FR2672402A1 - Process and device for generating unique pseudo-random numbers - Google Patents

Abstract

The process consists in registering (1, 2) into a specified area of the non-volatile memory of a microcircuit memory card a specified and non-repetitive value item with each generating of a random number and in converting (3, 4) this item into an item having the form of a pseudo-random number by programming the processing unit by means of a standard information encrypting program of the DES type. Application: memory cards.

Description

GENERATION METHOD AND DEVICE
UNIQUE PSEUDO-RANDOM NUMBERS
The present invention relates to a method and a device for generating unique pseudo-random numbers.

 It applies in particular to the production of so-called chip microcircuit cards usable in any system where access to information or to services is severely controlled. These include, for example, cash dispenser systems, pay television systems; systems for the distribution of gasoline or domestic fuel; systems for access to databases etc ...

 In microprocessor memory cards which are used in the preceding fields, access to information or to services is strictly controlled. Passwords are used for this. These passwords are more and more often transmitted by encrypting them by a pseudo-random code supplied by a generator with programmed or possibly wired structure. In memory cards based on microprocessors, there exist in the prior art only hardware generators (based on physical phenomena) or software generators based on mathematical properties and already used in the traditional computer world. These two principles cannot guarantee the uniqueness of the numbers generated, which has a major security drawback in modern cryptography.

 If this solution has the advantage of not informing fraudsters about the passwords used, it in fact leaves them able to recopy the encrypted passwords transmitted which, due to their lack of uniqueness, can always be reused to give access to information or services for which the card is dedicated. Indeed, it is then enough to repeat the experience so as to find a value already used and thus defraud the system.

 Furthermore, the production of a unique random number comes up against the technological possibilities of rewriting in non-volatile memories. Each cell cannot be rewritten more than 10,000 times. The object of the invention is to overcome the aforementioned drawbacks.

To this end, the subject of the invention is a method for generating unique pseudo-random numbers in a microcircuit memory card comprising at least one rewritable non-volatile memory (EEPROM) coupled to a data processing device, characterized in what it is
- to write in a determined area of the memory, information of determined value and non-repetitive with each generation of a random number and,
- converting this information into information in the form of a pseudo-random number by subjecting it in the data processing unit to a DES-type encryption program.

 It also relates to a device for implementing the method.

The main advantage of the invention is also to allow, by using a counter which includes a shift register, to obtain a very high number of draws of random numbers compared to the number of erase / write cycles authorized in the non-volatile memory. volatile usually fitted to memory cards. Thus, despite an erase / write number limited to 10,000 by the current technology of non-volatile memories, still known under the designation
EEPROM, it is possible, thanks to the invention, to generate in the worst case 320,000 different values and in the best case 21 billion, using a very reduced EEPROM memory space of 64 bits.

Other characteristics and advantages of the invention will appear below with the aid of the description which follows given with reference to the appended drawings which represent
Figure 1: an embodiment of the method according to the invention in the form of a flowchart.

 FIG. 2: a format of an information word usable for implementing the method according to the invention represented by the flow diagram of FIG. 1.

In its most general definition, a memory card for the application of the method according to the invention comprises, in a known manner and not shown, a storage device and a processing member normally formed by a microprocessor or any equivalent device, coupled to each other by a data and address bus. This bus also ensures the connection of the microcircuit of the card thus formed, with writing and reading devices external to the card. The storage device generally comprises a non-volatile memory, of EPROM type or
EEPROM, in which microprograms necessary for the functioning of the processing unit are recorded and normally a volatile random access memory of RAM type. This latter is used for the temporary storage of data and specific instructions of the current application with the card. memory. In the non-volatile memory are stored, for example, on the one hand the secret code identifying the card holder, possibly with an encryption program for obtaining a signature calculated on the basis of the secret code and, on the other hand, instructions from the user program itself.

The method according to the invention whose steps 1 to 4 are shown diagrammatically on the flow diagram of FIG. 1 consists, each time a random number 10 is to be produced, to be calculated according to steps 1 and 2, starting from a given data item of information (of length N = 64 bits for example), a new item of data of the same length N, but the value of which can no longer be generated again during a subsequent request for new item of data 2. A once transformed, the data 2 is in step 4 associated with a secret key 3 comprising the same number of bits, by a calculation algorithm commonly known by the English abbreviation DES of "Data Encryption Standard" and a description of which can be found in the FIPS standards brochures of the Federal Information Processing Standards
United States of America.

 The superiority of the DES association algorithm over the other association algorithms is that it makes it possible to obtain for each constant secret key 3 of length of N bits, the 2N possible combinations of the result while always guaranteeing the unpredictable nature. of the random number 10, that is, to always get different random numbers 10.

This is obtained from the 2N possible combinations of the input data. But the fact that the key has a length of N bits has nothing to do with the fact that there are 2N different combinations on the result. This is linked to the fact that the input data has a length of N bits. For example, the characteristics of DES indicate that for a constant secret key, the 264 possible combinations of the data sweep the 264 possible combinations of the result, which guarantees, in addition to the unpredictable nature of the random number (linked to the performance of DES), the property of always obtaining different random numbers. In the invention, there will thus be a constant secret key 3.

 To obtain this result, each variable information data item 2 is structured as shown in FIG. 2. Its format comprises three areas, a first area 5 of capacity equal for example to 16 bits represents the states taken by a first counter, a second area 6 of capacity equal for example to 32 bits represents the states of a shift register and, a third area 7 of capacity equal for example to 16 bits represents the states of a second counter. The first and second zones 5 and 6 are then located in a non-volatile memory of the card while zone 7 is located in random access memory. According to the invention, the content of the three areas is considered to be equivalent to that which would be given by an N-bit counter which would be incremented at each calculation request. This information is therefore predictable but is always different from the previous values. By storing the data in zones 5 and 6 in EEPROM memory, the values of their contents can be kept when the supply voltage of the card is removed.

This solution makes it possible to obtain a maximum number of random numbers much higher than the 10,000 authorized by the EEPROM technology.

Zone 6, which is organized in shift register, makes it possible to obtain a maximum number of random numbers. For this, at each new calculation or session, a bit of value 1 is loaded at the last least significant position of the register which is still at 0. When 32 calculation requests, corresponding to the setting of the 32 bits of the shift register 6 are carried out, the following calculation resets the shift register represented by zone 6 to zero. When the 32 calculations have been carried out, the shift register is at the value FFFFFFFFH although each bit has not been written only once. 32 different values are thus obtained by consuming only one write for each cell. Each time this 32-bit register is erased, the 16-bit counter in zone 5 in EEPROM will be incremented, which ultimately makes it possible to obtain, 32 X 10000 = 320 000 unpredictable and non-repetitive values for data 2 (without any of the bits handled in
EEPROM is not deleted / written more than 10,000 times). To obtain a greater quantity of values (except worst case), it is enough to add to this variable of 48 bits in EEPROM, a counter 7 of 16 bits in RAM which will be incremented with each calculation in the same session.

 The area 7 located in RAM memory therefore makes it possible to increase the number of the preceding values by increasing, in a similar manner to the counter materialized by the area 5, the content of the counter materialized by the area 7 at each new calculation in the same session.

If this counter overflows in the same session, that is to say that its content here exceeds 65536 values, the content of the shift register materialized by zone 6 of the EEPROM memory can be modified as if a new session started. In this case, we put another 1 of this register 6 bits.

 In total, this arrangement makes it possible, by concatenating, that is to say by juxtaposing the 48 bits in EEPROM with the 16 bits located in RAM memory, to obtain 320,000 X 65,536 or approximately 21 billion unpredictable and non-repetitive values by setting implementing a calculation of random numbers using the DES algorithm cited above.

 For security, we associate to the counter 5 of 16 bits in EEPROM an image counter in EEPROM. This image counter always contains the same value as the real counter and is used in the case where the counter value is destroyed (removal of the card when the counter has just been erased to modify its value). It is not necessary to provide the same thing for the shift register because it is only erased for its reset.

The structure of the counter thus used (including a shift register) makes it possible to obtain a very high number of prints compared to the number of erase / write (update) cycles authorized in the non-volatile memory. Thus, despite an erasure / write number limited to 10,000 by technology
EEPROM, we manage to generate in the worst case 320,000 different values and in the best case 21 billion.

Claims (7)

 1. Method for generating unique pseudo-random numbers in a microcircuit memory card comprising at least one non-volatile rewritable memory (EEPROM) coupled to a data processing device characterized in that it consists,  - to write (1,2) in a determined area of the memory, information of determined value and non-repetitive with each generation of a random number and,  - converting (3,4) this information into information in the form of a pseudo-random number by subjecting it in the data processing unit to a DES-type encryption program.  2. Method according to claim 1, characterized in that the determined value information and not repetitive is written in an EEPROM memory of the card.  3. Method according to claim 2, characterized in that the information of determined and non-repetitive value is structured according to at least two zones, a first zone (6) for systematically writing at least one new bit each time a pseudo-random number is generated by the card, and a second counting area (5) for totaling the number of times the first area has been completely written.  4. Method according to claim 3, characterized in that it consists in structuring the information of determined and non-repetitive value by adding to it a third counting area (7) to total the number of times in a single session, a pseudo-random number has been generated.  5. Method according to claim 4, characterized in that the first and second areas (6, 5) are stored in a non-volatile memory of the card and in that the third area (7) is stored in a volatile memory of the menu.  6. Method according to claim 3, characterized in that a third zone is reserved to serve as an image of the result of the totalized count in the second zone.  7. Device for implementing the method according to any one of claims 1 to 6, characterized in that it is formed by a microcircuit card comprising a processing unit coupled to a non-volatile memory and to a volatile memory .