FR2716275A1 - Recognition system for authentic or false identification of objects - Google Patents

Abstract

The system consists of: (a) an identification signal generator which is associated with the object, and (b) a box which recognises the identification of the object. The box contains: (i) a RAM (31) with a programme which recognises or generates an identification signal by a calculation based on a secret key and identification number which are known only to the owner of the object, (ii) an EEPROM (35), (iii) a microprocessor (37), and (iv) a linking bus.

Description

The invention relates to a device for verifying whether someone who claims to be the owner of an object is or is not.

The principle is as follows: when we give an object to someone who thus becomes its legitimate owner, we mark the object with an identifier associated with a secret die and we communicate this latter in a confidential manner to the owner of the object.

At any time we can ask someone who claims to be the owner of an object to provide proof by giving the secret die: if the communicated secret die is associated with the identifier read on the object, we will infer from this that the person is familiar with the secret die associated with the identifier and that he is therefore the legitimate owner.

Otherwise, there are two possibilities: either the person no longer rings the secret die or the object has been stolen.

The correspondence between identifier and secret die works as described now:
Either the CS: CS parameter is the result of a certain number of characters either numeric or numeric and alphabetic.

Let then be a number n of whole numbers: 11.12 ... In
Or then the parameter Dl: Dl is the continuation of a certain number of characters either numeric or numerical and alphabetic.

The application of a combinatorial transformation involving all these parameters leads to the development of a new parameter which we will call
DF. DF has the same structure as CS and Dl and is therefore like the latter consisting subsequently of a certain number of characters either numeric or numeric and non-alphabetic.

The precise description of the combinatorial transformation is of no interest and will therefore not be made.

We can now define more precisely the meaning of all these parameters.

 CS will be a secret die known only to the owner of the object.

 11 12 .. In will be called initialization parameters.

These are integers that will play a significant role in the combinatorial transformation mentioned above. Their exact role will be explained later.

 Dl are the initial data which will appear on the object to be authenticated.

 DF are the calculated data which will also appear on the object.

 Dl, DF and CS will allow the authentication of the object.

The combinatorial transformation or algorithm works in two different ways:
A: Creation of identifiers associated with a secret die:
From Dl and CS we calculate DF thanks to the algorithm.

Dl and DF constitute the identifier and appear on the object. CS is
communicated confidentially to the owner of the object.

B: Object recognition:
We read Dl and DF appearing on the object and we ask the alleged owner
of the object of giving CS.

we run the algorithm: if the calculated DF corresponds to the DF read, check it
is good otherwise it is that the secret die does not match: The object therefore has
been stolen.

Of course an exploitation in the practice of this process can only be envisaged if the algorithm is susceptible of absolute secrecy.

The following shows how this will be achieved: note in particular the absolute nature of this secret since it extends according to the present invention to the author
of the algorithm itself which would be incapable of embarking on a falsification.

The following shows how all of this will be achieved:
The algorithm will be data processing software, the secret of this software will be
ensured through the use of the tamper-evident case described below.

This tamper-resistant case essentially contains storage means and
means for processing secret data.

It also contains means of communication with the outside world for the acquisition
data to identify.

If we try to access these storage and processing means by piercing the
casing or by breaking it or attacking it chemically, it results in a reset
memories and therefore the disappearance of the content algorithm and the secret that we were trying to discover.

A tamper-evident case essentially comprises a read only memory (EPROM) and a volatile random access memory (RAM)
An EPROM read-only memory can neither be erased nor modified once installed inside the tamper-evident case.

A random access memory (RAM) only works if it is kept under electrical voltage. When the power supply disappears, the data contained in this type of memory will disappear.

The RAM memory will contain the algorithm and its secret The EPROM memory only has the role of allowing the initial loading of the algorithm and the data in the memory
RAM. Once this operation is completed, the EPROM memory is no longer used for anything.

The functionality of the box is ensured by the program which takes place in the memory
RAM and which communicates with the outside to process the data and only for that.

In no case will the content of the program be accessible to someone trying to discover the secret of the box.

Thus, the invention provides a security device for the protection of confidential stored data comprising memory means designed to store this data and processing means designed to communicate with the outside.

All of these means are enclosed in a network of insulated copper conducting wires forming a bundle. This bundle consists of a very high number of turns with random winding and making several round trips from the inside to the outside of the bundle and completely covering the space surrounding the electronic components of the case.

The bundle of threads is embedded in hardened polyester resin.

The bundle of conductive wires ensures the continuity of the electrical conductivity between the internal electronic components of the box and an external power source.

An interruption in this conductivity caused by an attempt to access the internal electronic components causes the content of the memory means to be erased.

The invention will be better understood by reading the description which will follow and by referring to the appended drawings in which:
- Figure 1 is a perspective view of the safety device object of the present invention
- Figure 2 is a perspective view of the section along the plane AA of the safety box of Figure 1
- Figure 3 is a simplified block diagram of the electronic components found inside the box.

 - Figures 4a, 4b and 4c are a representation of the chemical attack trap.

First, it is useful to refer to Figures I and 2. The safety box is shown in perspective (Figure 1) and in section along the plane AA (Figure 2).

One of the faces of the case comprises a connector (11) itself composed of several sockets (12). These sockets are connected to the input organs output from the case noted (ElS) (33) in figwe 3.

The bundle of conductive wires (20) electrically continuously connects an external energy source (battery not shown) to all of the internal electronic components of the case. This bundle is completely embedded in opaque polyester resin (21).

We must now refer to Figure 3;
Figure 3 is a simplified block diagram of the electronic components located inside the housing.

These components essentially consist of:
- A read only memory (EPROM) (35) figure 3.

 - A random access memory (RAM) (31) figure 3.

 - A processing microprocessor (37) in Figure 3.

 - RAM and microprocessor are kept powered by the power supply (34) Figure 3 also shown in Figure 2 (20).

 - A bus (36) makes it possible to communicate with the outside by means of the input-output members (33) at the connector (11).

One of the electronic components of the box is constituted by a RAM memory.

It is recalled that this type of memory also called RAM only works if it is under electric voltage. Any rupture of this electrical supply even for a very short time causes the disappearance of the contents of this type of memory.

If someone tries to get inside the box to try to read the contents of the RAM memory by piercing or fracturing this box, it will certainly cause either a break in the electrical continuity in the bundle of wires (20) or a short circuit.

In both cases, the contents of the RAM memory disappear
Another way to try to read the contents of the RAM memory would be to freeze the contents of the latter by freezing the case at very low temperature. We know that in this case, the content of the RAM memory is almost frozen and a decryption can then follow.

To make an attempt of this type impossible, one of the internal components of the case will be a low temperature detector noted (32) in FIG. 3.

This low temperature detector has the function of causing the power supply to the RAM to break as soon as the temperature inside the case and therefore in the immediate vicinity of the RAM drops below a certain temperature, for example 200 C .

At this temperature, the content of the RAM is not yet frozen since this phenomenon occurs at a much lower temperature. A box placed in these conditions and therefore in danger of being violated will see the contents of its RAM memory disappear before the attempt is successful.

A final type of aggression can be imagined: someone can indeed try to dissolve the polyester resin which traps the bundle of copper wires. In this case, by carefully delinking and trying to untangle the aisles and return from the inside to the outside of the bundle, we can imagine that we can finally access the RAM memory.

To discourage an attempt of this type, the anti chemical attack traps shown in FIGS. 4a, 4b and 4c will be randomly installed along these wires.

These chemical attack traps work in the following way:
A conductive and elastic element (41) has at rest the form indicated in FIG. 4a.

This element is forced into the position shown in FIG. 4b to establish contact between the conductors 42 and 43. It is maintained in this position by a small amount of polyester resin (44). This resin will have a composition strictly identical to that which composes the body of the case. Once the resin has solidified, electrical contact is ensured between the conductors (42) and (43).

Several elements such as those on the conductor's path are randomly disseminated before winding it up to form the bundle surrounding the case.

In the event of an attempt to dissolve the polyester resin with an adequate chemical in an attempt to penetrate the housing, one or more traps will work in the sense that the element (41) which is no longer enclosed by the resin will return to its initial position and the electrical contact will be broken.

This has the effect, as in the case of an attempt to penetrate the case by piercing or breaking it, to cause the disappearance of the contents of the RAM memory.

Cases like those shown in Figure 3 will be widely distributed to the public.

There will be two types:
Type A boxes, i.e. those whose function is to create identifiers associated with a secret die: thanks to the input-output devices (33) these boxes read a Dl and a CS. Thanks to the algorithm which is in the RAM (31) they deliver a DF in return thanks to the input-output members (33)
Dl and DF is the identifier associated with CS.

Type B boxes, i.e. boxes whose function is to check whether an identifier corresponds to a secret die or not: thanks to the input-output members (33) these boxes read a Dl and a DF appearing on a object and they also read the secret dice CS.

Internally, the algorithm in the RAM memory (31) calculates the DF associated with the Dl and the CS read and compares it to the DF read.

The equality or not between the two DFs (the calculated and the read) corresponding to the cases of stolen object or not is indicated thanks to the entry and exit organs (33)
At the end of their manufacture, the boxes are inert and incapable of functioning: they only become operational after an initialization procedure which consists in loading thanks to a program appearing in the EPROM memory (35) the RAM memory (31 ) either with type A package software or with type B package software. The programs to be loaded appear themselves in tamper-resistant packages as described below.

From this stage the two types of boxes can work
We will now describe how the boxes of different types will be manufactured, initialized and distributed. This manufacturing, initialization and distribution procedure must allow the guarantee of absolute secrecy regardless of the number of boxes distributed to the public.

A method of transmitting the software secret from tamper-evident case to tamper-evident case without any human intervention was chosen (see FIG. 6).

This method implements five different types of boxes:
- The initial box which will only be used once and which will then be destroyed (61).

then: according to the sector (A)
- A limited and precise number of boxes future fathers of identifier generation boxes (62)
- An unlimited number of boxes generating identifiers: these boxes will however only be delivered to authorized organizations (64) depending on the sector (B)
- A limited and precise number of boxes for future fathers of identifier recognition boxes (63)
- An unlimited number of computer recognition units (65)
The first phase consists in the realization of the initial box (see figure 6)
This initial box includes:
- A read only memory (EPROM) programmed to send part of the content of the
RAM to another box designed to receive the corresponding walleye.

- A random number generator designed to be able to generate N random numbers (39)
- A random access memory (RAM) containing in its initial state the software for creating identifiers in a first zone and the software for recognizing identifiers in a second zone. (it is the same algorithm which is used in both cases: only the calculation sequence and the use of the input-output means differ between the one and the other as described above).

 - A bus allows resident programs in ROM and RAM to communicate with the outside thanks to input and output devices (US). It is also reserved in RAM for writing N whole numbers: they will host N initialization parameters described above.

As already indicated, these parameters play a significant role in the algorithm for manufacturing and recognizing identifiers.

We then run the random number generator from the initial box and store the results in the RAM locations
The initial box then contains the algorithm and the N numbers which complete it It must be borne in mind that knowledge of the algorithm is not sufficient to possibly allow falsification: it is essential to also check the parameters d 'initialization or these last are locked in the tamper-evident case and nobody knows them.

This box will now perform the second function which falls to it before its destruction.

This second function consists in the initialization of a limited and precise number of future father boxes of identifier generation boxes (62) and of a limited and precise number of future fathers boxes of identifier recognition boxes (63). )
The initialization of a box consists in having a source box which transmits the contents of its RAM to a destination box.

This operation is done by connecting the two boxes which then communicate thanks to a program located in their read only memory (program download).

The accidental and simultaneous disappearance of all the boxes (62) and (63) would result in the irremediable loss of the secret they contained: it will therefore be wise to create a suitable number and above all to store a certain number in safe places (66) and (67).

It should be noted that this observation only concerns the father boxes of the two types:
The initial box does not count since it is destroyed the other boxes that is to say the boxes generating identifiers and the boxes recognizing identifiers (those which will ultimately be in the hands of the public) are not affected: once initialized, the latter will only communicate with the outside to receive or deliver data and in no case will their content be accessible from the outside.

Once all this is in place:
Any object bearing an identifier generated by a die box (A) will be recognized as authentic by a die box (B) (see Figure 6)

Claims (3)

 CLAIMS 1) System for recognizing authentic or falsified objects characterized in that it comprises an identifier generation unit associated with an object, and an identifier recognition unit associated with the object, these units comprising a memory RAM or program RAM (31) allowing to generate recognize an identifier by calculation from a secret dice and an identification number, an EEPROM read-only memory (35) for initialization and loading of the content of another external RAM memory in the program RAM (31), a processing microprocessor (37) and a communication bus 2) system for recognizing authentic or falsified objects according to claim 1 characterized in that the program RAM memory (31) is wrapped in a bundle of power supply son covering all the space surrounding it and is embedded in polyester resin. 3) Secure system for initializing boxes intended for a system for recognizing authentic or falsified objects according to claim 1 from an initial box characterized in that the initial box comprises a program memory or RAM (31) a random number generator (39) intended to supplement, with the aid of random initialization parameters, the RAM memory program (31) an EEPROM read-only memory (35) programmed to send part of the contents of the RAM memory to a generation or recognition of an identifier associated with an object, a processing microprocessor (37) and a communication bus.