FR2823927A1 - Asymmetric dynamic cryptography for electronic transactions authenticates without complex key entry - Google Patents
Asymmetric dynamic cryptography for electronic transactions authenticates without complex key entry Download PDFInfo
- Publication number
- FR2823927A1 FR2823927A1 FR0105238A FR0105238A FR2823927A1 FR 2823927 A1 FR2823927 A1 FR 2823927A1 FR 0105238 A FR0105238 A FR 0105238A FR 0105238 A FR0105238 A FR 0105238A FR 2823927 A1 FR2823927 A1 FR 2823927A1
- Authority
- FR
- France
- Prior art keywords
- server
- password
- authentication
- application
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Abstract
Description
numérique.digital.
1 28239271 2823927
Définition: L'invention concerne un moyen de cryptographie asymétrique visant à sécuriser toutes transactions électroniques. Cette sécurisation cryptographique est réalisoe à travers une double authentification asymétrique générce de manière pseudo-aléatoire. Les principes de protection ou d'authentification par systèmes à clefs publiques et privées reposent sur une communication point à point, de l' émetteur vers le récepteur, avec l' intervention d 'un tiers communément qualifié "annnaire" qui est consulté par l'émetteur afin de conna^itre la clef publique de chiffrement du destinataire dans un but de confidentialité du message, puis par le destinataire afin de conna^itre la clef publique de signature de l'émetteur dans un but d'authentification de la provenance du message. Différents obstacles sont identifiables pour la mise en oeuvre de ces principes: a) L'émetteur et le destinataire sont tenus d'8tre équipés des logiciels adéquats afin de chiffrer, Definition: The invention relates to an asymmetric cryptographic means aimed at securing all electronic transactions. This cryptographic security is achieved through a double asymmetric authentication generated in a pseudo-random manner. The principles of protection or authentication by public and private key systems are based on a point-to-point communication, from the sender to the receiver, with the intervention of a third party commonly qualified as "annual" who is consulted by the sender in order to know the public encryption key of the recipient for the purpose of confidentiality of the message, then by the recipient in order to know the public key for signing the sender for the purpose of authenticating the origin of the message . Different obstacles can be identified for the implementation of these principles: a) The sender and the recipient are required to be equipped with adequate software in order to encrypt,
déchiffrer, signer et authentifier un message. decipher, sign and authenticate a message.
b) L'émetteur et le destinataire sont tenus de posséder, et d'avoir a leur disposition au moment o ils désirent échanger des données, une clef secrète permettant le chiffrement et la signature. Une clef étant souvent une longue séquence de chiffre et de lettres, il est malaisé et fastidieux pour un b) The sender and the recipient are required to have, and to have at their disposal when they wish to exchange data, a secret key allowing encryption and signature. A key is often a long sequence of numbers and letters, it is difficult and tedious for a
utilisateur nomade de transférer sa clef d'un poste de travail à un autre en fonction de ses besoins. mobile user to transfer his key from one workstation to another according to his needs.
c) L'émetteur et le destinataire sont tenus de publier leurs clefs publiques sur le méme système c) The sender and the recipient are required to publish their public keys on the same system
d'annnaire.of annnaire.
d) Un utilisateur peut être contraint, sous la menace, d'authentifier un message qu'il ne désire pas signer. e) Dans les systèmes de communication standard (SMTP, POP...) I'émetteur est rarement informé de la bonne récepti on du message. Lorsqu'il l' est. cet accu sé de récepti on est rarement authentifié, et donc d) A user can be forced, under threat, to authenticate a message which he does not wish to sign. e) In standard communication systems (SMTP, POP ...) the sender is rarely informed of the correct reception of the message. When it is. this receiver battery is rarely authenticated, and therefore
sans valeur logale.without logal value.
Description de l'invention:Description of the invention:
Les utilisateurs communiquent via un serveur centralisé (nommé ci-après "serveur") qui prend en charge les problèmes d'authentification. Ce serveur propose une interface web, par applet Java, afin de fournir des services de cryptage et d'authentification à des utilisateurs ne disposant pas d'un poste de Users communicate via a centralized server (hereafter called "server") which takes care of authentication problems. This server offers a web interface, using a Java applet, in order to provide encryption and authentication services to users who do not have a workstation.
travail spécfflquement équipé.specially equipped work.
Lors de son inscription au service, le système choisira aléatoirement une graine, codée sur un nombre de caractères aisément saisissable sur un clavier. Cette graine, fournie à un générateur aléatoire convenu, permettra de générer un couple clefs privoelpublique RSA. Le service remet alors à l'utilisateur la graine et son login, et ne mémorise dans le serveur que la clef publique ainsi que le login When registering for the service, the system will randomly choose a seed, coded on a number of characters easily entered on a keyboard. This seed, supplied to an agreed random generator, will generate a private RSA key couple. The service then gives the user the seed and his login, and stores in the server only the public key and the login
qui lui est associé.associated with it.
Le login est. classiquement, un couple identifiantlmot de passe. Cependant, deux mots de passes seront fournis à l'utilisateur. Le premier pour une identification "normale", le second étant une "alarme The login is. conventionally, a couple identifying password. However, two passwords will be provided to the user. The first for a "normal" identification, the second being an "alarm
silencieuse" informant le service qu'il s'authentifie sous la contrainte. silent "informing the service that it authenticates under duress.
Le couple clef privéclpublique précédemment évoqué ne sert que pour l'authentification. Les échanges entre un utilisateur et le serveur sont chiffrés à l'aide de clefs RSA générées spécifiquement pour la transaction en cours. Le serveur se charge de stocker le message, puis de le transmettre de la même manière (chiffrée par une nouvelle clef RSA générce au moment de la transaction) au destinataire The previously mentioned private key pair is only used for authentication. The exchanges between a user and the server are encrypted using RSA keys generated specifically for the current transaction. The server takes care of storing the message, then transmitting it in the same way (encrypted by a new RSA key generated at the time of the transaction) to the recipient
lorsque celui-ci se connectera afin de consulter ses messages. when the latter connects to consult his messages.
Si le destinataire n'est pas un utilisateur du service, il recevra par un e-mail classique, un court message l'informant qu'il peut consulter sur le serveur, un e-mail authentifié. Cependant, dans ce cas, le service ne pourra garantir l'identité du destinataire du message, et l'accusé de réception ne pourra If the recipient is not a user of the service, he will receive by a standard e-mail, a short message informing him that he can consult on the server, an authenticated e-mail. However, in this case, the service cannot guarantee the identity of the recipient of the message, and the acknowledgment cannot
être alors fourni à l'émetteur qu'à titre indicatif, sans la moindre valeur logale. then be provided to the transmitter for information only, without any logal value.
Le serveur agit donc comme un "tiers de confiance". Cependant les clefs d'authentification restent la The server therefore acts as a "trusted third party". However the authentication keys remain the
- propriété exclusive des utilisateurs, le serveur ne possédant que les clefs de vérifications. - exclusive property of users, the server only having the verification keys.
L'invention sera mieux comprise à l'aide de la description suivante des différentes étapes entre le The invention will be better understood using the following description of the different steps between the
client et le serveur: figure 1 On nomme " poste client " un system informatique à la disposition de l'utilisateur qui est doté d'un client and server: figure 1 We call "client workstation" a computer system available to the user which has a
programme spécifique ou bien de la possibilité de télécharger une applet JAVA. specific program or the possibility of downloading a JAVA applet.
On nomme " applications " un programme informatique fournis par " Fullcrypt " et installé sur le We call "applications" a computer program provided by "Fullcrypt" and installed on the
poste client ou bien une applet JAVA qui a été télécharge au préalable. client workstation or a JAVA applet which has been downloaded beforehand.
On nomme "serveur" le system informatique central de la société "Fullcrypt" qui est doté de We call "server" the central computer system of the company "Fullcrypt" which has
connexion à l'lnternet d'une base de donnée et de la possibilité d'émettre l'applet JAVA. connection to the Internet of a database and the possibility of issuing the JAVA applet.
On nomme " l'utilisateur " la personne physique inscrite au service et détenteur d'une clef Fullcrypt. We name "the user" the natural person registered for the service and holder of a Fullcrypt key.
L'utilisateur exécute l'application du poste client et se connecte sur le serveur. The user runs the application on the client computer and connects to the server.
( 1) L'application génère un couple clef publique, clef privée RSA nommé (PaKa) aleatoirement et (1) The application generates a couple public key, RSA private key named (PaKa) randomly and
garde en mémoire la clef privée (Ka). keeps the private key (Ka) in memory.
(2) L'application ouvre une connexion (C) sur le serveur et transmet la clef publique (Pa) (3) Le serveur mémorise la clef (Pa) reçu puis généré un couple clef publique/clef privée RSA nommé (PbKb) et garde en mémoire la clef privée (Kb) (4) Le serveur émet sur (C) la clef publique (Pb) (5) L'application mémorise (Pb) puis demande à l'utilisateur son identifiant et son mot de passe (6) L'utilisateur saisis son identifiant et son mot de passe. Ce couple est matérialisé soit par deux châmes (l'identifiant et le mot de passe) de caractère saisis par l'intermédiaire d'un clavier soit par une châîne de caractère (l'identifiant) et une mesure Biométrique (le mot de passe) lu par (2) The application opens a connection (C) on the server and transmits the public key (Pa) (3) The server memorizes the key (Pa) received then generates a couple of public key / private key RSA named (PbKb) and keeps in memory the private key (Kb) (4) The server sends on (C) the public key (Pb) (5) The application memorizes (Pb) then asks the user for his username and password (6 ) The user enters his username and password. This couple is materialized either by two character strings (the identifier and the password) entered via a keyboard or by a character string (the identifier) and a Biometric measurement (the password) read by
un équipement spécifique.specific equipment.
(7) L'application calcul le digest MD5 du mot de passe puis chiffre a l'aide de la clef (Pb) le (7) The application calculates the MD5 digest of the password then encrypts it using the key (Pb) on
couple identifiantlmot de passe.couple identifying password.
(8) L'application émet sur (C le message ainsi chiffré (9) Le serveur déchiffre le message a l'aide de (Kb) et vérifie dans la base de donnce le couple identifiantldigest MD5. Si le digest MD5 correspond à celui du mot de passe " prise d'otage " (8) The application sends on (C the message thus encrypted (9) The server decrypts the message using (Kb) and checks in the database the pair identifying MD5 digest. If MD5 digest corresponds to that of MD5 hostage-taking password
de l'utilisateur, une alarme silencieuse est déclenchée. user, a silent alarm is triggered.
(10) Si le digest MD5 fournis correspond au mot de passe de 1'utilisateur ou bien a son mot (10) If the MD5 digest provided corresponds to the user's password or to his word
de passe " prise d'otage ", le serveur émet sur (C) une validation de la connexion. "hostage taking" password, the server sends on (C) a validation of the connection.
(11) L'application est désorrnais entièrement accessible a l'utilisateur. I1 peut y effectuer (11) The application is now fully accessible to the user. He can do there
des opérations de maintenance courante ou bien émettre un message authentifié. routine maintenance operations or issue an authenticated message.
(12) L'utilisateur saisis le message (M) à authentifier. (12) The user enters the message (M) to be authenticated.
(13) L'utilisateur signe son message a l'aide de la clef Fullcrypt qui est en sa possession ( 14) L' application calcul la clef publique/clef privée (PfK a l'aide d'un générateur pseudo (13) The user signs his message using the Fullcrypt key which is in his possession (14) The application calculates the public key / private key (PfK using a pseudo generator
aléatoire prédéfini qui prendra comme graine de génération la clef Fullcrypt saisis. predefined random which will take as seed the Fullcrypt key entered.
(15) L'application calcul la signature (S) RSA de (M) à l'aide de (Kf) (16) L'application calcul le chiffrage RSA (R) du message (M) et de la signature (S) a (15) The application calculates the RSA signature (S) of (M) using (Kf) (16) The application calculates the RSA encryption (R) of the message (M) and of the signature (S) at
l'aide de (Pb).using (Pb).
(17) L'application émet sur (C) le message (R) (18) Le serveur déchiffre (R) a l'aide de (Kb), vérifie la signature (S) a l'aide de la clef (Pf, présente dans la base de donnée et aectée a l'utilisateur qui s'est connecté, puis stock (17) The application sends the message (R) to (C) (18) The server decrypts (R) using (Kb), verifies the signature (S) using the key (Pf, present in the database and assigned to the user who has logged in, then stock
dans la base de donnée le message (M). in the database the message (M).
(19) Le serveur calcul le digest MD5 (DS) de l'ensemble des donnces avant cryptage qu'il (19) The server calculates the MD5 digest (DS) of all the data before encryption that it
à émis.emitted.
(20) Le serveur émet (DS) sur (C)(20) The server transmits (DS) on (C)
3 28239273 2823927
(21) L'application vérifie que le digest MD5 correspond bien au données qu'elle à reçues. (21) The application checks that the MD5 digest corresponds to the data it received.
(22) L ' application calcul le digest MD5 (DA) de l' ensemble des données avant cryptage (22) The application calculates the MD5 digest (DA) of all the data before encryption
qu'elle à émise.that it issued.
(23) L'application émet (DA) sur (C). (23) The application transmits (DA) on (C).
Le serveur vérifie que le digest MD5 est bien celui des donnces qu'il à reçues et dans The server checks that the MD5 digest is that of the data it has received and in
ce cas valide la transaction.this case validates the transaction.
(24) Lorsque l'utilisateur quitte l'application, la connexion (C) est fermée. (24) When the user exits the application, the connection (C) is closed.
son
4 28239274 2823927
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0105238A FR2823927A1 (en) | 2001-04-18 | 2001-04-18 | Asymmetric dynamic cryptography for electronic transactions authenticates without complex key entry |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0105238A FR2823927A1 (en) | 2001-04-18 | 2001-04-18 | Asymmetric dynamic cryptography for electronic transactions authenticates without complex key entry |
Publications (1)
Publication Number | Publication Date |
---|---|
FR2823927A1 true FR2823927A1 (en) | 2002-10-25 |
Family
ID=8862424
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
FR0105238A Pending FR2823927A1 (en) | 2001-04-18 | 2001-04-18 | Asymmetric dynamic cryptography for electronic transactions authenticates without complex key entry |
Country Status (1)
Country | Link |
---|---|
FR (1) | FR2823927A1 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0534420A2 (en) * | 1991-09-27 | 1993-03-31 | International Business Machines Corporation | A method for generating public and private key pairs using a passphrase |
US5354974A (en) * | 1992-11-24 | 1994-10-11 | Base 10 Systems, Inc. | Automatic teller system and method of operating same |
EP0851335A2 (en) * | 1996-12-31 | 1998-07-01 | Compaq Computer Corporation | Secure two-piece user authentication in a computer network |
US5812669A (en) * | 1995-07-19 | 1998-09-22 | Jenkins; Lew | Method and system for providing secure EDI over an open network |
-
2001
- 2001-04-18 FR FR0105238A patent/FR2823927A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0534420A2 (en) * | 1991-09-27 | 1993-03-31 | International Business Machines Corporation | A method for generating public and private key pairs using a passphrase |
US5354974A (en) * | 1992-11-24 | 1994-10-11 | Base 10 Systems, Inc. | Automatic teller system and method of operating same |
US5812669A (en) * | 1995-07-19 | 1998-09-22 | Jenkins; Lew | Method and system for providing secure EDI over an open network |
EP0851335A2 (en) * | 1996-12-31 | 1998-07-01 | Compaq Computer Corporation | Secure two-piece user authentication in a computer network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101999188B1 (en) | Secure personal devices using elliptic curve cryptography for secret sharing | |
US20180144114A1 (en) | Securing Blockchain Transactions Against Cyberattacks | |
US7730321B2 (en) | System and method for authentication of users and communications received from computer systems | |
US7100049B2 (en) | Method and apparatus for authentication of users and web sites | |
US7676433B1 (en) | Secure, confidential authentication with private data | |
JP4625234B2 (en) | User certificate / private key assignment in token-enabled public key infrastructure system | |
US8756416B2 (en) | Checking revocation status of a biometric reference template | |
US8024575B2 (en) | System and method for creation and use of strong passwords | |
EP1326368A2 (en) | Revocation and updating of tokens in a public key infrastructure system | |
CA2554847C (en) | System and method for secure electronic data delivery | |
US10089627B2 (en) | Cryptographic authentication and identification method using real-time encryption | |
CN111241533A (en) | Block chain-based password management method and device and computer-readable storage medium | |
WO2007088337A2 (en) | Kem-dem encrpyted electronic data communication system | |
JP2003521154A (en) | How to issue electronic identification information | |
SE516567C2 (en) | Procedure and apparatus for secure wireless transmission of information | |
CN109981287B (en) | Code signing method and storage medium thereof | |
JP4350769B2 (en) | Authentication server and online service system | |
WO2001060020A1 (en) | Method for certifying and verifying digital web content using public cryptography | |
JP3704681B2 (en) | System and method for placing a digital certificate on a hardware token | |
WO2010050192A1 (en) | Password reissuing method | |
JPH11353280A (en) | Identity confirmation method and system by means of encipherment of secret data | |
US6839842B1 (en) | Method and apparatus for authenticating information | |
FR2823927A1 (en) | Asymmetric dynamic cryptography for electronic transactions authenticates without complex key entry | |
KR20020086030A (en) | User Authentication Method and System on Public Key Certificate including Personal Identification Information | |
JP2006157336A (en) | Method of transmitting and receiving secret information and program |