EP2441228A1 - Vorrichtung und verfahren für sicheren zugang zu einem entfernten server - Google Patents
Vorrichtung und verfahren für sicheren zugang zu einem entfernten serverInfo
- Publication number
- EP2441228A1 EP2441228A1 EP10725090A EP10725090A EP2441228A1 EP 2441228 A1 EP2441228 A1 EP 2441228A1 EP 10725090 A EP10725090 A EP 10725090A EP 10725090 A EP10725090 A EP 10725090A EP 2441228 A1 EP2441228 A1 EP 2441228A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- service
- terminal
- server
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Definitions
- the present invention relates to the field of computer security and more specifically the field of protection of confidential personal information allowing encrypted access to a remote service.
- Fig. 1 illustrates the architecture of the network.
- the user typically uses a terminal 1.1 such as a personal computer or any similar device such as a personal assistant or a smartphone.
- This terminal is connected to an information exchange network 1.2, typically the Internet network.
- an information exchange network 1.2 typically the Internet network.
- On this network are also connected 1.3 servers hosting remote services. The user can therefore access from his terminal to the services hosted on the servers 1.3 via the information exchange network 1.2.
- Many of these services deal with confidential information and it is important to secure access to these services.
- This securing generally involves providing the user with secret connection information that he must produce to establish the connection to the service. Typically this is an associated username and password. Upon login, the user is asked to enter this name and password which are used to authenticate and establish an encrypted connection to ensure the confidentiality of information exchanges between the user and the user. user and the remote service. It is common to secure these exchanges of connection information to prevent them from being stolen during transport between the terminal and the server. This security is typically done by creating an encrypted connection or an encrypted tunnel between the terminal and the server. This encrypted connection or tunnel can, for example, be created using the SSL protocol (Secure Socket Rent), or its successor TLS (Transport Layer Security in English). Fig. 2 illustrates the use of these techniques.
- the terminal sends a connection request 2.1, generally using its Internet browser to the server hosting the service.
- This request is not encrypted. It is interpreted by the server during a step 2.2 which responds with the message 2.3 comprising a public key corresponding to the certificate identifying the server or service.
- the terminal determines a pseudo-random symmetric key in a step 2.4. It encrypts it using the public key of the server received in the message 2.3 and sends it to the server in the message 2.5. Only the server is able to decrypt this symmetric key using its private key associated with its public key. It performs this decryption during step 2.6. At this time, the terminal and the server share the same secret key, the symmetric key, and are therefore able to establish an encrypted connection 2.7 using this shared key.
- This encrypted connection then allows the exchange of information between the terminal and the server in a secure manner.
- All data exchanged are encrypted using the shared secret key and can only be decrypted by both ends of the encrypted connection, the terminal and the server, which share the same secret. It can be seen that this method makes it possible to secure exchanges between the terminal and the server.
- the data exchanged are manipulated in clear by the server and the terminal. It is assumed a priori that the server is safe because of management by professionals.
- the security of the terminal poses a problem. Indeed, users are rarely aware of techniques to ensure the security of an information processing station. Moreover, it is extremely difficult to obtain from them a strict respect of safety rules.
- the invention aims to solve the above problems by providing a device and a method for securing the confidential information of the user and their exchanges securely with the servers hosting the services. It is based on the personalization of a smart card containing this information.
- This smart card connected to the user's terminal, has connection means allowing it to appear as an autonomous host of the user's local network.
- An encrypted connection is then established directly between the smart card and the server hosting the service for the transmission of confidential data.
- This data, stored on the smart card is then exchanged with the server by this encrypted connection. They are never accessible in clear on the terminal of the user.
- the invention relates to a device for secure access to a remote service comprising a smart card; means for connecting the smart card to a user terminal connected to a communication network; communication means with the user terminal to which the device is connected; communication means with a server hosting the remote service, said server being connected to the communication network, said communication means establishing the communication via the user terminal to which the device is connected; means for storing the address of said server hosting the remote service and means of authentication with this server; means for establishing an encrypted connection between the device and the server hosting the remote service using said connection identifiers and means for relaying the traffic between the user terminal and the server via said encrypted connection.
- it further comprises means for authenticating the user.
- the authentication means are biometric means.
- the device further comprises means for storing a list of accessible services and means for offering a choice from this list.
- the device further comprises means for storing a client software allowing access to the secure service when it is executed on the user terminal.
- the invention also relates to a remote service connection method which comprises a step of establishing an encrypted connection between a device comprising a smart card and a remote server hosting a secure service, said device being connected to a user terminal. itself connected to a communication network, said remote server being accessible via the communication network, the encrypted connection being established by routing the communication by the user terminal, said encrypted connection being established using connection identifiers stored on said device and a step of using the service from the user terminal, the traffic between the terminal and the remote server being relayed by said device by said encrypted connection.
- the device storing a list of accessible services with the corresponding identifiers
- the method further comprises a step of proposing the list of services to the user and a step of choosing the service with which establish the encrypted connection.
- the method comprises a prior step of authenticating the user.
- the method comprises a prior step of loading remote service access software from the device on the user terminal.
- Fig. 2 illustrates an example of connection to a secure service according to the prior art
- Fig. 3 illustrates the principle architecture of an exemplary embodiment of the invention
- Fig. 4 illustrates the protocol architecture of an exemplary embodiment of the invention
- Fig. 5 illustrates the process of using a secure service according to an exemplary embodiment of the invention.
- the weak point from the point of view of security is the terminal of the user. Indeed, the user is rarely aware of the security rules to guard against contamination of the post by malware. In particular, it is not uncommon for the user terminal to be invaded by software such as computer viruses or spyware. Some of these malware, once operational on the terminal, are able to spy on the actions of the user and take note of the potentially confidential information of the latter.
- Sensitive confidential information may include information enabling the user to connect to secure remote services such as his bank's website, e-commerce sites, and others. Once in possession of this sensitive data, these malicious software may use the network connection of the post to send this sensitive information to third parties who may use it fraudulently.
- Fig. 3 illustrates the architecture of an exemplary embodiment of the invention.
- the client terminal 3.1 has a first network interface 3.2 allowing the connection of the terminal to the Internet network 3.5. On this network are available servers hosting services. One of these servers 3.6 is shown connected to the network 3.5.
- the device according to the invention 3.4 is connected to the terminal 3.1 by a second network interface 3.3. This second network interface is based in the exemplary embodiment of the invention on a USB serial physical interface.
- the arrows 3.7 and 3.8 represent the data flows when using the device for a connection of the user to a secure service.
- the arrow 3.7 between the device 3.4 and the server 3.6 illustrates the encrypted connection that is established between these two elements.
- This encrypted connection is relayed by the terminal which then functions as a simple network router.
- the transferred data is protected against any attack by any malicious software on the terminal 3.1 by the encryption used to establish the encrypted connection.
- the terminal therefore has no means of access to these data although they transit through it.
- the arrow 3.8 represents in fact two different data streams passing between the terminal and the device 3.4.
- the user may be required to authenticate with the device to prevent fraudulent use. It must also, at least when the device hosts multiple services, select the service that it wants to access for the device to initiate the connection to this service. Confidential data for this connection may include login name and password pairs, digital encryption certificates, and any other information that may be required depending on the implementation of the service.
- a software module present on the device then establishes the encrypted connection with the server 3.6. Once this encrypted connection is established, the user can use the service from the terminal 3.1. This use is done by interaction, arrow 3.8, with a software module on the device for relaying information between the server and the user via the encrypted connection 3.7.
- the device is content with a relay (proxy in English) at the transport layer of the network, in this case TCP / IP (Transmission Control Protocol I Internet Protocol in English defined by RFC 791 and 793).
- TCP / IP Transmission Control Protocol I Internet Protocol in English defined by RFC 791 and 793.
- the client-server model is implemented between a client hosted on the terminal, for example an HTTP client (HyperText Transfer Protocol defined by RFC 2616) or browser and the device.
- HTTP client HyperText Transfer Protocol defined by RFC 2616
- This same model is also implemented between the device that hosts the client and the remote service that the user wants to access.
- the exemplary embodiment of the invention is based on the use of a smart card inserted in a smart card reader connected in USB to the client terminal.
- a first adaptation aims to allow TCP / IP communication over the USB connection.
- the choice fell on the use of the protocol RNDIS (Remonte Network Driver Interface Specification developed by Microsoft).
- RNDIS Redmonte Network Driver Interface Specification developed by Microsoft.
- This is a specification for network devices running on a bus such as USB.
- This choice makes it possible to be compatible without requiring parameterization or to add a particular software with a wide selection of user terminal operating systems such as Windows Vista, Apple Mac OS X or Linux, which integrate into their distribution. by default the management of RNDIS.
- Windows XP it is simply necessary to add a ".inf" file of a few kilobytes. This choice therefore allows the simple use of the device according to the invention with most user terminals available on the market.
- Those skilled in the art understand that other choices can be made on this point, more particularly if the invention is made with a connection other than USB between the device and the terminal.
- TCP / IP communication stack it is also necessary to add a TCP / IP communication stack to the operating system of the smart card which is generally without it.
- the choice here was focused on the TCP / IP stack implemented in the free operating system Contiki (http://www.sics.se/contiki/).
- This system is a lightweight, multitasking, highly portable operating system that contains a TCP / IP stack that is particularly suitable for porting to a smart card due to its low resource requirements and small size.
- this stack is made even more compact by deactivating all functions not strictly necessary for its operation. Thanks to the implementation of these two technologies, the smart card within its USB drive acquires the status of TCP / IP network host in its own right. All that is required is for the user's terminal to be configured in relay mode to share its network connection so that the device has network access via this intermediary.
- the creation of the encrypted connection between the device and the server hosting the service requires an encryption software layer.
- Various solutions can be used to establish the encrypted connection such as IPsec, a set of protocols to secure data transport over the IP protocol, PPTP (Point to Point Tunneling Protocol), SSL (Secure Socket Rent) or still its evolution TLS (Transport Loyer Security in English).
- IPsec IP Security
- PPTP Point to Point Tunneling Protocol
- SSL Secure Socket Rent
- TLS Transaction Loyer Security in English
- TLS Transaction Loyer Security in English
- TLS Transaction Loyer Security in English
- Fig. 4 illustrates the protocol layers involved in the implementation of the embodiment of the invention.
- the user terminal 4.1 the device according to the invention 4.4 and the server hosting the secure service 4.6.
- the user terminal 4.1 and the device 4.4 have a USB connection over which the RNDIS protocol is ported to allow IP communication.
- the TCP transport layer is conventionally used to implement reliable sessions.
- the transferred data is secured by encryption by the TLS layer which is an evolution of SSL. It is this layer that allows the encryption and therefore the creation of the encrypted communication connection.
- the application layer is based in the exemplary embodiment on a WEB environment and therefore on the HTTP transport protocol (HyperText Transfer Protocol in English defined by RFC 2616).
- the user terminal 4.1 has a second network interface, typically based on Ethernet, but other interfaces such as a Wi-Fi wireless interface can also be used, which allows it to communicate with the server 4.6.
- This server 4.6 also has the IP / TCP / TLS / HTTP layers already mentioned, typically over an Ethernet interface.
- Arrow 4.8 represents the traffic between the user terminal 4.1 and the device 4.4. Typically, this traffic corresponds to an authentication phase of the user with the device, the choice of the service and the traffic relating to the chosen service that the device refers to the terminal for use by the user.
- Arrow 4.7 for its part, represents the encrypted connection between the device 4.4 and the server 4.6. This encrypted connection goes through the terminal operating as a network router at the IP layer.
- Fig. 5 illustrates an example of use of the invention.
- the device connects to the terminal.
- the user must authenticate with the device.
- the safest is to provide the device with a biometric sensor for identification, for example by a fingerprint recognition device executed on the device (Match On Card or MOC).
- MOC fingerprint recognition device executed on the device
- password authentication can be done.
- the user opens a web browser for example on the terminal and connects to the device.
- the device has an embedded WEB server which proposes an authentication page.
- the traffic between the terminal and the device 3.8, 4.8 is also protected by encryption. This limits the risk of malware attacks on the device.
- the device advantageously allows it to select one of the accessible services offered during a step 5.3. This step is optional, the device being configurable to only provide access to a particular service. This step can be implemented via a WEB page transmitted by HTTP to the terminal. The user can then select the desired service during a step 5.4 of choice of the service.
- the device establishes the encrypted connection with the server hosting the chosen service in a step 5.5. This encrypted connection is performed by the TLS security layer in the exemplary embodiment.
- the device has the service address and authentication means to the server, for example the identifiers required for connection to the server or service.
- This confidential data is entered in the card during a prior stage of personalization thereof. They benefit from the protection techniques against both software and hardware attacks intrinsic to smart cards.
- This preliminary programming of the card can be done using a dedicated software on the terminal.
- this personalization step is made before the distribution of the card to the user, for example by a service provider who can be the manager of one of the secure services, for example a banking establishment.
- These parameters typically consist of a list of accessible services and for each service are available the service address and login credentials, preferably a digital encryption certificate.
- the device then functions as a relay (proxy in English) for HTTP traffic between the user terminal and the service.
- the user can use the service, during a step 5.6, using his web browser as if he were directly connected to the server via his terminal.
- HTTP traffic is directed to the device that relays it to the server through the encrypted connection.
- the traffic goes back to the terminal, but encrypted, the terminal functioning as a simple IP router.
- the device closes the encrypted connection in step 5.7. If a connection, for example encrypted, was established between the terminal and the device, this connection is also closed in step 5.8.
- it is possible to further increase the security of the system by allowing the connection to the device only from a client software provided by the system and not from the web browser of the terminal.
- This client software can be a web browser, but can also be a client based on a different protocol possibly developed for the occasion.
- this client is stored securely and can not be modified without authorization on the card within a storage space.
- This storage space can then be seen from the terminal as a removable storage device visible from the terminal when the device is connected.
- This software allows access to the secure service when it is run on the user terminal.
- the use of the device then comprises a preliminary step of loading this access software from the device on the user terminal. This avoids manipulation and / or espionage exchanges by modification of the client software.
- the user can connect to a secure service without at any time, the service address or login credentials are present in clear on the terminal. Eventually, this information is never even brought to the attention of the user who is provided with a personalized card ready to use.
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0953907A FR2946822B1 (fr) | 2009-06-11 | 2009-06-11 | Dispositif et procede d'acces securise a un service distant. |
PCT/EP2010/058108 WO2010142740A1 (fr) | 2009-06-11 | 2010-06-09 | Dispositif et procédé d'accès sécurisé à un service distant |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2441228A1 true EP2441228A1 (de) | 2012-04-18 |
Family
ID=42125944
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP10725090A Withdrawn EP2441228A1 (de) | 2009-06-11 | 2010-06-09 | Vorrichtung und verfahren für sicheren zugang zu einem entfernten server |
Country Status (4)
Country | Link |
---|---|
US (1) | US9185110B2 (de) |
EP (1) | EP2441228A1 (de) |
FR (1) | FR2946822B1 (de) |
WO (1) | WO2010142740A1 (de) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106713509A (zh) * | 2017-02-27 | 2017-05-24 | 武汉芯光云信息技术有限责任公司 | 基于aoc光纤的arm云终端系统 |
FR3076012B1 (fr) * | 2017-12-21 | 2020-01-10 | Thales | Procede de securisation d'un protocole usb par authentification d'un peripherique usb par un appareil et par chiffrement des echanges entre le peripherique et l'appareil et dispositifs associes |
FR3090945B1 (fr) * | 2018-12-24 | 2021-07-09 | Blade | Procédé de raccordement d’un périphérique distant à un réseau local virtuel |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8955083B2 (en) * | 2006-12-19 | 2015-02-10 | Telecom Italia S.P.A. | Method and arrangement for secure user authentication based on a biometric data detection device |
-
2009
- 2009-06-11 FR FR0953907A patent/FR2946822B1/fr active Active
-
2010
- 2010-06-09 WO PCT/EP2010/058108 patent/WO2010142740A1/fr active Application Filing
- 2010-06-09 US US13/376,916 patent/US9185110B2/en active Active
- 2010-06-09 EP EP10725090A patent/EP2441228A1/de not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
See references of WO2010142740A1 * |
Also Published As
Publication number | Publication date |
---|---|
FR2946822A1 (fr) | 2010-12-17 |
US20120084849A1 (en) | 2012-04-05 |
FR2946822B1 (fr) | 2011-08-12 |
US9185110B2 (en) | 2015-11-10 |
WO2010142740A1 (fr) | 2010-12-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9961103B2 (en) | Intercepting, decrypting and inspecting traffic over an encrypted channel | |
EP2619941B1 (de) | Verfahren, server und system zur authentifizierung einer person | |
WO2008145558A2 (fr) | Procede de securisation d'echange d'information, dispositif, et produit programme d'ordinateur correspondant | |
EP2567502A2 (de) | Verfahren zur authentifizierung eines benutzers bei der anfrage einer transaktion mit einem dienstanbieter | |
EP2614458B1 (de) | Authentifizierungsverfahren zum zugang auf eine webseite | |
EP1095491B1 (de) | Verfahren, server und vorrichtung zur sicherung eines computerkommunikationsnetzes | |
RU2635276C1 (ru) | Безопасная аутентификация по логину и паролю в сети Интернет с использованием дополнительной двухфакторной аутентификации | |
WO2007115982A2 (fr) | Procede de protection d'identite, dispositifs, et produit programme d'ordinateur correspondants | |
EP3375133B1 (de) | Verfahren zur sicherung und authentifizierung einer telekommunikation | |
EP2912594A1 (de) | Verfahren zur bereitstellung eines gesicherten dienstes | |
Tally et al. | Anti-phishing: Best practices for institutions and consumers | |
WO2010142740A1 (fr) | Dispositif et procédé d'accès sécurisé à un service distant | |
EP3549330B1 (de) | Verfahren und system zur durchführung einer sensiblen operation im laufe einer kommunikationssession | |
US20160036792A1 (en) | Systems, apparatus, and methods for private communication | |
WO2012156365A1 (fr) | Procede de securisation d'une platforme d'authentification, dispositifs materiels et logiciels correspondants | |
Jotwani et al. | An analysis of E-Commerce security threats and its related effective measures | |
WO2006134072A1 (fr) | Procede de protection contre le piratage d'un terminal client utilisant une connexion securisee avec un serveur sur un reseau public | |
EP1966974B1 (de) | Sicheres system zum eingeben und verarbeiten von authentifikationsdaten | |
EP4105798A1 (de) | Authentifizierungsverfahren, vorrichtung und entsprechendes programm | |
WO2012107369A1 (fr) | Procede et dispositif de connexion a un service distant depuis un dispositif hote | |
EP3503500A1 (de) | Verfahren zum erzeugen einer elektronischen fernsignatur mithilfe eines fido-protokolls | |
Wu | Control E-commerce security | |
WO2005034009A2 (fr) | Procede et systeme pour securiser les acces d'un utilisateur a un reseau de communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20111230 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20121019 |