EP1104607A1 - Verfahren und vorrichtung zur authentifizierung mit hilfe eines symmetrischen algorithmus - Google Patents

Verfahren und vorrichtung zur authentifizierung mit hilfe eines symmetrischen algorithmus

Info

Publication number
EP1104607A1
EP1104607A1 EP99936740A EP99936740A EP1104607A1 EP 1104607 A1 EP1104607 A1 EP 1104607A1 EP 99936740 A EP99936740 A EP 99936740A EP 99936740 A EP99936740 A EP 99936740A EP 1104607 A1 EP1104607 A1 EP 1104607A1
Authority
EP
European Patent Office
Prior art keywords
xor
faire
secret key
array
alg
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99936740A
Other languages
English (en)
French (fr)
Inventor
Ludovic Rousseau
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS France SA
Original Assignee
Gemplus SCA
Gemplus Card International SA
Gemplus SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemplus SCA, Gemplus Card International SA, Gemplus SA filed Critical Gemplus SCA
Publication of EP1104607A1 publication Critical patent/EP1104607A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Definitions

  • the present invention relates to an authentication method using a symmetric algorithm having the main characteristic that, each time two parts are authenticated, commonly called A and B, a cryptographic calculation with a variable key, called K ', is carried out.
  • the invention relates more precisely to the cryptographic calculations cited above during an authentication of the two parties, called A and B, independent of each other in the context of data exchange.
  • This can be between a PC and a server, a reader and a server, a smart card and a smart card reader such as, for example, a cash dispenser when using a credit card.
  • chip called A by a user who, wishing to obtain a few banknotes, goes to a place with an ATM, called B.
  • the two parts A and / or B can be considered as a smart card and / or a reader.
  • A who has a secret key K, chooses a random R or random number also called a message.
  • A sends this hazard R to B, which also has the same secret key K.
  • r is the result of the encryption of the message R with the algorithm ALG and the secret key K.
  • the algorithm called ALG is a symmetric encryption algorithm. This can be the DES (Data Encryption Message), the triple DES, the IDEA, etc.
  • the authentication of B by A is carried out in this way.
  • this operation is not sufficient because it is vulnerable to current measurements and therefore to attacks by a possible hacker.
  • An attacker, or hacker measures the electrical current consumption of the chip. According to the curve obtained, it can deduce information on the operations and the data used by the processor. In order to make precise measurements, the attacker must make several measurements and filter them.
  • the hacker To obtain a relevant measurement, the hacker must perform several measurements and filter them to extract the relevant information. Due to the use of the same constant key K, all the measurements use the same key K and therefore the filtering result is characteristic of the key K.
  • the invention proposes a first feature which consists of a brief modification which is carried out in the formula for calculating r ′ of the authentication protocol which is the subject of the invention.
  • Part A which has the secret key K, sends a random number chosen randomly] _, to part B.
  • the latter also has the same secret key K.
  • B chooses a random number R2, then calculates the number K ', which is also a secret key from the following formula:
  • the impossibility of attack to date stems from the fact that, since K ′ changes with each authentication, the current consumption of the calculation of r and r ′ is different with each execution of the authentication. However, the calculation of K 'remains vulnerable to attacks in current consumption.
  • the invention therefore provides a second feature not related to the first described above, concerning the calculation of K '.
  • K k ⁇ _ xor k2 xor ... xor k n .
  • a first table k called below in the description by k [], is used; this table contains the values of the n under keys kj_.
  • the first step, or step a consists in that as long as there remains an element of the array a_ette [] at the value "T", then a random number i, between 1 and n, is chosen.
  • step b is the equality test of the element i of the array a_excellent [] and the value "T”, called below in the description and in the figure.
  • step b If the equality test in step b is false, then the calculation system returns to the first step, or step a.
  • This algorithm is not in constant time because it is possible to execute more loops than there are sub-keys k-j_.
  • the invention also relates to an authentication system with a symmetric encryption algorithm between two entities or parts A and B, having the same secret key K, which implements the method described above.
  • n number of sub-keys
  • n ⁇ 2 number of sub-keys
  • the initialization remains identical to the general case described above; it is mentioned in FIG. 2 by the reference A or 10.
  • the algorithm loop is performed as follows:
  • the probability of putting at the value "F” the two elements of the array a_ttle [] in two loops or tests is equal to half, or 1/2.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)
EP99936740A 1998-08-17 1999-08-16 Verfahren und vorrichtung zur authentifizierung mit hilfe eines symmetrischen algorithmus Withdrawn EP1104607A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR9810591 1998-08-17
FR9810591A FR2782431B1 (fr) 1998-08-17 1998-08-17 Procede et dispositif d'authentification a algorithme symetrique
PCT/FR1999/001995 WO2000010287A1 (fr) 1998-08-17 1999-08-16 Procede et dispositif d'authentification a algorithme symetrique

Publications (1)

Publication Number Publication Date
EP1104607A1 true EP1104607A1 (de) 2001-06-06

Family

ID=9529804

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99936740A Withdrawn EP1104607A1 (de) 1998-08-17 1999-08-16 Verfahren und vorrichtung zur authentifizierung mit hilfe eines symmetrischen algorithmus

Country Status (7)

Country Link
EP (1) EP1104607A1 (de)
JP (1) JP2002523923A (de)
CN (1) CN1323478A (de)
AU (1) AU5173199A (de)
FR (1) FR2782431B1 (de)
MX (1) MXPA01001783A (de)
WO (1) WO2000010287A1 (de)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2804524B1 (fr) * 2000-01-31 2002-04-19 Oberthur Card Systems Sas Procede d'execution d'un protocole cryptographique entre deux entites electroniques
FR2819079B1 (fr) * 2000-12-29 2003-02-14 Gemplus Card Int Procede de protection contre les attaques par mesure de courant ou de rayonnement electromagnetique
FR2819078B1 (fr) * 2000-12-29 2003-02-14 Gemplus Card Int Procede de protection contre les attaques par mesure de courant ou par mesure de rayonnement electromagnetique
US6950517B2 (en) * 2002-07-24 2005-09-27 Qualcomm, Inc. Efficient encryption and authentication for data processing systems
CN1684411B (zh) * 2004-04-13 2010-04-28 华为技术有限公司 一种验证移动终端用户合法性的方法
CN100364262C (zh) * 2004-08-04 2008-01-23 中国联合通信有限公司 一种用于ev-do网络的接入鉴权方法及装置
US7401222B2 (en) * 2004-12-16 2008-07-15 Xerox Corporation Method of authentication of memory device and device therefor
CN100405395C (zh) * 2005-03-22 2008-07-23 刘普合 商品复合防伪码与对称验证防伪方法
CN1863042B (zh) * 2005-12-13 2011-05-04 华为技术有限公司 对信息进行加解密的方法
CN102411692B (zh) * 2010-09-25 2015-07-01 中国移动通信有限公司 一种运行终端的方法、系统及设备
CN101997880A (zh) * 2010-12-01 2011-03-30 湖南智源信息网络技术开发有限公司 一种用于网络页面或接口的安全验证方法及其装置
CN102014136B (zh) * 2010-12-13 2013-03-06 南京邮电大学 基于随机握手的p2p网络安全通信方法
FR2974694B1 (fr) * 2011-04-27 2013-05-31 Peugeot Citroen Automobiles Sa Procede d'echange securise de messages cryptes symetriquement
CZ2022127A3 (cs) * 2022-03-17 2023-05-17 Jan Topol Způsob čištění komunálních odpadních vod a zařízení k provádění způsobu

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2530053B1 (fr) * 1982-07-08 1986-04-25 Bull Sa Procede pour certifier la provenance d'au moins une information enregistree dans une memoire d'un premier dispositif electronique et transmise a un deuxieme dispositif electronique, et systeme pour la mise en oeuvre d'un tel procede
FR2612315A1 (fr) * 1987-03-13 1988-09-16 Trt Telecom Radio Electr Procede pour simultanement lire a distance et certifier une information presente dans une memoire d'un support electronique
JP2531354B2 (ja) * 1993-06-29 1996-09-04 日本電気株式会社 認証方式
FR2738972B1 (fr) * 1995-09-15 1997-11-28 Thomson Multimedia Sa Procede de mise en gage de donnees pour un protocole d'echange de donnees securise
DE19716111A1 (de) * 1997-04-17 1998-10-22 Giesecke & Devrient Gmbh Verfahren zur gegenseitigen Authentifizierung zweier Einheiten

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0010287A1 *

Also Published As

Publication number Publication date
AU5173199A (en) 2000-03-06
WO2000010287A1 (fr) 2000-02-24
FR2782431B1 (fr) 2000-09-29
CN1323478A (zh) 2001-11-21
JP2002523923A (ja) 2002-07-30
FR2782431A1 (fr) 2000-02-18
MXPA01001783A (es) 2002-07-22

Similar Documents

Publication Publication Date Title
EP1529369B1 (de) Vorrichtung zum gesicherten datenaustausch zwischen zwei vorrichtungen
EP1104607A1 (de) Verfahren und vorrichtung zur authentifizierung mit hilfe eines symmetrischen algorithmus
FR2689264A1 (fr) Procédé d'authentification accompli entre une carte à circuit intégré et une unité terminale et système prévu dans ce but.
WO2009019298A1 (fr) Système d'information et procédé d'identification par un serveur d'application d'un utilisateur
EP0756398B1 (de) System und Verfahren zur Kommunikation von verschlüsselten Nachrichten unter Verwendung von RSA mit modularer Reduktion für schnelle Entschlüsselung
EP3991381B1 (de) Verfahren und system zur erzeugung von chiffrierschlüsseln für transaktions- oder verbindungsdaten
EP1119940B1 (de) Gegenmassnahmenverfahren in einem elektronischen bauelement. das ein algorithmus mit einem privaten sclhüssel verwendet
EP1119939B1 (de) Gegenmassnahmenvorrichtung in einem elktronischen bauteil um einen krypto-algorithmus mit geheimschlüssel durch zu führen
CA2613884C (fr) Procede pour disposer d'un lien de communication securise entre un utilisateur et une entite
EP3035583A1 (de) Kommunikationsvorrichtung und -system, Datenverarbeitungsverfahren und Methode zum gesicherten Datenaustausch
EP1125394B1 (de) Gegenmassnahmenvorrichtung in einem elktronischen bauteil um einen krypto-algorithmus mit geheimschlüssel durchzuführen
EP1180260B1 (de) Gegenmassnahmeverfahren in einer geheimen und dynamischen verschlüsselungsalgorithmus auführenden elektronischen schaltung
WO2003055134A9 (fr) Procede cryptographique permettant de repartir la charge entre plusieurs entites et dispositifs pour mettre en oeuvre ce procede
EP3842970B1 (de) Verfahren zur überprüfung des passworts eines dongles, entsprechendes computerprogramm, benutzerendgerät und entsprechender dongle
FR2830146A1 (fr) Procede de mise en oeuvre, dans un composant electronique, d'un algorithme de cryptographie et composant correspondant
FR3086417A1 (fr) Procede cryptographique de comparaison securisee de deux donnees secretes x et y
WO2010106042A1 (fr) Procédé de production de données de sécurisation, dispositif et programme d'ordinateur correspondant
EP3526946A1 (de) Verschlüsselungsverfahren, entschlüsselungsverfahren, vorrichtung und entsprechendes computerprogramm
EP4246880A1 (de) Schutz eines geheimschlüssels
EP4396716A1 (de) Verfahren zur bereitstellung eines computerimplementierten dienstes in einer blockchain und entsprechender blockchain-netzwerkknoten und computerprogramm
EP4070502A1 (de) Verfahren zur ko-erzeugung eines gemeinsamen kryptografischen materials, vorrichtungen, system und entsprechendes computerprogramm
WO2002003338A1 (fr) Procede et systeme pour limiter la possibilite de transformation de donnees destinees a constituer, notamment, des jetons de pre-paiement
WO2008081151A2 (fr) Procede de signature de liste anonyme et correlable
WO2008017765A1 (fr) Systeme et procede cryptographique a cle publique
WO2003023606A1 (fr) Procede pour le calcul d'une exponentiation dans un groupe et son application a l'authentification d'un utilisateur

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20010319

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

17Q First examination report despatched

Effective date: 20040504

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: GEMALTO SA

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

RTI1 Title (correction)

Free format text: METHOD FOR AUTHENTICATING WITH SYMMETRICAL ALGORITHM

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20110414