LU100728B1 - Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation - Google Patents

Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation Download PDF

Info

Publication number
LU100728B1
LU100728B1 LU100728A LU100728A LU100728B1 LU 100728 B1 LU100728 B1 LU 100728B1 LU 100728 A LU100728 A LU 100728A LU 100728 A LU100728 A LU 100728A LU 100728 B1 LU100728 B1 LU 100728B1
Authority
LU
Luxembourg
Prior art keywords
key
user
input
signature
query
Prior art date
Application number
LU100728A
Other languages
German (de)
Inventor
Lorand Szöllösi
Original Assignee
Szoelloesi Lorand
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Szoelloesi Lorand filed Critical Szoelloesi Lorand
Priority to LU100728A priority Critical patent/LU100728B1/en
Application granted granted Critical
Publication of LU100728B1 publication Critical patent/LU100728B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Abstract

The invention provides an alternative to key storage of public-key cryptosystems, which is usually one of the weakest points when attacked. This is because, no matter how secure the physical memory we use to store the private key, at one point authentication is required to retrieve it. Therefore, we are running two risks here: one being the risk of breaking the memory storing the key, the other is to get the authentication information (which can be knowledge-based, token-based or biometric). The alternative proposed needs no storage of the key, nor does it need the user to remember newly generated authentication information (e.g. password), which is of limited length. It instead relies on already existing knowledge (memory) of the user.

Description

LU100728
Human memory-based key generation and retrieval protocol andarrangement for secure electronic signature generation
Author: Lorand Szollosi (born: 1981-03-12, mother's maiden name: lldiko Foldesi)Document as of: 2018-03-12
Current technological level
Electronic signature generation algorithms exist since at least [RSA 78]. Currently the most wide-spreaded signature protocols are: • RSA [RSA 78] • DSA (DSS) [FIPS 186] • ECDSA [FIPS 186-4], used internally by BitCoin
There were so far 3 generations of electronic signature generation technologies: 1. PC (or other generic-purpose device) signature creation: A PC, tablet or smartphone stores the private key of the user, usually in an encrypted way,protected by password. This is considered currently completely insecure: if the password iscaptured, the attacker can make a copy of the private key, thereby forging signatures evenbackwards in time. If the device is infected by a virus, the key can be used to sign a documentdifferent than the one displayed to the user, thereby posing immeasurable risks. 2. Smart Card-based signature creation: A physical device stores the private key in a tamper-resistant memory, connecting to theterminal that displays the text to be signed via a channel which transmits only the documentand the signature, not the private key. This needs the device to be capable of creatingsignatures. Note that, while it seems as an advancement to the previous step as the key cannotbe captured, in reality it's equivalently vulnerable to the insecure terminal problem: theterminal might display a different text than the one sent to the device for signature. This doesnot allow private key capture, but it allows for forging signatures on any document if theterminal is vulnerable. 3. TeDiES (Hungarian Patent P0401823) and VISA CodeSure (US20130048712 et. al.)
The first secure solution according to our knowledge was Hungarian Patent P0401823 (Text-Displaying Electronic Signature Creation Device). This device contained all the necessaryelements of signature creation and verification: secure memory for the key, embedded in amicrocontroller that's able to produce signatures, tamper-resistant connection to a display forreviewing the text to be signed and a keypad to enter PIN code and control the process ofdocument display and signature creation. VISA CodeSure was patented much later and providedbasically the same elements on a bank card. It's not the purpose of this review to judge on thedifferences and similarities as the goal is to propose a technology that's superior to both ofthese. LU100728
The technology we propose works without key storage, eliminating the need for secure memory. Onestill needs a reliable e-signature creation device, but this device stores zero user-specific information(when turned off, i.e., not during signing): therefore, even stealing the device will not allow an attackerto forge signatures.
Proposed technology
An alternative to the above is proposed where the private key is not stored on the device or anywhereelse. Instead, it's generated each time the user signs a document based on the user's memory. Thisdiffers from password-based authentication in at least two major factors: first, instead of somethingnew to remember, it's based on already existing memory of the user; second, instead of authentication,it's used as the input of the key generation. This means much more information than a simple password,which then becomes the entropy source of randomness in key generation.
To model the key generation, we first define a 'query'. This can be: • An actual form of questions, to be answered completely or partially, based on knowledge ofuser (past events, personal information, choices) • A set of information (e.g. words or images) of which the user chooses a subset • A rhythm that's recorded via e.g. a microphone o This can either be a rhythm known by the user, or o A list of questions/words in a temporal format (e.g. recorded questions, song), for whichthe user can 'tap' to mark words. The method of which words are marked is based onwhat the user associates with (e.g. existing memories). This allows for using contextualmemory to be serialized to binary information and be used as an entropy source.
These unanswered queries can be stored in a central server and can be shared amongst multiple users;similarly, a user can use multiple queries. Filling the query is done while initializing the device. Thisprovides sufficient entropy for key generation. Note that this is likely still correlated information,therefore further transformation might be needed; additionally, an error-correcting code might beapplied so that a given tolerance is allowed on the answers of the query. After this, the transformed(and error-corrected) code is fed - as an initialization vector - to the cryptographically securepseudorandom generator that's used to generate keys. Thus, the generation of public-private keypair isno longer a random process. It's based on a pseudorandom generator that is initialized with an inputfrom the user, and this input is the same for each device initialization (key generation) of the user. Thus,the resulting key will be the same each time.
Thus, the technology consists of the following blocks: (note that "entropy" is actually well-determinedfrom the user's point of view and seems random only to the attacker) IV: initialization vector CSPRNG: cryptographically-secure random number generator LU100728
Proposed arrangement for secure signature generation
As described in the chapter on current technological level, simply implementing a signature algorithmon a PC/smartphone (or other general-purpose device which might be infected or hacked) is potentiallyvulnerable to multiple kinds of attacks: in this case, even key theft. Thus, one should only use theprotocol described on a secure device, even if the memory of the device can be cleaned after theprocess. Previously, secure memory was needed and the device was associated with a single user. Now,memory only needs to be secure until the end of the signature creation (because the key only exists inthe device during signature creation) and, while the device should be kept by the user (to lower the riskof fraudulent/insecure devices), if it's lost, it's not associable in any way to the user.
The recommended arrangement contains therefore: • A communication unit that allows input of document proposed for signing and output of signeddocument (or the signature) in some format • A display to view the document to be signed o In a preferred arrangement, this is a display that allows viewing for only the user(s) ofthe device (such solutions are e.g. virtual retinal display or head-mounted display) o In other arrangements, this might be a textual or audio/visual display • Secure input device to control the flow of the presentation of the document and confirm orreject signature creation and input of the query answers o Ina preferred arrangement the query answers are input as selections amongst displayeditems (words, pictures)
Either one per set, or Multiple choice per set o In another preferred arrangement (which can be combined with the previous), the inputis a temporal-coded binary information, e.g., A complex rhythm that the user knows A sequence of 'taps' (answers) that selects words (or other information) from atemporal query (e.g., words of a song selected, yes-no answers to questionsthat are recorded, et. al.) • Secure processing unit that's capable of creating signatures when connected to the abovedevices o Ina preferred solution, it has internal memory that can be cleaned after the signaturecreation
List 1. Proposed Arrangement
All of these must be connected in a way that external tampering is noticeable, eavesdropping ispractically impossible and the device is completely under the control of the user (i.e., very lowprobability of external hacking or virus infection as the device is built for this specific purpose).
Note that the requirements on secure memory are relaxed: the condition that the memory must be ableto store secure information - private key - in a way that can't be extracted even after (temporarily or LU100728 permanently) losing access to the device is dropped; instead the requirement is simply that the memorymust resist tampering and external read attempts during the signature creation. A possible use case is when the memories used are distributed amongst users (e.g. in a company), sothat the query can be filled if a given number of them is available. In this case it's possible to storesigned and encrypted documents either as a blockchain, or, preferably, as a tree of BitTorrent magnetURLs, each torrent containing documents or further URLs and a signature of some clients that theyverified each and every signature in the chain. This allows for distributed storage and voting on what'saccepted.
Another possible use case is when the documents are encrypted, not just signed, which might be viablein case of private sensitive or corporate sensitive information. A possible use of the device is to make BitCoin, Ethereum and other cryptocurrency transfers and smartcontracts more secure.
[FIPS 186] Federal Information Processing Standards Publication 186: Digital Signature Standard (DSS),1994 May 19, http://www.umich.edu/~x509/ssleay/fipl86/fipl86.htm [FIPS 186-4] Federal Information Processing Standards Publication 186-4: Digital Signature Standard (DSS- ECDSA), 2013 Jul, http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf [RSA 78] R.L. Rivest, A. Shamir, and L. Adleman: A Method for Obtaining Digital Signatures and Public-
Key Cryptosystems, Communications of the ACM Vol 21. Issue 2, Feb. 1978

Claims (2)

Ansprüchenclaims 1. Protokoll der Schlüsselgenerierung für elektronisch Unterschrift welcher ist vollziehende über ein sicheresGerat fahrende durch folgende Schritten: 1.1. Vorbereitet dem Benutzer eines Query/Formular in Form von: 1.1.1. Wörtlich Einfachwahl 1.1.2. Wörtlich Mehrfachauswahl 1.1.3. Hörbar und/oder sichtbar 1.2. Erlaubend der Benutzer die Eingabe der Antworten das Query/Formular gegenüber dasselbe Gérâtwie: 1.2.1. Einfachwahl 1.2.2. Mehrfachauswahl 1.2.3. Freitext über Tastatur 1.2.4. Audioeingabe (stimme) 1.2.5. Audioeingabe (Takt, Sequenz der Gewindebohrer) 1.2.6. Zeichnung Eingabe 1.2.7. Geste Eingabe 1.2.8. Oder eine Kombination dem obenerwähnt 1.3. Benutzt Eingabe vom Benutzer als Entropie, entweder 1.3.1. Geradewegs 1.3.2. Nachdem einem Fehlerkorrekturcode 1.3.3. Nachdem einem Filter dem entfernt entsprachen Komponenten 1.3.4. Nachdem einem Fehlerkorrekturcode und einem Filter dem entfernt entsprachen Komponenten 1.4. Benutzt die Entropie als Initialisierung Vector dem kryptographisch sicher pseudozufällig Nummer-Generator 1.5. Benutzt das pseudozufällig Strom wie zufällige Quelle wegen erzeugen dem Schlüsselpaar (gegenüberirgendeiner mathematische untersuchte Algorithmus), garantierend dasselbe Schlüssel ist erzeugtefür dasselbe Antworten und benutzt jeden Schlüssel für kryptographisch Transaktionen wieUnterschriftherstellung und Dekodierung.1. Protocol of key generation for electronic signature which is executing on a secure guard by following steps: 1.1. Prepared the user of a query / form in the form of: 1.1.1. Literally single choice 1.1.2. Literal Multiple Selection 1.1.3. Audible and / or visible 1.2. Allowing the user to enter the answers the query / form against the same Gérâtwie: 1.2.1. Single choice 1.2.2. Multiple choice 1.2.3. Free text via keyboard 1.2.4. Audio input (voice) 1.2.5. Audio input (cycle, sequence of taps) 1.2.6. Drawing input 1.2.7. Gesture input 1.2.8. Or a combination mentioned above 1.3. Uses user input as entropy, either 1.3.1. Straight path 1.3.2. After an error correction code 1.3.3. After a filter that was remotely equivalent to components 1.3.4. After an error correction code and a filter that was remotely equivalent 1.4. Use entropy as the initialization vector of the cryptographically secure pseudorandom number generator 1.5. Using this pseudo-random stream as a random source because of generating the key pair (versus any mathematical algorithm examined), guaranteeing the same key is generated for the same responses and using every key for cryptographic transactions such as captioning and decoding. 2. Layout für Unterschriftherstellungsgerat, welcher erhaltet, derart sicher assemblierte undmanipulationssichere weise: 2.1. Anzeige dem ist imstande präsentierend eine oder mehrere Sorten den Query/Formen und dasDokument, wie 2.1.1. Bevorzugt Layout: direkt Augen Anzeige, wie virtuelle Netzhaut Anzeige, OLED VR Brille, HMD 2.1.2. Oder generisch Sichtanzeige 2.1.3. Oder Hörspieler 2.1.4. Oder Kombination dem oben wähnt 2.2. Anzeige dem ist imstande Empfang die Query/Formantworten und Kontrollierung derDokumentübersicht 2.2.1. Tastatur 2.2.2. Höreingabe 2.2.3. Videoeingabe 2.2.4. Geste Kennung 2.3. Verkehrswesen Gérât welcher kann das Dokument für Unterzeichnung Empfangen 2.4. Sichere rechnend Gerat imstande 2.4.1. Abstimmend Schlüsselgenerierung wie beschrieben in Schritt 1, Unterschriftherstellung,Überprüfung und optional Verschlüsslung-Dekodierung ohne auslaufend sicher Information beidem Prozess 2.4.2. Kann sein Speicher löschen und rückgehen nach Grundzustand nach jeder kryptographischenOperation2. Layout for signature maker, which receives so securely assembled and tamper-proof: 2.1. The display is capable of presenting one or more species of query / forms and the document as 2.1.1. Preferred layout: direct eye display, such as virtual retina display, OLED VR glasses, HMD 2.1.2. Or generic visual display 2.1.3. Or listener 2.1.4. Or combination of those mentioned above 2.2. Display is capable of receiving the query / form responses and checking the document overview 2.2.1. Keyboard 2.2.2. Listening input 2.2.3. Video input 2.2.4. Gesture identifier 2.3. Transportation Gérât which can receive the document for signature 2.4. Safe computing device capable of 2.4.1. Tuning of key generation as described in step 1, signature creation, verification and optionally encryption-decoding without expiring secure information in process 2.4.2. Can clear its memory and return to ground state after each cryptographic operation
LU100728A 2018-03-12 2018-03-12 Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation LU100728B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
LU100728A LU100728B1 (en) 2018-03-12 2018-03-12 Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
LU100728A LU100728B1 (en) 2018-03-12 2018-03-12 Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation

Publications (1)

Publication Number Publication Date
LU100728B1 true LU100728B1 (en) 2019-10-01

Family

ID=61899329

Family Applications (1)

Application Number Title Priority Date Filing Date
LU100728A LU100728B1 (en) 2018-03-12 2018-03-12 Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation

Country Status (1)

Country Link
LU (1) LU100728B1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080263361A1 (en) * 2007-04-20 2008-10-23 Microsoft Corporation Cryptographically strong key derivation using password, audio-visual and mental means
US7962761B1 (en) * 2009-12-18 2011-06-14 CompuGroup Medical AG Computer implemented method for generating a pseudonym, computer readable storage medium and computer system
US20160127327A1 (en) * 2014-11-05 2016-05-05 Microsoft Technology Licensing, Llc. Roaming content wipe actions across devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080263361A1 (en) * 2007-04-20 2008-10-23 Microsoft Corporation Cryptographically strong key derivation using password, audio-visual and mental means
US7962761B1 (en) * 2009-12-18 2011-06-14 CompuGroup Medical AG Computer implemented method for generating a pseudonym, computer readable storage medium and computer system
US20160127327A1 (en) * 2014-11-05 2016-05-05 Microsoft Technology Licensing, Llc. Roaming content wipe actions across devices

Similar Documents

Publication Publication Date Title
Lu et al. Lightweight public key authenticated encryption with keyword search against adaptively-chosen-targets adversaries for mobile devices
US9740849B2 (en) Registration and authentication of computing devices using a digital skeleton key
CN110958219B (en) SM2 proxy re-encryption method and device for medical cloud shared data
CN109543434B (en) Block chain information encryption method, decryption method, storage method and device
US9641328B1 (en) Generation of public-private key pairs
CN110380846B (en) Electronic medical record patient signature method and system
US11251949B2 (en) Biometric security for cryptographic system
EP3038287A1 (en) General encoding functions for modular exponentiation encryption schemes
WO2010099603A1 (en) Split key secure access system
CN111512590B (en) Homomorphic encryption for password authentication
US11693944B2 (en) Visual image authentication
US11128453B2 (en) Visual image authentication
US11716191B2 (en) Method, apparatus, and computer-readable medium for searching polymorphically encrypted data
KR20080025121A (en) Generating a secret key from an asymmetric private key
CN107566360B (en) A kind of generation method of data authentication code
US20040228485A1 (en) Method and apparatus for the generation of public key based on a user-defined ID in a cryptosystem
CN109831306B (en) Anti-quantum computation ring signature method and system based on multiple key pools
EP4300338A1 (en) Computer file security encryption method, computer file security decryption method, and readable storage medium
CN115567188A (en) Multi-key value hiding intersection solving method and device and storage medium
CN111125456B (en) Virtual bit password comparison method, system and intelligent lock
CN110771190A (en) Controlling access to data
CN113688399A (en) Firmware digital signature protection method and device, computer equipment and storage medium
CN116108497B (en) Medical data lightweight cloud storage method and device based on identity anonymity
LU100728B1 (en) Human memory-based key generation and retrieval protocol arrangement for secure electronic signature generation
CN109787773B (en) Anti-quantum computation signcryption method and system based on private key pool and Elgamal

Legal Events

Date Code Title Description
FG Patent granted

Effective date: 20191001