Memory management of a security module

Abstract

The present invention relates to a security module and to a corresponding method for operating the security module for realizing a secure memory management. The subject matter according to the invention takes into account existing hardware components, for example a smart card, and can thus be integrated into existing smart cards with particularly little technical effort. The secure memory management prevents attacks against memory segments of the data memory.

Claims

1. A security module with secure memory management, comprising: a data memory and at least two write units that are each adapted to cause write operations on the data memory; a detection unit adapted to detect a specific write unit of the at least two write units that causes a specific write operation on the data memory; and a manipulation handling unit adapted to trigger a security operation made available in response to the specific write operation being associated with a non-authorized write unit; wherein the security module supplies at least one sensor employing a charge pump that permits a physical detection of the specific write unit that causes the specific write operation using at least one physical measurement of an electric current.

2. The security module according to claim 1, wherein the security module is present in a form of a chip card, a chip card module, a subscriber identity module (SIM) card, a machine-to-machine (M2M) module or an embedded universal integrated circuit card (eUICC).

3. The security module according to claim 1, wherein the data memory is manageable by a memory management unit (MMU).

4. The security module according to claim 1, wherein the data memory is at least partially secured by address and/or data encryption.

5. The security module according to claim 1, wherein the security operation is present in a form of at least one operation from a group, the group comprising: a write operation of a flag, a write operation of a locking function of the data memory, a write operation of a manipulation information item, a delete operation, a rejection of the specific write operation and a reversal of the specific write operation.

6. The security module according to claim 1, wherein the security module supplies a decision logic that describes which security operation is to be triggered.

7. The security module according to claim 1, wherein the manipulation handling unit is adapted to trigger the security operation before or after a write operation.

8. The security module according to claim 1, wherein activation of the security module takes place by a standard of International Organization for Standardization (ISO) 7816 family.

9. The security module according to claim 1, wherein the data memory is present in a form of a non-volatile memory.

10. The security module according to claim 1, wherein at least one write unit is present in a form of an eUICC and/or at least one write unit is present in a form of a baseband controller.

11. The security module according to claim 1, wherein detection of the write unit by the manipulation handling unit takes place employing a charge pump.

12. The security module according to claim 1, wherein the data memory is arranged within an eUICC or outside an eUICC.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) In the following, advantageous embodiments are described with reference to the attached figures. There are shown:

(2) FIG. 1: a schematic block diagram of the security module according to one aspect of the present invention; and

(3) FIG. 2: a schematic representation of a flow chart of a method for operating the proposed security module according to one aspect of the present invention.

DETAILED DESCRIPTION OF VARIOUS EMBODIMENTS

(4) The present FIG. 1 shows a security module SE, i.e. a security element, which has memory-card typical components. The present FIG. 1 is limited to the features that are substantial for the invention. This is intended merely to contribute to a simple understanding and is in no way to be understood in such a manner that no further components are installed in the proposed security module SE. The average person skilled in the art recognizes the typical components installed in chip cards and integrates these accordingly.

(5) In the present case, two write units S1, S2 are depicted, which access a data memory M. The two write units S1, S2 need not access the data memory M directly in this case, but can merely cause a write operation. These two write units can be, for example, an iUICC or a baseband controller. Since these two components share the same memory M, it is possible, on the basis of an utilization of a gap in the hardware or in the operating system of the chip card, that a component accesses a memory area for which said component has no rights. The two components E1, E2 are provided for this reason. These are the detection unit E1 and the manipulation handling unit E2. In the present FIG. 1, these two components are depicted as a single component. This again represents only one aspect of the present invention, and is not to belie that these two units can also be present separately. For example, one of these two units E1, E2 can be present in the form of a charge pump. For example, the charge pump can make available at least part of the detection unit E1, since, in dependence on the charge pump, it can be identified which write unit S1, S2 accesses the data memory M.

(6) When a manipulation is detected now, it is possible that the access of one of the two write units S1, S2 is prevented or the write operation is reversed subsequently.

(7) A corresponding logic for security operations and information for making a decision can be stored in the data memory M, for example, wherein a separate, further data memory is also possible. In one of the data memories made available, a flag or a bit can be set, for example, which indicates that a manipulation has occurred. However, it is also possible to deposit a corresponding locking flag which excludes access to the already manipulated data by further components.

(8) In general, the arrows in the present FIG. 1 describe a flow of signals or flows within the security module. However, these are in turn only to be understood schematically and typically also take place in the correspondingly reverse direction. The present arrows are formed unidirectionally merely in order to illustrate the write operations of the write units S1, S2.

(9) FIG. 2 shows a method for secure memory management, for example in a security module. The method steps of a physical measuring 100 of a write operation on a data memory employing a charge pump are provided for this purpose. Further, a selection 101 of a security operation made available takes place in dependence on the read-out, on the basis of a logic made available. The method made available can be stored, for example, by means of control commands, which are fed to the security module via a further memory, as shown for example in FIG. 1. This can be the memory M as shown in FIG. 1. However, a further, separate memory can also be provided.

(10) Thus, a security module and a corresponding method for operating the security module for the realization of a secure memory management have been proposed. The object according to the invention allows preventing and/or marking attacks against data memories and/or unauthorized write or delete operations to a data memory. In particular, it is particularly advantageous according to the invention that so-called roll-back attacks can be avoided.