First, it is possible to estimate processing performance. Knowing the clock frequency, the IC card OS can estimate how fast it can make certain tasks. In IC card environment, particularly in telecommunications, some operations have strict time constraints, for example in order to guarantee the smoothness of sound during a call. According to the invention, the IC card OS may determine that, based on the detected clock frequency, such operation cannot be completed on time and thus react accordingly, for example, refusing the call or switching to an optimized/ degraded algorithm able to give some results in less clock cycles.

Moreover, it is possible to control the power consumption. In fact, if the external clock frequency is too high, the IC card current absorption could rise and get over the standard threshold, or simply cause the reduction of battery autonomy. In this case, the card OS could switch off a secondary hardware modules to compensate consumption and switched on again when needed. The higher speed could guarantee that the overall performance is preserved, even if hardware is periodically disabled and enabled. When the clock frequency is not high, all hardware modules stay always on, with no time wasted in managing them.

Furthermore, the time stamp can be supplied by the terminal with a specific APDU command, as well as derived from ordinary IC card-to- terminal communication, to avoid trusting terminal, e.g. the received SMS, that implicitly contains a time stamp. To guarantee the time stamp to be current, the operator could arrange a "time signal" based on dedicated SMS or cell broadcast messages. According to another aspect of the present invention, more accurate time counting is possible by using several measurements. Using merely two measurements could incur in an imprecise time counting. In other words, especially when that the time to create a message on the external device 100 and/ or the time to transmit the message to the IC card 140 is variable, a single measurement is not reliable.

In this case, according to a preferred embodiment of the present invention, several calculations of the clock frequency are executed and an averaging technique is applied to improve the reliability of the average clock frequency, and provide an estimation of the clock frequency variance. Regarding to the clock frequency variance, if the variance is considered to be too high, the IC card can assume that the time awareness is not reliable in that specific terminal.

Moreover the method overcomes the problem of internal clocks with a variance. In fact, In IC card secured chip, clock usually has a variance in order to provide unpredictability in terms of execution time.

In another aspect of the invention, secure clock frequency calculation and time measuring are implemented. The time awareness is used to improve security. For example, it is required that the IC card 140 has to wait a certain time before processing a secured command if the previous one was unsuccessful. In this case, a malicious external device 100 can send an incorrect time stamping to avoid the waiting time, which makes the IC card 140 have completely wrong assumptions on time stamping. To overcome this, a secure time measuring system can be introduced. This is simply done by providing a ciphered (or encrypted) version of the time stamp to the IC card 100 from a trusted source. For example, the trusted source can be, in telecom environments, a remote device sending Secured Data, e.g. an enciphered SMS. Alternatively, a trusted terminal which sends data ciphered by using a key that is shared with the IC card 140.

Thus, the IC card 140 is able to authenticate a remote time stamp authority and can rely on time stamp information. Advantageously, according to the present invention, parental control may be provided as an application on the IC card 140. For example, being the IC card OS able to measure time, it can be programmed to limit conversation time. This could be used to limit the time spent talking by a child; therefore it is possible to reduce money spent in phone a call. Limiting the time for a call is also useful for limiting and making the radio wave radiation exposure less continuous.