DE102005033228B4 - Method and security system for securing a data transmission in a communication system - Google Patents

Abstract

Method for securing a data transmission in a communication system, (i) wherein in a first step a) biometric raw data (BRD) are transmitted to a feature recognition module (PE) in a first security module (M1) by means of a first biometric sensor (B1) and by means of the Characteristic recognition module (PE) biometric feature data (BD) of a user (U) are extracted from the biometric raw data (BRD), wherein the feature data (BD) reproducibly represent uniquely recognizable, invariable biometric features of the individual user (U), by means of which a first predetermined function (F1) in the first security module (M1) a private key (PRVK) is generated in a reproducible manner, wherein the private key (PRVK) the return value of the first predetermined function (F1) with the biometric feature data (BD) as Input values is and wherein the first predetermined function (F1) for the same input values provides the same return value (PRVK), and b) using the generated private key (PVRK) by means of a second predetermined function (F2) a public key (PUBK) matching this private key (PUBK) in the first security module (M1) generated once and in a database (DB) of a public-key infrastructure (PKI) is assigned to the user assigned retrievable, (ii) wherein in a subsequent second step c) for a user (U) visited communication device (T1) of the communication system by means of a second biometric Sensor (B2) via a further feature recognition module (PE) in a second, designed to generate only the private key (PRVK) ...

Description

In modern communication systems, methods and systems for protected transmission of data are becoming increasingly important. By encrypting the data to be transmitted, data transmission can be protected against unauthorized third parties monitoring this data and by signing the data to be transmitted against falsification of this data by unauthorized third parties. Encrypting or signing usually takes place on the basis of key data, hereinafter also referred to as key for short, with the aim of reliably preventing decryption or falsification of the data without knowledge of a suitable key.

One known and very secure method of data encryption or signing is based on the use of key pairs, each comprising a public key and a matching private key. Encryption based on such key pairs is often referred to as asymmetric encryption. A public key and a private key are here and hereinafter referred to as mutually compatible if one of the key encrypted data by means of the other of the keys can be decrypted again. Thus, a document can be transmitted encrypted from a sender to a recipient by the sender requests a public key of the recipient, for example in the context of a so-called public-key infrastructure, encrypting the document with the requested public key and so transmitted to the recipient , The recipient can then decrypt the encrypted document by means of his private key, and only by means of this. Public transmission of the public key does not compromise the security of the transmission since, assuming that the key length is sufficient, it is practically impossible to derive the private key from the public key. The derivation of a matching public key from a given private key, however, is usually feasible with relatively little computational effort.

A document can be protected by signing against unauthorized tampering by encrypting it with the sender's private key and transmitting it in encrypted form to the recipient. The recipient can then decrypt the document encrypted with the private key again using the public key. In this case, it is practically impossible to change the document without knowledge of the private key so that a readable text is created after decryption with the public key.

In addition, in mobile communication environments in which a respective mobile user can visit a plurality of different communication devices, the problem arises of ensuring that a respective user is authorized to access a respective communication device or that a user is the one who he pretends to be. For this purpose, user authentication is provided in many communication devices. Upon successful user authentication, the communication device is personalized for the authenticated user.

The authentication of a user is often done by means of smart cards, on which a private, assigned to the user key is stored. In the context of an authentication, the private key is transferred from such a chip card or by means of other transmission methods to the communication device in order to be used there for decryption or for signing. The public key suitable for the private key is generally stored system-wide in a database of a public-key infrastructure assigned to the user. This enables system-wide secure communication with the user authenticated on any communication device.

The security of the security system described above is largely determined by the security of the private key. The transport and storage of a private key are, however, in principle vulnerable or compromisable. For example, a smart card may be stolen or lost, or a private key stored on a communication device may be spied out.

From the pamphlets WO 03/034655 A1 . DE 42 43 908 C2 and US 6 035 398 A encryption methods are disclosed to encrypt public keys and private keys using biometric sensors, e.g. B. a fingerprint sensor to produce.

In US 2004/0 111 625 A1 a data processing system and a method for generating a cryptographic key from representative biometric data is disclosed. For this purpose, an intermediate key and a mapping key are respectively formed, from which the desired cryptographic key is formed.

It is an object of the present invention to provide a method and a security system for securing a data transmission in a communication system, which offer increased security.

This object is achieved by a method for securing a data transmission in a communication system according to claim 1 and by a security system for securing a data transmission in a communication system according to claim 3.

Advantageous embodiments or further developments of the invention are specified in the dependent claims.

According to the invention, to secure a data transmission in a communication system, a first and a second biometric sensor are provided, by means of which biometric feature data of a user are recorded. For example, fingerprint sensors and / or iris or eye background pattern sensors can be used as biometric sensors. Furthermore, a predetermined function is provided, by means of which a private key can be generated in a reproducible manner on the basis of the respectively recorded biometric feature data. Based on the feature data recorded by the first biometric sensor, a public key suitable for the private key is generated by means of the predetermined function and stored in a database of a public-key infrastructure. Furthermore, for a user-visited communication device by means of the second biometric sensor biometric feature data of the user is recorded, based on which by means of the predetermined function of the private key is generated. On the basis of the generated private key encrypted data is decrypted by the visited communication device with the retrieved public key of the user or signed with the user's public key to verify data.

Among other things, the invention is based on the finding that a private key can be reproducibly generated by means of a deterministic function using detected user-individual biometric feature data, from which, in turn, a matching public key can be derived. As reproducible in this context is understood that different biometric sensors provide the same user independently identical biometric feature data, based on which matching private keys are generated independently. In contrast, private keys in known backup systems are often generated from random numbers and thus are not readily reproducible independently.

A significant advantage of the invention is the fact that it can be avoided to transport the security-critical private key via insecure media, such as a smart card or store in a variety of visited communication devices. Also a central storage of private keys is not required. A respective user, so to speak, carries with his individual biometric features individual output data for his private key.

The invention also has an advantageous effect on user mobility in the communication system, insofar as the key input is considerably simplified in the case of a respectively visited communication device.

According to the invention, based on the feature data recorded by means of the first biometric sensor, the private key can first be generated by means of the predetermined function and the public key can be derived therefrom. Alternatively, the public key may also be derived directly from the feature data taken by the first biometric sensor.

Furthermore, the visited communication device may issue a request for biometric feature recording upon request of a private key by an application. For example, instead of entering the private key, this application may prompt for a smart card via a smart card or a keyboard to touch a fingerprint sensor.

According to a further advantage of the invention, in use of the generated private key, it may be prompted to delete the generated private key immediately after use. In this way, the risk of the newly created private key being compromised can be minimized. In this case, a private key is generated again on each request on the basis of newly recorded biometric feature data in order to avoid cross-requirement storage.

The captured biometric feature data and / or a private key derived therefrom may also be used to authenticate the user to the communication device or to the public key infrastructure.

An embodiment of the invention will be explained in more detail with reference to the drawing.

The figure shows a communication system with a security system according to the invention in a schematic representation.

In the figure, a communication system with a security system according to the invention is shown schematically. The communication system comprises a communication network CN, for example an Integrated Services Digital Network (ISDN), a Local Area Network (LAN) or a Wide Area Network (WAN), such as the Internet. As the Internet on, as the communication devices a communication terminal T1, a communication terminal T2, and a so-called public-key infrastructure PKI are coupled. The communication terminals T1 and T2 may be configured, for example, as a telephone or personal computer. For the present embodiment, assume that the communication terminals T1 and T2 support user mobility. In each case a communication application APP1 or APP2 runs on the communication terminals T1 and T2. The communication applications APP1 and APP2 may be, for example, telephony applications, fax applications, video communication applications or other data transmission applications.

The Public Key Infrastructure PKI is used to manage the public keys of various users, as well as to manage other data and structures required to perform asymmetric cryptographic procedures. The public-key infrastructure PKI has a central database DB in which public keys of a large number of users are stored in each case assigned to the respective user.

A security module M1 with a key generation module KG1 and a feature recognition module PE is coupled to the public key infrastructure PKI. The security module M1 can be realized as a hardware and / or software-based so-called middleware and be designed as a separate module or as an adapter or integrated into the public-key infrastructure PKI. Connected to the security module M1 is a biometric sensor B1, for example a fingerprint, iris or fundus background sensor. By the biometric sensor B1 biometric features of a user U are detected, which touches for this purpose, for example, with his index finger to the biometric sensor B1. As a result of an actuation of the biometric sensor B1, this biometric raw data BRD of the user transmits to the feature recognition module PE of the security module M1 for evaluation. In the course of this evaluation, biometric characteristic data BD are extracted from the biometric raw data BRD, which represent in a reproducible manner unambiguously identifiable, invariable biometric features of the individual user U. The extracted biometric feature data BD are transmitted from the feature recognition module PE to the key generation module KG1.

The key generation module KG1 applies to the biometric feature data BD a deterministic function F1 in the sense of a mathematical mapping in order to generate a private key PRVK from the biometric feature data BD. The private key PRVK is therefore the return value of the function F1 with the biometric feature data BD as input values: PRVK = F1 (BD). In this context, a determinate function is understood to mean a function which supplies identical return values for the same input values. A further determined function F2 is applied to the generated private key PRVK by the key generation module KG1, by means of which a corresponding public key PUBK = F2 (PRVK) is derived from the private key PRVK. The public key PUBK and the private key PRVK match one another in that data encrypted with one key can only be decrypted by means of the other key. The functions F1 and F2 can be realized, for example, by a program function or program routine. Immediately after using the private key PRVK to derive the public key PUBK, the private key PRVK is deleted by the key generation module KG1 again.

The derived public key PUBK is stored by the security module M1 in the database DB of the public-key infrastructure PKI and can be called up by the user U. The one-time generation and storage of the public key PUBK of the user U in the public-key infrastructure PKI makes it possible to secure any communication in the communication system between a communication device calling the public key PUBK and a communication device having the appropriate private key PRVK.

For the present embodiment, it is assumed that the user U registered in the public-key infrastructure PKI later visits the communication terminal T1 in order to communicate with the communication terminal T2 in a protected manner via the fundamentally insecure communication network CN. To secure this communication, a security module M2 is coupled to the communication terminal T1. The security module M2 can, for. B. be implemented as hardware and / or software middleware, may be formed as a separate module or as an adapter or may be integrated into the communication terminal T1. The security module M2 has a feature recognition module PE and a key generation module KG2. Connected to the security module M2 is a biometric sensor B2, for example a fingerprint, iris or eye fundus sensor.

To secure the communication, the communication application APP1 of the communication terminal T1 visited by the user U issues the user with a request for biometric feature recording. After actuation of the biometric sensor B2 by the user U, biometric raw data BRD is transferred from the biometric sensor B2 to the feature recognition module PE of the security module M2 transmitted. The feature recognition module PE extracts from the transmitted biometric raw data BRD biometric feature data BD, which reproducibly represent uniquely identifiable, invariable biometric features of the individual user U. Since the biometric feature data BD obtained by the security module M2 is returned to the same user U, this feature data coincides with the biometric feature data BD obtained by the security module M1.

The biometric feature data BD extracted by the feature recognition module PE of the security module M2 is transmitted by the feature recognition module PE to the key generation module KG2. The key generation module KG2 applies to the biometric feature data BD the function F1 also implemented in the key generation module KG1 in order to obtain as the return value the private key PRVK = F1 (BD).

Since biometric feature data BD extracted in the fuse modules M1 and M2 match, the deterministic function F1 in the fuse module M2 reproducibly generates the same private key PRVK as in the fuse module M1.

The inventive, reproducible generation of the same private key PRVK makes it possible to recreate it as needed or ad hoc on each visited, inventively equipped communication device and preferably in the context of each secure by the private key communication procedure. A generated private key is deleted as soon as possible after use to optimize security.

In the present exemplary embodiment, the newly generated private key PRVK is transmitted by the security module M2 to the communications application APP1 running in the communication terminal T1. Furthermore, in the context of the communication to be secured by the communication application APP2 of the communication terminal T2, the user U in the database DB assigned public key PUBK is retrieved.

By means of the at least temporarily present in the communication terminals T1 and T2 key PRVK or PUBK, communication data DATA, for example voice, video, fax and / or application data between the communication terminals T1 and T2 can be transmitted via the communication network CN secured.

Thus, the communication data DATA to be transmitted from the communication terminal T1 to the communication terminal T2 can be signed by the communication application APP1 by encrypting with the private key PRVK, the signed data SDATA are transmitted to the communication terminal T2 via the communication network CN, and returned to the original one by the communication application APP2 by means of the public key PUBK Communication data DATA to be decrypted.

Furthermore, the communication data DATA to be transmitted from the communication terminal T2 to the communication terminal T1 can be encrypted by the communication application APP2 by means of the public key PUBK, the encrypted data EDATA is transmitted via the communication network CN to the communication terminal T1, to be reproduced by the communication application APP1 by means of the private key PRVK to be decrypted the original data DATA.

After completing the communication, the private key PRVK can be deleted again. The biometric feature data BD can be used by the security module M1 and / or the security module M2 both to generate the private key PRVK and to authenticate the user U. Preferably, the private key PRVK itself can be used as authentication information.

The invention allows with limited effort a secure personalized communication of communication devices over a priori unsafe communication networks. By using biometric feature data can also be largely ensured that a respective communication partner is actually the user that he pretends to be. It is not necessary to transport sensitive data such as the private key PRVK over fundamentally unsafe media or to store it in terminal equipment or central communication facilities for a long time. Instead, a public key, here PUBK, can be generated once only from biometric feature data for a public-key infrastructure and stored in the database of which it can be assigned to the user in a retrievable manner. The matching private key can be recreated in a reproducible manner on each visited and appropriately equipped communication device and preferably deleted after use.

In addition, the invention significantly simplifies key input for the user, which has a very beneficial effect on user mobility.

Claims (3)

Method for securing a data transmission in a communication system, (i) wherein in a first step a) by means of a first biometric sensor (B1) biometric raw data (FRG) to a feature recognition module (PE) in a first security module (M1) are transmitted and by means of the feature recognition module (PE) biometric feature data (BD) of a user (U) from the biometric Raw data (BRD) are extracted, wherein the feature data (BD) reproducibly represent uniquely identifiable, invariable biometric features of the individual user (U), based on which by means of a first predetermined function (F1) in the first security module (M1) a private key (PRVK) is generated in a reproducible manner, wherein the private key (PRVK) is the return value of the first predetermined function (F1) with the biometric feature data (BD) as input values and wherein the first predetermined function (F1) with equal input values equal return values ( PRVK), and b) using the generated private key (PVRK) by means of a second predetermined function (F2), a public key (PUBK) matching this private key (PUBK) is generated once in the first security module (M1) and stored in a public database (DB) Key infrastructure (PKI) is assigned to the user assigned retrievable, (ii) wherein in a subsequent second step c) for a communication device (T1) of the communication system visited by the user (U) by means of a second biometric sensor (B2) via a further feature recognition module (PE) in a second security module (M2) designed to generate only the private key (PRVK), which is arranged between the second biometric sensor (B2) and the visited communication device (T1) or in the visited communication device (T1), the biometric feature data (BD) of the user (U) are recorded, d) on the basis of the second biometric sensor (B2) recorded feature data (BD) by means of the first predetermined function (F1) first of all the associated private key (PRVK) in the second security module (M2) is respectively newly generated and e) the user-visited communication device (T1) using the newly generated private key (PRVK) both - with the retrieved public key (PUBK) of the user (U) encrypted data (EDATA) or decrypted - signed with the public key (PUBK) of the user (U) to verify data, and (iii) wherein, in a step subsequent to the first step (i) or the second step (ii), use of the generated private key (PRVK) is made to delete the generated private key (PRVK) after each use. A method according to claim 1, characterized in that the visited communication device (T1) on request of a private key (PRVK) by an application (APP1) issues a request for biometric feature recording. A security system for securing a data transmission in a communication system, a) with a first biometric sensor (B1) for transmitting biometric raw data (BRD) to a feature recognition module (PE) in a first security module (M1), wherein by means of the feature recognition module (PE) biometric feature data (BD) of a user (U) can be extracted from the biometric raw data (BRD), the feature data (BD) reproducibly representing uniquely identifiable, invariable biometric features of the individual user (U), by means of which a first predetermined function (F1 in the first security module (M1) a private key (PRVK) is reproducibly generated, wherein the private key (PRVK) is the return value of the first predetermined function (F1) with the biometric feature data (BD) as input values and wherein the first given function (F1) with the same input values the same return values ( PRVK), b) with the first security module (M1) for once generating a private key (PRVK) matching public key (PUBK) by means of a second predetermined function (F2) based on the generated in the first security module (M1) private key ( PVRK) and for storing the generated public key (PUBK) in a database (DB) of a public-key infrastructure (PKI), c) with a second biometric sensor (B2) for transmitting biometric raw data (BRD) to a in a second, for generating only the private key (PRVK) designed security module (M2) arranged further feature recognition module (PE) for receiving biometric feature data (BD) of the user (U) for one of the user (U) visited communication device (T1), wherein by means of the further feature recognition module (PE) the biometric feature data (BD) of the user (U) from the biometric raw data (BRD) are extractable, and d) with the second security module (M2), which between the second biometric sensor (B2) and the visited communication device (T1) or in the visited communication device (T1), for generating the private key (PRVK) by means of the first predetermined function (F1) on the basis of the second biometric sensor (FIG. B2) recorded biometric feature data (BD), e) wherein the second security module (M2) then transmits the generated private key (PRVK) to a decryption module or a signing module of the visited communication device (T1), and f) wherein both in the first security module (M1 ) as well as in the second security module (M2) the private key (PRVK) generated in each case after its use is deleted.

Images