FR3066666B1 - Procede de securisation d'une communication sans gestion d'etats - Google Patents
Procede de securisation d'une communication sans gestion d'etats Download PDFInfo
- Publication number
- FR3066666B1 FR3066666B1 FR1754413A FR1754413A FR3066666B1 FR 3066666 B1 FR3066666 B1 FR 3066666B1 FR 1754413 A FR1754413 A FR 1754413A FR 1754413 A FR1754413 A FR 1754413A FR 3066666 B1 FR3066666 B1 FR 3066666B1
- Authority
- FR
- France
- Prior art keywords
- message
- authentication header
- useful data
- token1
- generation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title abstract 3
- 238000003780 insertion Methods 0.000 abstract 2
- 230000037431 insertion Effects 0.000 abstract 2
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/75—Information technology; Communication
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/71—Hardware identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Procédé de communication entre au moins deux entités communicantes (C1, S1), une première entité communicante (C1) générant au moins un message de données comprenant des données utiles (Datai) et un entête d'authentification (Token1), ledit procédé étant caractérisé en ce qu'il comporte : ▪ une génération d'un paramètre de contexte (ContextP1) comportant au moins une donnée représentative de la configuration matérielle (CtrlProg) de la première entité (C1) ; ▪ une génération d'un profil de sécurité (PRO_SEC) dans l'entête d'authentification (Token1) définissant les conditions : ○ de chiffrement des données utiles (Data1) du message ; ○ de génération d'une signature (Sign1) par un algorithme (Signing_Module1) appliqué au moins aux données utiles (Data1) du message ; ▪ une inclusion de ladite signature (Sign1) dans le message généré ; ▪ une insertion d'un identifiant mémorisé (C1 _Id) de la première entité communicante (C1) dans l'entête d'authentification (Token1) ; ▪ une insertion du profil de sécurité (PRO_SEC) dans les données utiles ou dans l'entête d'authentification.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1754413A FR3066666B1 (fr) | 2017-05-18 | 2017-05-18 | Procede de securisation d'une communication sans gestion d'etats |
CN201880042967.2A CN111164933A (zh) | 2017-05-18 | 2018-05-17 | 一种在不进行状态管理下确保通信安全的方法 |
US16/614,535 US11303453B2 (en) | 2017-05-18 | 2018-05-17 | Method for securing communication without management of states |
EP18723562.7A EP3625928A1 (fr) | 2017-05-18 | 2018-05-17 | Procede de securisation d'une communication sans gestion d'etats |
PCT/EP2018/062974 WO2018211026A1 (fr) | 2017-05-18 | 2018-05-17 | Procede de securisation d'une communication sans gestion d'etats |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1754413A FR3066666B1 (fr) | 2017-05-18 | 2017-05-18 | Procede de securisation d'une communication sans gestion d'etats |
FR1754413 | 2017-05-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
FR3066666A1 FR3066666A1 (fr) | 2018-11-23 |
FR3066666B1 true FR3066666B1 (fr) | 2020-07-03 |
Family
ID=60202076
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
FR1754413A Active FR3066666B1 (fr) | 2017-05-18 | 2017-05-18 | Procede de securisation d'une communication sans gestion d'etats |
Country Status (5)
Country | Link |
---|---|
US (1) | US11303453B2 (fr) |
EP (1) | EP3625928A1 (fr) |
CN (1) | CN111164933A (fr) |
FR (1) | FR3066666B1 (fr) |
WO (1) | WO2018211026A1 (fr) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IT201800011129A1 (it) * | 2018-12-14 | 2020-06-14 | Toi Srl | Sistema, dispositivo e metodo per trasferire in maniera sicura informazioni da un apparecchio a una blockchain |
US11539517B2 (en) * | 2019-09-09 | 2022-12-27 | Cisco Technology, Inc. | Private association of customer information across subscribers |
US11811743B2 (en) * | 2020-10-26 | 2023-11-07 | Micron Technology, Inc. | Online service store for endpoints |
WO2023090918A1 (fr) * | 2021-11-17 | 2023-05-25 | Samsung Electronics Co., Ltd. | Procédé et système d'annonce sécurisée liée dans un système à bande ultralarge (uwb) |
CN114499969B (zh) * | 2021-12-27 | 2023-06-23 | 天翼云科技有限公司 | 一种通信报文的处理方法、装置、电子设备及存储介质 |
US20240056651A1 (en) * | 2022-08-09 | 2024-02-15 | Dish Network, L.L.C. | Digital rights management using a gateway/set top box without a smart card |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7530096B2 (en) * | 2003-11-12 | 2009-05-05 | Nokia Siemens Networks Oy | Intermediate node aware IP datagram generation |
CN101626294A (zh) * | 2008-07-07 | 2010-01-13 | 华为技术有限公司 | 基于身份的认证方法、保密通信方法、设备和系统 |
EP2173058B1 (fr) * | 2008-10-01 | 2012-02-29 | Sap Ag | Signatures digitales XML sans contexte et contexte réactive pour les messages SOAP |
US8843764B2 (en) * | 2011-07-15 | 2014-09-23 | Cavium, Inc. | Secure software and hardware association technique |
US9124564B2 (en) * | 2013-08-22 | 2015-09-01 | Cisco Technology, Inc. | Context awareness during first negotiation of secure key exchange |
KR101521808B1 (ko) * | 2014-02-20 | 2015-05-20 | 한국전자통신연구원 | 클라우드 환경에서의 상황인지형 보안 통제 장치, 방법, 및 시스템 |
US9641488B2 (en) * | 2014-02-28 | 2017-05-02 | Dropbox, Inc. | Advanced security protocol for broadcasting and synchronizing shared folders over local area network |
US9799142B2 (en) * | 2014-08-15 | 2017-10-24 | Daqri, Llc | Spatial data collection |
US9942201B1 (en) * | 2015-12-16 | 2018-04-10 | vIPtela Inc. | Context specific keys |
KR101795457B1 (ko) * | 2016-09-27 | 2017-11-10 | 시큐리티플랫폼 주식회사 | 보안 기능이 강화된 디바이스의 초기화 방법 및 디바이스의 펌웨어 업데이트 방법 |
US10826876B1 (en) * | 2016-12-22 | 2020-11-03 | Amazon Technologies, Inc. | Obscuring network traffic characteristics |
-
2017
- 2017-05-18 FR FR1754413A patent/FR3066666B1/fr active Active
-
2018
- 2018-05-17 WO PCT/EP2018/062974 patent/WO2018211026A1/fr unknown
- 2018-05-17 EP EP18723562.7A patent/EP3625928A1/fr active Pending
- 2018-05-17 US US16/614,535 patent/US11303453B2/en active Active
- 2018-05-17 CN CN201880042967.2A patent/CN111164933A/zh active Pending
Also Published As
Publication number | Publication date |
---|---|
US20210144130A1 (en) | 2021-05-13 |
US11303453B2 (en) | 2022-04-12 |
FR3066666A1 (fr) | 2018-11-23 |
WO2018211026A1 (fr) | 2018-11-22 |
CN111164933A (zh) | 2020-05-15 |
EP3625928A1 (fr) | 2020-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
FR3066666B1 (fr) | Procede de securisation d'une communication sans gestion d'etats | |
Cui et al. | HCPA-GKA: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for VANETs | |
CN106506470B (zh) | 网络数据安全传输方法 | |
US9531692B2 (en) | Method of securing mobile applications using distributed keys | |
CN106100847A (zh) | 非对称加密区块链身份信息验证方法及装置 | |
WO2017112491A3 (fr) | Sécurité de couche d'accès sans état pour l'internet des objets cellulaires | |
WO2018071191A3 (fr) | Procédé et système de sécurité de données reposant sur la communication quantique et l'informatique sécurisée | |
Ha et al. | Efficient authentication of resource-constrained IoT devices based on ECQV implicit certificates and datagram transport layer security protocol | |
FR3043870B1 (fr) | Procede de securisation et d'authentification d'une telecommunication | |
FI20001837A0 (fi) | Autentikointi | |
TW201612787A (en) | Network authentication method for secure electronic transactions | |
FI20070157A0 (fi) | Nopea päivityssanomien autentikointi avainderivaatiolla mobiileissa IP-järjestelmissä | |
Alashwali et al. | What’s in a downgrade? A taxonomy of downgrade attacks in the TLS protocol and application protocols using TLS | |
US10587416B1 (en) | System and method of audit log protection | |
BR112015030513A2 (pt) | sistema e método para autenticação do usuário | |
CN110048849A (zh) | 一种多层保护的会话密钥协商方法 | |
CN111767559B (zh) | 字段级加密区块链数据 | |
FR3004046B1 (fr) | Procede et dispositif pour former un reseau sans fil securise a faibles ressources | |
CN112311533A (zh) | 终端身份认证方法、系统以及存储介质 | |
CN103475477A (zh) | 一种安全授权访问的方法 | |
MY171259A (en) | System and method for identity-based entity authentication for client-server communications | |
Ananth et al. | An Efficient Privacy Preservation in Vehicular Communications Using EC-Based Chameleon Hashing | |
Khan et al. | Concealing imsi in 5g network using identity based encryption | |
CN105763566A (zh) | 一种客户端与服务器之间的通信方法 | |
Ahamad et al. | A secure lightweight and scalable mobile payment framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PLFP | Fee payment |
Year of fee payment: 2 |
|
PLSC | Publication of the preliminary search report |
Effective date: 20181123 |
|
PLFP | Fee payment |
Year of fee payment: 3 |
|
PLFP | Fee payment |
Year of fee payment: 4 |
|
PLFP | Fee payment |
Year of fee payment: 5 |
|
PLFP | Fee payment |
Year of fee payment: 6 |
|
PLFP | Fee payment |
Year of fee payment: 7 |
|
PLFP | Fee payment |
Year of fee payment: 8 |