Method performed by an electronic device capable of communicating with a reader with improved self-testing

Abstract

Disclosed are methods and electronic devices that communicate with a reader. The methods and devices may receive a command emitted by the reader, and then select an application to be executed by the device based on the command that is received. The methods and devices may also determine whether to perform one or more self test according to which application was selected.

Claims

1. A method performed by an electronic device capable of communicating with a reader, the method comprising: receiving a command emitted by the reader that powers the electronic device, selecting an application to be executed by the electronic device on the basis of said command, and determining whether to perform at least one self-test according to which application has been selected, wherein said at least one self-test comprises a self-test of a cryptographic function of the electronic device carried out by the electronic device, wherein said selecting an application comprises selecting an application among a list of applications of the electronic device, each application being associated with a list of self-tests specific to the application, and said determining whether to perform at least one self-test comprises selecting at least one self-test to be performed or none in the list of self-tests associated with the application having been selected, wherein the determining is further according to a plurality of indicators memorized in the electronic device, each indicator corresponding to at least one self-test, and wherein each indicator indicates whether the at least one self-test corresponding to the indicator is optional, and if the indicator memorized in the electronic device indicates that said at least one self-test corresponding to the indicator is not optional, then after performing said at least one self-test corresponding to the indicator, the indicator is attributed a state which indicates that said at least one self-test corresponding to the indicator is optional.

2. The method according to claim 1, wherein the application having been selected determines whether to perform said at least one self-test.

3. The method according to claim 1, wherein said at least one self-test is a power-up self-test as defined in the FIPS 140 standard.

4. The method according to claim 1, wherein determining whether to perform at least one self-test is further according to whether the electronic device communicates with the reader in contact mode or contactless mode.

5. The method according to claim 1, wherein if the indicator memorized in the electronic device indicates that said at least one self-test corresponding to the indicator is optional, then after performing said at least one self-test corresponding to the indicator, the indicator is attributed a state which indicates that said at least one self-test corresponding to the indicator is not optional.

6. The method according to claim 1, wherein the indicator is overlooked according to: a security level of the application, or when the application has been executed for the last time.

7. The method according to claim 1, wherein said list of applications comprises at least one personal identity verification application, a payment application, a physical access control application, an identity verification application, an electronic signature application, an authentication application, an encryption application, or a decryption application.

8. The method according to claim 1, wherein the electronic device is an electronic device as defined in the ISO 7816/IEC standard, the ISO/IEC 14443 standard or the ISO/IEC 15693 standard.

9. An electronic device capable of communicating with a reader, comprising a processor configured for: receiving a command emitted by the reader that powers the electronic device, selecting an application to be executed by the processor of the electronic device on the basis of said command, and determining whether to perform at least one self-test according to which application has been selected, wherein said at least one self-test comprises a self-test of a cryptographic function of the electronic device carried out by the electronic device, wherein said selecting an application comprises selecting an application among a list of applications of the electronic device, each application being associated with a list of self-tests specific to the application, and the application having been selected is configured for determining whether to perform at least one self-test by selecting at least one self-test to be performed or none in the list of self-tests associated with the application having been selected, wherein the application is configured for determining whether to perform at least one self-test according to a plurality of indicators memorized in the electronic device, each indicator corresponding to at least one self-test, wherein each indicator indicates whether the at least one self-test corresponding to the indicator is optional, and if the indicator memorized in the electronic device indicates that said at least one self-test corresponding to the indicator is not optional, then after performing said at least one self-test corresponding to the indicator, the application is configured for attributing to the indicator a state which indicates that said at least one self-test corresponding to the indicator is optional.

10. The electronic device of claim 9, wherein said application having been selected is configured to determine whether to perform said at least one self-test.

11. The electronic device according to claim 9, wherein said at least one self-test is a power-on self-test as defined in the FIPS 140 standard.

12. The electronic device according to claim 9, wherein the application is configured for determining whether to perform at least one self-test according to whether the electronic device communicates with the reader in contact mode or contactless mode.

13. The method according to claim 9, wherein if the indicator memorized in the electronic device indicates that said at least one self-test corresponding to the indicator is optional, then after performing said at least one self-test corresponding to the indicator, the application is configured for attributing to the indicator a state which indicates that said at least one self-test corresponding to the indicator is not optional.

14. The method according to claim 9, wherein the indicator is overlooked according to: a security level of the application, or when the application has been executed for the last time.

15. The electronic device according to claim 9, wherein said list of applications comprises at least one personal identity verification application, a payment application, a physical access control application, an identity verification application, an electronic signature application, an authentication application, an encryption application, or a decryption application.

16. The electronic device according to claim 9, wherein the electronic device is an electronic device as defined in the ISO 7816/IEC standard, the ISO/IEC 14443 standard or the ISO/IEC 15693 standard.

17. A computer readable non-transitory storage medium readable by a processor of an electronic device capable of communicating with a reader, on which is recorded instructions for: receiving a command emitted by the reader that powers the electronic device, selecting an application to be executed by the electronic device on the basis of said command, and determining whether to perform at least one self-test according to which application has been selected, wherein said at least one self-test comprises a self-test of a cryptographic function of the electronic device carried out by the electronic device, wherein said selecting an application comprises selecting an application among a list of applications of the electronic device, each application being associated with a list of self-tests specific to the application, and said determining whether to perform at least one self-test comprises selecting at least one self-test to be performed or none in the list of self-tests associated with the application having been selected, wherein the determining is further according to a plurality of indicators memorized in the electronic device, each indicator corresponding to at least one self-test, and wherein each indicator indicates whether the at least one self-test corresponding to the indicator is optional, and if the indicator memorized in the electronic device indicates that said at least one self-test corresponding to the indicator is not optional, then after performing said at least one self-test corresponding to the indicator, the indicator is attributed a state which indicates that said at least one self-test corresponding to the indicator is optional.

18. A method performed by an electronic device capable of communicating with a reader, the method comprising: receiving a command emitted by the reader that powers the electronic device, selecting an application to be executed by the electronic device on the basis of said command, determining whether to perform at least one self-test according to which application has been selected, wherein said at least one self-test comprises a self-test of a cryptographic function of the electronic device carried out by the electronic device, and executing the application without performing the at least one self-test based on the determining, wherein said selecting an application comprises selecting an application among a list of applications of the electronic device, each application being associated with a list of self-tests specific to the application, and said determining whether to perform at least one self-test comprises selecting at least one self-test to be performed or none in the list of self-tests associated with the application having been selected, wherein the determining is further according to a plurality of indicators memorized in the electronic device, each indicator corresponding to at least one self-test, and wherein each indicator indicates whether the at least one self-test corresponding to the indicator is optional, and if the indicator memorized in the electronic device indicates that said at least one self-test corresponding to the indicator is not optional, then after performing said at least one self-test corresponding to the indicator, the indicator is attributed a state which indicates that said at least one self-test corresponding to the indicator is optional.

Description

SHORT DESCRIPTION OF THE DRAWINGS

(1) Other features and advantages of the present invention will become apparent from the description made below, with reference to the appended drawings which illustrate an example thereof without any limitation.

(2) In the figures:

(3) FIG. 1 is a flowchart of an example of method according to the invention,

(4) FIG. 2 is a flowchart of another example of method according to the invention, and

(5) FIG. 3 is a schematic representation of a reader and a smart-card according to an example of the invention.

DETAILED DESCRIPTION OF AN EMBODIMENT

(6) A method performed by a smart-card and a smart-card according to the invention will now be described.

(7) The examples of the present detailed description are directed to smart-cards. However, it should be noted that the invention can be applied to other types of electronic devices capable of communicating with a reader and capable of performing self-tests (for example an embedded secure element, a USB token, a micro secure digital card, a smart phone, a smart watch, or any smart token). It should also be noted that the following examples apply to the implementation of a transaction between a smart-card and a reader. The word transaction is directed not only to banking operations (payment or checking a bank account) but also to personal identity verification transaction, transport transactions, and other types of transactions using smart-cards and readers.

(8) On FIG. 1, a flowchart of a transaction has been represented. This transaction is carried out by a reader and a smart-card, the smart-card being a smart-card according to the ISO/IEC 7816 standard and the ISO/IEC 14443 standard or the ISO/IEC 15693 standard (i.e. a smart card with dual interfaces).

(9) In a first step A1, a user manipulates the smart-card in order to make it communicate with the reader. This manipulation can consist in inserting the smart-card in the reader if a contact-mode is used or approaching the smart-card to the reader if a contactless-mode is used.

(10) In step B1, the reader detects that the smart-card is present.

(11) The reader can then provide electrical power to the smart-card (step B2).

(12) In step A2, the smart-card receives the electrical power.

(13) In step A3, the smart-card prepares an Answer To Reset (ATR) message or an Answer To Select (ATS) message (depending on whether a contact-mode or a contactless-mode is used).

(14) In step B4, the reader emits a command for selecting the application (for example an APDU command). This message is configured to only be understood by the application which the reader expects to be executed by the smart-card.

(15) In step A4, the application which has been selected and which is executed now determines whether to perform at least one power-up self-test as defined in the FIPS 140 standard. This determination comprises retrieving a list of power-up self-tests associated with the application and performing the tests of this list (the list can be empty), or retrieving this list and selecting which self-tests should be performed according to additional criteria.

(16) In step A5, the power-up self-tests which should be performed as determined in step A4 are performed. As can be seen on the figures, the power-up self-tests are performed without receiving any communication from the reader.

(17) The smart-card then emits a message indicating whether the self-tests have succeeded or not (step A6). This message is received in step B6 by the reader, and the transaction continues until step B7 when the transaction ends.

(18) The total duration of the transaction is denoted on FIG. 1 by the reference t1. The duration of the power-up self-tests performed in step A5 is denoted t2.

(19) If the smart card is used in a transportation context in contactless mode, then it should be noted that t1 should not exceed 200 milliseconds. In order to reach this limit of 200 milliseconds, the transport application can determine that only a limited set of power-up self-tests should be performed, for example in order to have a duration t2 smaller than 150 milliseconds.

(20) It should be noted that this determination can be performed by selecting, in the self-tests defined in the FIPS 140 standard, only the tests linked to functions used by the application: this allows maintaining an acceptable level of security. Such self-tests may include know-answer-tests (KAT) of cryptographic algorithms, tests of random number generators, integrity tests, etc.

(21) If the smart card is used in a document signature context in contact mode, then there are fewer constraints on the duration t1 which can be of the order of 500 milliseconds. The signature application, which requires a high level of security, can determine that more tests should be performed with respect to the previous example. The duration t2 can then reach 500 milliseconds.

(22) FIG. 2 is a more detailed example of a transaction carried out between a smart-card and a reader. On this figure, it is detailed which entity of the smart-card performs the steps of the method. More precisely, the smart-card comprises a platform, or operating system (OS hereinafter), for example a Javacard platform. The smart-card further comprises at least one application.

(23) In a first step A11, a user manipulates the smart-card in order to make it communicate with the reader.

(24) In step B11, the reader detects that the smart-card is present.

(25) The reader can then provide electrical power to the smart-card (step B12).

(26) In step C12, the OS receives the electrical power.

(27) In step C13, an ATR or an ATS message is emitted by the smart-card.

(28) In step B13, the ATR or ATS message is received, and in step B14, the reader emits an APDU command for selecting an application.

(29) In step C14, the OS selects an application.

(30) It should be noted that an additional step may have been carried out by the smart-card in which a limited number of power-up self-tests from the FIPS standard are performed under control of the OS. This additional step can be carried out after step C13 but before step C14.

(31) The application is executed in step D14.

(32) In step D15, it is determined whether a contact-mode or a contact-less mode is used, and this information will be used for the determination of the self-tests to be performed.

(33) In step D16, indicators are read in order to determine whether the self-tests in the list of self-tests of the application are individually optional.

(34) The application can then determine (step D17), in its list of power-up self-tests, which power-up self-tests should be performed by taking into account:

(35) Whether a contact-mode or a contact-less mode is used (fewer self-tests should be performed when a contact-less mode is used),

(36) The indicators.

(37) It should be noted that steps D15 to D17 can be executed quasi simultaneously.

(38) The application then requests the execution of these tests (step 18), using a cryptographic module.

(39) In step C19, the OS elaborates a message indicating whether the self-tests have succeeded and this message is received by the reader in step B19.

(40) In step B20, the transaction ends.

(41) It should be noted that prior to ending the transaction, the indicator read in step D16 can be updated.

(42) On FIG. 3 a smart-card 1 (in accordance with the ISO/IEC 7816 standard and the ISO/IEC 14443 standard or the ISO/IEC 15693 standard) according to an embodiment of the invention is shown cooperating with a reader 2.

(43) The smart-card 1 is a device associated with a user comprising personal data. The reader 2 is distinct from the smart-card 1 and the smart-card 1 and the reader are only communicating ephemerally and not permanently.

(44) The reader 2 is a contactless reader having an antenna 3 for communicating with the smart-card 1. The reader is equipped with a memory 4 in which instructions 5 for performing transactions are stored. These instructions are executed by a processor 6 of the reader 2.

(45) The smart-card 1 is also equipped with a processor 10 and a memory 11 (for example Flash memory).

(46) In order to communicate with the reader 2, the smart-card 1 comprises a communicating module 12 and an antenna 13 used for contactless communications. The antenna 13 and the communicating module 12 receive messages from the reader 2.

(47) The smart-card 1 is further equipped with another communicating module 14 and connection pads 15.

(48) The memory 11 comprises a platform or OS 16 and an application 17. Additional applications can be stored in the memory 11 in order to perform various types of transactions. Both the OS 16 and the application 17 can launch the execution of self-tests, and these self-tests are performed by a cryptographic module 18.

(49) The OS 16 comprises an instruction, executable by the processor 10, to select an application to be executed on the basis of messages received from both communicating modules 12 and 14.

(50) When the application 17 is selected, the processor 10 can execute instructions 20 of the application in order to whether to perform at least one self-test. It should be noted that even if it is the processor which executes the instructions, it is considered in the present description that the application carries out this task for the sake of simplicity.

(51) The application 17 also comprises, stored in the memory, indicators 21 which are each associated with a self-test. These indicators 21 indicate whether the self-tests are optional.