EP2441228A1 - Vorrichtung und verfahren für sicheren zugang zu einem entfernten server - Google Patents

Vorrichtung und verfahren für sicheren zugang zu einem entfernten server

Info

Publication number
EP2441228A1
EP2441228A1 EP10725090A EP10725090A EP2441228A1 EP 2441228 A1 EP2441228 A1 EP 2441228A1 EP 10725090 A EP10725090 A EP 10725090A EP 10725090 A EP10725090 A EP 10725090A EP 2441228 A1 EP2441228 A1 EP 2441228A1
Authority
EP
European Patent Office
Prior art keywords
user
service
terminal
server
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP10725090A
Other languages
English (en)
French (fr)
Inventor
François LECOCQ
Cyrille Pepin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Idemia Identity and Security France SAS
Original Assignee
Morpho SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Morpho SA filed Critical Morpho SA
Publication of EP2441228A1 publication Critical patent/EP2441228A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Definitions

  • the present invention relates to the field of computer security and more specifically the field of protection of confidential personal information allowing encrypted access to a remote service.
  • Fig. 1 illustrates the architecture of the network.
  • the user typically uses a terminal 1.1 such as a personal computer or any similar device such as a personal assistant or a smartphone.
  • This terminal is connected to an information exchange network 1.2, typically the Internet network.
  • an information exchange network 1.2 typically the Internet network.
  • On this network are also connected 1.3 servers hosting remote services. The user can therefore access from his terminal to the services hosted on the servers 1.3 via the information exchange network 1.2.
  • Many of these services deal with confidential information and it is important to secure access to these services.
  • This securing generally involves providing the user with secret connection information that he must produce to establish the connection to the service. Typically this is an associated username and password. Upon login, the user is asked to enter this name and password which are used to authenticate and establish an encrypted connection to ensure the confidentiality of information exchanges between the user and the user. user and the remote service. It is common to secure these exchanges of connection information to prevent them from being stolen during transport between the terminal and the server. This security is typically done by creating an encrypted connection or an encrypted tunnel between the terminal and the server. This encrypted connection or tunnel can, for example, be created using the SSL protocol (Secure Socket Rent), or its successor TLS (Transport Layer Security in English). Fig. 2 illustrates the use of these techniques.
  • the terminal sends a connection request 2.1, generally using its Internet browser to the server hosting the service.
  • This request is not encrypted. It is interpreted by the server during a step 2.2 which responds with the message 2.3 comprising a public key corresponding to the certificate identifying the server or service.
  • the terminal determines a pseudo-random symmetric key in a step 2.4. It encrypts it using the public key of the server received in the message 2.3 and sends it to the server in the message 2.5. Only the server is able to decrypt this symmetric key using its private key associated with its public key. It performs this decryption during step 2.6. At this time, the terminal and the server share the same secret key, the symmetric key, and are therefore able to establish an encrypted connection 2.7 using this shared key.
  • This encrypted connection then allows the exchange of information between the terminal and the server in a secure manner.
  • All data exchanged are encrypted using the shared secret key and can only be decrypted by both ends of the encrypted connection, the terminal and the server, which share the same secret. It can be seen that this method makes it possible to secure exchanges between the terminal and the server.
  • the data exchanged are manipulated in clear by the server and the terminal. It is assumed a priori that the server is safe because of management by professionals.
  • the security of the terminal poses a problem. Indeed, users are rarely aware of techniques to ensure the security of an information processing station. Moreover, it is extremely difficult to obtain from them a strict respect of safety rules.
  • the invention aims to solve the above problems by providing a device and a method for securing the confidential information of the user and their exchanges securely with the servers hosting the services. It is based on the personalization of a smart card containing this information.
  • This smart card connected to the user's terminal, has connection means allowing it to appear as an autonomous host of the user's local network.
  • An encrypted connection is then established directly between the smart card and the server hosting the service for the transmission of confidential data.
  • This data, stored on the smart card is then exchanged with the server by this encrypted connection. They are never accessible in clear on the terminal of the user.
  • the invention relates to a device for secure access to a remote service comprising a smart card; means for connecting the smart card to a user terminal connected to a communication network; communication means with the user terminal to which the device is connected; communication means with a server hosting the remote service, said server being connected to the communication network, said communication means establishing the communication via the user terminal to which the device is connected; means for storing the address of said server hosting the remote service and means of authentication with this server; means for establishing an encrypted connection between the device and the server hosting the remote service using said connection identifiers and means for relaying the traffic between the user terminal and the server via said encrypted connection.
  • it further comprises means for authenticating the user.
  • the authentication means are biometric means.
  • the device further comprises means for storing a list of accessible services and means for offering a choice from this list.
  • the device further comprises means for storing a client software allowing access to the secure service when it is executed on the user terminal.
  • the invention also relates to a remote service connection method which comprises a step of establishing an encrypted connection between a device comprising a smart card and a remote server hosting a secure service, said device being connected to a user terminal. itself connected to a communication network, said remote server being accessible via the communication network, the encrypted connection being established by routing the communication by the user terminal, said encrypted connection being established using connection identifiers stored on said device and a step of using the service from the user terminal, the traffic between the terminal and the remote server being relayed by said device by said encrypted connection.
  • the device storing a list of accessible services with the corresponding identifiers
  • the method further comprises a step of proposing the list of services to the user and a step of choosing the service with which establish the encrypted connection.
  • the method comprises a prior step of authenticating the user.
  • the method comprises a prior step of loading remote service access software from the device on the user terminal.
  • Fig. 2 illustrates an example of connection to a secure service according to the prior art
  • Fig. 3 illustrates the principle architecture of an exemplary embodiment of the invention
  • Fig. 4 illustrates the protocol architecture of an exemplary embodiment of the invention
  • Fig. 5 illustrates the process of using a secure service according to an exemplary embodiment of the invention.
  • the weak point from the point of view of security is the terminal of the user. Indeed, the user is rarely aware of the security rules to guard against contamination of the post by malware. In particular, it is not uncommon for the user terminal to be invaded by software such as computer viruses or spyware. Some of these malware, once operational on the terminal, are able to spy on the actions of the user and take note of the potentially confidential information of the latter.
  • Sensitive confidential information may include information enabling the user to connect to secure remote services such as his bank's website, e-commerce sites, and others. Once in possession of this sensitive data, these malicious software may use the network connection of the post to send this sensitive information to third parties who may use it fraudulently.
  • Fig. 3 illustrates the architecture of an exemplary embodiment of the invention.
  • the client terminal 3.1 has a first network interface 3.2 allowing the connection of the terminal to the Internet network 3.5. On this network are available servers hosting services. One of these servers 3.6 is shown connected to the network 3.5.
  • the device according to the invention 3.4 is connected to the terminal 3.1 by a second network interface 3.3. This second network interface is based in the exemplary embodiment of the invention on a USB serial physical interface.
  • the arrows 3.7 and 3.8 represent the data flows when using the device for a connection of the user to a secure service.
  • the arrow 3.7 between the device 3.4 and the server 3.6 illustrates the encrypted connection that is established between these two elements.
  • This encrypted connection is relayed by the terminal which then functions as a simple network router.
  • the transferred data is protected against any attack by any malicious software on the terminal 3.1 by the encryption used to establish the encrypted connection.
  • the terminal therefore has no means of access to these data although they transit through it.
  • the arrow 3.8 represents in fact two different data streams passing between the terminal and the device 3.4.
  • the user may be required to authenticate with the device to prevent fraudulent use. It must also, at least when the device hosts multiple services, select the service that it wants to access for the device to initiate the connection to this service. Confidential data for this connection may include login name and password pairs, digital encryption certificates, and any other information that may be required depending on the implementation of the service.
  • a software module present on the device then establishes the encrypted connection with the server 3.6. Once this encrypted connection is established, the user can use the service from the terminal 3.1. This use is done by interaction, arrow 3.8, with a software module on the device for relaying information between the server and the user via the encrypted connection 3.7.
  • the device is content with a relay (proxy in English) at the transport layer of the network, in this case TCP / IP (Transmission Control Protocol I Internet Protocol in English defined by RFC 791 and 793).
  • TCP / IP Transmission Control Protocol I Internet Protocol in English defined by RFC 791 and 793.
  • the client-server model is implemented between a client hosted on the terminal, for example an HTTP client (HyperText Transfer Protocol defined by RFC 2616) or browser and the device.
  • HTTP client HyperText Transfer Protocol defined by RFC 2616
  • This same model is also implemented between the device that hosts the client and the remote service that the user wants to access.
  • the exemplary embodiment of the invention is based on the use of a smart card inserted in a smart card reader connected in USB to the client terminal.
  • a first adaptation aims to allow TCP / IP communication over the USB connection.
  • the choice fell on the use of the protocol RNDIS (Remonte Network Driver Interface Specification developed by Microsoft).
  • RNDIS Redmonte Network Driver Interface Specification developed by Microsoft.
  • This is a specification for network devices running on a bus such as USB.
  • This choice makes it possible to be compatible without requiring parameterization or to add a particular software with a wide selection of user terminal operating systems such as Windows Vista, Apple Mac OS X or Linux, which integrate into their distribution. by default the management of RNDIS.
  • Windows XP it is simply necessary to add a ".inf" file of a few kilobytes. This choice therefore allows the simple use of the device according to the invention with most user terminals available on the market.
  • Those skilled in the art understand that other choices can be made on this point, more particularly if the invention is made with a connection other than USB between the device and the terminal.
  • TCP / IP communication stack it is also necessary to add a TCP / IP communication stack to the operating system of the smart card which is generally without it.
  • the choice here was focused on the TCP / IP stack implemented in the free operating system Contiki (http://www.sics.se/contiki/).
  • This system is a lightweight, multitasking, highly portable operating system that contains a TCP / IP stack that is particularly suitable for porting to a smart card due to its low resource requirements and small size.
  • this stack is made even more compact by deactivating all functions not strictly necessary for its operation. Thanks to the implementation of these two technologies, the smart card within its USB drive acquires the status of TCP / IP network host in its own right. All that is required is for the user's terminal to be configured in relay mode to share its network connection so that the device has network access via this intermediary.
  • the creation of the encrypted connection between the device and the server hosting the service requires an encryption software layer.
  • Various solutions can be used to establish the encrypted connection such as IPsec, a set of protocols to secure data transport over the IP protocol, PPTP (Point to Point Tunneling Protocol), SSL (Secure Socket Rent) or still its evolution TLS (Transport Loyer Security in English).
  • IPsec IP Security
  • PPTP Point to Point Tunneling Protocol
  • SSL Secure Socket Rent
  • TLS Transaction Loyer Security in English
  • TLS Transaction Loyer Security in English
  • TLS Transaction Loyer Security in English
  • Fig. 4 illustrates the protocol layers involved in the implementation of the embodiment of the invention.
  • the user terminal 4.1 the device according to the invention 4.4 and the server hosting the secure service 4.6.
  • the user terminal 4.1 and the device 4.4 have a USB connection over which the RNDIS protocol is ported to allow IP communication.
  • the TCP transport layer is conventionally used to implement reliable sessions.
  • the transferred data is secured by encryption by the TLS layer which is an evolution of SSL. It is this layer that allows the encryption and therefore the creation of the encrypted communication connection.
  • the application layer is based in the exemplary embodiment on a WEB environment and therefore on the HTTP transport protocol (HyperText Transfer Protocol in English defined by RFC 2616).
  • the user terminal 4.1 has a second network interface, typically based on Ethernet, but other interfaces such as a Wi-Fi wireless interface can also be used, which allows it to communicate with the server 4.6.
  • This server 4.6 also has the IP / TCP / TLS / HTTP layers already mentioned, typically over an Ethernet interface.
  • Arrow 4.8 represents the traffic between the user terminal 4.1 and the device 4.4. Typically, this traffic corresponds to an authentication phase of the user with the device, the choice of the service and the traffic relating to the chosen service that the device refers to the terminal for use by the user.
  • Arrow 4.7 for its part, represents the encrypted connection between the device 4.4 and the server 4.6. This encrypted connection goes through the terminal operating as a network router at the IP layer.
  • Fig. 5 illustrates an example of use of the invention.
  • the device connects to the terminal.
  • the user must authenticate with the device.
  • the safest is to provide the device with a biometric sensor for identification, for example by a fingerprint recognition device executed on the device (Match On Card or MOC).
  • MOC fingerprint recognition device executed on the device
  • password authentication can be done.
  • the user opens a web browser for example on the terminal and connects to the device.
  • the device has an embedded WEB server which proposes an authentication page.
  • the traffic between the terminal and the device 3.8, 4.8 is also protected by encryption. This limits the risk of malware attacks on the device.
  • the device advantageously allows it to select one of the accessible services offered during a step 5.3. This step is optional, the device being configurable to only provide access to a particular service. This step can be implemented via a WEB page transmitted by HTTP to the terminal. The user can then select the desired service during a step 5.4 of choice of the service.
  • the device establishes the encrypted connection with the server hosting the chosen service in a step 5.5. This encrypted connection is performed by the TLS security layer in the exemplary embodiment.
  • the device has the service address and authentication means to the server, for example the identifiers required for connection to the server or service.
  • This confidential data is entered in the card during a prior stage of personalization thereof. They benefit from the protection techniques against both software and hardware attacks intrinsic to smart cards.
  • This preliminary programming of the card can be done using a dedicated software on the terminal.
  • this personalization step is made before the distribution of the card to the user, for example by a service provider who can be the manager of one of the secure services, for example a banking establishment.
  • These parameters typically consist of a list of accessible services and for each service are available the service address and login credentials, preferably a digital encryption certificate.
  • the device then functions as a relay (proxy in English) for HTTP traffic between the user terminal and the service.
  • the user can use the service, during a step 5.6, using his web browser as if he were directly connected to the server via his terminal.
  • HTTP traffic is directed to the device that relays it to the server through the encrypted connection.
  • the traffic goes back to the terminal, but encrypted, the terminal functioning as a simple IP router.
  • the device closes the encrypted connection in step 5.7. If a connection, for example encrypted, was established between the terminal and the device, this connection is also closed in step 5.8.
  • it is possible to further increase the security of the system by allowing the connection to the device only from a client software provided by the system and not from the web browser of the terminal.
  • This client software can be a web browser, but can also be a client based on a different protocol possibly developed for the occasion.
  • this client is stored securely and can not be modified without authorization on the card within a storage space.
  • This storage space can then be seen from the terminal as a removable storage device visible from the terminal when the device is connected.
  • This software allows access to the secure service when it is run on the user terminal.
  • the use of the device then comprises a preliminary step of loading this access software from the device on the user terminal. This avoids manipulation and / or espionage exchanges by modification of the client software.
  • the user can connect to a secure service without at any time, the service address or login credentials are present in clear on the terminal. Eventually, this information is never even brought to the attention of the user who is provided with a personalized card ready to use.

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
EP10725090A 2009-06-11 2010-06-09 Vorrichtung und verfahren für sicheren zugang zu einem entfernten server Withdrawn EP2441228A1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0953907A FR2946822B1 (fr) 2009-06-11 2009-06-11 Dispositif et procede d'acces securise a un service distant.
PCT/EP2010/058108 WO2010142740A1 (fr) 2009-06-11 2010-06-09 Dispositif et procédé d'accès sécurisé à un service distant

Publications (1)

Publication Number Publication Date
EP2441228A1 true EP2441228A1 (de) 2012-04-18

Family

ID=42125944

Family Applications (1)

Application Number Title Priority Date Filing Date
EP10725090A Withdrawn EP2441228A1 (de) 2009-06-11 2010-06-09 Vorrichtung und verfahren für sicheren zugang zu einem entfernten server

Country Status (4)

Country Link
US (1) US9185110B2 (de)
EP (1) EP2441228A1 (de)
FR (1) FR2946822B1 (de)
WO (1) WO2010142740A1 (de)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106713509A (zh) * 2017-02-27 2017-05-24 武汉芯光云信息技术有限责任公司 基于aoc光纤的arm云终端系统
FR3076012B1 (fr) * 2017-12-21 2020-01-10 Thales Procede de securisation d'un protocole usb par authentification d'un peripherique usb par un appareil et par chiffrement des echanges entre le peripherique et l'appareil et dispositifs associes
FR3090945B1 (fr) * 2018-12-24 2021-07-09 Blade Procédé de raccordement d’un périphérique distant à un réseau local virtuel

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8955083B2 (en) * 2006-12-19 2015-02-10 Telecom Italia S.P.A. Method and arrangement for secure user authentication based on a biometric data detection device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2010142740A1 *

Also Published As

Publication number Publication date
FR2946822A1 (fr) 2010-12-17
US20120084849A1 (en) 2012-04-05
FR2946822B1 (fr) 2011-08-12
US9185110B2 (en) 2015-11-10
WO2010142740A1 (fr) 2010-12-16

Similar Documents

Publication Publication Date Title
US9961103B2 (en) Intercepting, decrypting and inspecting traffic over an encrypted channel
EP2619941B1 (de) Verfahren, server und system zur authentifizierung einer person
WO2008145558A2 (fr) Procede de securisation d'echange d'information, dispositif, et produit programme d'ordinateur correspondant
EP2567502A2 (de) Verfahren zur authentifizierung eines benutzers bei der anfrage einer transaktion mit einem dienstanbieter
EP2614458B1 (de) Authentifizierungsverfahren zum zugang auf eine webseite
EP1095491B1 (de) Verfahren, server und vorrichtung zur sicherung eines computerkommunikationsnetzes
RU2635276C1 (ru) Безопасная аутентификация по логину и паролю в сети Интернет с использованием дополнительной двухфакторной аутентификации
WO2007115982A2 (fr) Procede de protection d'identite, dispositifs, et produit programme d'ordinateur correspondants
EP3375133B1 (de) Verfahren zur sicherung und authentifizierung einer telekommunikation
EP2912594A1 (de) Verfahren zur bereitstellung eines gesicherten dienstes
Tally et al. Anti-phishing: Best practices for institutions and consumers
WO2010142740A1 (fr) Dispositif et procédé d'accès sécurisé à un service distant
EP3549330B1 (de) Verfahren und system zur durchführung einer sensiblen operation im laufe einer kommunikationssession
US20160036792A1 (en) Systems, apparatus, and methods for private communication
WO2012156365A1 (fr) Procede de securisation d'une platforme d'authentification, dispositifs materiels et logiciels correspondants
Jotwani et al. An analysis of E-Commerce security threats and its related effective measures
WO2006134072A1 (fr) Procede de protection contre le piratage d'un terminal client utilisant une connexion securisee avec un serveur sur un reseau public
EP1966974B1 (de) Sicheres system zum eingeben und verarbeiten von authentifikationsdaten
EP4105798A1 (de) Authentifizierungsverfahren, vorrichtung und entsprechendes programm
WO2012107369A1 (fr) Procede et dispositif de connexion a un service distant depuis un dispositif hote
EP3503500A1 (de) Verfahren zum erzeugen einer elektronischen fernsignatur mithilfe eines fido-protokolls
Wu Control E-commerce security
WO2005034009A2 (fr) Procede et systeme pour securiser les acces d'un utilisateur a un reseau de communication

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20111230

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20121019