Classifications

• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0833—Card having specific functional components
  • G07F7/084—Additional components relating to data transfer and storing, e.g. error detection, self-diagnosis
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/82—Protecting input, output or interconnection devices
  • G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/346—Cards serving only as information carrier of service
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
  • H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Definitions

• Access to networks is not only through a computer, but also, and increasingly, through a mobile phone that allows transmit data (transmission / reception of data, access to the Internet ).
• the problem is no longer only to protect a computer, but also to protect a mobile phone and more generally what we will call hereinafter a device for processing and / or transmitting information, or more briefly a host device, or simply a device, when no ambiguity is to be feared.
• This expression will include computers and mobile phones, but its meaning will not be limited to these two types of equipment.
• this term will include computer and / or telephone networks, but will not be limited to these two types of networks .
• parental control functionalities are more and more necessary with the deployment of mobile telephones allowing access to the Internet and which may allow a young adolescent to access pornographic sites.
• Each particular aspect of security requires the implementation of a specific functionality (antivirus, parental control, firewall, encryption or authentication tools,).
• Many products, hardware or software, make it possible to carry out each of these functionalities.
• securing a network is a complex problem which is not always resolved in a way that is best suited to the needs and wishes of users, in particular when we are content to juxtapose software or hardware of various origins and sometimes incompatible with each other.
• network security is often provided centrally, and / or by purely software solutions.
• the invention which is the subject of this patent aims to provide personal security at the level of the user. end, including of the nomadic user, and this without complex hardware or software installation.
• the invention is made possible by developments in technology.
• new standards have gradually imposed themselves in order to allow easy connection of the most varied peripherals.
• a peripheral can be directly powered by the host device, and therefore does not require an external source of electrical power, nor a power cable.
• USB standard Universal Serial Bus
• the connection is made to a socket located on the host computer and called the USB port.
• the correspondent of this technology on Apple machines is FireWire® technology (IEEE 1394 standard). In the following, we will designate this type of socket under the general name of self-powered port.
• the present invention relates to a security box, connectable to a device for processing and / or transmitting information, in particular via a self-powered port or via a wireless connection.
• This safety box is small enough to fit in a pocket and can therefore be very easily carried by the user.
• the configuration of the enclosure specifies which functionalities are effectively ensured, and specifies the manner in which these are implemented.
• the present invention makes it possible to ensure a conventional firewall functionality (in English Firewall) authorizing or prohibiting certain data transfers according to one or more rules defining a security policy.
• the present invention provides parental control functionality, allowing only communications with authorized sites to pass and blocking all data from prohibited sites or any request to prohibited sites.
• the present invention makes it possible to provide a functionality, known as Antispam, making it possible to block unwanted mail (such as advertising mail).
• the present invention makes it possible to set up and use secure communications tunnels (in English VPN, for Virtual Private Network) with one or more interlocutors, in particular through the implementation of protocols respecting IPSEC / IKE standards.
• the present invention makes it possible to provide antivirus functionality by blocking the transmission of the data exchanged when the presence of a virus has been detected in this data.
• the present invention makes it possible to provide content filtering functionality by performing an analysis of the data exchanged between the user and the network and blocking or not blocking the passage of this data according to the result of this analysis.
• the present invention makes it possible to encrypt and / or decrypt all or part of the data exchanged between the user and the network, in particular electronic mail.
• the security box must control all communications between the network and the device for processing and / or transmitting information. To do this, it is therefore necessary that all these communications are intercepted and that they pass through the security box.
• the processing carried out by the safety box includes a first analysis phase.
• the data can be blocked or transmitted, with or without modifications.
• an attempt to access a site will be blocked or transmitted depending on whether the site is considered to be authorized or prohibited.
• all or part of the data will be encrypted or decrypted, therefore modified.
• the text of the e-mail itself will be transmitted without modification (unless it must be encrypted or decrypted) on the other hand the attached attachment will be blocked and replaced by a message informing the user that transmission has been blocked due to the detection of a virus.
• the server located in the security box contains downloadable software and in particular the interception software.
• the interception software is then downloaded from this server, and installed on the host device.
• the interception software is uninstalled, and a mobile user can thus leave the host device in the state in which it will have found it.
• the software remains permanently resident and blocks communications when the box is disconnected. This variant is more particularly intended for domestic and family computers or mobile phones, in particular in the case where the security box provides a parental control functionality. Without this box, children do not have access to the network, and with the box, they only access authorized sites.
• the software remains permanently resident, but, when the security box is absent, the software lets all the data pass, transparently without intercepting or modifying them. If the nomadic user (the same or another) subsequently reuses the same host device, he will no longer have to download the interception software, which will resume the functions described above as soon as the presence of a security box is detected.
• strong user authentication may be required.
• the invention which is the subject of this patent further comprises one or more means of strong authentication, in particular a keyboard for entering an authentication code, and / or a memory card reader, and / or a feature reader biometric, in particular a fingerprint reader or a fundus reader, intended to authenticate the user.
• the invention comprises a keyboard intended to enter an authentication code
• this keyboard may comprise only a small number of keys and be integrated into the security box, in a similar manner to a mobile telephone keyboard.
• the authentication codes usually used, and considered to provide sufficient security, in particular for bank cards or mobile phones are 4-digit codes, offering 10,000 possibilities, on a 10-key keyboard. If we limit the number of keys on the keyboard to 6 keys (thus making it possible to miniaturize the invention), a 5-character code offers almost equivalent security (7776 possibilities), and a 6-character code offers much better security ( 46,656 possibilities). Similarly on a 4-key keyboard, a 7-character code (16,384 possibilities) offers better security than the current security of bank cards with 4-digit decimal code.
• the invention relates to a system intended to secure a data exchange via a device for processing and / or transmitting information, this device comprising a communication port.
• the system comprises a removable, ergonomically transportable security box connectable to the device for processing and / or transmitting information via this communication port.
• the security box comprises: processing means processing in particular the data exchanged with a view to carrying out the analysis thereof, and, depending on the result of this analysis, blocking or not their passage and / or modifying them or not, - Data transfer means between the device for processing and / or transmitting information and the security box.
• the information processing and / or transmission device further comprises a software module for intercepting the data exchanged, this software interception module transferring all of this data to the security box.
• the system comprises transmission means making it possible to transmit, after processing, this data from the security box to the device for processing and / or transmitting information with a view to use or transmission. It results from the combination of the technical features of the invention that all the data exchanged are thus transferred, in their entirety, to the security box for analysis, and, depending on the result of this analysis, are blocked or no and / or modified or not.
• the device for processing and / or transmitting information is a computer.
• the device for processing and / or transmitting information is a telephone system, fixed or mobile, making it possible to transmit data.
• the interception software module comprises detection means making it possible to detect whether the security box is connected to the communication port of the device for processing and / or transmitting information and the software module d interception prevents the exchange of data exchanged when the security box is not connected to the communication port.
• the interception software module includes detection means making it possible to detect whether the security box is connected to the communication port of the device for processing and / or transmitting information and the interception software module lets the exchanged data circulate, without intercept or modify them, when the security box is not connected to the communication port.
• the communication port is a self-powered port, in particular a USB port or a FireWire® port conforming to the IEEE 1394 standard.
• the communication port is a communication port.
• wireless communication usually called “Wireless”
• Wi-Fi® Wireless Fidelity
• Bluetooth Wireless Fidelity
• the safety box comprises a battery intended for its electrical supply.
• the device for processing and / or transmitting information comprises an operating system which recognizes the security like a network card.
• the security box comprises on-board storage means making it possible to store the interception software module.
• the system which is the subject of the present invention then comprises downloading means making it possible to download the interception software module from the security box and intended for the device for processing and / or transmitting information.
• the security box comprises at least one coprocessor for accelerating arithmetic calculations.
• the security box has control and / or filtering the data flow and / or has encryption / decryption and / or random number generation functionalities for cryptographic applications.
• the security box includes processing means making it possible to carry out at least one of the following functionalities: firewall (firewall), parental control, Antispam, setting up and / or use of communication tunnels secure (VPN), antivirus, content filtering, encryption and / or decryption of all or part of the data exchanged, especially when they are used to transmit electronic mail.
• the system comprises first labeling means making it possible to mark by a first labeling the data exchanged by distinguishing those which have been processed by the processing means of the security box from those which have not been processed by these processing means.
• the data exchange is done according to the Ethernet protocol and the first labeling is carried out by assigning values to all or part of the two bytes of the Ethernet header called "Length / Type field" in the standard IEEE 802.3.
• the security box comprises configuration parameters and the information processing and / or transmission device uses control data and exchanges them with the security box. The control data used in particular to read, specify or modify the configuration parameters of the safety box.
• the system then comprises second labeling means making it possible to mark, by a second labeling, the control data by distinguishing those which come from the security box from those which are transmitted to the security box.
• the exchange of control data is done according to the Ethernet protocol, the second labeling being carried out by assigning values to all or part of the two bytes of the Ethernet header called "Length / Type field" in the IEEE 802.3 standard
• the system is intended for use by a user and comprises furthermore a keyboard, in particular a keyboard having a small number of keys, thus allowing the user to authenticate himself by entering an authentication code on this keyboard.
• the system is intended for use by a user and further comprises a memory card reader device thus allowing the user to authenticate himself using a memory card.
• the system is intended to be used by a user and further comprises a reader of biometric characteristics, in particular a reader of fingerprints or a fundus reader, intended for authenticating the user.
• the system comprises protocols implementing first cryptographic secret keys, in particular IPSEC / IKE protocols, making it possible to set up at least one secure communication tunnel
• the security box comprises a non-volatile memory in which these first cryptographic secret keys are stored.
• the system further comprises means intended to encrypt and / or decrypt, by means of second secret cryptographic keys, information stored on a computer storage means.
• the security box comprises a non-volatile memory in which these second secret cryptographic keys are stored.
• the invention also relates to a method having the object of securing a data exchange via a communication device. processing and / or transmission of information comprising a communication port and being connected via this communication port to a safety box, removable and ergonomically transportable.
• This process includes the following steps: - the step, for the device for processing and / or transmitting information, implementing an interception software module which intercepts all the data exchanged and transfers them to the security box, - the step, for the security box, to carry out a processing on this data, this processing consisting notably in carrying out the analysis of the data and, according to the result of this analysis, blocking or not their passage and / or to modify them or not, - the step, for the security unit to transfer, after processing, this data exchanged to the device for processing and / or transmitting information with a view to use or transmission .
• the device for processing and / or transmitting information is a computer.
• the device for processing and / or transmitting information is a telephone system, fixed or mobile, making it possible to transmit data.
• the method further comprises the step, for the interception software module, of detecting whether the security box is connected to the communication port of the device for processing and / or transmitting the information and prevent data flow exchanged, when the security box is not connected to the communication port.
• the method further comprises the step, for the interception software module, of detecting whether the security box is connected to the communication port of the processing and / or transmission device information and allow the exchanged data to circulate, without intercepting or modifying it, when the security box is not connected to the communication port.
• the method is such that the communication port is a self-powered port, in particular a USB port or a FireWire® port conforming to the IEEE 1394 standard.
• the method being such that the communication port is a wireless communication port (usually called "Wireless"), in particular a "Wi-Fi®” port conforming to the IEEE 802.11 b standard or a "Bluetooth" port.
• the security box comprises a battery intended for its electrical supply and the method further comprises the step of recharging this battery by connecting the security box to an external energy source, in particular an adapter. sector, or by connecting it to a self-powered port, in particular a USB port or a FireWire® port conforming to the IEEE 1394 standard, of a device for processing and / or transmitting information.
• the device for processing and / or transmitting information comprises an operating system and the method which is the subject of the present invention comprises the prior step, for this operating system, of recognize the security box as a network card.
• the method further comprises an initialization step consisting in storing the interception software module in the security box and the preliminary step, before implementation of this interception software module, download it to the information processing and / or transmission device from the security box.
• the processing carried out by the security box on the data exchanged comprises at least one of the following steps: the step of filtering the data exchanged by implementing a Firewall (firewall), the step, when the device for processing and / or transmitting the information is connected to a communication network, to filter the data exchanged by prohibiting communications with one or more sites accessible via this communication network, '' step of filtering the data exchanged in order to block all or part of incoming e-mails, - the step of generating random numbers for cryptographic and / or data flow control applications, - the step of setting up and / or use secure communication tunnels (VPN), - the step of detecting whether the data exchanged contains a computer virus, - the step of analyzing the data changed and
• VPN secure communication tunnels
• the method further comprises the step of marking by a first labeling the data exchanged in order to distinguish those which underwent the treatment from those which did not undergo it.
• the data is exchanged according to the Ethernet protocol, and the first labeling is carried out by assigning values to all or part of the two bytes of the Ethernet header called "Length / Type field "in the IEEE 802.3 standard.
• the security box comprises configuration parameters and the device for processing and / or transmitting the information comprises control data which it exchanges with the security box. This control data used in particular to read, specify or modify all or part of the configuration parameters of the security box.
• the method then further comprises the step of marking the control data by a second labeling, distinguishing those which come from the security box from those which are transmitted to the security box.
• the data is exchanged according to the Ethernet protocol, and the second labeling is carried out by assigning values to all or part of the two bytes of the Ethernet header called "Length / Type field "in the IEEE 802.3 standard.
• the method is further intended to take into account a user and further comprises the prior step, for this user, to authenticate by entering an authentication code on a keyboard, in particular on a keyboard with a small number of keys.
• the method is further intended to take into account a user and further comprises the prior step, for this user, to authenticate himself by presenting a memory card to a card reading device. with memory, in particular associated with the security box.
• the method is further intended to take into account a user and further comprises the prior step, for this user, to authenticate using a reader of biometric characteristics associated with the security box, in particular a fingerprint reader or a background reader.
• the method further comprises the step of setting up at least one secure communication tunnel (VPN) using protocols implementing first cryptographic secret keys, in particular the IPSEC / IKE.
• VPN secure communication tunnel
• the security box comprises a non-volatile memory and the method further comprises an initialization step consisting in storing the first cryptographic secret keys in this memory and a prior step consisting in reading these first cryptographic secret keys thus stored.
• the method, object of the present invention further comprises a step of encryption and / or decryption, by means of second secret cryptographic keys, of information stored on a storage means computer science ;
• the security box comprises a non-volatile memory and the method further comprises an initialization step consisting in storing the second cryptographic secret keys in this memory and a preliminary step consisting in reading these second cryptographic secret keys thus stored.
• FIG. 1 illustrates the system which is the subject of this patent.
• data is exchanged between a user and a communication network.
• User 2 uses a computer 4, a device for processing and / or transmitting information, which is connected on the one hand to a computer communication network 3 and on the other hand, via a communication port 5 to a security box 6 comprising processing means 7 and data transfer means 8.
• An interception software module 9, located in the computer 4 transfers the data exchanged 1 between the user 2 and the computer communication network 3 and redirects them to the safety box 6 for processing. After processing, the data exchanged 1 is retransmitted from the security box 6 to the computer 4 for use by the user 2 or for transfer to the computer communication network 3.
• the security box 6 further comprises a non-volatile memory 21 in which are stored the first cryptographic secret keys 19 and the second cryptographic secret keys 22 and a random access memory 24 for storing the encryption keys used to encrypt and decrypt communications between the user 2 and a correspondent 20
• the data exchanged 1 is marked by a first labeling 11
• Figure 2 illustrates the case where the safety box
• FIG. 3 illustrates the particular case where the security box 6 includes a coprocessor for accelerating arithmetic calculations 10, as well as a keyboard 15 having a small number of keys, allowing user 2 to authenticate by entering an authentication code on the keyboard 15 and a memory card reader 17 allowing user 2 to authenticate using a memory card.
• the system further comprises a reader of biometric characteristics 18, in particular a fingerprint reader or a fundus reader, intended to authenticate the user 2.
• FIG. 4 illustrates the case where the box security 6 includes on-board storage means 25 for storing the interception software module 9 and the system comprises download means 27 for downloading this interception software module 9 from the security box 6 to the computer 4.
• FIG. 5 illustrates the case where the security box 6 further comprises means 26 intended to encrypt and / or decrypt, by means of the second cryptographic secret keys 22, information stored on a computer storage means 23.
• a user 2 uses a computer 4 which has been provisionally made available to him, this computer 4 being connected to a computer communication network 3.
• the user 2 wishes to connect to this computer communication network 3 in order to exchange, confidential, data 1, files and / or electronic mail, with at least one correspondent 20, this correspondent 20 being a server or another user connected on his side to the computer communication network 3.
• the user 2 carried in his pocket the security box 6 object of the present invention, which allows him to ensure his personal safety.
• the user 2 connects his security box 6 to the communication port 5 of the host computer 4.
• the security box 6 is then recognized by the computer 4 as a network card, giving access to a server.
• This server is, in fact, located in the security box 6.
• the user 2 connects via the computer 4 to this server and downloads from the security box 6 an interception software module 9 which is installed in the computer 4.
• the purpose of the interception software module 9 is to redirect all the data 1 exchanged between the computer 4 and the computer communication network 3, so that they pass through the security box 6, in which they will be processed.
• This processing consists in particular of filtering and / or encryption / decryption of the data 1 coming from or going to the communication network 3.
• the data going to the communication network 3 are intercepted by the interception software module 9 which sends to security box 6 for processing. After this processing, the security box 6 sends them back to the computer 4 which redirects them to the computer communication network 3. With regard to reception, things happen in a similar fashion. Data from the communication network
• the exchanged data 1 are marked by a first labeling 11, in order, in particular, to distinguish those which are sent to the safety box 6 for processing and those which have already been processed by this box 6.
• the communications are made according to the Ethernet protocol.
• the data exchanged 1 is then encapsulated in data packets, comprising, in addition to the data themselves, a header containing information on this data, the first labeling being carried out on the two bytes of the Ethernet header called "Length / Type field "in the IEEE 802.3 standard.
• communications between user 2 and a correspondent 20 are secured using the IPSEC / IKE protocol.
• This protocol sets up and uses a secure communication tunnel (in English VPN for Virtual Private Network) between the security box 6 and the correspondent 20.
• the implementation of the IPSEC / IKE protocol uses first cryptographic secret keys 19 which, in the case of one invention, had previously been stored in the non-volatile memory 21 of the security box 6.
• the establishment of the secure communication tunnel includes the definition of the encryption keys which will be used to encrypt and decrypt the communications between the two interlocutors, these encryption keys then advantageously being stored in a random access memory 24 located in the security box 6.
• this secure communication tunnel has been set up, the communications between the user 2 and his correspondent 20 are encrypted before being sent over the computer communication network 3 and decrypted on arrival.
• this encryption and this decryption are provided by the security box 6, object of the present invention, and this in a completely transparent manner for the user 2.
• the security box 6 object of the present invention, and this in a completely transparent manner for the user 2.
• the latter then implements various security functionalities, including a possible encryption and decryption of the data exchanged 1, but also, in particular embodiments, if desired, virus detection and / or data filtering in order to eliminate unwanted data, in particular non-e-mail solicited or unsolicited advertising information.
• a data content control is performed within the security box, in particular for parental control purposes, to prevent a user from accessing data or information which is not desired. access.
• the security box 6 is configurable and its operation depends on configuration parameters 12 stored in this security box 6. The user has the possibility of modifying the configuration of this security box 6 by exchanging with him control data 13 serving in particular to read, specify or modify all or part of the configuration parameters 12 of the security box 6.
• control data 13 In order to locate the control data 13, these are marked by a second labeling 14, which makes it possible, in particular, to distinguish those which are sent to the security box 6 from those which come from this box 6.
• communications are carried out according to the Ethernet protocol.
• the control data 13 are then encapsulated in data packets, comprising, in addition to the data themselves, a header containing information on this data, the second labeling being carried out on the two bytes of the Ethernet header called "Length / Type field" in the IEEE 802.3 standard.
• a computer storage means 23 in particular a medium magnetic or optical (CDRom, ...), or to decrypt data stored in encrypted mode on this computer storage means 23.
• This storage means can be integrated in the host device, or be located near the host device to which it is connected by wire or wireless mode.
• the storage means is accessible via a communication network. The operation of the invention is then very similar to that which has been described in the previous examples detailing the case of communications with a computer communication network, the computer storage means 23 playing here a role similar to that of the computer communication network examples detailed previously.
• the interception software module 9 intercepts the data exchanged between the user 2 and the computer storage means 23, to make them pass through the security box 6.
• the security box 6 then encrypts or decrypts the data by means of seconds secret cryptographic keys 22 previously stored in the non-volatile memory 21 of the security box 6.
• the data are then retransmitted to the computer 4 which then redirects them to the computer storage means 23 or to the user 2
• the safety box is equipped with an autonomous electric power supply by battery, these batteries being able to be recharged from an external source (network electric, cigarette lighter socket in a car ...), and / or by connection with a self-powered port of a host device.
• the box has on the one hand a connection in wireless mode and on the other hand a possibility of connection to a self-powered port.
• the same safety box ergonomically transportable by the user, then has two operating modes. In one of these modes, it is connected by wireless communication to a host device such as a mobile telephone whose data exchanges it protects with the network, and it then operates on battery. In the other mode, it is connected by a self-powered port, in particular a USB port, to a host computer, and, while protecting data exchanges, it recharges its batteries via this self-powered port.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• General Physics & Mathematics (AREA)
• Computer Hardware Design (AREA)
• Computer Networks & Wireless Communication (AREA)
• Physics & Mathematics (AREA)
• Business, Economics & Management (AREA)
• Theoretical Computer Science (AREA)
• General Engineering & Computer Science (AREA)
• Computing Systems (AREA)
• Signal Processing (AREA)
• Accounting & Taxation (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Software Systems (AREA)
• Small-Scale Networks (AREA)
• Data Exchanges In Wide-Area Networks (AREA)
• Mobile Radio Communication Systems (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=34307548

Family Applications (1)

Country Status (3)

Families Citing this family (1)

Family Cites Families (3)

• 2003
  • 2003-09-30 FR FR0350626A patent/FR2860363B1/fr not_active Expired - Fee Related
• 2004
  • 2004-06-30 WO PCT/FR2004/050299 patent/WO2005034009A2/fr active Application Filing
  • 2004-06-30 EP EP04767861A patent/EP1673673A2/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events