EP2098039A1 - Procédé de transfert de messages codés - Google Patents

Procédé de transfert de messages codés

Info

Publication number
EP2098039A1
EP2098039A1 EP07845271A EP07845271A EP2098039A1 EP 2098039 A1 EP2098039 A1 EP 2098039A1 EP 07845271 A EP07845271 A EP 07845271A EP 07845271 A EP07845271 A EP 07845271A EP 2098039 A1 EP2098039 A1 EP 2098039A1
Authority
EP
European Patent Office
Prior art keywords
message
user
sub
authentication device
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07845271A
Other languages
German (de)
English (en)
Inventor
Richard Adolpf DITTRICH
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hofstadter Gernot
Original Assignee
Hofstadter Gernot
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hofstadter Gernot filed Critical Hofstadter Gernot
Publication of EP2098039A1 publication Critical patent/EP2098039A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Definitions

  • the invention relates to a method for transferring encrypted messages between at least two users, in particular cryptographic protocol, whereby the transaction of the messages takes place with the interposition of an authentication device which decrypts the messages received from the users and in turn sends in particular encrypted messages to the users.
  • the originator of the data or the sender of the message should be clearly identifiable and unable to deny his authorship, and thirdly It should be ensured that the data has not been altered without authorization after production.
  • the entirety of the cryptographic methods which ensure secure transport of a message from the sender to the recipient by means of encryption is called a cryptosystem, which mathematically consists of a message, a ciphertext, the key and functions for enciphering and deciphering.
  • the security of a cryptosystem usually depends on the size of the key space and the quality of the encryption function.
  • the cryptosystems used can be divided into symmetrical, asymmetrical and hybrid cryptosystems.
  • Symmetric cryptosystems are characterized in that the encryption key and the decryption key are equal or at least slightly derivable, while in asymmetric cryptosystems the algorithms used are chosen so that there is no trivial connection between an encryption key and the associated decryption key, so that it is not possible to close the encryption key directly on the deciphering key.
  • Hybrid cryptosystems seek to combine the benefits of symmetric and asymmetric systems, with message exchanges usually being performed by a fast symmetric method, while an asymmetric method is used to exchange the session key.
  • Symmetric cryptosystems adhere to the problem of key distribution, which is to make the communication partners a common, secret key accessible.
  • the key distribution problem does not exist with asymmetric encryption systems based on public-key encryption.
  • the principle of secret keys is completely turned upside down, as everyone knows or has the public key. However, only one person can read the message with the corresponding private key. That is, the sender encrypts with the recipient's pubiic key, which anyone can know. The recipient then decrypts with his secret private key.
  • Sender generates a signature with his private key, which he attaches to the document. This signature can be checked by the recipient with the public key to verify the authenticity of the sender.
  • a protocol which represents a clear and unequivocal instruction to the parties involved.
  • a protocol must be feasible, that is, if all participants comply with the specification, the desired result must be achieved.
  • the protocol should ensure correctness, that is, if a participant attempts to cheat, this attempt must be highly likely to be recognized
  • Diffie-Hellmann key exchange A commonly used protocol in the area of cryptography, in which two communication partners generate a secret conclusion), which only these two know, represents the so-called Diffie-Hellmann key exchange.
  • the key generated according to this principle is usually used to encrypted To transmit messages by means of a symmetric cryptosystem.
  • the Diffie-Hellmann key exchange is based on the idea that something is easy to do in one direction, but very difficult to do in the opposite direction. Mathematically In other words, the Diffie-Hellmann key exchange is based on a one-way function, whereby the task can only be solved with enormous computational effort, whereby an attacker, even with knowledge of the individual messages transmitted in unencrypted form, is not able to calculate the generated key.
  • the Diffie-Hellmann key exchange is no longer secure if an attacker manages to change data packets in a so-called man-in-the-middle attack.
  • Another well-known protocol for secure data exchange in a decentralized network is the Needham-Schroeder protocol, the key exchange and
  • Protocols are secure encryption algorithms with arbitrary keys that can not be broken by either cryptanalysis or exhaustive search, using both symmetric and asymmetric techniques.
  • both A and B each have a secret key with a so-called authentication server.
  • A sends in a first step a message to the authentication server, which subsequently inserts twice the session key into the reply sent back to A, once with the secret key of A. and once encrypted with B's secret key.
  • A sends the session key encrypted with B's secret key to B, so that ultimately both A and B are in possession of the session key assigned by the authentication server.
  • the problem of the previously known cryptosystems lies in the direct communication between the two users. While these messages are encrypted, if an attacker succeeds in gaining either the secret common key in symmetric methods or the private key in asymmetric methods, the attacker will be able to read the transmitted messages.
  • the invention has therefore set itself the task of specifying a novel method for transferring encrypted messages between at least two users, with which the above-described disadvantages can be avoided.
  • the method according to the invention achieves this object by the steps of: a) creating a message encrypted with a first key by a first user, b) sending this message to a second user, c) creating an encrypted first message encrypted with a further key second message by the second user, d) sending the second message to the authentication device, e) decrypting the second and the first message using the corresponding key by the authentication device, f) creating a third message by the authentication device with reference to the in the clear texts contained in decrypted messages, and g) sending the third message to the first user and / or the second user;
  • the encrypted message created by the first user has a
  • Transaction identification record preferably a transaction identification number, wherein the exchange of transaction information is limited to the direct connection between the user and the authentication device.
  • the decryption of the data can be performed only by the authentication device, according to another embodiment of the invention, the authentication device creates the transaction identification record and sends a message containing the transaction identification record to the user, this received transaction identification record in the from him to the second user integrated encrypted message to be sent.
  • the authentication device has an authentication server and a data server, wherein the authentication server creates one of the database entries assigned or assignable by the first user to the authentication device on the database server, wherein the transaction identification data record clearly identifies the database entry unambiguously assigned or can be assigned.
  • the creation of a database entry on a database server and the assignment of a transaction identification record to the created database entry allows the authentication device to receive the encrypted data received from the users
  • User transferred message next to the transaction identification record further, preferably includes dynamic transaction information.
  • the message can be provided by the first user for the purpose of encrypting the response Authentication device and / or the message from the authentication device to the first user before the transfer is at least partially encrypted (become).
  • the Needham Schroeder protocol in the method according to the invention, static identifications of the respective counterparty are neither known to a user nor are these exchanged between the users.
  • the transaction information is only passed from the authentication device to the first user, from the latter to the second user and from the second user to the authentication device, wherein each of the users adds own information to the obtained encrypted information, encrypts the whole packet, and sends this encrypted whole packet to the next one Forwarding the user who proceeds the same way.
  • the authentication device decrypts the received messages using the corresponding keys and compares, matches or combines the plain texts contained in the decrypted messages, before responding to the result of comparing, matching and combining the plaintext created referring message.
  • the method according to the invention achieves an increased security in data transfers in networks compared with the prior art.
  • a further exemplary embodiment of the invention provides for the authentication device, after comparing, matching or combining the plain texts contained in the decrypted messages, to set an action referring to the result of the comparison, matching or combining, and then to create a message referring to the set action.
  • users it is quite possible for users to transmit the same message but with different keys encrypted message about the set action.
  • increased security can be achieved if the authentication device creates a message intended for the first user and a message intended for the second user and sends it to the respective users, so that an attacker who possesses the shared secret key between the authentication device and a user, can only read the information intended for this user, but based on this information can not draw conclusions about the data transferred between the two users.
  • a preferred embodiment of the invention provides for the transfer of the messages over a network, preferably via the Internet.
  • At least one of the encrypted messages contains a clear text and a transaction identification data record as well as preferably further encrypted, preferably dynamic transaction information.
  • an embodiment of the invention provides that at least one user has at least one secret key with the authentication device, and it has proven to be advantageous if each user at least has a secret key with the authentication device. If this is the case, it has proven to be beneficial if the messages are transferred according to a symmetric cryptographic protocol.
  • the method according to the invention thus provides a method whose use leads to an absolutely secure cryptosystem, that is to say that the transferred data at no time contain enough information to be able to derive therefrom plain text or keys.
  • the method according to the invention provides, in addition to the hitherto single valid cryptosystem, the so-called one-time pad, a second absolutely secure cryptosystem, which is the Kerckhoff principle, according to which the security of a cryptosystem must not depend on the secrecy of the algorithm but is based only on the secrecy of the key, ideally fulfilled.
  • another embodiment of the invention provides for the key (s) is distributed between the user (s) and the authentication device by means of a mobile data carrier on which the key is stored and / or which is designed to generate the key (s), each user being respectively assigned a separate data carrier or data carrier . is assignable.
  • the mobile data carrier assigned to a user is designed to generate a plurality of preferably unique keys, the respective user having all the keys generated by the data carrier assigned to him together with the authentication device.
  • the method according to the invention can be used, for example, to ensure compensation for services rendered and goods deliveries, a so-called clearing process, and already uses generally used and tested encryption methods.
  • a so-called clearing process and already uses generally used and tested encryption methods.
  • the clearing process can essentially be structured into four sub-steps, namely a first step, in which the supplier deposits a claim against a customer with the authentication device stating the due date.
  • This claim includes the relevant elements of the compensation claim as delivery in units.
  • the customer confirms the demand for delivery of the units at a specific time, which may be a definite date of the future immediately.
  • the authentication device confirms the matching of the claim and blocks the units for the transfer until the agreed time, whereupon in step four the settlement, respectively the clearing of the claim, takes place at the agreed time.
  • the encryption device according to the invention is able to implement specific algorithms, so that the key, each per user, consists of a basic key supplemented with a dynamic key, is newly generated per encryption process and on this way is unique.
  • the hardware-based encryption device is formed by a mobile data carrier which has a memory unit, a computer unit for generating at least one preferably unique key and an interface, preferably a USB interface.
  • the encryption device may further be provided that it has a biometric access control device, wherein a preferred embodiment of the invention provides that the biometric access control device has a sensor for recognizing a fingerprint.
  • biometric access control device for verifying the user of the encryption device
  • biometric access control device it would also be conceivable to use the biometric feature of the user verified by the biometric access control device to generate the key.
  • a further aspect of the invention is the use of a USB stick, preferably with a fingerprint recognition function, as an encryption device in cryptography.
  • FIG. 2 shows the sequence of the embodiment of FIG. 1 in detail
  • FIG. 3 is a schematic diagram of an encryption device according to the invention.
  • Identifications of users A, B are unknown to the other user can still be transferred directly between the two users A and B.
  • all messages are encrypted transferred.
  • the data transfer is initiated by the user A, who in step 1, a message NAi, which includes an encrypted with the key SA 1 plaintext Ai, to the
  • Authentication device AE sends.
  • the user A receives in step 2 from the authentication device AE a message NAEi, the one
  • Transaction information T ⁇ " f includes. Subsequently, the user A completes the received message NAEi with own information A 2 for the transaction and encrypts the entire packet with the key SA 2 and in this way generates a message NA 2 .
  • This message NA 2 it sends in step 3 to the user B.
  • the user B supplements the received message NA 2 with his own information B 1 for the transaction, encrypts the entire packet with his key SB 1 and in this way generates the message NB 1 , which he then sends in step 4 to the authentication device AE.
  • the authentication device AE decrypts the received messages, compares the contained information that has been independently transferred by the user A and the user B, i. the authentication device AE takes the so-called
  • Message NAE 2 which contains a plaintext E A encrypted with the key SA 3
  • a message NAE 2 1 which contains a plaintext E B encrypted with the key SB 2 and sends these two messages according to step 5, 5 'to the respective users A and B.
  • the inventive method uses a SHA (Secure Hash Algorithm) with the Collision probability of approx. 1/10 80 . Furthermore, every file that is exchanged during a transfer process is signed by the respective sender.
  • SHA Secure Hash Algorithm
  • Users A, B have neither the ability nor the ability to decrypt the information of the other user A, B, since there is no key exchange between the users A, B but only an encrypted key transfer takes place.
  • the actual communication during the message transfer is based on XML data exchange via TCP / IP, wherein the communication between the users via a so-called Quired Secure Channel, such as HTTPS, is performed.
  • Quired Secure Channel such as HTTPS
  • the assurance that the keys that the users share with the authentication device is in fact secret and unique is ensured by the hardware encryption facility, which will be discussed in more detail below.
  • This encryption device can, for example, be made available to the two users A, B by the operator of the authentication device.
  • the hardware encryption device of one user has no direct communication connection to the network of the respective other user.
  • FIG. 3 shows a schematic diagram of the hardware-based encryption device 6 designed for the method according to the invention.
  • the user A, B creates the message to be transmitted by placing the information necessary for the data transfer in an in buffer 12, whereupon he receives the encrypted result in the out buffer 13. It is important that the user of the encryption device 6 does not have access to data and processes that run in the encryption device 6. For example, it can be provided as a further security feature that any attempted intervention or access to the protected area 11, which is located to the right of the dot-dashed line in FIG. 3, results in the destruction of all information.
  • the encryption device 6 has in addition to the protected area 11 via an interface 9, which is formed in the embodiment shown as a USB interface. Within the protected area 11 are a memory unit 7, a processor 8 and a biometric access control device 10.
  • the encryption device 6 is capable of implementing specific algorithms via software stored in the memory unit 7 and by means of the processor 8 the numbers necessary for the encryption process create.
  • the encryption device 6 appears in the connected system, which is formed for example by a PC, as a removable disk, wherein in the interface 9 of the
  • Encoder 6 arranged in-buffer 12 and the out-buffer 13 as
  • Data folders are visible.
  • the exchange of data with the encryption device 6 is ensured by file exchange in the corresponding folder.
  • the information necessary for the data transfer is filled into MXL files which are copied to the in-buffer 12 for encryption.
  • the encryption device 6 may further have a simple update mechanism that allows new or modified software to be imported and in this way the keys to be recalculated or new keys.
  • the fingerprint which is specific to each user, is stored on the encryption device 6 and available only in encrypted form. As part of the messages sent, the fingerprint is added to every encryption, or checked at each decryption.
  • the software that is necessary for the encryption, the calculation of the HASH and the identification of the fingerprint.
  • the release of the protected area 11 via a request replay mechanism which is called by the respective user A, B.
  • This can be connected to the input of a personal PIN, through which the software can only come into function.
  • This mechanism is independent of the I / O function of the encryption device 6 itself.
  • the necessary keys for the secure data transfer and the activation mechanism for the encryption programs which can run, for example, as a PIN check.
  • the general format of the messages that are created with the encryption device 6 is formed by a user ID, the text string of the information, a checksum about the information and the signature of the user, the communication between the users A, B and the authentication device AE generally based on web services, such as soap.
  • the information is exchanged via XML formats and can thus be interpreted equally by the users.
  • the information is transmitted in messages in the form of data packets, each of which is provided with a hash key and the fingerprint representing the signature.
  • the message exchange happens in encrypted form between the users.
  • step I the user A creates the plaintext A 1 , which he encrypts in step II with the key SA 1 and in this way generates the message NA 1 .
  • the message NA 1 is generated as described above by means of the encryption device 6 by writing the necessary information into the input buffer / in buffer 12 of the encryption device 6.
  • the user A then sends the encrypted message NA 1 to the authentication device AE, for example via a "transaction start request".
  • the authentication server AS of the authentication device AE receives the message NAi in step III, decrypts it according to step IV and starts the transaction sequence by the authentication server AS creating a new database entry DB on the data server DS of the authentication device AE (step V) and simultaneously in step VI for this transaction unique transaction identification record T
  • Step VII the authentication server AS generates a message NAE 1, in addition to the transaction identification record T
  • the user A receives this message NAEi in step VIII, wherein the encrypted transaction information Tm f for the user A is not readable.
  • step IX the user A supplements the received message in NAE 1 with own data A 2 for the transaction and encrypts this entire packet according to step X with the key SA 2 and thus generates the message NA 2 .
  • the user A transmits the message NA 2 to the user B, who receives this message according to step XI.
  • each encryption device 6 is unique in itself, the user B is not able to decrypt the message NA 2 received by the user A with his encryption device 6.
  • step XII Analogously to step IX, according to step XII, the user B supplements the received message NA 2 with his own information B 1 for the transaction and forwards the entire packet to his encryption device 6. As a result, the user receives a B in step XIII encrypted with the key SB 1 message NB 1 (step c)).
  • the user B transmits the message NB 1 to the authentication server AS by means of a "transaction confirmation."
  • the authentication server AS receives the message NB 1 according to step XIV and is the key SA 1 SB the authentication device AE together with the users A, B has, in a position to decrypt the received message NB 1 stepwise (step XV).
  • Step XVI it is possible for the authentication server AS to compare the information which was independently provided by the users A, B during the data transfer and to perform a so-called matching.
  • the authentication server AS after the matching according to method step e3), sets an action E referring to the result of the matching (step XVII). According to method step f), the authentication server AS subsequently creates in steps XVIII, XVIII 'a message NAE 2 for the user A which refers to the set action E and a message NAE 2 ' for the user B.
  • the authentication server now uses the reverse procedure and, according to method step g, returns to the user A and the user B encrypted individual transaction confirmations which are decrypted by the respective users A, B according to step XX, XX 'with the respective keys become.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé pour transférer des messages codés entre au moins deux utilisateurs, notamment un protocole cryptographique, les messages étant transférés par l'intermédiaire d'un dispositif d'authentification qui décode les messages reçus par les utilisateurs et envoie à nouveau des messages codés aux utilisateurs, le procédé comprenant les étapes suivantes : a1) envoi d'un message (NA<SUB>1</SUB>) par un utilisateur (A) au dispositif d'authentification (AE); a2) création d'un enregistrement d'identification de transaction (T<SUB>ID</SUB>) par le dispositif d'authentification (AE); a3) envoi d'un message (NAE<SUB>1</SUB>) contenant l'enregistrement d'identification de transaction (T<SUB>ID</SUB>) par le dispositif d'authentification (AE) à l'utilisateur (A); a4) création d'un message (NA<SUB>2</SUB>) contenant l'enregistrement d'identification de transaction (T<SUB>ID</SUB>) et codé au moyen d'une clé (SA<SUB>2</SUB>) par l'utilisateur (A); h) envoi du message (NA<SUB>2</SUB>) à un deuxième utilisateur (B); i) création d'un message (NB<SUB>1</SUB>) codé au moyen d'une autre clé (SB) et contenant le message codé (NA<SUB>2</SUB>) par le deuxième utilisateur (B); j) envoi du message (NB<SUB>1</SUB>) au dispositif d'authentification (AE); k) décodage des messages (NB<SUB>1</SUB>), (NA<SUB>2</SUB>) au moyen des clés correspondantes (SB<SUB>1</SUB>), (SA<SUB>2</SUB>) par le dispositif d'authentification (AE); l) création d'un message (NAE<SUB>2</SUB>) par le dispositif d'authentification (AE) sur la base des textes en clair (A<SUB>2</SUB>), (B<SUB>1</SUB>) contenus dans les messages codés (NA<SUB>2</SUB>), (NB<SUB>1</SUB>); et m) envoi du message (NAE<SUB>2</SUB>) au premier utilisateur (A) et/ou au deuxième utilisateur (B).
EP07845271A 2006-12-04 2007-11-30 Procédé de transfert de messages codés Withdrawn EP2098039A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AT0200406A AT504634B1 (de) 2006-12-04 2006-12-04 Verfahren zum transferieren von verschlüsselten nachrichten
PCT/AT2007/000540 WO2008067575A1 (fr) 2006-12-04 2007-11-30 Procédé de transfert de messages codés

Publications (1)

Publication Number Publication Date
EP2098039A1 true EP2098039A1 (fr) 2009-09-09

Family

ID=39333202

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07845271A Withdrawn EP2098039A1 (fr) 2006-12-04 2007-11-30 Procédé de transfert de messages codés

Country Status (5)

Country Link
US (2) US20090271616A1 (fr)
EP (1) EP2098039A1 (fr)
JP (1) JP2010512036A (fr)
AT (1) AT504634B1 (fr)
WO (1) WO2008067575A1 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008025660A1 (de) * 2008-05-13 2009-11-19 Deutsche Telekom Ag Vorrichtung zur mobilen Datenverarbeitung
TWI444030B (zh) * 2011-06-21 2014-07-01 Univ Nat Chiao Tung 動態群組中建立金鑰、認證及安全通訊方法
AT512289B1 (de) 2012-01-31 2013-07-15 Finalogic Business Technologies Gmbh Kryptographisches authentifizierungs- und identifikationsverfahren für mobile telefon- und kommunikationsgeräte mit realzeitverschlüsselung während der aktionsperiode
US10135778B2 (en) * 2014-11-18 2018-11-20 Ishmael Interactive, LLC Custom encoded messages amongst a customized social group
FR3043807B1 (fr) * 2015-11-18 2017-12-08 Bull Sas Dispositif de validation de communication
EP3185465A1 (fr) * 2015-12-23 2017-06-28 Osmerus Investments Ltd Procédé de chiffrement de données et procédé de déchiffrement de données
DE102022107567A1 (de) 2022-03-30 2023-10-05 Zumtobel Lighting Gmbh Individuell einstellbares Beleuchtungssystem

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5812671A (en) * 1996-07-17 1998-09-22 Xante Corporation Cryptographic communication system
US5999625A (en) * 1997-02-27 1999-12-07 International Business Machines Corporation Method for electronic payment system with issuer control
US6161181A (en) * 1998-03-06 2000-12-12 Deloitte & Touche Usa Llp Secure electronic transactions using a trusted intermediary
WO2001001361A1 (fr) * 1999-06-28 2001-01-04 Barclays Bank Plc Systeme de transactions securise
WO2003039094A2 (fr) * 2001-10-29 2003-05-08 Omtool, Ltd Procedes et appareil de communication securisee d'un message
US7461028B2 (en) * 2001-11-27 2008-12-02 Pitney Bowes Inc. Method and system for authorizing use of a transaction card
SE0400238D0 (sv) * 2003-09-12 2004-02-04 Secured Email Ab Message security
US8024560B1 (en) * 2004-10-12 2011-09-20 Alten Alex I Systems and methods for securing multimedia transmissions over the internet
EP1825412A1 (fr) * 2004-10-25 2007-08-29 Rick L. Orsini Systeme analyseur syntaxique de donnees securise et procede correspondant

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2008067575A1 *

Also Published As

Publication number Publication date
WO2008067575A1 (fr) 2008-06-12
US20120254609A1 (en) 2012-10-04
AT504634A1 (de) 2008-06-15
US20090271616A1 (en) 2009-10-29
JP2010512036A (ja) 2010-04-15
AT504634B1 (de) 2008-11-15

Similar Documents

Publication Publication Date Title
EP3474172B1 (fr) Contrôle d&#39;accès à l&#39;aide d&#39;une chaîne de blocs
DE60212577T2 (de) Verfahren und vorrichtung zur beglaubigung von daten
DE60011990T2 (de) Verfahren und Vorrichtung in einem Kommunikationsnetzwerk
EP1872512B1 (fr) Procede de gestion de cles pour modules de cryptographie
WO2016008659A1 (fr) Procédé et dispositif pour la sécurisation d&#39;accès à des portefeuilles dans lesquels sont consignées des crypto-monnaies
EP2567501B1 (fr) Procédé pour la protection cryptographique d&#39;une application
AT504634B1 (de) Verfahren zum transferieren von verschlüsselten nachrichten
DE19622630C1 (de) Verfahren zum gruppenbasierten kryptographischen Schlüsselmanagement zwischen einer ersten Computereinheit und Gruppencomputereinheiten
EP2863610B1 (fr) Procédé et système inviolables de mise à disposition de plusieurs certificats numériques pour plusieurs clés publiques d&#39;un appareil
DE102020205993B3 (de) Konzept zum Austausch von kryptographischen Schlüsselinformationen
DE10124427A1 (de) System und Verfahren für einen sicheren Vergleich eines gemeinsamen Geheimnisses von Kommunikationsgeräten
WO1998048389A2 (fr) Procede d&#39;authentification mutuelle de deux unites
EP3206154B1 (fr) Procede et dispositifs destines a la transmission fiable de donnees utiles
EP3248324B1 (fr) Des operations decentralisés sur un produit en utilisant des données chiffrées dans un storage central
DE102014212443A1 (de) Verringerung des Speicherbedarfs für kryptographische Schlüssel
EP3882796A1 (fr) Authentification de l&#39;utilisateur à l&#39;aide de deux éléments de sécurité indépendants
EP4270863B1 (fr) Reconstruction sécurisée de clés privées
EP3909217A1 (fr) Procédé et système de transmission d&#39;informations
DE102022000857B3 (de) Verfahren zur sicheren Identifizierung einer Person durch eine Verifikationsinstanz
DE102006009725A1 (de) Verfahren und Vorrichtung zum Authentifizieren eines öffentlichen Schlüssels
DE4420967C2 (de) Entschlüsselungseinrichtung von digitalen Informationen und Verfahren zur Durchführung der Ver- und Entschlüsselung dieser mit Hilfe der Entschlüsselungseinrichtung
EP4199419A1 (fr) Sécurisation des données transmises depuis et vers le terminal de connexion côté abonné par l&#39;intermédiaire du réseau public
DE19924726A1 (de) Verfahren zur vertrauenswürdigen Nachrichtenübermittlung
DE10141396A1 (de) Verfahren zur Erzeugung eines asymmetrischen kryptografischen Gruppenschlüssels
DE102004053890A1 (de) Virtuelle Chipkarte zur computergestützten zentralen, geschützten Generierung, Speicherung und Verwaltung von privaten asymetrischen Benutzerschlüssel (Software Token) in Public Key Infrastructures

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20090520

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
PUAJ Public notification under rule 129 epc

Free format text: ORIGINAL CODE: 0009425

32PN Public notification

Free format text: FESTSTELLUNG EINES RECHTSVERLUSTS NACH REGEL 112(1) EPUE (EPA FORM 2524 VOM 31/07/2013)

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20130601