INTERFACE

The invention relates to a securing device with a radiofrequency communication interface. More particularly, it relates to devices of the smart card type or equivalent types, with a broadband radiofrequency type interface.

New digital security applications generally use the combination of a general-public high-speed communication interface component and a secure microcontroller such as that widely used in smart cards. These high-speed communication interfaces may particularly be interfaces of the radiofrequency (RF) type. For example, there are a large number of components compatible with different communication standards such as IEEE 802.15.4 or IEEE 802.11. In that way, a smart card can be equipped with a high-speed RF interface, which avoids having to entirely design an RF interface in a smart card integrated circuit. The RF components available in the market are generally microcontrollers with a modulator/demodulator that operates in the required RF range. These microcontrollers further have dedicated functional elements for carrying out RF communication and one or more programmable communication ports for interfacing an outside circuit. However, these communication ports and the RF interface are not functional without the presence of a microcode that is specific to the use of the component.

Microcontroller vendors in the market provide designers with development tools for developing and validating their software applications. In the case of products with a rewritable program memory of the flash type, the tool makes it possible to load programs or test routines via the development interface driven by a downloading program. Once the loading is complete, the loader invalidation command is executed, validating the code in the flash memory up to the next component reset. Only then does the component become functional. To use such a component in a smart card, you need to either load the microcode before assembly in the smart card or after assembly, when the smart card is personalised. Loading the microcode before assembly requires significant loading time, which becomes disadvantageous. Further, it is difficult to secure the information in the component at this stage, as the securing component is not yet associated with it. After assembly, access to the loading port is difficult.

A solution is provided by the invention to remedy the aforementioned problems. The invention consists in benefiting from the securing mechanisms and resources available while programming the secure microcontroller of the smart card to load and personalise the program memory of the RF component instead of the development tools of the said interface component. In order to avoid excessively lengthening the time required for personalising the smart card, the secure assembly can use the high-speed protocol of the interface component to load the final application and the personalisation data of the user of the product. The invention can then guarantee that the two- component system does not degrade the security level throughout the life cycle, including manufacturing, personalisation and issue. More particularly, the invention is a securing device including a connector, a first integrated circuit and a second integrated circuit. The connector is used for connecting the device by contact. The first integrated circuit includes a secure microcontroller connected by a first communication port to the connector. The said first integrated circuit further has a second communication port and a third communication port. The second integrated circuit includes a radiofrequency communication interface, a fourth communication port, a fifth communication port and at least one memory for configuring the communication interface and the fourth communication port. The fourth communication port is connected to the second communication port and the fifth communication port is connected to the third communication port.

Preferentially, the fifth communication port is a port for configuring the second integrated circuit which is deactivated during normal use of the device. The first integrated circuit is a smart card microcontroller and the second integrated circuit is a programmable radiofrequency communication circuit. The second communication port and the fourth communication port correspond to an SPI bus. The communication interface complies with standard IEEE 802.15.4.

In another aspect, the invention is a method for personalising a secure device including a connector, a programmable radiofrequency interface and a microcontroller connected on the one hand to the connector and on the other hand to the radiofrequency interface through two distinct connections. The said method includes a stage for loading a microcode from the connector to make it possible to configure the radiofrequency interface and one of the two connections, a stage for configuring the radiofrequency interface using the secure microcontroller so as to be able to effect secure radiofrequency communication and a stage for loading the application microcode and personal data through the radiofrequency interface into the secure microcontroller.

The invention will be better understood, and other particularities and benefits will become clear in the description below, which description refers to the drawings attached, where: figure 1 represents a device according to the invention, figure 2 illustrates the communication link between the secure microcontroller and the RF component.

Figure 1 schematically represents the components of a smart card according to the invention. The smart card comprises a connector 1 , a secure microcontroller 2, a radiofrequency circuit 3 and an antenna 4. According to a known smart card assembly technique, the connector 1 has an insulating substrate on which the secure microcontroller 2 is mounted and connected by connection wires to the contact pads of the said connector 1. The RF circuit 3 may be either glued to the substrate near the microcontroller 2 and connected to it by connecting wires and to a contact pad located on the same side as the circuits and designed to come into contact with the antenna 4 embedded in the body of the card (not represented). According to another technique, it is also possible to mount the communication circuit 3 on the microcontroller 2 and connect them by direct contact or through connecting wires. For example, the microcontroller 2 is a component manufactured by

Atmel and sold as part number AT91SC512384 RCT and the RF circuit is a component manufactured by Texas Instruments and sold as part number CC2430, this component being compliant with standard IEEE802.15.4.

Figure 2 provides more details about the constitution of the microcontroller 2 and the RF circuit 3. The microcontroller 2 has a microprocessor 21 , a memory bank 22, a communication interface 23 compliant with standard ISO7816, a serial interface 24 of the SPI type provided for a memory extension of the NOR flash type and a parallel interface 25 making it possible to drive an external memory of the NAND flash type. As known to the person of the art, such a microcontroller 2 has other circuits that are only remotely related to the invention and are thus not described in this application. The memory bank 22 is made up of several types of memory including the RAM memory, the ROM memory, non-volatile memory of the EEPROM or NOR flash type. The non-volatile memory is used to store programs and other data while personalising the card. That NOR memory is a secure memory, access to which may be restricted. The microprocessor 21 controls all the circuits 22 to 25 through a central bus.

The RF circuit 3 has a microprocessor 31 , a memory bank 32, a radiofrequency interface 33, a programmable communication interface 34 and a maintenance interface 35. Such circuits may comprise other elements that are not represented because they are unrelated to the invention. The memory bank 32 contains the RAM memory and non-volatile memory. The non-volatile memory is used to store a microcode that is used to configure the working of the RF circuit 3. The microprocessor 31 controls all the circuits 32 to 35 through a central bus.

The microcontroller 2 is connected to the connector 1 through a first communication port 26 which corresponds to the communication interface 23. The microcontroller 2 has a second port 27 corresponding to the serial interface 24 and connected to a first port 36 of the RF circuit 3. The microcontroller 2 has a third port 28 corresponding to the parallel interface 25 and connected to a second port 37 of the RF circuit 3. The first port 36 corresponds to the programmable communication interface 34 and the second port 37 corresponds to the maintenance interface 35.

The parallel interface 25 is set up to communicate with the maintenance interface 35. With the circuits taken as an example, the maintenance interface 35 has three inputs: one for data, one for the clock input and one for the reset input. The parallel interface 35 is diverted from its normal operating mode because a single data wire is used for data, the memory selection output (Chip Enable or CE) is used to drive the resetting of the maintenance interface and the write sampling signal (Latch Enable) is used to drive the clock signal of the maintenance interface. The programmable interface 34 is configured as a serial port of the SPI type to communicate with the serial interface 24 which is itself a serial interface of the SPI type.

After card assembly, a first personalisation stage consists in loading into the microcontroller 2, via the connector 1 , a microcode aimed (a) at configuring the functioning of the parallel interface and (b) configuring the radiofrequency interface 33 and the programmable communication interface 34. The microcontroller 2 then configures the RF circuit 3 through the third port 28 and the maintenance interface 35. If needed, it is also possible to configure the microcontroller 2 and the RF circuit 3 to set up secure radio communication by the microcontroller 2. Once the microcontroller 2 and the RF circuit 3 are configured to set up radio communication, a second personalisation stage may be carried out by radiofrequency. That second personalisation stage is used to transfer into the microcontroller 2 the application programs and personalised data. This second stage is carried out through the RF circuit 3. The transmission speed of an ISO7816 interface is approximately a few kilobits per second, whilst an interface according to IEEE802.15.4 allows several megabits per second. In that way, the application programs and personalisation data are sent to the card approximately 1000 times faster than through a conventional ISO7816 interface. Only the microcode used for configuring the microcontroller 2 and the RF interface 3 is sent at a slow speed. To sum up, the time required for personalisation including the first and second personalisation stages is of the same magnitude as the time required for personalising a conventional card, whereas, if the entire personalisation process was carried out through the ISO7816 interface alone, that time would have been twice as long.