DEVICE AND METHOD FOR PROVIDING SECURE TRANSMISSION OF DATA BETWEEN A TRANSMITTER AND A RECEIVER

Abstract

A device for providing secure transmission of data between a transmitter and a receiver includes an interface circuit that includes a first input circuit arranged to receive data to be transmitted, the first input circuit comprising programmable logic for transforming said data to be transmitted, the programmable logic being built in the first input circuit by a first controller; a first output circuit arranged to receive the data transformed by the first input circuit, the first output circuit comprising programmable logic for retransforming said transformed data, the programmable logic being built by a second controller, and a first comparator arranged to compare said data retransformed by the first output circuit and the data to be transmitted, the programmable logic of the first input circuit being inverse and complementary to the programmable logic of the first output circuit. Also disclosed is a method implemented by the device described above.

Claims

1. A device for providing secure transmission of data between a transmitter and a receiver, comprising an interface circuit connected between the transmitter and the receiver, wherein the interface circuit comprises: a first input circuit arranged to receive data to be transmitted, the first input circuit comprising first programmable logic for transforming said data to be transmitted, the first programmable logic being constructed in the first input circuit by a first controller; a first output circuit arranged to receive the data transformed by the first input circuit, the first output circuit comprising second programmable logic for retransforming said transformed data, the second programmable logic being built in the first output circuit by a second controller; and a first comparator arranged to compare said data retransformed by the first output circuit and the data to be transmitted, the first programmable logic of the first input circuit being inverse and complementary to the second programmable logic of the first circuit output.

2. The device according to claim 1, wherein the first controller is configured to receive programming information for the first controller to build the programmable logic of the first input circuit.

3. The device according to claim 2, wherein the first controller is configured to receive the programming information by a secure route.

4. The device according to claim 1, wherein said interface circuit further comprises a second input circuit and a second output circuit, said second input circuit being arranged to receive data to be transmitted, said second input circuit comprising third programmable logic for transforming said data to be transmitted, the third programmable logic being constructed in the second input circuit by means of said second controller; said second output circuit being arranged to receive data transformed by the second input circuit, said second output circuit comprising fourth programmable logic for retransforming said transformed data, said fourth programmable logic being constructed in the second output circuit by means of said first controller; and a second comparator arranged to compare said data retransformed by the second output circuit with the data to be transmitted.

5. The device according to claim 4, wherein the first controller is further configured to ensure that the logic of the first and second input circuits is inverse and complementary to the circuit logic corresponding to the first and second output circuits so that the data to be transmitted is equal to the retransformed data.

6. The device according to claim 4, further comprising means for inactivating the programmable logic of at least one of the first or second input circuits or the first and/or second output circuits.

7. The device according to claim 4, further comprising a write line arranged to allow one of said first or second controllers to indicate to the other controller that a data has been transmitted.

8. A method for providing secure transmission of data between a transmitter and a receiver by means of an interface circuit connected between the transmitter and the receiver, said interface circuit comprising: a first input circuit arranged to receive data to be transmitted, the first input circuit comprising first programmable logic for transforming said data to be transmitted, the first programmable logic being constructed in the first input circuit by means of a first controller; a first output circuit arranged to receive the data transformed by the first input circuit, the first output circuit comprising second programmable logic for retransforming said transformed data, the second programmable logic for retransforming said transferred data being built in the first output circuit by means of a second controller; and a first comparator arranged to compare said data retransformed by the first output circuit with the data to be transmitted the method comprising the following steps: in said first input circuit, constructing by said first controller the first programmable logic by means of programming information; constructing by said second controller the second programmable logic in said first output circuit, said first programmable logic in said first input circuit and said second programmable logic in said first output circuit being inverse and complementary; transmitting data from the transmitter to the first input circuit; said first input circuit transforming the data in a manner dependent on the first programmable logic of the first input circuit; transmitting said transformed data to the first output circuit and retransforming the data in a manner dependent on the second programmable logic of the first output circuit; comparing the transmitter data with the retransformed data and activating a countermeasure if the comparison of the transmitter data with the retransformed data indicates a difference.

9. The method of claim 8, wherein said countermeasure comprises a step of stopping the data transmission.

10. The method according to claim 8, wherein said countermeasure comprises a step of modifying at least one of the first programmable logic of the first input circuit and the second programmable logic of the first output circuit.

11. The method according to claim 8, wherein the first controller receiving data from the transmitter sends a signal to the second controller connected to the receiver by means of a write line when a data has been transmitted to the first input circuit.

12. The method according to claim 8, wherein data is transmitted by an emitter connected to the first input circuit and data is also transmitted by a transmitter connected to a second input circuit.

13. The method of claim 8, wherein at least one of the programmable logic of the first input circuit and first output circuit are altered at the end of said data transmission.

14. The method of claim 13, wherein the alteration of the programmable logic comprises a step of erasing this logic.

Description

SUMMARY DESCRIPTION OF THE DRAWINGS

[0033] The present invention and its advantages will be better understood with reference to the appended figures and to the detailed description of particular embodiments, in which:

[0034] FIG. 1 is a diagram of a device according to the invention, according to a unidirectional embodiment;

[0035] FIG. 2 represents a device according to the invention, according to a bidirectional embodiment;

[0036] FIGS. 3a to 3d illustrate types of cells that can be used in a device according to the invention.

[0037] FIG. 4 represents a circuit used in a device according to the invention for transforming data;

[0038] FIG. 5 shows an example of a message for the construction of the programmable logic.

MANNER OF REALIZING THE INVENTION

[0039] FIG. 1 illustrates an embodiment of a device according to the invention, in a unidirectional embodiment. With reference to this figure, the device according to the invention comprises a first input circuit A and a first output circuit B. These two circuits comprise a programmable logic, the programmable logic of one of the circuits being able to be recorded in a unchangeable. When both circuits work properly, the programmable logic of each is complementary. These circuits may include reversible cells, which can easily be implemented in programmable logic. This circuit can use cells such as NOT cells, Feynmann cells, Toffoly cells or Fredkin cells in particular. Cells of this type are illustrated in FIG.

[0040] The device of the invention further comprises two microcontrollers, one of the microcontrollers 1 being connected to the first interface circuit A on the one hand and to a transmitter (not shown) on the other hand. The other microcontroller 2 is connected to the first output circuit B on the one hand and to a receiver (not shown) on the other hand. When the device is switched on, the second microcontroller 2 will download a content that it has in fixed memory, flash, EEPROM and build the logic of the first output circuit B. (see FIG. 1).

[0041] The input/output interfaces are then ready to receive data transfer commands or messages containing data or information. In the case of FIG. 1, only the output lines are activatable to give commands.

[0042] In the current state, the logic circuit of the first input circuit A is completely empty and can be set to high impedance since no data enabling the creation of a circuit have been downloaded from the first microcontroller 1 which controls this circuit. first input circuit A.

[0043] The first microcontroller 1 is connected to the transmitter/receiver interfaces which can use a wide variety of protocols depending on the tasks to be performed. These protocols can be Wifi, Bluetooth, Zigbee, Ethernet, IOT protocols or others . . . .

[0044] According to this invention, it is not possible to transmit data to the interfaces before having transmitted a block of data necessary for the creation of the logic of the first input circuit A by means of a secure protocol. Such a data block is sent in a message containing a corresponding instruction or command.

[0045] If the first microcontroller 1 receives an order in the correct format, it will implement a programmable logic in the first input circuit A. This programmable logic must be complementary to the logic implemented in the first output circuit B which has been implemented during the first circuit. power on the device.

[0046] Only those who know the logic implemented in the first output circuit B can implement the complementary logic in the first input circuit A and thus communicate with the first output circuit B. This programmable logic corresponds to a key that can have several thousand of bits that it is necessary to send for the creation of the logic circuit in the first input circuit A.

[0047] To transmit data to interfaces from a receiver, there are always three phases: [0048] Phase 1: Receiving construction data from programmable logic [0049] Phase 2: Data packet transmission if the construct is valid [0050] Phase 3: Deleting the logic at the end of transmission

[0051] According to one variant, it is possible to add a command for the second microcontroller 2 telling it that after a certain period of transmission inactivity, the phase 3 of erasure of the logic is automatically triggered.

[0052] During the first phase, namely the phase of receiving data allowing the construction of the programmable logic, several variants are possible if the data received by the microcontroller are not in conformity. According to a first variant, the first microcontroller 1 does not respond and the logic is not built in the first input circuit A. According to a second variant, the first microcontroller 1 responds according to a determined protocol. This protocol could for example be: [0053] blocking after 3 trials, unlocking not a system similar to what is used in mobile telephony, PUK code type. [0054] blocking after a defined number of tests, for example 3, then admission of new tests according to a time window, incremental or not, for example after 1 second, 10 s, 1 minute, 10 min, etc.

[0055] It is clear that many other protocols are possible.

[0056] FIG. 5 illustrates an order example sent to the first input circuit A for constructing the logic. This example is described in detail below.

[0057] Sending a STX start character, then a CMD command, then a number of NB bytes indicating the size or length of the message. The order continues with a certain number of data Data 0, Data 1, . . . corresponding to the useful part of the message, ie for example the part making it possible to construct the logic to be implemented in the input circuit. The order continues with one or more control bytes CHKS0, CHKS1, and ends with an end character ESC. This is just an example of a sending protocol for commands to the first microcontroller 1. The protocol is structured according to the applications.

[0058] If the message received to build the logic is compliant, the logic circuit corresponding to this data is loaded and functional.

[0059] The number of orders available is variable. It is possible to add some as needed. Each CMD order corresponds to a number of bytes that may be different from one order to another. Indeed, some orders are very short while others, such as the construction of logic, are much longer.

[0060] In phase 2, namely the data packet transmission phase, each packet from the transmitter is transferred to the first input circuit A. The packets are then transformed according to the programmable logic implemented in this first circuit. input A. The transformed data is then transmitted to the first output circuit B in which the data is retransformed according to the programmable logic implemented in this first output circuit B.

[0061] Each packet of bits 1 . . . n, input in the first input circuit A is compared with the result of the retransformation of the corresponding packet by the first output circuit B. As the first output circuit B performs the operation inverse to that performed in the first input circuit A, the result of the comparison indicates that the values are equal if the logic of the first output circuit is inverse and complementary to the logic of the first input circuit A or in other words, if the circuits are correctly initialized.

[0062] The interface circuit according to the invention further comprises a write line (WR). It is this line which informs the second microcontroller 2, driving the first output circuit B, that the first input circuit A has received data from the first controller 1 and that the second microcontroller 2 can read the result of the comparator indicating whether the transmission is valid or not.

[0063] According to a variant, if the transmission is not valid, the second microcontroller 2 can reset (erase) the logic in the first input and/or output circuits.

[0064] Many variants can be used for the programmable logic. Indeed, any symmetrical reversible logic system can be used to create a logic circuit in the circuits A and B. The cells as illustrated by FIG. 3 are easy to implement in programmable logic and make it possible to create networks with lines permuted, inverted or not, depending on the value of the data. If instead of cells, Universal Asynchronous Receiver Transmitter (UART) transceivers are implemented with a number of variable bits, for example, and on both sides, the same circuit is copied, it works.

[0065] In the example illustrated, the logic circuits are represented as using cells such as a NOT gate, a Feynmann cell, Toffoli cell and Fredkin cell (see FIGS. 3a to 3d for the symbols used).

[0066] The comparator CP1 is provided to compare the data entered in the first input circuit A and the data retransformed by the output circuit B, this comparison inducing a very low delay time. The comparison only gives the value fair or false. In the case where the comparison indicates that the compared data is different, the communication is stopped and the logic contained in the input and/or output circuits is cleared. Other countermeasures can of course be implemented. It is possible to count the number of unsuccessful attempts for statistics if you want, to know the unsuccessful access attempts.

[0067] FIGS. 3a to 3d illustrate four examples of reversible cells that can be used in the present invention. These cells are a NOT cell, a Feynmann cell, a Toffoli cell and a Fredkin cell.

[0068] The NOT cell (FIG. 3a) is the simplest example of a reversible cell, it simply consists of a logic inverter.

[0069] The CN cell, CONTROLLED NOT (FIG. 3b) or Feynmann cell, consists of a NOT cell whose logic inverter is controlled, the simplest way to implement it is with a simple XOR circuit.

[0070] The CCN cell, CONTROLLED CONTROLLED NOT (FIG. 3c) or Toffoli cell, consists of a NOT cell whose logical inverter is controlled by the result of the AND of two commands. It is necessary that the lines C1 and C2 are with 1 so that the circuit activates NOT, otherwise, the exit is direct. The simplest way to implement it is with a simple XOR circuit whose branches are connected to an AND circuit.

[0071] The Fredkin cell (3d), allows according to the state of the command line C, to reverse or not the lines A and B. This cell uses a little more space in programmable logic than the previous simple circuits. It is also called SWAP or CSWAP because it allows to swap lines.

[0072] FIG. 4 illustrates an exemplary implementation of cells in the input A and output B circuits. FIG. 4 also illustrates an example of partial filling on a few bits.

[0073] The data received at the input of the first input circuit A is inverted, crossing bits or inverting bit results according to the values. It is as if the values were encrypted by the input circuit A without waiting, with only the transition time through this circuit followed by the transition delay in the output circuit B.

[0074] The comparison of the initial data with the retransformed data, obtained after the passage in the first input and output circuits, validates the transmission during the pulse on the line WR (write).

[0075] If the signal is not validated, it completely clears the contents of the input circuit A, which cuts off any possibility of erroneous transmission and the transmitter must reset the circuit.

[0076] Realization of a Bi-Directional System

[0077] FIG. 2 illustrates an embodiment of a bidirectional system

[0078] In the explanation of the operation of an access construction/destruction device given above, the system was unidirectional. In practice, rather, bidirectional input/output systems are used. To do this, a bidirectional system as illustrated in FIG. 2 comprises a second input circuit C and a second output circuit D, the second input circuit C being controlled by the second microcontroller 2 and the second input circuit. D output being controlled by the first microcontroller 1. Thus, the device according to the invention comprises a set of communication for each direction.

[0079] The first microcontroller 1 in this case has two circuits to be initialized and programmed according to the received data. It must indeed manage the programmable logic of the first input circuit A and the second output circuit D. The second microcontroller 2 loads the first output circuit B and the second input circuit C with its internal data when setting under pressure.

[0080] Each communication assembly formed of an input circuit and the output circuit corresponding to a comparator CP1, CP2 and a write line as well as means for erasing the programmable logic.

[0081] The system according to the present invention has the following advantages: [0082] Very high reliability, unable to contact the target and transmit or read data without the bit packet necessary for initialization is accurate. If only one bit is different, the input circuit does not work. [0083] No delay of calculations in the transmission (very high speeds possible), just a transition time in the logic. This is a great advantage for systems, for example for the IOT which would have a very high speed of information to pass without encrypting them. [0084] low consumption [0085] Audit system (feedback to a center) possible indicating for example the number of successful accesses, the number of refused access, etc . . . .

[0086] It should be noted that this system can be used independently of a cryptographic system. As such, it is possible to add between the transmitter and the first microcontroller 1, as well as between the second microcontroller 2 and the receiver, a cryptographic module in charge of encrypting/decrypting data.

[0087] According to different variants, it is possible to introduce a counter responsible for counting certain events, for example the number of successful accesses, the number of failed access attempts, etc. The second microcontroller 2 can always initialize the same programmable logic or on the contrary, use a different logic, according to a predetermined rule. It is also possible to provide a line of communication between the two microcontrollers, which allows the system to be reconfigured and the configuration to be exchanged between the two microcontrollers.