EP0947072A1 - Procede pour la memorisation protegee electroniquement de donnees dans une banque de donnees - Google Patents

Procede pour la memorisation protegee electroniquement de donnees dans une banque de donnees

Info

Publication number
EP0947072A1
EP0947072A1 EP97945716A EP97945716A EP0947072A1 EP 0947072 A1 EP0947072 A1 EP 0947072A1 EP 97945716 A EP97945716 A EP 97945716A EP 97945716 A EP97945716 A EP 97945716A EP 0947072 A1 EP0947072 A1 EP 0947072A1
Authority
EP
European Patent Office
Prior art keywords
data
user
database
signature
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP97945716A
Other languages
German (de)
English (en)
Inventor
Alfred Schmid
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ascom Systec AG
Original Assignee
Ascom Systec AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ascom Systec AG filed Critical Ascom Systec AG
Publication of EP0947072A1 publication Critical patent/EP0947072A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the invention relates to a method for electronically secured storage of data in a database and a device for performing the method.
  • a database is understood to be a structured, content-related data pool.
  • the database consists of one or more tables (or objects), each with a series of identical data records.
  • Each data record is composed of a number of data fields. Normally, the number and nature of the data fields for a certain type of data record in the database are identical.
  • the various application programs and users can access shared data in database environments. On the one hand, this prevents problems such as redundancy and inconsistency of data and data structures, on the other hand, the threat potential regarding database security increases.
  • Database security violations include unlawful reading, modification, or deletion of data or the prevention of the same.
  • Unauthorized gain of information by reading data through deliberate or accidental access by an unauthorized user.
  • the information gain of inadmissible information obtained by inference from permitted accesses also belongs to this category.
  • Unauthorized modification (loss of integrity) of data includes all violations of data integrity. It is not absolutely necessary that an illegal gain of information must have taken place beforehand.
  • Disruption and sabotage Loss of availability. This includes all actions that prevent the legitimate users of a system from using them. Protecting a database from possible attacks means that the infrastructure, especially the stored data, must be protected against accidental or deliberate unauthorized access (reading and / or modification).
  • a method for securing the integrity of (electronically stored) data is known from US Pat. No. 5,097,504.
  • the data stored in plain text are provided with a signature that is unique to the text and the author.
  • the parameters (e.g. key, program) for calculating the signature are e.g. stored in a protected memory card with an integrated processor.
  • a series of information elements (there Fig. 4: D, B, A) is multiplied by a corresponding number of random numbers (Ci) and added. The resulting sum is subjected to a modulo operation. The result is the signature.
  • the information elements can be calculated with any numerical values such as e.g. can be combined or supplemented with the date or the identification of the signatory.
  • the procedure is primarily intended for the transmission of messages. A powerful computer is required to use it to protect a database.
  • a special method is proposed for this large amount of data, in which the data to be processed are divided into data blocks for calculating the signature (column 6, lines 41-44).
  • the individual bits can be grouped so that they only partially represent the "characters" (column 7, lines 1-5).
  • a partial signature is created for each data block, so that the entire signature is formed by a series of individual partial signatures (column 6, lines 54-56).
  • the partial signatures can be attached to the corresponding data blocks (column 7, lines 24-28). In this way, backup copies of databases can be signed (column 12, lines 37-38).
  • the European patent application EP 0 709 760 A2 deals with a method for the administration of copyrights.
  • the data to be managed are not central, but stored in a network of computers.
  • the dates are not in Form of data records with a fixed structure included, but in any files.
  • In order to control the recycling of copyrighted data they are encrypted before being transmitted to the user, so that they can only be read and reused using a key to be obtained from a central office.
  • a method for the certification of keys in public key systems is known from EP 0 386 867 A2.
  • the aim is to enable the transmission of data (such as e-mail and electronic transfers or payments) via insecure channels.
  • data such as e-mail and electronic transfers or payments
  • the signature is created, the data (object) is subjected to a hash function.
  • Date and identification of the signer are also included in the signature.
  • the object of the invention is to protect the data stored in a database against accidental or deliberate unauthorized access (modifications).
  • each data record (which contains the useful data) is first provided with a user ID and then with an electronic signature when it is created or changed.
  • the content of the signature is based on both the user data and the user ID. In principle, it is created with a one-way function that has a secret, user-specific key as a parameter. Only the data record thus supplemented is stored on the available storage medium in the form of an expanded data record. The signature therefore represents an additional field in the data record.
  • the method described has the advantage that the data backed up in this way can in principle be read by any user (who is admitted to the database) and, if necessary, changed, but that it can always be subsequently determined who made the changes.
  • the electronic Signature ensures that it can be checked whether the user ID and the data are authentic. It is therefore not possible for someone to change data under another user ID
  • the invention differs from the prior art according to US Pat. No. 5,097,504 in that individual data records are processed.
  • a database is not secured as a whole with signatures. Rather, the data records of certain selected tables are selectively encoded in the invention.
  • the table is in which records the illnesses of each patient, is secured by a signature according to the invention, while the assigned tables with the addresses of the patients, for example, are deliberately not saved (and as a result can be created and changed without a complex procedure).
  • the formation of blocks proposed in US Pat. No. 5,097,504 does not take into account the database structure, but only assumes how many bits can be processed with a signature with reasonable computing effort
  • the user data are reduced together with the user ID to a bit sequence of a predetermined length with the aid of a hash function.
  • the hash function is a one-way function which carries out compression of the data in such a way that the probability that the result despite different output data same function value, negligibly small D h it creates a kind of fingerprint
  • An asymmetric encryption method is used to generate the electronic signature.
  • the secret key is used to generate and the public key to verify the electronic signature.
  • RSA public key cryptosystem by Ron Rivest Adi Shamir and Leonard Adleman, see US 4 405 829 DSA Digital Signature Algo ⁇ thm according to the American Digital Signature Standard
  • Every user has to register with this center in order to provide his user ID and public key.
  • the control center maintains a list which contains the user IDs of the existing users and the corresponding keys. Each entry in the list is preferably signed by the center.
  • a user now wants to check a signature of a data record, he takes the public key listed in the central list and belongs to the user ID of the data record in question and checks the electronic record signature.
  • the electronic signature of the head office can be used to determine that the public key and the user ID actually belong to the corresponding user (i.e. his person).
  • check functions are provided that check the data entered for its logical consistency. That The data to be stored in a certain field of a data record must be of the correct data type. These test functions can be more or less expanded. In connection with the invention it is important that an input or change of sensitive data is only accepted if the electronic signature is present. (The system does not necessarily have to check the user signature when entering the data.)
  • the database has to offer special security, it is an advantage if no deletion is carried out in general or if the data is changed, but only a deletion mark. This is also according to the invention with a marked electronic signature. This makes it possible to trace the history of a data record and determine responsibility.
  • a secure time base is preferably provided, which can be used to date an entry or change. Secure means that it must not be possible to enter an incorrect time (date / time). This is particularly important when sensitive data has to be processed from workstations that are far apart. It goes without saying that the time stamp should also be included in the electronic signature. Of course, the timestamp should not be manipulable. If such a time stamp is not available at all workstations, the server can possibly (additionally) attach a time stamp itself, so that e.g. at least users cannot backdate changes.
  • the invention can of course not only be used to back up individual data records.
  • entries in the dictionary (authorization files, security axioms, integrity conditions or the like), entire user profiles and log files can also be protected.
  • the key to generating the electronic signature is preferably stored neither in the computer system that manages the database, nor in a decentralized workstation, but in a personal chip card. This should meet a high security standard (the security of the known CP8 card should be mentioned as an example).
  • the secret key should not have to be given from the card when generating the electronic signature.
  • a chip card reader To operate the database system, a chip card reader must be provided at the workplace. Whenever an electronic signature has to be generated, the corresponding clear data is transferred from the chip card reader to the chip card, which in turn creates and issues the signature.
  • the method according to the invention can be implemented with hardware known per se. In order to be able to implement the preferred embodiment with the chip cards, chip card readers must be provided at the work stations.
  • the signature is physically calculated as close as possible to the input device and added to the data record.
  • Figure 1 is a schematic representation of the principle for backing up the data.
  • FIG. 2 shows a schematic representation of a computer system for carrying out the method.
  • the data records in the database are additionally secured with an integrity condition (check constraint) against undetectable manipulation by generating a digital signature (a kind of checksum) of the entered data. This will of course insert redundant information. But on the other hand, the authenticity and origin of the data are protected against undetectable manipulation.
  • an integrity condition check constraint
  • a digital signature a kind of checksum
  • the data records for the user profiles (e.g. access rights and privileges at operating system level) can be saved in the same way.
  • the entries for the log file and the logbook are also provided with a sequential number in order to delete an entry Being able to determine Deletion and duplication cannot generally be prevented by cryptographic methods alone
  • Each data record has the actual information (this can be made up of several attributes - such as name, address, age, blood type, etc.) Patients - exist), which depends on the intended use, three additional attributes
  • the information defines the WHAT, the time stamp the WHEN and the user ID the WHO.
  • the digital signature protects the authenticity of the previously mentioned data parts
  • the useful information is designated by M and depends on the specific application. It is formed, for example, by the name, address or further details of a person. According to an advantageous embodiment, a time stamp TS (date, time) is also available This is always recorded when the user information M is entered or changed.
  • An indispensable attribute is the user identifier Ui. It is a code or a number which allows the specified user to be clearly identified
  • the three named elements of the data set are converted into a bit sequence H with a fixed length (for example 128 bits) using a hash function HF.
  • a one-way function E kl into a code C (with a length of, for example, 512 or 1024 bits), which serves as an electronic signature and is added to the data record.
  • the one-way function has the user's secret key Ki (private key) as a parameter.
  • Fig. 2 shows a rough block diagram of a database system.
  • the data are managed by a server, which has a computer 2 and a memory 3 in a conventional manner.
  • the data is entered or changed at a terminal 4 (workstation). This includes Via a known input device 5 (keyboard, barcode reader, screen, etc.), a clock 6 and a card reader 7. A line 9 connects the terminal 4 to the server 1.
  • a known input device 5 keyboard, barcode reader, screen, etc.
  • a clock 6 and a card reader 7.
  • a line 9 connects the terminal 4 to the server 1.
  • the data M are entered on the input device 5.
  • the data M are transferred to the chip card 8 together with a time stamp generated by the clock 6 via card reader 7. This creates the signature described above.
  • the data record consisting of the data M, the time stamp TS, the user identification (which is preferably stored in the chip card 8 and is issued by the latter) and the electronic signature can then be transmitted to the server 1 via line 9.
  • the effective information M of the data record is collected.
  • men with the time stamp TS and the user identifier Ui first compressed using a suitable hash function (one-way function, message digest), that is to say generates a type of fingerprint H (M
  • M TS
  • H a type of fingerprint
  • the database system only accepts a data record if the above constraint is correct, i.e. the signature can be derived from the other elements.
  • the simplest case of cryptographically securing entries with a digital signature only includes the actual information without a secure date. Even in the event that the information part has a time indication, it cannot be trusted unless it is ensured in any way that the wrong time cannot be used.
  • the user ID is necessary so that the signature can be checked with the public key.
  • the disadvantage of missing a time is, of course, that the time of the transaction cannot be easily deduced.
  • a fingerprint of the entered data and the user ID is initially generated (hash function).
  • the database system enters the user ID of the user authenticated at the beginning of the session in the data record.
  • the fingerprint of the data and the user ID are encrypted in a signature unit.
  • the generated signature is entered in the data record and the transaction is completed.
  • the signature unit contains the secret key Ki. This must be kept secret, otherwise another user can sign - without being able to determine it.
  • a secure integrity check system and a corresponding integrity condition are also required so that an illegal entry by the DBMS (Data Base Management System) is reliably rejected. An invalid entry can arise, for example, if an attacker changes the fingerprint or the user ID. It is therefore not necessary to request secure paths and functions for the same.
  • the user ID and the digital signature can be generated in a (physically separate) functional unit.
  • To each user ID Ui has exactly one secret key Ki. Therefore, it makes sense to combine the two sizes in one unit (e.g. smart card) - protected against manipulation.
  • the data record is entered in the database after the following steps:
  • the fingerprint is encrypted in a signature unit.
  • the generated signature is entered in the data record together with the user ID contained in the signature unit and the transaction is completed.
  • the signature unit in turn contains the secret key Ki and the identifier Ui of the user.
  • a time stamp TS date and time
  • the server can e.g. provide signed time codes.
  • a radio clock can be provided, which records the time (also with a forgery-proof code).
  • a data record is therefore entered in the manner listed below:
  • the user enters the data in the individual attributes of the data record and closes the transaction (commit). 2.
  • a fingerprint of the data entered, the time stamp and the user ID is initially generated.
  • the fingerprint is encrypted in a signature unit (e.g. smart card).
  • a signature unit e.g. smart card
  • the generated signature is entered in the data record and the transaction is completed.
  • the DBMS must provide a secure path for the user entries.
  • the time service must provide a sufficiently precise and reliable time specification and be resistant to manipulation.
  • the signing unit in turn contains the secret key Ki and the user identification Ui.
  • a log record is created as follows:
  • the DBMS or the operating system reports an event to be logged to the log monitor.
  • Event handling generates the next data record number and the associated information (message). 3. The current time and date are added to the data record.
  • a fingerprint is created from the number, the information, the time stamp and the user identification.
  • the fingerprint is encrypted in the signature unit.
  • the signature unit contains the secret key ⁇ p and the identifier U p of the protocol monitor.
  • the monitor identifier u P in the log entries is not absolutely necessary if only a global monitor is available.
  • the integrity of a data record is checked in reverse by the system (when saving) or by a user.
  • a secure integrity checking system and a corresponding integrity condition are required so that an "invalid" entry is reliably rejected by the DBMS.
  • the corresponding public key of the user recorded in the data record is necessary for checking a digital signature.
  • the public key must be available in the form of a certificate.
  • Such certificates are issued by an independent, trustworthy entity (authentication center). They prove that the user ID and the public key belong together. The authenticity of a certificate can also be checked using the issuing authority's public key.
  • a newly entered or modified data record is checked for a correct signature as follows:
  • the integrity condition is triggered by an INSERT or UPDATE command.
  • the user ID is determined from the data record.
  • the digital signature is decrypted using the public key.
  • the fingerprint obtained from the digital signature and the user ID are compared with the fingerprint calculated in step 2 and the user ID entered in the data record. 7. If the components match, the transaction is accepted, in all other cases rejected.
  • the DBMS must offer a secure mechanism for integrity checking. Otherwise entries can be made without a correct signature.
  • the user ID is determined from the data record.
  • the digital signature is decrypted using the public key.
  • the fingerprint obtained from the digital signature and the user ID are compared with the fingerprint calculated in step 2 and the user ID entered in the data record.
  • the data record is authentic, i.e. no unauthorized modification has taken place.
  • At least one component of the data record must be able to be routed to the test function via a secure channel.
  • the result of the check must also be communicated to the user via a secure channel can.
  • the test unit contains the public key ⁇ a 'and the identifier u a of the certification body.
  • the attribute for the time stamp TS (if available) must be based on a trusted time base and program logic (trusted code).
  • a trustworthy entity is necessary for the certification of user ID u and public key K, 'so that a masquerade by another user u' can be prevented or avoided. can be recognized.
  • the secret key ⁇ 1 is only known to one user (or a user group) so that the authorized user cannot be denied (repudiation). Otherwise he can claim someone else had signed.
  • the encryption of the data can be carried out at different levels. Encryption on the disk, I / O or file system level only provides protection against theft of the disk or the backup copies, especially when using ent / server applications in network environments encryption at the lowest (physical) level does not provide effective protection
  • the best protection of confidentiality can be achieved with cryptographic procedures if the data has already been encrypted by the user or only then deciphered again there
  • the confidentiality of data records can be guaranteed by encrypting the information they contain. Only users who have the secret key K are able to interpret the information again in plain text.
  • the authorized users form a closed user group, so that other users with other privileges (e.g. system manager, DBA, network operator) can still not interpret the information.
  • other privileges e.g. system manager, DBA, network operator
  • Information M can be understood to mean all attributes of a data record (also including a time stamp, user ID and digital signature) or only individual attributes that need special protection.
  • administration eg adding an additional attribute
  • Another advantage of this approach is the optional encryption of attributes.
  • the data record does not have to be a whole, but the individual attributes can be encrypted as required (e.g. only the particularly sensitive data). In the following example, only the two attributes A and A 2 are stored encrypted in the data record.
  • the remaining attributes A 3 . , , A N are saved in plain text.
  • the table contents of a database can be encrypted with a single key K. Every user who has this key has access to the plain text space. All other users can at most gain insight into the ciphertext space.
  • the key K- is encrypted with the public key K, ⁇ of the user u, and an asymmetrical algorithm. Only the user u has the associated secret key ⁇ L and is therefore able to determine the key ⁇ ⁇ .
  • the user who distributes the inspection rights will, of course, also grant himself such rights so that he can later also access the corresponding data.
  • the method described has the advantage that there is no need to have a higher-level entity that manages the secret keys it for confidentiality protection.
  • Each user issues the keys themselves, i.e. anyone can be the issuing authority for inspection certificates.
  • the above-mentioned certificates can include the encrypted access key K-. and the user ID u A contain further details about the period of validity, the identifier of the issuing office and a signature of the issuing office.
  • the signature in the certificates has the advantage that counterfeits can be recognized immediately.
  • Encryption or electronic signing can e.g. with the so-called PGP program by Philip Zimmermann. This program was developed in the USA, is available on various platforms and is based on the following algorithms:
  • the program therefore offers ready-made procedures for confidentiality protection and authentication.
  • Both functions can be used in combination, so that confidentiality and authentication are guaranteed at the same time, by first signing the data with your own secret key and then encrypting it with the recipient's public key.
  • the steps are used in reverse for the recipient, by first decrypting the encrypted message with the secret key and then checking the authenticity with the public key. The steps are carried out automatically by PGP.
  • the symmetrical IDEA algorithm is used for the encryption of data, because symmetrical methods are many times faster than the asymmetrical ones.
  • the PGP generates a temporary key for encryption (invisible to the user) and uses it to encrypt the plain text.
  • the temporary key is encrypted asymmetrically with the recipient's public key and transmitted to the recipient together with the ciphertext.
  • the recipient uses his or her secret key to find the temporary key. With the temporary key and the fast symmetrical procedure, he finally restores the plain text.
  • the public keys are stored together with the user ID and a time stamp of the generation in public key certificates.
  • the secret keys are stored in secret key certificates.
  • Each secret key is also encrypted with a password so that the key cannot be used in the event of theft.
  • a key file, or key ring can include several certificates.
  • Public keyrings contain public key certificates and secret keyrings contain secret key certificates.
  • the keys are referenced in the PGP by a so-called key ID. This is an abbreviation of the public key, in which the last 64 bits are used for the key ID.
  • the key pair is derived from large real random numbers, so that the case can be excluded that two independent users generate the exact same key pair.
  • the random numbers are mainly derived from the time intervals between keystrokes when entering any text.
  • the typed text also influences the result, so that the same key should not always be printed
  • the integrity of a certificate can then be checked using the trustworthy public key. To do this, of course, you have to have the trustworthy public key and be assured that the key is not tampered with. The integrity could therefore be secured again with a different signature.
  • a public key may only be used if it bears the signature of a trusted person or comes directly from the user whom you trust.
  • a PGP signature also contains a time stamp, but you cannot rely on it because it is derived from the system time and the system time can of course be manipulated. Also included in the PGP signature is a key identification (key ID) k ⁇ With which the PGP program can independently select the correct public key ⁇ 'when checking a PGP signature.
  • the user enters the data in the individual attributes of the data record and closes the transaction.
  • the PGP program When the transaction is completed by the user, the PGP program first creates a fingerprint (message digest) from the entered data and the user ID using the MD5 algorithm. 3. The user releases the secret key Ki by means of a password (or an entire sentence).
  • the PGP program generates the signature using the RSA algorithm, the user's secret key and the fingerprint.
  • the database system enters the user ID of the user authenticated at the start of the session and the signature created in the data record and closes the transaction.
  • the secret key ⁇ A is stored encrypted in a file.
  • the key can be activated by entering the correct password or phrase.
  • the file should not be accessible to other users.
  • the corresponding public key of the user recorded in the data record is necessary for checking a digital signature.
  • the public key must be available in the form of a certificate.
  • certificates can either be issued by the individual users themselves (network structure) or issued by an independent, trustworthy entity (tree structure). The certificates prove that the user ID and the public key belong together.
  • the information in the data record is prepared together with the user ID and the fingerprint is calculated using the MD5 algorithm.
  • the key identifier k is extracted from the PGP signature.
  • the associated public key is determined from the corresponding certificate z ⁇ .
  • the digital signature is decrypted with the public key and compared with the fingerprint calculated in step 1.
  • the data record is authentic, i.e. there has been no unauthorized modification of data and user ID.
  • At least one component of the data record (information or signature) must be routed to the PGP program via a secure channel.
  • the result of the check must also be able to be communicated to the user via a secure channel.
  • the data exchange with the PGP program takes place either via files or pipes.
  • the way is selected via files.
  • PGP offers the possibility to create a separate file for the signature during the signing process (with the option -b). If the user wants to sign the file ⁇ file name> with the identifier ⁇ user_id>, the command is:
  • the password When executing the command, the password is requested by the user in order to be able to activate the encrypted secret key.
  • the password is allowed by the user not to be given out of hand, otherwise another user along with access to secrxng. pgp can sign on his behalf.
  • the signature file is named ⁇ filename>. saved.
  • a file with the data to be signed is created.
  • the specifications + batchmode and + force do not cause any interactive queries from the PGP program and the return of the result in the exit status. Such an o signifies a successfully created signature file.
  • the content of the signature file can then be inserted into the corresponding data record by the database application.
  • the database application provides the two files (data and signature) with the corresponding content.
  • the user data is stored in the file ⁇ file name> together with the user ID of the data record and in the file ⁇ file name>.
  • the signature is provided.
  • the command options + batch ode and + force in turn suppress interactive queries during execution and return the result in the exit status of the PGP program.
  • a return value of o is a positive check, ie the two files are unchanged and signed by the specified user.
  • a local installation of the PGP program is used on the local PC (or workstation) for the signing of data records.
  • a user's secret key is stored on a personal write-protected floppy disk (floppy disk key) together with the public key of the issuing office.
  • a user logs on to the database server by the local workstation (PC) receiving a random message from the server.
  • the random message is sent back encrypted to the server using the local PGP program and the secret key. This can use the public key to check the authenticity of the user.
  • the user signs data records with the locally installed PGP program by pushing the write-protected floppy disk key (floppy disk with the secret key) into the drive and typing in the password. After signing, the diskette key is removed from the drive. Data records in the database are checked for authenticity using the PGP program installed on the server. All public keys on the server have been certified (signed) by the issuing authority. The certificate can be checked by any user with the issuing authority's public key. This is also included on the personal floppy key and thus protected against manipulation. An attacker would therefore have to manipulate as many diskette keys as possible to undermine the effectiveness of the system.
  • the issuing office determines the user ID, among other things , based on guidelines and generates a key pair (K, K ') a for itself.
  • the public key is signed according to
  • the issuing office is now ready to sign the users' public keys, i.e. Certificates Z to issue for their public keys.
  • a new user generates a key pair locally ( ⁇ , K ') ..
  • the user ID u chooses according to the specifications of the issuing office.
  • the pair of keys is stored on a diskette (the key diskette) and the public key K, ⁇ is signed by the user himself.
  • the issuing authority verifies the signature of the user and then issues a certificate for x for the public key K, 'and u the associated user ID. out. 4. The issuing authority makes the certificate z available to other users on the server system-wide (read-only access).
  • the issuing office provides the user with a personal copy of their signed public key z a .
  • the user copies a to the key diskette and activates the write protection.
  • the floppy disk key and the drive are comparable to a smart card and the associated reader. Just as the smart card is activated with a password, the floppy key is also activated. The difference is that with this solution the secret key is exposed in the main memory of the local workstation. With the smart card, the secret key never leaves the card.
  • a separate crypto process is provided to sign data records and to check the authenticity of existing signatures.
  • the signing process is preferably carried out in a smart card. This protects the secret key very effectively (the key never leaves the card) and the owner always has the card under his supervision.
  • the verification of signatures can easily remain on a more powerful platform (workstation) because this process is not critical in terms of security.
  • the only critical point is the issuer's public key for verifying user certificates. This key should also be stored in the smart card by every user in order to prevent masquerades.
  • the user certificates can be managed in the same database. However, this does not have to be the case, because it would also be possible to have the certificates in an external unit
  • authentication servers e.g. separate database, X.500 directory service or authentication server
  • authentication servers would also identify and authenticate users (using a password, token or biometric method).
  • the invention can be used in any database.
  • object-oriented and relational databases which are known per se, should be mentioned.
  • Object-oriented database systems not only offer the advantages of object-oriented programming, but are also more flexible with regard to the implementation of the method according to the invention.
  • Relational database systems are significantly more standardized and therefore restrict the possible solutions.
  • the entries of user data in the database are provided with a digital signature. In the event of later access, the authenticity of the entry and the user ID can be reliably checked.
  • the cryptographic part can be covered by the PGP program, whereby the encryption function also contained in the PGP program does not have to be used. Only the functions for key generation and management as well as for the authentication of data are used.
  • RSA is generally considered secure if sufficiently large keys (512 bits are considered unsafe) are used. Security is based on the difficulty of breaking down large integers. However, enormous progress has been made in this area recently. RSA is very susceptible to "chosen plaintext attacks". When used for signing purposes this danger does not arise because a cryptographic hash function (MD5) is interposed.
  • MD5 cryptographic hash function
  • MD5 is a safe hash function and generates a hash value of 128 bit length from any character string.
  • a hierarchical trust structure makes sense for a database and can be easily mapped.
  • the public key of the issuing office must be communicated via a secure channel (e.g. personal handover) and protected against manipulation (e.g. personal floppy disk with write protection).
  • the configuration for a client / server environment has the following features:
  • a local installation of the PGP program is used on the PC (or workstation) for the signing of data records.
  • the local application part (client) communicates with the locally installed PGP program.
  • a user's secret key is stored on a personal read-only diskette (diskette key) together with the public key of the issuing office.
  • diskette key diskette key
  • the server application communicates with the PGP program installed on the server.
  • a user logs on to the database server by the local workstation (PC) receiving a random message from the server.
  • the random message is sent back encrypted to the server using the local PGP program and the secret key. This can use the public key to check the authenticity of the user.
  • the user signs data records with the locally installed PGP program by pushing the read-only floppy disk key (floppy disk with the secret key) into the drive and typing in the password. After signing, the diskette key is removed from the drive.
  • the read-only floppy disk key floppy disk with the secret key
  • Data records in the database are checked for authenticity using the PGP program installed on the server. All public keys on the server have been certified (signed) by the issuing authority. The certificate can be checked by any user with the issuing authority's public key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé pour la gestion protégée de données dans une banque de données, dans lequel des ensembles de données sont dotés, lors de leur création ou de leur modification, d'un indicatif utilisateur (Ui) et d'une signature électronique (C) codant aussi bien les données que l'indicatif utilisateur. Pour l'établissement de cette signature électronique (C), les données (M), conjointement avec l'indicatif utilisateur (Ui), sont tout d'abord réduites à une séquence binaire (H) de longueur prédéterminée, à l'aide d'une fonction de hachage (HF), pour être ensuite codées avec un procédé de chiffrement électronique (de préférence asymétrique).
EP97945716A 1996-12-12 1997-12-11 Procede pour la memorisation protegee electroniquement de donnees dans une banque de donnees Withdrawn EP0947072A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CH304796 1996-12-12
CH304796 1996-12-12
PCT/CH1997/000462 WO1998026537A1 (fr) 1996-12-12 1997-12-11 Procede pour la memorisation protegee electroniquement de donnees dans une banque de donnees

Publications (1)

Publication Number Publication Date
EP0947072A1 true EP0947072A1 (fr) 1999-10-06

Family

ID=4247425

Family Applications (1)

Application Number Title Priority Date Filing Date
EP97945716A Withdrawn EP0947072A1 (fr) 1996-12-12 1997-12-11 Procede pour la memorisation protegee electroniquement de donnees dans une banque de donnees

Country Status (2)

Country Link
EP (1) EP0947072A1 (fr)
WO (1) WO1998026537A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6101603A (en) * 1997-05-21 2000-08-08 At&T Corporation System and method for using a second resource to store a data element from a first resource in a first-in last-out stack
DE19925910B4 (de) * 1999-06-07 2005-04-28 Siemens Ag Verfahren zum Be- oder Verarbeiten von Daten
US6675152B1 (en) 2000-09-13 2004-01-06 Igt Transaction signature
DE10136608B4 (de) 2001-07-16 2005-12-08 Francotyp-Postalia Ag & Co. Kg Verfahren und System zur Echtzeitaufzeichnung mit Sicherheitsmodul
FR2839594B1 (fr) * 2002-05-10 2004-07-30 Radio Systemes Ingenierie Procede de transmission radiofrequence securisee et systeme mettant en oeuvre ce procede
DE10343369A1 (de) * 2003-09-17 2005-05-04 Francotyp Postalia Ag Verfahren zum Zuordnen von Identifikationen zu Informationen

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2596177B1 (fr) * 1986-03-19 1992-01-17 Infoscript Procede et dispositif de sauvegarde qualitative de donnees numerisees
US5005200A (en) * 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
EP1691316A1 (fr) * 1994-10-27 2006-08-16 Intarsia Software LLC Système d'administration des droits de reproduction

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9826537A1 *

Also Published As

Publication number Publication date
WO1998026537A1 (fr) 1998-06-18

Similar Documents

Publication Publication Date Title
DE69724947T2 (de) Rechnersystem und Verfahren zur Sicherung einer Datei
DE69819485T2 (de) Verfahren und vorrichtung zur sicheren verarbeitung kryptographischer schlüssel
DE69725833T2 (de) Gesicherte zweiteilige Benutzer-Authentifizierung in einem Rechnernetz
DE60023705T2 (de) Sichere verteilung und schutz einer schlüsselinformation
DE69534757T2 (de) System und Verfahren zur sicheren Speicherung und Verteilung von Daten unter Verwendung digitaler Unterschriften
DE69724235T2 (de) Computersystem und Verfahren zum Schutz von Software
DE69704684T2 (de) Vorrichtung und Verfahren zur Authentifizierung von Zugangsrechten eines Benutzers zu Betriebsmitteln nach dem Challenge-Response-Prinzip
DE69635143T2 (de) Verfahren und Vorrichtung zur Erzeugung und Verwaltung eines privaten Schlüssels in einem kryptografischen System mit öffentlichem Schlüssel
EP1946481B1 (fr) Dispositif de réalisation d une signature électronique améliorée d un document électronique
DE69727198T2 (de) Durchführen digitaler Unterschriften für Datenströme und Archive
DE60117598T2 (de) Sichere transaktionen mit passiven speichermedien
DE69736310T2 (de) Erzeugung und Verteilung digitaler Dokumente
DE69629857T2 (de) Datenkommunikationssystem unter Verwendung öffentlicher Schlüssel
EP1214812B1 (fr) Procede pour proteger des donnees
EP1410128A1 (fr) Dispositif de traitement de donnees
DE19827659A1 (de) Systeme und Verfahren zum Speichern von Daten und zum Schützen der Daten gegen einen nichtauthorisierten Zugriff
DE60022320T2 (de) Verfahren zur überprüfung einer unterschrift von einer nachricht
DE112005001654T5 (de) Verfahren zum Übermitteln von Direct-Proof-Privatschlüsseln an Geräte mittels einer Verteilungs-CD
DE10233297A1 (de) Vorrichtung zur digitalen Signatur eines elektronischen Dokuments
DE19959764A1 (de) Verbesserte digitale Signatur
EP0947072A1 (fr) Procede pour la memorisation protegee electroniquement de donnees dans une banque de donnees
DE102020118716A1 (de) Verfahren zur sicheren Durchführung einer Fernsignatur sowie Sicherheitssystem
EP2044547A1 (fr) Procédé de production de données d'accès pour un appareil médical
WO2022120400A1 (fr) Procédé de migration d'une application informatique
EP1362272B1 (fr) Procede et configuration pour un systeme de tickets d'habilitation visant a augmenter la securite lors du controle d'acces a des ressources informatiques

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19990525

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH DE ES FI FR GB IE IT LI NL SE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20030701