FR2888958A1 - Application e.g. electronic mail, executing method, involves executing secure application during verification of signature value with correct value, and inhibiting execution of application during absence of verification - Google Patents

Abstract

The method involves downloading an application using an insecure downloading program of an insecure computer, where the application accompanies a signature value established by a trusted entity. A signature value verification program is executed from a storage medium. The secure application is executed using the insecure computer during the verification of the signature value with a correct value. The execution of the application is inhibited during the absence of the verification of signature value with the correct value. Independent claims are also included for the following: (1) a system for executing an application on an insecure computer (2) a computer program product stored on a storage medium for execution by a computer for verifying a signature (3) a computer program product stored on a storage medium for execution by a computer for downloading applications (4) a computer program product stored on a storage medium for execution by a computer for verifying the validity of an authentication certificate.

Description

COMPUTER PROGRAM PROCESS, SYSTEM AND PRODUCT

The present invention relates to the implementation of a method, a system and computer program products for the execution of secure computer programs. , on unsecured computers or terminals.

At the present time, a computer, due to the unlimited multiplication of data exchanges, can be considered as insecure when it may have been infested by a computer virus, invaded by one or more malicious programs. , substituted for example with traditional programs. Such a machine, which is not secure, can make it possible, for example, to recover the passwords that a user enters to access network services, or even to record the data consulted, even with a security protocol, such as the SSL protocol for Secure Sockets Layer protocol in English, or IPsec defined by the IP security association, is implemented.

This problem is particularly serious for users who connect to the WEB from self-service computers or terminals, such as in a cyber-café for example. The users, in this situation, do not have any guarantee as to the seriousness of the implementation of the administration of the machines, the execution and the update of an anti-virus software, of a firewall, management of write rights left to users who are not validly identified.

In the event that the aforementioned user is a professional who connects to his company network (Intranet), the latter may even fear that hacking means have been implemented on this type of computer for the purpose of industrial espionage or economic intelligence.

Current techniques for the execution of secure computer programs aim above all to secure and make the execution by the machine more reliable.

The Java language, for example, makes it possible to run programs downloaded from the Internet in another program, called a virtual machine, or VM.

The latter constantly monitors the instructions executed by the Java program, thus ensuring that the latter is harmless to the host computer and its data.

The Java environment also implements a program signing mechanism, "applets" in English, which allows the WEB browser to ensure, before executing them, that these programs have been broadcast by a trustworthy authority. The aforementioned mechanism is based on a conventional system of signature by asymmetric cryptography, such as RSA or the like. Trusted authorities are registered by name in the certificate store.

However, the aforementioned approach solves the opposite problem to that which the present invention proposes to solve. Indeed, the Java environment starts from the a priori assumption that the host computer and the virtual machine are reliable and that the downloaded program is doubtful.

The Windows operating system also implements a system for checking the origin of programs during their installation, similar to that of the Java environment. But by assumption, when the machine and its operating system are corrupted and can no longer be trusted, the check performed is of no value to the user.

A different approach has been proposed by the Trusted Computing Group, which allows incremental control of the programs launched by a machine as soon as it is started.

Such an approach allows the administrator of the machine more to ensure that the user will not be able to introduce harmful or pirated programs on this machine, than the end user to have confidence in the machine that he does. uses, as in a safe machine.

Indeed, in the example cited above, in a cyber café, the dishonest owner is able to knowingly replace all web browsers with fake ones, containing malicious sub-programs, have them validated by the Trusted Computing Group, and record all HTML pages viewed, without the knowledge of its customers.

The object of the present invention is to solve the problem of the execution of a secure program by an insecure machine, which, to the knowledge of the inventors, has no known solution to date.

Such a finding appears due to the fact that, in the past, users, or their company, owned the computers they used, which, of course, allowed them to ensure much more control and monitoring of these machines. strict.

Today, on the contrary, mobile users need to log in from cyber cafes or from borrowing machines, which makes the problem of the lack of security of the execution of safe programs by machines. particularly acute unsafe and dangerous for nomadic services offered to companies in particular.

The object of the present invention is to solve the aforementioned technical problem by reducing to a minimum the contribution of an insecure computer to the security of the execution of programs or applications verified and considered to be secure, due to this verification.

In particular, the object of the present invention is to distribute the initiative and the control of the value of the security parameters of any application or secure program between the requesting user and a trusted entity, the execution as such of the procedures. security and application to the secure program, however, being vested in an insecure computer or terminal, which is then not able to unlawfully interfere with the execution of this secure application or program.

The method of safe execution of an application by an insecure terminal, object of the present invention, is remarkable in that it consists at least in downloading this application by means of a download program for this insecure terminal, this application being accompanied by a signature value established by a trusted entity, execute, from a secure removable memory medium, a program for verifying this signature value. On verifying this signature value to be true, the application coming from a secure file, the secure application is executed via the non-secure terminal. Otherwise, if this signature value is not verified as true, the execution of this application, resulting from an insecure file, is inhibited.

The subject of the invention is also a system for executing an application on an insecure terminal, remarkable in that it comprises at least one application server and their signature established by a trusted entity, a removable memory. secure associated with this insecure computer, this secure removable memory comprising at least one program for verifying the signature of this application.

The method and the system which are the subject of the invention find application in securing and making more reliable transactions or network data exchanges executed from unsafe terminals or workstations.

They will be better understood on reading the description and on observing the drawings below in which: FIG. 1 represents, by way of illustration, a flowchart of the essential steps for implementing the method of executing programs d secure computer or applications, on an insecure computer or terminal; FIG. 2a represents, by way of illustration, a variant implementation of the step of downloading an application or a program signed at the initiative of a user; FIG. 2b represents, by way of illustration, a preferred variant of implementation of the downloading step illustrated in FIG. 2a; FIG. 2c represents, by way of illustration, an alternative embodiment of the signature verification step illustrated in FIG. 1; FIG. 3 represents, by way of illustration, in the form of a functional diagram, a system for executing applications or programs by an unsafe computer or terminal, in accordance with the subject of the present invention.

A more detailed description of the method of safe execution of an application by an insecure computer or terminal, in accordance with the object of the present invention, will now be given in conjunction with FIG. 1. In the present description, the notion of terminal or unsafe computer is used interchangeably.

As regards the actual implementation of the method which is the subject of the invention, it is indicated that the non-secure computer may consist of any computer terminal on which the user concerned wishes to execute secure programs.

In particular, it is considered that the aforementioned insecure computer or terminal is: configured with programs without guarantee of security for the user; connected to a network, for example to the Internet network and is equipped with programs or software for downloading ftp, http or other files; - able to receive a removable memory element such as a memory on a USB port for Universal Serial Bus in English, a floppy disk, an optical disc or active or passive RFID tag but that however these memory media are not suitable for storage of the applications that the user wishes to be able to execute for one of the following reasons, for example: these memories are of insufficient size to receive all the safe programs that the user wants to be able to execute; these memories are too slow for the user to be able to load them each time they are used on the computer terminal; the applications that the user wants to be able to execute are not known in advance or are liable to change between their deposit on these memories and their execution.

It is indicated, in particular, that the downloading of a file on a terminal concerns: either the downloading of executable files, that is to say of applications; or the downloading of signed applications making it possible to open the application in question, such as a word processor, Internet browser or others.

With reference to FIG. 1, it is indicated that the method which is the subject of the invention consists at least, in a step A, in downloading the application by means of an unsafe download program, installed on the unsafe computer, for example. The application is accompanied by a signature value established by a trusted entity, this signed application being denoted F; _s, F denoting the corresponding file, support for this application, i denoting a reference or name of this application and S denoting the signature value established by the trusted entity having established the signature value of the application in question.

The unsafe computer is noted CNS and meets the presupposition previously

indicated in the description.

Step A is then followed by step B consisting in executing from a secure removable memory medium, denoted M, comprising a signature verification program and, via the non-secure computer or terminal CNS, a verification of the aforementioned signature value.

Following step B, on checking the signature value to be true, this operation being symbolized by the relation: Sig = true? the application then originates from a secure file Fi, in a step D, the aforementioned application Fi is executed by means of the non-secure computer or terminal.

On the contrary, in negative response to the test C of FIG. 1, on absence of verification of the signature value at the true value, the application comes from an insecure file and one proceeds in one step E in one. inhibition of the execution of this application through the unsafe computer or terminal. The inhibition operation is noted as Stop.

For the implementation of the test of step C, it is indicated that the signed file Fi_s composed of the file itself Fi and the signature value Sig, can be verified from any signature verification operation, dual operation of the signing operation. These operations can be executed from the RSA algorithm for example, or from any appropriate algorithm known from the state of the art, from a private key for the signing operation and from a public key associated with this private key for the signature verification operation.

A more detailed description of the operation consisting in step A in downloading the application will now be given in conjunction with FIG. 2a.

In the mode of implementation of the method which is the subject of the invention, as illustrated in FIG. 2a, the operation consisting in downloading the application can comprise at least, in order to implement step A of FIG. 2a, a sub-step Ao for inserting the removable memory medium M, which is denoted M (mo, mi), into the unsafe computer or terminal CNS. The removable memory medium is deemed to include not only the signature verification program ml, but also a program module Mo for a download call for the application in question.

The operation of inserting the removable memory medium is then followed by a sub-step A1 of launching a call to download the application, from the removable memory medium M (mo, mi) to the computer not sure CNS.

A more detailed description of a preferred implementation of the downloading operation A of FIG. 1 will now be given in conjunction with FIG. 2b.

With reference to FIG. 2b, it is indicated that the aforementioned downloading step can advantageously comprise the sub-steps Ao and A1 as illustrated in FIG. 2a and for this reason represented in dotted lines in FIG. 2b.

In addition, the operation consisting in downloading the application in question comprises a sub-step A2 of downloading the signature value Sig accompanied by an authentication certificate denoted Cert (Cpub), this authentication certificate being able advantageously to contain the public key denoted Cpub associated with the private key Cpriv, from which the signature value Sig was calculated.

Taking into account the operations carried out in the sub-step A2, the signed application is denoted F, _s = (Fi, Sig, Cert (Cpub)) The sub-step A2 can then be followed by a sub-step A3 prior to performing any verification of the signature value Sig and consisting in verifying the validity of the Cert authentication certificate (Cpub).

This operation can be carried out using a conventional type authentication certificate verification protocol, in particular when the authentication certificate is established using the X 509 protocol for example. This verification operation will not be described in detail because it is known from the state of the art.

The authentication certificate verification sub-step A3 comprises a test sub-step A4 consisting for example in verifying the authentication certificate for the true value, this operation being noted: Cert (Cpub)) = true? On a negative response to the test of sub-step A4, that is to say in the absence of verification of the true value of the authentication certificate, the method which is the subject of the invention is then stopped at sub-step A6.

On the contrary, on a positive response to sub-step A4, the authentication certificate having been verified for the true value, a sub-step A5 is called, which consists in carrying out an extraction of the value of the public key Cpub. This public key could have been passed as a parameter with and / or in the authentication certificate.

Sub-steps Ao to A6 of FIG. 2b, in fact constituting step A of FIG. 1, can then be followed by step B of verifying the signature value Sig under the conditions which will now be described in conjunction with figure 2c.

As mentioned previously in the description, the aforementioned signature value Sig has been established by the trusted entity by means of a private key Cpriv, which by definition is kept secret.

For the implementation of the signature verification step B of FIG. 1 and with reference to FIG. 2c, we then have the signed application F; _s verifying the relation: F; _s = (Fi, Sig ( F ;, Cpriv)) By the preceding relation, it is indicated that the aforementioned signature value was obtained from a signature algorithm, as mentioned previously in the description and from the private key Cpriv. This signature value is then specific to the file F; support of the considered application that the user wishes to run.

Thus, at the level of the mass memory of the computer or non-secure terminal, for example, the signed file Fi_s mentioned above is available.

Also available in the removable memory medium is a verification program m1 and at least one public key Cpub associated with the private key Cpriv with which the previous signature value was established by the trusted entity.

Under these conditions, the elements available in the removable memory medium M in step B1 of FIG. 2c, are then loaded into the computer or non-secure terminal in sub-step B2 of FIG. 2c in order to perform the verification of the signature value in the sub-step B3 represented in the aforementioned FIG. 2c.

Of course, the signature verification operation is then executed by the insecure computer CNS, this operation being represented by the relation: verif (Fi, Sig (Fi, Cpriv), Cpub) It is of course understood that at sub-step B3 of FIG. 2c, with reference to the symbolic relationship indicated above, the verification of the signature value established by the trusted entity with the private key Cpriv on the file Fi support of the application desired by the user, via the public key Cpub.

As regards the implementation of the method which is the subject of the invention, it is indicated that the latter can be implemented from at least one public key, which can then be either stored directly in the removable memory medium. secure M, or on the contrary downloaded via the authentication certificate, then recovered after checking the authenticity of the aforementioned authentication certificate.

Of course, the method that is the subject of the present invention can be implemented from a plurality of public keys and, in a nonlimiting manner, from a root public key stored in the removable memory medium for example and from Diversified public keys associated on the one hand with the private key Cpriv and on the other hand with the root public key, each diversified public key being able to be associated with an application or file Fi supporting this specific application. The combination of the root public key and a diversified key makes it possible to generate a relevant public key associated with the private key Cpriv with which the trusted entity established the signature value of the application or its support file Fi.

A more detailed description of an application execution system on an insecure computer, in accordance with the object of the present invention, will now be given in connection with FIG. 3.

As shown in the aforementioned figure, the system which is the subject of the invention comprises for example a trusted entity ensuring the establishment of the application signature values by signing the latter with the private key Cpriv with which the public key Cpub is associated. above. The trusted entity PUB distributes the signed applications Fi_s by placing the latter for example on a server S directly accessible via a network connection, such as the Internet network for example.

Of course, the server S is accessible by any terminal and in particular by any non-secure computer CNS, by simple connection to a remote network.

The insecure computer CNS is connected to the network and satisfies the presupposition previously mentioned in the description.

Finally, the removable memory medium M comprises a signature verification program, the program module mi, and at least one public key Cpub, associated with the private key Cpriv with which the signature value of the signed file Fi_s has been established.

In operation, after inserting the removable memory medium M into the insecure CNS computer, the signature verification program mi and the public key Cpub associated with the latter are loaded into the insecure computer CNS to perform the operation for verifying the signature value, as described previously in the description, in accordance with the method which is the subject of the present invention described in conjunction with FIG. 2c.

As also described previously in the description, the public key Cpub may not be present in the removable memory M ab initio, but transmitted by downloading with an authentication certificate for example.

As further shown in FIG. 3, the safe removable memory M furthermore comprises a program or a program module for downloading the safe application, this module being denoted mo in FIG. 3 above.

Preferably, the secure removable memory M can be formed by an external hard disk, a write-protected USB dongle, by an optical disk or by an active or passive RFID tag for example, these elements being able to be easily inserted into the computer or CNS unsafe terminal.

With reference to the various elements likely to constitute the safe removable memory mentioned above, it is indicated that the reliability of this removable memory results on the one hand from the storage media used, non-rewritable optical disc for example, write-protected USB dongle or disk protected external hard drive, and, on the other hand, the ownership of this secure removable memory reserved for the user of the application that the latter wishes to run on the insecure CNS computer.

In addition, it is indicated that the signature verification program, module mi shown in Figure 3, respectively the application download call program, module mo shown in the aforementioned figure, allows either the direct download of the application F; accompanied by the signed value of this Sig application, ie downloading into the mass memory of the non-secure computer CNS, then loading from the mass memory for example.

In the event that the file F; is a file containing the executable code of a program or of the application in question, the user can then launch the execution of the latter.

Thus, the signature verification program module ml can itself, in a first step, fetch the application signed F; _S on the server S. The aforementioned program module ml can then store in memory on the hard disk of the computer. 'computer or even on the removable memory M, the previously mentioned signed application if the memory space is sufficient and launch the corresponding signature verification. The aforementioned variant has the advantage of automating the start of the execution of the application Fi, but has the drawback of requiring a larger storage memory M.

When the size of the application F, is less than the memory size of the removable memory M, it can then be considered to store the signed file directly on the aforementioned removable memory M.

However, the method which is the subject of the invention and the system allowing the implementation of the latter, make it possible to use only a fixed storage volume and to reduce the memory size required of the removable memory M to the size of the program. plus the size of the public key Cpub for example. Any available memory area of the removable memory M then allows the user to store personal data for example. It is also possible to check as many downloadable programs from the server S as desired, which generally does not allow direct storage of the aforementioned programs on the removable memory M. When, as mentioned previously in the description, the public key Cpub is sent to the user's removable memory M at the same time as the signed file F, _s, this public key being contained in an authentication certificate of the X509 type for example, then the authentication certificate is issued by a trusted authority AC, distinct from the trusted entity PUB for example, whose public key is stored in the removable memory M instead of the public key Cpub.

During use, a program for verifying the validity of the certificate m2 verifies the validity of the certificate and deduces therefrom the value of the public key Cpub, which will then be used as mentioned previously in the description. The operation of verifying the authenticity of the authentication certificate can then be executed from the public key of the trusted authority AC, which can be stored in place of the Cpub key allowing the verification of signatures, i.e. the Sig value.

- 13 - This operating mode makes it possible to use publication entities, that is to say trust entity PUB and trust authority AC that are different, however with the same removable memory medium M. In addition, the program module signature verification mi can then trust several public AC authority keys, according to the security policy set by the user or by the latter's company. The removable memory medium M then contains all the public keys of these entities or a root public key denoted RCpub in FIG. 3. Finally, the trusted entities PUB and the server S can, if necessary, be confused.

The method and the system that is the subject of the invention thus make it possible to execute secure applications on an unsafe computer or terminal, these applications being able to be of any type and in particular browsers, proprietary programs for electronic mail, business applications or analogues.

The mo, mi, m2 program modules are able to operate in dual mode, that is to say downloading the application signed Fi or loading from the hard disk.

Finally, the invention also covers a computer program product recorded on a storage medium for execution by a computer, this computer program corresponding to the program module ml of FIG. 3 and allowing the implementation of the steps of signature verification according to the method which is the subject of the invention as described in conjunction with FIGS. 1 and 2a to 2c.

It also covers a computer program product recorded on a storage medium for execution by a computer or a terminal, this program product corresponding to the module mo of FIG. 3 and allowing the downloading of Fi_s applications accompanied by their value. Sig signature, as well

as previously described in the description.

Finally, the invention also covers a computer program product recorded on a storage medium for execution by a computer, this program product corresponding to the module m2 shown in FIG. 3 and making it possible to execute a step for verifying the validity. of an authentication certificate, then a step of extracting the value of a public key allowing the execution of a signature verification, as described previously in the description in conjunction with FIG. 2b.

- 15 -

Claims (12)

1. Method for the safe execution of an application by an insecure terminal, characterized in that said method consists at least in: downloading said application by means of an insecure download program from said insecure terminal, said application being accompanied by a signature value established by a trusted entity; - Execute, from a secure memory medium, comprising a signature verification program, via said non-secure terminal, a verification of said signature value; and, on verifying said signature value to be true, said application coming from a secure file; - execute said secure application through said unsafe terminal; otherwise, on failure to verify said signature value to the true value of said application, resulting from an unsafe file; inhibiting the execution of said application through said unsafe terminal. 2. Method according to claim 1, characterized in that the operation consisting in downloading said application comprises at least: inserting said memory medium into said non-secure terminal, further comprising a program module for downloading the call. said application; initiating a download call for said application, from said memory medium to said unsafe terminal. 3. Method according to one of claims 1 or 2, characterized in that said signature value established by a trusted entity being calculated from a signature calculation program and a private key, said memory medium comprises a corresponding signature verification program and at least one public key associated with said private key, said signature verification program and said associated public key being loaded into said insecure terminal to perform said verification of said signature value. - 16 - 4. Method according to one of claims 1 to 3, characterized in that said operation consisting in downloading said application comprises downloading said signature value accompanied by an authentication certificate containing the public key associated with the private key to from which the said signature was calculated. 5. Method according to claim 4, characterized in that the latter consists in storing, in said medium, at least one public key, constituting a root key of a set of public keys, respectively a plurality of public keys. 6. Application execution system on an insecure computer, characterized in that said system comprises at least: - an application server and their signature established by a trusted entity, a secure memory associated with said insecure computer , said secure memory comprising at least one program for verifying the signature of said application. 7. System according to claim 6, characterized in that said secure memory further comprises a download call program of said secure application. 8. System according to claim 6 or 7, characterized in that said secure memory is formed by an element belonging to the group comprising an external hard disk, a write-protected USB dongle or a write-once optical disk. 9. System according to one of claims 6 to 8, characterized in that said signature verification program respectively of download call of said application allows either the direct download of said application and of the signed value of said application, or downloading into the mass memory of said insecure terminal and then loading from said mass memory. 10. Computer program product recorded on a storage medium for execution by a computer, characterized in that said program allows the implementation of signature verification steps according to Process according to one of Claims 1 to 5. 11. Computer program product recorded on a storage medium for execution by a computer, characterized in that said program allows the downloading of applications accompanied by a signature value. 12. Computer program product recorded on a storage medium for execution by a computer, characterized in that it makes it possible to execute: a step of verifying the validity of an authentication certificate; then a step of extracting the value of a public key allowing the execution of a signature verification.