FR3022375A1 - METHOD AND DEVICE FOR SECURING A PASSWORD PROTECTED SYSTEM - Google Patents

Abstract

The invention relates to a method (90) for securing a client-server system protected by a user password (MPS), said system implementing a server (7) and a client application (2) installed on a terminal (1) of a user (U), the method (90) comprising the following steps: - A proxy gateway (4) receives (110) a first request (RQ1) from the client application (2), said first request (RQ1) comprising an intermediate authentication element (E) previously made available to the client application (2) - the proxy gateway (4) checks (111) the intermediate authentication element (E) included in the first request (RQ1) - If the intermediate authentication element (E) is correct: ▪ the proxy gateway (4) obtains (112) the user password (MPS) ▪ the proxy gateway (4) sends (113) , to the server (7), a second request (RQ2), said second th request (RQ2) including the user password (MPS) obtained ▪ the proxy gateway (4) receives (116) a response (RP) from the server (7) ▪ the proxy gateway (4) sends (117) said response (RP) to the client application (2).

Description

TECHNICAL FIELD OF THE INVENTION The present invention relates to the field of client-server systems implementing a server and a client application installed on a terminal of a user, in which users must authenticate with a password through the client application to obtain server resources. Such a system is for example an electronic mail system distributed on a mail server and a mail client application. BACKGROUND OF THE INVENTION A client-server system is a system implementing a server and a client communicating according to a communication protocol (for example the HTTP protocol "HyperText Transfer Protocol"). A client is a software (or by extension a terminal on which the software is run) able to request the execution of an operation by a server by sending a request containing the description of the operation to be executed. A server is a software (or by extension a computer on which the software is run) able to perform an operation on request of a client, and transmitting the result by sending a response containing the result of the operation. Some client-server systems require user identification by passing a user name and password within the request. Clients in the form of client applications set up to make regular connections to their servers usually require a backup of the user password. We note that we call application application software. Such client applications are, for example, messaging client applications configured to make regular connections to mail servers. A mail client application is an application that is used to read and send e-mails, and a mail server software that is used to transfer e-mail messages. In the case of an email client application, the user password is transmitted to each request to the mail server, that is to say to each verification of the email messages, usually every minute or less.

When the password is stored by the client application, it can be retrieved by a third party, for example if the user terminal on which the client application is installed is stolen or lost. However, this same password could be used to access any other application or the user's computer session, if they are protected by the same password. To secure such client-server systems, it is known to set up identification mechanisms based on non-replayable passwords, also called one-time password (OTP). A method and a device for enabling identifications based on non-replayable passwords are described, for example, in patent application CA 2611549 A1. However, the setting up of these mechanisms requires the modification of the client application and the server: it is therefore not possible to use native or installed applications on user terminals without modifying them.

GENERAL DESCRIPTION OF THE INVENTION The object of the invention offers a solution to the problem mentioned above, by proposing a method and a device for enhancing the security of a server-client system protected by a user password, said system implementing a server and a client application installed on a user terminal, said method and device not requiring backup of the user password on the terminal, without changing the client application, the server or their communication protocol. According to a first aspect, the invention therefore relates to a method of securing a client-server system protected by a user password, said system implementing a server and a client application installed on a user's terminal, the method comprising the following steps: - A proxy gateway receives a first request from the client application, said first request comprising an intermediate authentication element previously made available to the client application - the proxy gateway verifies the element of intermediate authentication included in the first request - If the intermediate authentication element is correct: - the proxy gateway obtains the user password - the proxy gateway sends a second request to the server, said second request including the word user password - the proxy gateway receives a response from the server - the proxy gateway sends the response to the client application. A proxy gateway is a device placed between the client application and the server, and adapted to intercept and process requests from the client application to the server. With the method according to the invention, the client application does not need to store the user password, since the proxy gateway is responsible for obtaining it and transmitting it to the server. The user password is not stored in the terminal, which prevents it from being compromised in case of theft, loss or hacking of the terminal. In addition, the method is transparent for the client application and the server since the client application has an authentication element (for example a password called "intermediate password" or an electronic certificate called "electronic certificate" intermediate ") that it can send in each request to the server (first request), and since the requests (second requests) received by the server include the user password. The client application and the server are therefore not modified by the invention.

It is noted that an electronic certificate (or digital certificate, or public key certificate) is a digital authentication element used to identify a natural or legal person, issued by a trusted third party. An electronic certificate is a set of data comprising at least one public key, identification information (for example a name, a location, an e-mail address) and at least one signature. The generation of electronic certificates and their life cycles are generally managed within public key infrastructure (PKI).

The security method according to the invention may have one or more additional characteristics among the following, considered individually or in any technically possible combination.

In one embodiment, the intermediate authentication element is made available to the client application according to the following steps: - An authentication server receives an intermediate authentication element request from a receiving application installed on the terminal - The authentication server authenticates the obtaining application - If the obtaining application is authenticated: - The authentication server sends attributes of the intermediate authentication element to an intermediate database - The server of authentication authentication sends the intermediate authentication element to the obtaining application - The obtaining application makes available to the client application the intermediate authentication element.

In one embodiment where the authentication element is a password called "intermediate password", the authentication server also generates said intermediate password. The intermediate password attributes sent to the intermediate database then include the intermediate password itself.

In one embodiment where the authentication element is an electronic certificate, called an "intermediate electronic certificate", the authentication server generates the intermediate electronic certificate or a public key infrastructure generates it and then communicates it to the server. authentication. The attributes of the intermediate electronic certificate then comprise identification information and at least one signature. It is noted that the intermediate electronic certificate is sent to the obtaining application in a standard and secure container, for example according to the PKCS # 12 standard. The container also includes a public key, a private key, and a certificate of a certification authority.

In both cases, the intermediate authentication element is generated independently of the user, the user password, and the client application. The obtaining application is authenticated to ensure that the intermediate authentication element request comes from the terminal. In addition, the intermediate authentication element is verifiable by storing the attributes on the intermediate database. In one embodiment, the intermediate authentication element is an intermediate password, and the attributes of the intermediate password include the intermediate password itself. Advantageously, in this embodiment, the obtaining application makes available to the client application the intermediate authentication element according to the following steps: the obtaining application displays the intermediate password on a screen of the terminal; user between said intermediate password in a user interface of the client application - The client application saves said intermediate password in a memory of the terminal.

This is a quick and easy way to provide the intermediate password to the application without having to change it. In another embodiment, the intermediate authentication element is an intermediate electronic certificate, and the attributes of the intermediate electronic certificate include identification information and a signature. Advantageously in this embodiment, the obtaining application makes available to the client application the intermediate electronic certificate according to the following steps: - The obtaining application extracts the intermediate electronic certificate from a sending container - The obtaining application installs the intermediate certificate in an electronic certificate database of the terminal, accessible by the client application. As indicated above, the sending container is a standard and secure container (for example according to the PKCS # 12 standard) and contains a public key, a private key, the intermediate electronic certificate and a certificate of a certification authority. In one embodiment, the proxy gateway verifies the intermediate authentication element by means of the attributes of the authentication element stored in the intermediate database, by interrogating the intermediate database. In one embodiment, the intermediate authentication element is deleted from the intermediate database according to a security policy, and a new intermediate authentication element is made available to the client application. Deleting the intermediate authentication element and providing a new intermediate authentication element is equivalent to modifying the intermediate authentication element. This improves the security of the system. The security policy may, for example, provide for the intermediate authentication element to be deleted after a certain number of exchanges between the client application and the server. We call exchange the transmission of a request and a response. The security policy may alternatively or additionally provide for the intermediate authentication element to be deleted after a determined period of time. The security policy can also provide that the intermediate authentication element is removed on request in case of theft or loss of the user terminal. In the particular case where the intermediate authentication elements are intermediate electronic certificates, the security policy can provide that the intermediate electronic certificates are replaced at an interval determined by their validity date, or are repudiated by the authentication server, or by the public key infrastructure, or by the proxy gateway. In one embodiment, the proxy gateway obtains the user password by querying a user password database, and the server verifies the user password included in the second request by querying said user password database. The database of user passwords is conventionally used by the server to check the user passwords transmitted in the requests it receives. The novelty lies in the fact that the proxy gateway is adapted to retrieve the user password associated with the user of the client application. According to a second aspect, the invention relates to a security device for implementing the method according to the first aspect of the invention.

The security device serves to secure a client-server system protected by a user password, said system implementing a server and a client application installed on a user terminal.

The device comprises a proxy gateway comprising: means for receiving a first request from the client application, said first request comprising an intermediate authentication element stored by the client application; means for verifying the element intermediate authentication included in the first request - Means for obtaining the user password - Means for sending, to the server, a second request, said second request comprising the user password obtained - means for receiving a response from the server - means for sending the response to the client application. In one embodiment, the security device comprises an authentication server comprising: means for sending attributes of the authentication element to an intermediate database; means for sending the item; intermediate authentication to a get application installed on the terminal. In one embodiment, the security device comprises the intermediate database, which comprises: means for receiving attributes of an intermediate authentication element sent by the authentication server means for saving said attributes the intermediate authentication element - means of communication with the proxy gateway.

In one embodiment, the proxy gateway includes means for interrogating the intermediate database.

The invention and its various applications will be better understood by reading the following description and examining the figures that accompany it. BRIEF DESCRIPTION OF THE FIGURES The figures are presented only as an indication and in no way limitative of the invention. The figures show: in FIG. 1, a schematic representation of a device for securing a client-server system, according to a non-limiting embodiment of the invention, in a context in which the system is a system of electronic mail, in an embodiment in which the intermediate authentication element is an intermediate password; FIG. 2 is a schematic representation of a method for securing the client-server system of FIG. 1, according to a non-limiting embodiment of the invention in which the intermediate authentication element is a password. intermediate.

DETAILED DESCRIPTION OF AT LEAST ONE EMBODIMENT OF THE INVENTION Unless otherwise specified, the same element appearing in different figures has a unique reference.

The embodiment described with reference to the figures relates to an electronic messaging system implementing an electronic mail server, an email client application installed on the terminal of a user, and a communication protocol according to which the server and the client application communicate. However, it is understood that this embodiment is generalizable to all client-server systems implementing a client part, a server, and a communication protocol, since the server must identify the user of the client part by a user password. As shown in FIG. 1, the messaging system described comprises: a messaging server 7 intended to: send out electronic messages to messaging client applications or to other messaging servers, and receive E-mail messages from mail client applications or from other mail servers. - A messaging client application 2 installed on a terminal 1 of a user U. The terminal 1 is for example a mobile phone or a touch pad. Mail client applications 2 are typically designed and configured to perform regular polling of incoming emails every minute or less. Each request for answering emails received by the mail server 7 must include an MPS user password, said MPS user password being checked by the server 7 to allow or not the transfer of the received electronic messages to the mail client application 2. - A user password database 8 viewable by the mail server 7, grouping the MPS user passwords of the users using the mail client applications 2 associated with the mail server 7. As a for example, when the mail server 7 is an OWA server for "Outlook Web Access" of Microsoft, the mail server 7 identifies the users with their "Active Directory" password stored in the user password database 8, using standard Microsoft mechanisms. The base of user passwords 8 is conventionally a database or a directory LDAP ("Lightweight Directory Access Protocol"). According to one aspect of the invention, a security device is put in place to improve the security of the messaging system. As shown in Figure 1, said device comprises: - A obtaining application 3 installed on the terminal 1 of the user U to obtain an intermediate authentication element E different from the user password MPS. The obtaining application 3 thus comprises means for sending a request for an intermediate authentication element E, receiving means 31 for the intermediate authentication element E. In addition, when the intermediate authentication element E is an intermediate password MPI, the obtaining application 3 comprises means 32 for displaying said intermediate password MPI on a screen of the terminal 1. Moreover, when the element of intermediate authentication E is an intermediate electronic certificate CXI, the obtaining application 3 comprises means for installing said intermediate electronic certificate CXI in a certificate database of the terminal 1. - An authentication server 5 for generating or receiving an element intermediate authentication device E generated externally, on request of the obtaining application 3. The authentication server 5 thus comprises means 50 for receiving a request for an elem intermediate authentication E from the obtaining application 3, the authentication means 51 of said obtaining application 3, means for generating or receiving 52 an intermediate authentication element E and means sending 53 of the intermediate authentication element E to the obtaining application 3. In addition, the authentication server 5 comprises means 54 for sending ATT attributes of the intermediate authentication element E to an intermediate database 6, this to allow verification of the intermediate authentication element E during verification operations. When the intermediate authentication element E is an intermediate password MPI, the attributes ATT comprise the intermediate password MPI itself. When the intermediate authentication element E is a CXI intermediate electronic certificate, the ATT attributes comprise in particular identification information and at least one signature. An intermediate database 6 comprising reception means 60 for receiving the attributes AU sent by the authentication server 5, and means 61 for storing said attributes AU. The intermediate database 6 is for example a database or an LDAP directory. A proxy gateway 4 comprising interception means 40 for intercepting requests RQ1 originating from the client application of electronic mail 2, and means 41 for receiving responses to said requests from the electronic messaging server 7. An example of such a proxy gateway 4 is described for the HTTP / HTTPS ("HyperText Transfer Protocol") communication protocol in US Pat. No. 7,430,600 B2. The proxy gateway 4 also comprises other means whose functions will be explained below, namely: means 42 for checking an intermediate authentication element E, means 43 for obtaining an MPS user password. , means 44 for sending requests to the electronic mail server 7, and means 45 for sending responses to the electronic messaging client application 2. A method 90 according to one aspect of the invention is schematically illustrated in FIG. FIG. 2. The method 90 comprises the following steps: initial step 100, called the enlisting step: the obtaining application 3 registers with the authentication server 5, for example by exchanging encryption keys or shared secrets . This record initiates a trust relationship between the obtaining application 3 and the authentication server 5. - First step 101: the obtaining application 3 sends a request DD for obtaining an intermediate authentication element E to the server d 5 authentication, via the sending means 30. The authentication server 5 receives the DD request via the receiving means 50. - Second step 102: the authentication server 5 authenticates the obtaining application 3 via the means d authentication 51. The authentication consists of a verification of the trust link established between the obtaining application 3 and the authentication server 5. - Third step 103: if the obtaining application 3 is correctly authenticated by the authentication server 5, a secure connection 11 between the obtaining application 3 and the authentication server 5 is set up. The authentication server 5 generates or then receives an intermediate authentication element E via the generating or receiving means 52. When the authentication element E is an intermediate password MPI, the authentication server 5 generates itself the intermediate password MPI. Generation of MPI passwords is random and follows a password format policy, for example defining a size and lists of characters to use. When the authentication element E is a CXI intermediate electronic certificate, the authentication certificate 5 itself generates the authentication certificate CXI, or it delegates the generation to a PKI public key infrastructure interfaced with the server. authentication 5.

CXI Intermediate Electronic Certificates have a short validity period, typically 24 hours. Fourth step 104: the intermediate authentication element E generated is sent to the obtaining application 3 via the secure connection 11, via the sending means 53 of the authentication server 5. When the intermediate authentication element E is an intermediate electronic certificate CXI, the intermediate electronic certificate CXI is transmitted to the obtaining application 3 in a standard and secure container, for example according to the PKCS # 12 standard, with a public key, a private key, and a certificate of the certification authority. Fifth step 105: attributes of the intermediate authentication element E generated are sent to the intermediate database 6, via a connection 10d, via the sending means 54 of the authentication server 5. The connection 10d is for example an LDAP / LDAPS connection ("Lightweight Directory Access Protocol") if the base of intermediate passwords 6 is a directory. Note that the fourth step 104 and the fifth step 105 can take place simultaneously, or the fifth step 105 can take place before the fourth step 104. - Sixth step 106: when the intermediate authentication element E is a password intermediate MPI, it is displayed on the screen of the terminal 1 via the display means 32 of the obtaining application 3. When the intermediate authentication element E is an intermediate electronic certificate CXI, it is installed by the obtaining application 3 in the certificate database of the terminal 1, accessible by the client application 2. It is noted that a manual validation of the user U may be necessary and depends on the operating system of the terminal 1. Indeed, the intermediate electronic certificate CXI must be validated in the client application 2, which can be done completely automatically or manually, depending on the operating system. - Seventh step 107: When the intermediate authentication element E is an intermediate password MPI, the user U enters said intermediate password MPI in the user interface of the mail client application 2, for example in using the copying / pasting mechanisms provided by the terminal operating system 1. Using the copy-and-paste mechanism saves time and reduces the risk of entering an incorrect intermediate password. In addition, since the intermediate password MPI is entered manually by the user U in the messaging client application 2, the obtaining application 3 does not need to communicate with the messaging client application 2, which n therefore does not need to be modified. Eighth step 108: When the intermediate authentication element E is an intermediate password MPI, the intermediate password MPI is stored by the mail client application 2 in a memory of the terminal 1. It is transparent to the user. messaging client application 2 to store the intermediate password MPI or the user password MPS, the mail client application 2 does not differentiate between the two passwords. Ninth step 109: the messaging client application 2 sends a first request RQ1 to the messaging server 7 to request the new electronic messages received. The first request RQ1 comprises the intermediate authentication element E. - Tenth step 110: the proxy gateway 4 intercepts the first request RQ1 via the interception means 40. A connection 9a is then initiated between the messaging client application 2 and the proxy gateway 4. - Eleventh step 111: the proxy gateway 4 analyzes the first request RQ1, extracts the intermediate authentication element E, and verifies it via the verification means 42. The verification comprises a query of the base intermediate data 6, after establishment of a connection 10c with the intermediate database 6, to extract the stored AU attributes. When the intermediate authentication element E is an intermediate password MPI, the password of the request RQ1 is compared with the password stored in the intermediate database 6. When the intermediate authentication element E is an intermediate electronic certificate CXI, the intermediate electronic certificate CXI is checked by using the attributes (for example validity date, identification information, certification authority, encryption, signature, etc.) stored in the intermediate database 6. - Twelfth step 112: if the intermediate authentication element E is correct, then the proxy gateway 4 obtains the user password MPS via the means 43 for obtaining the user password. For this purpose, the proxy gateway 4 makes a connection 10a to an access interface to the user password database 8. - Thirteenth step 113: the proxy gateway 4 sends, to the messaging server 7, a second request R02 including the MPS user password, via the request sending means 44. Fourteenth step 114: the mail server 7 receives the second request RQ2, analyzes it, and extracts the user password MPS. That the messaging client application 2 has used the intermediate authentication element E and not the user password MPS has no effect on the mail server 7, which receives a request including the expected password (the second one). request RQ2). Fifteenth step 115: the mail server 7 checks the user password MPS by connection 10b to the user password database 8. - Sixteenth step 116: the mail server 7 delivers a response RP containing the new electronic messages received , using the connection 9b initiated by the proxy gateway 4. The proxy gateway 7 receives the response RP via the response receiving means 41. - Seventeenth step 117: the proxy gateway 4 transmits the response RP to the messaging client application 2 by using the connection 9a initiated by the mail client application 2. It is noted that to obtain the new electronic messages, the steps from the first 101 to the eighth step 108 do not need to be renewed, since the intermediate password MPI is stored in the terminal 1. Only the steps from the ninth 109 to the seventeenth step 117 are to be renewed. - Eighteenth step 118: according to a security policy, for example after a certain number of repetition of the steps going from the ninth 109 to the seventeenth step 117, and / or at the end of a For some time, the authentication server 5 or the proxy gateway 4 deletes the intermediate authentication element E from the intermediate database 6. Thus, when the messaging client application 2 tries to obtain the new electronic messages, the verification of the intermediate authentication element E taking place in the eleventh step 111 shows that the intermediate authentication element E is incorrect, and access to the new received electronic messages is prevented. The steps from the first step 101 to the eighth step 108 then have to be renewed. Note that in the case where the intermediate authentication elements E are electronic certificates, the intermediate electronic certificates CXI expire at an interval determined by their validity date or are repudiated by the authentication server 5, or by the infrastructure to public keys PKI, or by the proxy gateway 4. The user U must then obtain a new intermediate electronic certificate CXI by using the application 3. The renewal of the intermediate electronic certificate CXI can be triggered automatically based on the date of validity from the previous certificate. Thanks to the method and the device according to the invention, the MPS user passwords do not need to be stored in the terminal 1. In case of loss or theft of the terminal 1, the MPS user password is not therefore not compromised. In addition, the regular replacement of the intermediate authentication element E increases the security of the system. It is also noted that the method and the device are transparent for the messaging client application 2 and the messaging server 7.

Claims (10)

REVENDICATIONS1. Method (90) for securing a client-server system protected by a user password (MPS), said system implementing a server (7) and a client application (2) installed on a terminal (1) of a user (U), the method (90) comprising the following steps: A proxy gateway (4) receives (110) a first request (RQ1) from the client application (2), said first request (RQ1) comprising a intermediate authentication element (E) previously made available to the client application (2) The proxy gateway (4) verifies (111) the intermediate authentication element (E) included in the first request (RQ1) If the intermediate authentication element (E) is correct: - the proxy gateway (4) obtains (112) the user password (MPS) - the proxy gateway (4) sends (113) to the server (7) , a second request (R02), said second request (R02) comprising the obtained user password (MPS) - the proxy gateway (4) receives (116) a response (RP) from the server (7) - the proxy gateway (4) sends (117) said response (RP) to the application customer (2). 2. Method (90) for securing according to the preceding claim, wherein the intermediate authentication element (E) is made available to the client application (2) according to the following steps: An authentication server (5) receives (101) an intermediate authentication element request (E) from an originating application (3) installed on the terminal (1) The authentication server (5) authenticates (102) the obtaining application (3) ) If the obtaining application (3) is authenticated: - the authentication server (5) sends (105) attributes (AU) of the intermediate authentication element (E) to an intermediate database (6) - The authentication server (5) sends (104) the intermediate authentication element (E) to the obtaining application (3) - The obtaining application (3) makes available to the client application (2) the intermediate authentication element (E). 3. Method (90) for securing according to the preceding claim, wherein the intermediate authentication element (E) is an intermediate password (MPI), and the attributes (AU) of the intermediate password (MPI) are the intermediate password (MPI) itself. 4. Method (90) for securing according to the preceding claim, wherein the obtaining application (3) provides the client application (2) the intermediate password (MPI) according to the following steps: The obtaining application (3) displays (106) the intermediate password (MPI) on a screen of the terminal (1) The user (U) enters (107) said intermediate password (MPI) in a user interface of the client application (2) The client application (2) saves (108) said intermediate password (MPI) in a memory of the terminal (1). The security method (90) of claim 2, wherein the intermediate authentication element (E) is an intermediate electronic certificate (CXI), and the attributes (ATT) of the intermediate electronic certificate (CXI) include information identification and a signature. 6. Method (90) for securing according to the preceding claim, wherein the obtaining application (3) makes available to the client application (2) the intermediate electronic certificate (CXI) according to the following steps: The obtaining application ( 3) extracts the intermediate electronic certificate (CXI) from a sending container The obtaining application (3) installs the intermediate certificate (CXI) in a certificate database (12) of the terminal (1) accessible by the client application (2). The security method (90) according to one of claims 2 to 6, wherein the proxy gateway (4) verifies (111) the intermediate authentication element (E) by means of the attributes (AU) of the authentication element (E) stored in the intermediate database (6), by querying the intermediate database (6). The security method (90) according to one of claims 2 to 7, wherein the attributes (AU) of the intermediate authentication element (E) are deleted (118) from the intermediate database (6). according to a security policy, and a new intermediate authentication element (E) is made available to the client application (2). The security method (90) according to one of the preceding claims, wherein the proxy gateway (4) obtains (112) the user password (MPS) by querying a user password database (8), and the server (7) checks (115) the user password (MPS) included in the second request (R02) by interrogating said user password database (8). 10. Securing device for implementing a method according to one of claims 1 to 9.