EP2213038A1 - Informationssystem und verfahren zum identifizieren eines benutzers durch einen anwendungsserver - Google Patents

Informationssystem und verfahren zum identifizieren eines benutzers durch einen anwendungsserver

Info

Publication number
EP2213038A1
EP2213038A1 EP08786974A EP08786974A EP2213038A1 EP 2213038 A1 EP2213038 A1 EP 2213038A1 EP 08786974 A EP08786974 A EP 08786974A EP 08786974 A EP08786974 A EP 08786974A EP 2213038 A1 EP2213038 A1 EP 2213038A1
Authority
EP
European Patent Office
Prior art keywords
num
server
terminal
hardware element
sess
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08786974A
Other languages
English (en)
French (fr)
Inventor
Dominique Bourret
Jérémie NOWAK
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FIDALIS
Original Assignee
FIDALIS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FIDALIS filed Critical FIDALIS
Publication of EP2213038A1 publication Critical patent/EP2213038A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Definitions

  • the present invention relates to an information system and a method of identifying a user accessing an information system.
  • a user uses a computer to access a service on a communication network, for example the Internet, hosted by a computer server
  • a service on a communication network for example the Internet
  • a computer server it is desirable that the server can identify that user.
  • the server it is desirable for the server to know if it is not an automatic program that attempts to impersonate a user.
  • access to the password may be possible by a third party on the user's computer.
  • the passwords that must be retained by the user are often stored on his computer, for example in an internet browser.
  • some passwords are transmitted in clear. It should be noted that it is possible to dispense with the storage of passwords on the server. Indeed, the server does not need to memorize the passwords: it must just be able to distinguish a correct password.
  • the server uses a one-way function that is applied to the password. The result of the function on a particular password is stored. At each identification:
  • the server applies the one-way function of the password
  • the server compares the result of this calculation to that it has in memory to identify the user.
  • the list of results of the application of the one-way function on the passwords is unusable because this function has the property of being very difficult to reverse.
  • This protocol is known to have significant security vulnerabilities. Indeed, when the password is presented to the system that transmits it to the server, anyone who has access to data on the link between the point of entry and the server can read it.
  • the server sends a randomly generated session number or pseudo randomly
  • the user encrypts this number with his private key and sends the result with his identification number to the server.
  • the server uses the public key of the user who is in the database and decrypts the message. 4. If the result obtained is the same as the one the server sent, the server knows that it is the user identified by the identification number.
  • the present invention aims to solve all or part of the disadvantages mentioned above by providing a system for enhancing security in the identification of a user without requiring securing the user's terminal.
  • the present invention relates to an information system comprising:
  • a computer server comprising network communication means
  • the terminal comprising network communication means, the terminal being intended to be used by a user to make a connection to the server, characterized in that the system further comprises a hardware element arranged to be connected to the terminal, the hardware element comprising data storage means arranged to store an encryption key and an identification number, in that the server is arranged to generate a unique session number during a connection session between the terminal and the server, and for communicating the session number to the terminal, the terminal being arranged to communicate the session number to the hardware element and in that the hardware element comprises processing means arranged to perform encryption with the aid of the encryption key of a set of data combining:
  • the terminal being arranged to transmit the encrypted password and the identification number to the server in order to to proceed to the identification of the user.
  • a hardware element external to the terminal is used to present the password of the user in a different form to each communication session, using the uniqueness of the session numbers.
  • the hardware element assigned to the user identifies it with the information system.
  • the information circulating on the information network is difficult to interpret because their content is different with each communication. Moreover, no secret information is stored on the user's terminal. As a result, the security of the entire system is improved.
  • the password is stored on the data storage means of the hardware element.
  • the hardware element is used to store a password outside the terminal, which increases the security of the system.
  • the terminal comprises means for entering the password by the user and is arranged to communicate the password to the hardware element.
  • the server is arranged to communicate a unique session number in response to the provision of an identification number by the hardware element.
  • the server is arranged to perform encryption by a session number encryption key into an encrypted session number and to communicate the encrypted session number to the terminal, the terminal being arranged to communicate the session number.
  • the processing means of the hardware element being arranged to perform a decryption of the session number encrypted into a session number by the encryption key stored in the storage means.
  • the server is arranged to perform a decryption of the encrypted password by means of a decryption key corresponding to the encryption key stored in the storage means of the hardware element, to obtain the values of the password and the number session.
  • the server is arranged to compare the session number from the encrypted password with the one it has generated, and then to compare the result of the application of a hash function on a combination of data. including the password with a predetermined value.
  • the password and the identification number form a unique pair of information in the system.
  • the hardware element comprises means for generating a random sequence, the processing means being arranged to perform a first encryption of a set of data combining:
  • the identification number of the user and arranged to transmit a first data frame comprising the result of the first encryption to the terminal, the terminal being arranged to transmit this first data frame to the server, the server being arranged to perform the decrypting the first data frame and then a second encryption of a data set combining:
  • the hardware element has the ability to determine to which recipient server the password is sent. For this, it launches a "challenge" to the server, to determine if it is connected to a specific server. Preferentially, two pairs of private keys and public keys are used respectively for the encryption and the decryption of a first and a second data exchange between the server and the hardware element
  • the means for generating a random sequence of the hardware element are arranged to take into account the occurrence of a random event.
  • the random events taken into account by the random sequence generation means include interruptions signaling the arrival of new information to the hardware element from the terminal.
  • the present invention also relates to a method of identification by a computer server of a user in possession of a terminal having communication means for making a connection between the server and the terminal and a hardware element, connected to the terminal, comprising data storage means on which is stored an encryption key and an identification number, in which
  • the server generates a unique session number during a connection session between the terminal and the server
  • the terminal communicates the session number to the hardware element; the hardware element performs an encryption using an encryption key of a data set combining: the password and the session number; and communicates the result of the encryption to the terminal,
  • the hardware element also transmits the identification number to the terminal, the terminal transmits the result of the encryption and the identification number to the server in order to proceed to the identification of the user.
  • the password is stored on the data storage means of the hardware element.
  • the password is entered by the user on the terminal and communicated to the hardware element by the terminal.
  • the server communicates a unique session number in response to the provision of an identification number by the hardware element.
  • the server encrypts the session number with an encrypted session number and communicates the encrypted session number to the terminal, the terminal communicating the encrypted session number to the encrypted session number.
  • the hardware element the means for processing the hardware element performing a decryption of the session number encrypted into a session number by the encryption key stored in the storage means.
  • the server performs a decryption of the encrypted password by means of a decryption key corresponding to the encryption key stored in the storage means of the hardware element, to obtain the values of the password and the session number.
  • the server compares the session number from the encrypted password with the one it generated, and compares the result of applying a hash function to a combination of data including the password with a predetermined value.
  • the password and the identification number form a unique pair of information.
  • the hardware element generates a random sequence, performs a first encryption of a set of data combining: the random sequence, and
  • the identification number of the user transmits a first data frame corresponding to the result of the encryption to the terminal which transmits this first data frame to the server, the server realizing a decryption of the first data frame and then a second encryption a dataset combining:
  • two pairs of private keys and public keys are used respectively for the encryption and decryption of a first and a second data exchange between the server and the hardware element.
  • the generation of a random sequence takes into account the occurrence of a random event.
  • the random events taken into account during the generation of random sequences include interrupts signaling the arrival of new information to the hardware element from the terminal.
  • At least one data frame exchanged between the hardware element and the terminal comprises both a random sequence generated by the hardware element and a session number generated by the server.
  • Figure 1 is a schematic representation of a system according to the invention.
  • Figure 2 is a schematic representation of a first embodiment of a method according to the invention.
  • Figure 3 is a schematic representation of a second embodiment of a method according to the invention.
  • Figure 4 is a schematic representation of a third embodiment of a method according to the invention.
  • Figure 5 is a schematic representation of a fourth embodiment of a method according to the invention.
  • FIG. 6 is an explanatory diagram of the operation of the means for generating a random sequence by a hardware element included according to a variant of the system according to the invention.
  • an information system according to the invention comprises:
  • an application server 2 comprising network communication means 3 enabling it to connect to a network 4, and data storage means, for example constituted by a database 5,
  • At least one terminal 6 comprising network communication means 7 enabling it to be connected to the network 4 intended to be used by a user.
  • the system further comprises a hardware element 8 arranged to be connected to the terminal, this element 8 being in the possession of the user.
  • the hardware element 8 may take the form of a USB key, a smart card or a processor that can be used in the production of a barcode reader or electronic tags, for example.
  • This hardware element 8 comprises data storage means 9, and processing means 10 arranged in particular for performing data encryption operations from a secret private key K1.
  • the terminal 6 may for example be constituted by a personal computer of the user who has an Internet connection allowing him to connect to the application server.
  • a client software 12 is installed on this computer which controls the exchanges between the hardware element, the computer and the server.
  • a private key K1 Before supplying the hardware element 8 to the user, or during an initialization operation of the hardware element 8, a private key K1, a password num_MDP and an identification number numJD are generated and registered. in the storage means of the hardware element.
  • the identification number numJD is a number that will be visible in clear during different operations.
  • the password num_MDP is intended to remain secret. The equipment performing this operation ensures that the public key K2 corresponding to the private key K1 of the user is stored by the server 2.
  • the hash function is used to check the validity of the password without having to memorize it.
  • the server 2 stores the pair num_HID and numJD in the database 5.
  • the hardware element 8 is provided to the user who can then connect it to a terminal 6 of his choice, equipped with the client software 12, to connect to the server 2.
  • the information system When connected to the server, the information system uses a password presentation protocol that follows the following steps:
  • a first step E1 the hardware element 8 transmits its identification number numJD to the client software 12 installed on the computer 6 of the user.
  • the identification number numJD is transmitted to the server 2 in a request for a session number.
  • a session number num_Sess is generated by the server 2.
  • the server 2 transmits this session number num_Sess to the computer 6 of the user.
  • the server can also store the identification number numJD of the user for whom the session number num_Sess was generated.
  • a fourth step E4 the user's computer transmits the session number num_Sess to the hardware element 8.
  • a fifth step E5 the processing means 10 of the hardware element 8 concatenate the password num_MDP and the session number num_Sess, then perform an encryption E using the private key K1, to obtain a result C :
  • E K i (num_MDP; num_Sess) C and sends the result C which we will call a password C signed to the client software 12.
  • the client software 12 will transmit the signed password C in turn to the server 2.
  • the server 2 realizes a decryption D of the signed password C by means of the public key K2 corresponding to the user's private key K1, which enables him to obtain the Password values num_MDP and session number num_Sess:
  • the server 2 compares the session number num_Sess with that which it has transmitted, then it calculates and compares the imprint H (num_ID, num_MDP) of the concatenation of the user identifier numJD and the password num_MDP with the imprint num_HID stored in the database 5 corresponding to the identifier numJD to accept or refuse the identification of the user.
  • the method according to the invention therefore uses the session number num_Sess to hide the password num_MDP.
  • the hardware element 8 uses a private key cryptography algorithm K1 to authenticate with the application server the password num_MDP which corresponds with the identification number numJD assigned to a user.
  • the server authenticates itself with the hardware element in order to obtain the word of past.
  • the server encrypts the session number that the hardware element will use to hide the password.
  • a connection request is initiated by the user on the terminal which transmits this request to the server.
  • the server transmits this encrypted session number num_Sess_Sign to the user's computer.
  • a third step E3 the user's computer transmits the encrypted session number num_Sess_Sign to the hardware element.
  • E K i (num_MDP; num_Sess) C and sends the result C which corresponds to a signed password to the client software, accompanied by the identification number numJD.
  • a fifth step E5 the client software 12 transmits the signed password C and the identification number numJD to the server 2.
  • the server then performs the decryption and comparison operations with the stored fingerprint as in the first embodiment. These latter operations are not shown in FIG.
  • the public key K2 remains secret.
  • the private key K1 is used to transmit the response to the server.
  • the hardware element 8 comprises means for generating a random sequence or a random number Num_Alea.
  • the hardware element also stores two separate private keys Ks1 and Ks2.
  • the operation of the generating means 13 is illustrated in FIG. 6.
  • the random sequence Num_Alea is generated taking into account the occurrence of a random event.
  • random events may consist of interrupts Int signaling the arrival of new information to the hardware element 8 from the terminal 6.
  • such an interruption is an interruption in the USB protocol used between the terminal and the key.
  • the sequence of these events over time depends on the exchanges between two hardware entities, namely the hardware element 8 and the terminal 6 via a communication medium governed by a software protocol subject to physical constraints directly related to the components that make up these entities. .
  • the hardware element 8 is programmed to increment a counter Ctr at the rate of the frequency of its microprocessor from the moment this element is powered up.
  • This counter Ctr is stored on a finite number of bits, for example 16 bits, which implies that it is cyclic and that it will return to its initial state.
  • the processing means 9 of the hardware element 8 are arranged to consult the current value of the counter Ctr.
  • An operation for example of the type Xor, is then performed between the value of the counter Ctr and a value extracted from a table of value Tab containing a data set of size greater than that of the counter.
  • An Int event is used to change the value of the pointer indicating where the value is extracted from the Tab array.
  • the data initially recorded in the Tab Table are kept secret. From the result of the operation between the value of the counter and the value extracted from the table is deduced a value on a bit, for example by an extraction or the application of a specific function.
  • rS constitutes a random sequence of which is conserved a definite number of elements in a sliding way and to constitute a random number or random sequence Num_Alea.
  • the occurrence of a random event is combined with a measured value of a complex physical phenomenon to enhance the security of the system.
  • a third embodiment of the method according to the invention represented in FIG. 4, which corresponds to an improvement of the first mode of implementation, the variant embodiment of the system including means for generating a random sequence Num_Alea is used.
  • the identification number of the user Numjdllser and no longer numJD to differentiate it from an identifier of the server 2 also used in this mode of implementation of the method is used.
  • an initialization of a data exchange is requested by the user via the terminal 6, by sending a frame of data Trame_0.
  • a first generation phase of a random sequence Gen_1 is performed by the hardware element 8 which allows the determination of a random sequence Num_Alea.
  • the processing means of the hardware element 8 sign the identifier of the user Numjdllser from the random sequence Num_Alea, concatenate the result of this signature with the random sequence Num_Alea then perform a C encryption with the help of its first private key Ks1, to obtain a frame of data Trame_1, which can be represented by the formula below, in which the sign + represents a concatenation and the sign ⁇ an operation of type Xor:
  • Trame_1 C ⁇ s i (Num_Alea + Num_Alea ⁇ Num_ldllser)
  • the frame Trame_1 is sent to the client software.
  • the frame Trame_1 is transmitted to the server 2 in a request for a session number.
  • a third step E3 the server 2 realizes a decryption D of the frame Trame_1 thanks to a first public key Ks2 corresponding to the private key Ks1 of the user, which enables him to obtain the values of the identifier of the user.
  • a test can then be performed on the user's identifier.
  • the server 2 also generates a Gen_2 generation of a Num_Sess session number.
  • the server 2 then realizes a signature of the random sequence Num_Alea and an identifier of the NumJdServer server by the Session Number Num_Sess, then an encryption of these two signature results concatenated by a second public key Ku2, to obtain a data frame.
  • Trame_2: Trame_2 C ⁇ u2 (Num_Alea ⁇ Num_Sess + Num_Sess ⁇ Num_ldServer)
  • the frame Trame_2 is then sent to the client software 12.
  • the user's computer transmits the frame Trame_2 to the hardware element 8.
  • a fifth step E5 the processing means 10 of the hardware element 8 perform a decryption D of the frame Trame_2 by means of a second private key Ku1 corresponding to the public key Ku2 of the server, which enables it to obtain the values the NumJdServer server identifier and the Num_Sess session number and a value returned by the server of the Num_Alea random sequence.
  • a test can then be performed on the identifier of the server 2 while also verifying that the random sequence Num_Alea returned by the server corresponds to that sent.
  • the processing means of the hardware element 8 then perform a signature of the identifier of the user Numjdllser and the password Num_MDP by the Session Number Num_Sess, then an encryption of these two signature results concatenated by the second key.
  • private Ku1 to obtain a frame of data Trame_3:
  • Trame_3 C Ku i (Num_Sess ⁇ Num_ldUser + Num_Sess ⁇ Num_MdP)
  • the frame Trame_3 is then sent to the client software 12.
  • the client software 12 transmits the frame Trame_3 in turn to the server 2.
  • the server 2 realizes a decryption D of the frame Trame_3 thanks to the public key Ku2 corresponding to the private key Ku1 of the user, which enables him to obtain the values of the password Num_MDP and session number num_Sess, as well as the user ID NumJdUser.
  • the server 2 compares the session number num_Sess with that which it has transmitted, then it carries out tests on the identifier NumJdUser and the password Num_MDP to accept or refuse the identification of the user. If the identification is accepted, the requested service can then be provided by the server in a seventh step E7.
  • the system thus performs mutual authentication of the server and the user before transmitting the critical data.
  • This system has been designed to address the current problems facing Internet users.
  • the hardware element 8 has the ability to determine to which recipient the password is sent. For this, the hardware element 8 challenges the server to determine if it is connected to a specific server. The hardware element 8 can subsequently warn the user, for example by means of a diode, if it is connected to a server that has impersonated the site. These arrangements are improved by the use of means for generating numbers or random sequences in the hardware element 8.
  • a "hacker" element attempting to replay a frame_1, will have to be able to answer the challenge of the server without being able to use the material element 8.
  • the frame Trame_2 includes the use of the random number generated by the hardware element 8 which makes it possible to verify the identity of the server and thus to accept to answer it.
  • the method can be implemented so as to take place entirely before informing the user of his authentication or not.
  • the system will respond with a false frame which will be the subject of the same treatment until the protocol is finished. This in order to give the minimum elements to a "hacker" element to compromise the security of the system.
  • the link between the number that identifies the NumJdUser user and its identity is made at the server level. Thus it is not necessary to transmit a critical element such as the blue card number of the user to use the system.
  • a fourth mode of implementation of the method according to the invention represented in FIG. 5, which corresponds to an improvement of the second mode of implementation, the variant embodiment of the system comprising the means of generating a random sequence Num_Alea is used.
  • a preliminary step EO an initialization of a data exchange is requested by the user via the terminal 6, by sending a frame of data Trame_0 to the server 2.
  • the server 2 realizes a Gen_2 generation of a first session number Num_Sess1.
  • the server 2 then realizes a signature of the identifier of the NumJdServer server by the first Session Number Num_Sess1, then a concatenation of the identifier of the server with the result of the signature, and an encryption of these data concatenated by a first public key Ks2, to obtain a frame of data Trame_1:
  • Trame_1 CK S2 (Num_Sess1 + Num_Sess1 ⁇ Num_ldServer)
  • the frame Trame_1 is then sent to the client software 12.
  • a second step E2 the user's computer transmits the frame Trame_1 to the hardware element 8.
  • the processing means 10 of the hardware element 8 perform a decryption D of the frame Trame_1 through to a first private key Ks1 corresponding to the public key Ks2 of the server, which allows it to obtain the values of the identifier of the NumJdServer server and the first session number Num_Sess1. A test can then be performed on the identifier of the server 2.
  • the processing means 10 of the hardware element 8 perform a generation phase of a random sequence Gen_1 which allows the determination of a random sequence Num_Alea.
  • the frame Trame_2 is sent to the client software.
  • a fourth step E4 the frame Trame_2 is transmitted to the server 2.
  • a fifth step E5 the server 2 realizes a decryption D of the frame Trame_2 thanks to the first public key Ks2 corresponding to the private key Ks1 of the user, which enables him to obtain the values of the identifier of the user.
  • NumJdUser user and random sequence the server 2 realizes a decryption D of the frame Trame_2 thanks to the first public key Ks2 corresponding to the private key Ks1 of the user, which enables him to obtain the values of the identifier of the user.
  • the server 2 also carries out a Gen_2 generation of a second Num Sess2 session number.
  • the server 2 then realizes a signature of the random sequence Num_Alea and an identifier of the NumJdServer server by the second Session Number Num_Sess2, then an encryption of these two signature results concatenated by a second public key Ku2, to obtain a frame of data Trame_3:
  • Trame_3 C ⁇ u2 (Num_Alea ⁇ Num_Sess2 + Num_Sess2 ⁇ Num_ldServe)
  • the frame Trame_3 is then sent to the client software 12.
  • a sixth step E6 the user's computer transmits the frame Trame_3 to the hardware element 8.
  • a seventh step E7 the processing means 10 of the hardware element 8 perform a decryption D of the frame Trame_3 by virtue of a second private key Ku1 corresponding to the public key Ku2 of the server, which enables it to obtain the values the identifier of the NumJdServer server and the second session number Num_Sess2 and a value returned by the server of the random sequence Num_Alea.
  • a test can then be performed on the identifier of the server 2 while also verifying that the random sequence Num_Alea returned by the server corresponds to that sent.
  • the processing means of the hardware element 8 then perform a signature of the identifier of the user Num_ldUser by the first Session Number Num_Sess1 and the password Num_MDP by the second Session Number Num_Sess2, then an encryption of these two. concatenated signature results by the second private key Ku1, to obtain a frame of data Trame_4:
  • Trame_4 C ⁇ ui (Num_Sess1 ⁇ Num_ldUser + Num_Sess2 ⁇ Num_MdP)
  • the frame Trame_4 is then sent to the client software 12.
  • the client software 12 transmits the frame Trame_4 in turn to the server 2.
  • the server 2 realizes a decryption D of the frame Trame_4 by means of the public key Ku2 corresponding to the user's private key Ku1, which enables him to obtain the values of the password Num_MDP and session numbers Num_Sess1 and Num_Sess2, as well as the identifier of the user Num IdUser.
  • the server 2 compares the session numbers Num_Sess1 and Num_Sess2 with those it has transmitted, then it performs tests on the identifier Numjdllser and the password Num_MDP to accept or refuse the identification of the user. If the identification is accepted, the requested service can then be provided by the server in a ninth step not shown.
  • Trame_1 C ⁇ s i [Num_Alea_1 + Num_Alea_1 ⁇ Num_ldllser]
  • Trame_2 C Ku2 [Num_Alea_1 ⁇ Num_Sess_1 + Num_Sess_1 ⁇ Num_ldServer]
  • Trame_3 C Ku i [Num_Sess_1 ⁇ Num_Alea_2 + Num_Alea_2 ⁇ Num_ldUser]
  • Trame_2f C KU2 - [Num_Alea_f ⁇ Num_Sess_f + Num_Sess_f ⁇ Num_IDServer]
  • Scale_1 C Ks2 [Scs_Sess_1 + Scs_Sess_1 ⁇ Sc_ldServer]
  • Scale_2 C Ks i [Scs_Sess_1 ⁇ Num_Alea_1 + Sc_Alea_1 ⁇ NumJdUser]
  • Scale_3 C Ku2 '[Num_Alea_1 ⁇ Num_Sess_2 + Num_Sess_2 ⁇ NumJdServer]
  • Scale_4 C Ku i [Num_Sess_2 ⁇ Num_Alea_2 + Num_alea_2 ⁇ Num_ldUser] ...
  • Trame_2f-1 C KU2 - [Num_Alea_f-1 ⁇ Num_Sess_f + Num_Sess_f ⁇ Num_IDServer]
  • Final_frame (2f) C K ur "[Num_Sess_f ⁇ NumDdUser * + Num_Sess_f ⁇ Num_MdP]
  • the session number num_Sess can be the result of a function, a date or a combination of both. This combination can be verified by the hardware element before the presentation of a password. The hardware element can ask the application server to prove its identity in the same way.
  • the password num_MDP can be requested by the client software 12 to the user to be signed and transmitted to the server 2.
  • a random number can be added in the calculation of the signed password in order to counter the exhaustive attacks (by salting).
  • This random number can be calculated by operating a one-way function on a number. The result of this operation being subsequently used for calculating the next random number, the one-way function is thus used recursively.
  • the combination of the password and the session number in the hardware element can be achieved not by concatenation, but for example by bitwise addition.
  • the server which also knows the session number, can subtract the one from the combination to deduce the password.
  • the password of the user is not stored in the hardware element, but entered by the user via input means of the terminal.
  • the system and the method according to the invention may in particular be applied to avoid impersonation of a website or a service, the purpose of this usurpation is to obtain confidential identification data of a user.
  • These usurpations correspond in particular to practices known as phishing or pharming.
  • Another application is the fight against validations of fraudulent purchases by credit card identification numbers without entering the PIN, by a person other than the card holder.
EP08786974A 2007-08-08 2008-08-07 Informationssystem und verfahren zum identifizieren eines benutzers durch einen anwendungsserver Withdrawn EP2213038A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0705763A FR2919974B1 (fr) 2007-08-08 2007-08-08 Systeme d'information et procede d'identification par un serveur d'application d'un utilisateur
PCT/EP2008/060371 WO2009019298A1 (fr) 2007-08-08 2008-08-07 Système d'information et procédé d'identification par un serveur d'application d'un utilisateur

Publications (1)

Publication Number Publication Date
EP2213038A1 true EP2213038A1 (de) 2010-08-04

Family

ID=39183229

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08786974A Withdrawn EP2213038A1 (de) 2007-08-08 2008-08-07 Informationssystem und verfahren zum identifizieren eines benutzers durch einen anwendungsserver

Country Status (4)

Country Link
US (1) US20120005474A1 (de)
EP (1) EP2213038A1 (de)
FR (1) FR2919974B1 (de)
WO (1) WO2009019298A1 (de)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8166547B2 (en) 2005-09-06 2012-04-24 Fortinet, Inc. Method, apparatus, signals, and medium for managing a transfer of data in a data network
WO2010006450A1 (en) * 2008-07-18 2010-01-21 Absolute Software Corporation Privacy management for tracked devices
US8640212B2 (en) * 2010-05-27 2014-01-28 Red Hat, Inc. Securing passwords with CAPTCHA based hash when used over the web
CN102142961B (zh) * 2010-06-30 2014-10-08 华为技术有限公司 一种网关、节点和服务器进行鉴权的方法、装置及系统
US9311119B2 (en) * 2012-05-30 2016-04-12 Red Hat, Inc. Reconfiguring virtual machines
CN104756126B (zh) * 2012-10-29 2018-09-07 三菱电机株式会社 设备管理装置、设备管理系统以及设备管理方法
WO2014138882A1 (en) * 2013-03-13 2014-09-18 Jumpto Media Inc. Encrypted network storage space
CN104102858B (zh) * 2013-04-07 2018-02-13 中兴通讯股份有限公司 应用程序加密处理方法、装置和终端
US9148284B2 (en) * 2014-01-14 2015-09-29 Bjoern Pirrwitz Identification and/or authentication method
JP6404928B2 (ja) * 2014-07-28 2018-10-17 エンクリプティア株式会社 ユーザ情報管理システム、及びユーザ情報管理方法
EP3065366B1 (de) * 2015-03-02 2020-09-09 Bjoern Pirrwitz Identifizierungs- und/oder -Authentifizierungssystem und -verfahren
US10333903B1 (en) * 2015-06-16 2019-06-25 Amazon Technologies, Inc. Provisioning network keys to devices to allow them to provide their identity
US11005971B2 (en) * 2018-08-02 2021-05-11 Paul Swengler System and method for user device authentication or identity validation without passwords or matching tokens
CN111953582B (zh) * 2020-08-10 2022-03-25 四川阵风科技有限公司 一种基于硬件装置的加密即时通信方法和系统

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2730076B1 (fr) * 1995-01-31 1997-03-28 Sorep Sa Procede d'authentification par un serveur du porteur d'un objet portatif a microprocesseur, serveur et objet portatif correspondants
FR2765985B1 (fr) * 1997-07-10 1999-09-17 Gemplus Card Int Procede de gestion d'un terminal securise
CA2276872A1 (en) * 1998-08-28 2000-02-28 Lucent Technologies Inc. Method for protecting mobile anonymity
IT1308078B1 (it) * 1999-06-08 2001-11-29 Eutron Infosecurity S R L Dispositivo di idientificazione e sistema per l'inserimento di unnumero di identificazione personale all'interno di tale dispositivo
AU2002225768A1 (en) * 2000-11-28 2002-06-11 Rcd Technology, Inc. Replacing stored code with user inputting code on the rf id card
US7231526B2 (en) * 2001-10-26 2007-06-12 Authenex, Inc. System and method for validating a network session
FR2845222B1 (fr) * 2002-09-26 2004-11-19 Gemplus Card Int Identification d'un terminal aupres d'un serveur
US7373509B2 (en) * 2003-12-31 2008-05-13 Intel Corporation Multi-authentication for a computing device connecting to a network
US20060291660A1 (en) * 2005-12-21 2006-12-28 Telefonaktiebolaget Lm Ericsson (Publ) SIM UICC based broadcast protection
US8418235B2 (en) * 2006-11-15 2013-04-09 Research In Motion Limited Client credential based secure session authentication method and apparatus
US8051297B2 (en) * 2006-11-28 2011-11-01 Diversinet Corp. Method for binding a security element to a mobile device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2009019298A1 *

Also Published As

Publication number Publication date
US20120005474A1 (en) 2012-01-05
FR2919974A1 (fr) 2009-02-13
FR2919974B1 (fr) 2010-02-26
WO2009019298A1 (fr) 2009-02-12

Similar Documents

Publication Publication Date Title
EP2213038A1 (de) Informationssystem und verfahren zum identifizieren eines benutzers durch einen anwendungsserver
EP2673732B1 (de) Sicheres transaktionsverfahren aus einem unsicheren endgerät
EP1549011A1 (de) Kommunikationsverfahren und System zwischen einem Endgerät und mindestens einer Kommunikationsvorrichtung
FR3041195A1 (fr) Procede d'acces a un service en ligne au moyen d'un microcircuit securise et de jetons de securite restreignant l'utilisation de ces jetons a leur detenteur legitime
EP2345202A2 (de) Digitalsignaturverfahren in zwei schritten
FR2822002A1 (fr) Authentification cryptographique par modules ephemeres
WO2013021107A1 (fr) Procede, serveur et systeme d'authentification d'une personne
EP2193626B1 (de) Sichere kommunikation zwischen einem elektronischen etikett und einem lesegerät
EP2509025A1 (de) Zugriffsverfahren auf eine geschützte Quelle einer gesicherten persönlichen Vorrichtung
EP3991381B1 (de) Verfahren und system zur erzeugung von chiffrierschlüsseln für transaktions- oder verbindungsdaten
EP2306668B1 (de) System und Verfahren einer gesicherten Online-Transaktion
FR3075423A1 (fr) Technique de protection d'une cle cryptographique au moyen d'un mot de passe utilisateur
FR3033205A1 (fr) Procede de transaction sans support physique d'un identifiant de securite et sans jeton, securise par decouplage structurel des identifiants personnels et de services.
EP3673633B1 (de) Verfahren zur authentifizierung eines benutzers mit einem authentifizierungsserver
EP3266148B1 (de) Vorrichtung und verfahren zur administration eines digitalen hinterlegungsservers
WO2013083923A1 (fr) Procede d'echange de donnee chiffree entre un terminal et une machine
FR2903544A1 (fr) Procede de securisation d'une authentification par utilisation de plusieurs canaux
WO2017005644A1 (fr) Procédé et système de contrôle d'accès à un service via un média mobile sans intermediaire de confiance
FR2948839A1 (fr) Procede d'authentification securisee d'acces a des donnees chiffrees
FR3007929A1 (fr) Procede d'authentification d'un utilisateur d'un terminal mobile
FR3118225A1 (fr) Procédé et dispositif de génération d'informations d'authentification pour une entité sécurisée et procédé et dispositif de contrôle d'identité associés
WO2020128203A1 (fr) Procédé et système de sécurisation d'opérations, et poste utilisateur associé
FR2902253A1 (fr) Procede et dispositif d'authentification d'un utilisateur
WO2012022856A1 (fr) Procédé d'authentification d' un utilisateur du réseau internet
EP3394780A1 (de) Verfahren und vorrichtung zur verbindung mit einem remote-server

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20100520

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

DAX Request for extension of the european patent (deleted)
RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/20 20060101ALI20120106BHEP

Ipc: H04L 29/06 20060101ALI20120106BHEP

Ipc: H04L 9/32 20060101AFI20120106BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20120301