NL2021222B1 - Method for secure encrypted digital services - Google Patents

Method for secure encrypted digital services Download PDF

Info

Publication number
NL2021222B1
NL2021222B1 NL2021222A NL2021222A NL2021222B1 NL 2021222 B1 NL2021222 B1 NL 2021222B1 NL 2021222 A NL2021222 A NL 2021222A NL 2021222 A NL2021222 A NL 2021222A NL 2021222 B1 NL2021222 B1 NL 2021222B1
Authority
NL
Netherlands
Prior art keywords
digital
server
user
identity
user equipment
Prior art date
Application number
NL2021222A
Other languages
Dutch (nl)
Inventor
Smits Bas
Original Assignee
Helder Ip B V
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Helder Ip B V filed Critical Helder Ip B V
Priority to NL2021222A priority Critical patent/NL2021222B1/en
Application granted granted Critical
Publication of NL2021222B1 publication Critical patent/NL2021222B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A method for providing digital services includes a digital services server and at least one user equipment connected over a network. The digital services are run between the at least one user equipment and the server. The method includes creating a digital identification code associated with the user equipment, which includes: -- providing an identity of a user ofthe user equipment and at least an identifier code ofthe user equipment; -- validating the identity ofthe user, and if validated, creating a pair of encryption keys based on a combination ofthe identity and at least the identifier code; -- creating the digital identification code based on the encryption keys; -- creating a user account with the digital identification code as user identity, and using the digital identification code for encrypted communication between the user equipment and the user account on the server to use the digital services.

Description

Field of the invention
The present invention relates to a method of secure encrypted digital services. Moreover, the invention relates to the field of protecting data communications in which public and secret keys, as well as solely secret keys, are used to encrypt/decrypt data, and possibly digitally sign data, which data is transmitted along a communication path and needs to be secured.
Background
From the prior art is known that both symmetric and a-symmetric encryption keys can be randomly generated with software and/or hardware based random entropy, whereby these encryption keys are assigned, administered and somehow enrolled to an identity of a person and their relevant device which will hold the encryption key(s), after positive authentication of said person.
In order to authenticate a person, the person identifies himself, usually by means of a username, and then proves his identity by means of authentication.
Prior-art well describes different methods of single factor and multi-factor authentication, most commonly: something a person knows (i.e., a PIN code or password/passphrase), something you have (a One-Time-Password generator token ora smartcard), something a person is (i.e., biometrics), somewhere a person is (GPS location), when a person is (date/time/timezone), followed by assigning proof of such positive authentication, by providing either an indefinitely valid or temporary valid proof of identity in the form of for example but not limited to: a Kerberos token, a cookie, an X.509 certificate with corresponding key-pair, a PGP key.
This proof of identity can either not contain any reference to the verified identity, in which case proof by association or circle of trust is used. Or the proof of identity can contain a reference to the person’s identity, usually be referring to reference number, a username, or full name, in which situation one or more different prior art methodologies are used to prevent the included identity reference from being altered, for example by using hashing.
It is an object of the present invention to provide a novel way to associate one’s proven identity directly to an encryption key, and/or encryption key-pairs, and/or concatenated encryption key-parts, after which said key(s) can be used to provide further secure online digital services to the identity using its directly associated encryption key(s)
Summary of the invention
The object is achieved by a method as defined in claim 1.
The invention allows to exchange data in a secure way via a public and/or non-public network, such as the Internet. The invention allows this by using a combination of digital certificates and associated key-pairs, as well as symmetric keys such as AES which are bound to a person by means of a digital identity code.
The invention is directed to a reliable way of authentication and, subsequently, securing a connection, as well as securing specific files over said connection, between two or more clients, or between a client or multiple clients and a server using a centrally managed policy enforcer.
By makingw one or multiple factors of one’s digital identity authentication proof, the identity code, part of the entropy of the encryption key generation, both identity and proof of identity are no longer solely connected on an administrative level, but also on an intertwined mathematical encryption key level.
In today's market privacy and a high level of security in (digital) communications is a must have. Individuals and companies need to be able to rely on the fact that privacy and other sensitive data is solely exchanged between identified parties, and only exchanged between said parties when all parties agree to receiving/sending said data, without fear that either a legal or illegal party can eavesdrop simply because they managed to obtain one of the (associated) encryption keys.
To that end the invention provides some methods and arrangements as specified in the annexed claims.
Brief description of drawings
The invention will be explained in more detail below with reference to drawings in which illustrative embodiments thereof are shown. They are intended exclusively for illustrative purposes and not as a restriction of the inventive concept, which is defined by the appended claims.
Figure 1 shows schematically a layout of a network for carrying out a method according to an embodiment of the invention;
Figure 2 shows a first flow diagram of a method in accordance with an embodiment of the invention, and
Figure 3 shows a second flow diagram of a method in accordance with an embodiment of the invention.
Detailed description of embodiments
Figure 1 shows schematically a layout of a network for carrying out a method according to an embodiment of the invention. Figure 2 shows a first flow diagram in accordance with the method.
In a network 100 a digital services server 10 and at least a user equipment 12 are arranged. The digital services server 10 and the user equipment are connected to the communication network 100.
The communication network 100 can be a local area network or wide area network for digital communications, and can be a part of the Internet. In addition, the communication network 100 can be a wired network or a wireless network, or a combination of these.
The digital services server 10 comprises a processor, memory and data storage in an server architecture as known in the art and is capable of connecting to the network by wired and/or wireless connection. In addition, the server 10 is configured to provide digital services to user equipment. The digital services comprise mail, e-mail, e-payment, file storage, voice communication, video communication, messaging, digital documents services, digitized documents services, directory services and other electronic services.
The user equipment 12 is an electronic device capable of electronic communication over the network 100, by wired and/or wireless connection.
To provide digital services between the user equipment and the digital services server an authentication for the user equipment is required by the digital services server, as illustrated by the method steps of the flow diagram 200 in Figure 2.
If the user equipment 12 connects S201 to the server 10 to use digital services, a procedure S202 to create a user account is typically performed by the user equipment 12 and the digital services server 10 in which the user equipment must be identified before using the digital services. Thus, a digital identification code ID2 for the user equipment needs to be created.
According to an embodiment, in the setup procedure between the user equipment 12 and the digital services server 10, the user equipment 12 provides an identity ID of a user of the user equipment 12 to the digital services server 10. In addition the user equipment 12 provides in step S204 at least one further identifier code to the digital services server 10. According to an embodiment, the further identifier code IC is associated with the user equipment 12. For example, the further identifier code IC is an hardwired code stored with the user equipment 12 that uniquely identifies the user equipment.
After receiving the identity of the user and the further identifier code on the server 10, the digital services server 10 performs in step S205 a validation of the identity ID of the userand if successful, in subsequent step S206 the digital services server 10 creates a pair of encryption keys on the basis of a combination of the identity ID of the user and the further identifier code IC of the user equipment 12.
Also, in next step S207 the digital services server 10 creates a digital identification code ID2 from the pair of encryption keys.
The server 10 now creates S208 a user account for the user of the user equipment 12 in which the user account is labelled with the created digital identification code ID2 as account identity.
After creation of the user account ID2, the digital identification code ID2 is used to set up encrypted communication between the user equipment 12 and the user account ID2 on the digital services server 10.
According to an embodiment, one encryption key from the pair of encryption keys is stored on the user equipment 12 and the other one of the pair is stored on the server 10. The encrypted communication between the user equipment 12 and the digital services server 10 is then performed using an encryption scheme based on the pair of encryption keys.
Advantageously, the method provides a unique digital identification code ID2 for the user by combining the user’s identity ID with a unique identifier IC of the user equipment 12. As will be appreciated by the skilled in the art, the use of the digital identification code ID2 provides that a secure communication can be established between the digital services server 10 and the user equipment 12.
On the network 100 one or more other devices 14 are available that can provide data content for the user in his user account ID2. Such data content may include for example digital (e-mail) messages, digital documents, digital images, and forms, each addressed to the user, in particular the identity ID of the user which may include his name and address.
These other devices 14 (typically third party network devices) are capable to send the data content to the user of the user equipment 12 in which the data content is labelled with the identity ID of the user or a network address associated with said identity.
The digital services server 10 is configured to receive the data content from the sending other device 14. From the label associated with the identity ID of the user, the digital services server 10 determines an identity of the user to whom the data content is addressed and compares the addressed identity with the identity ID of the user as present in the digital identification code ID2 stored on the server 10 forthat particular user. If a match is found between the identity ID of the user in the digital identification code ID2 and the identity of the user in the label of the received data content, the digital services server 10 accepts the received data content and stores the received data content in the account ID2 of the user (i.e., in storage space on the server associated with the user account ID2 for the user with the identity ID).
Advantageously, this procedure allows that digital content addressed to a user using an identity based on name and address can be forwarded to a user account with an account identifying name ID2 which due to the use of the further identifier code IC of the user equipment 12 (and unknown to the sender) is not derivable for a sender of content to the user. Thus this method provides a high degree of security to the user having the user account.
According to an embodiment, the method provides that the validation step carried out by the digital services server 10 includes that the identity ID of the user is validated by a trusted third party server 16 that provides identity management services based on previously verified data relating to the identity of the user. The trusted third party server 16 is typically connected to the network 100.
Typically, the trusted third party server 16 is capable of verifying a user identity ID by comparing personal data such as name and address data as provided by the user with stored data forthat user already verified by the trusted third party. If these personal data match with the trusted third party verified data, the identity ID of the user is successfully validated and can be accepted by the digital services server 10.
For example, in the Netherlands, a platform called iDIN is used for online verification and identification of electronic user identities and can provide trusted third party server functionality for validation of the identity of the user as described above. Similar trusted third party servers can be used for the same purpose.
Figure 3 shows a second flow diagram of a method in accordance with an embodiment of the invention.
In a further embodiment, the invention relates to a method 300 for distributing digital content to one or more user equipment devices 12 over the network 100. In this embodiment, the method is carried out by a content server 18 and the digital services server 10 that provides digital services as described above.
The content server 18 is configured for providing digital content to one or more user equipment based on an identity of the user associated with the user equipment. For example, the content server is configured to transmit digital content to an electronic address of the user as identity of the user. Such digital content comprises electronic messages and mail, digital documents and images, data files, etc.
According to an embodiment, the content server 18 transmits in step S302 for one or more users the digital content to the digital services server 10. To identify the addressee for the digital content, the digital content is labelled with identifying information relating to the identity ID of the user, including in this embodiment, name and address of the user as explained above.
The digital services server 10 receives the digital content in step S303 and determines in step S304 the intended identity of the user from the labelled identifying information. Next, in step S305, the digital services server 10 compares the intended identity with the identities ID of a user associated with one of the user accounts on the digital services server as present in the respective digital identification code ID2 for each user account.
In step S306 the digital services server 10 determines if the identifying information matches an identity ID of a user coupled to a user account ID2 on the digital services server then the digital content is stored in the user account ID2 associated with the identity ID of the user on the digital services server 10.
The user can access the stored digital content by means of the user equipment 12 using the secure communication connection between the digital services server 10 and the user equipment 12.
According to a further embodiment, the method comprises in step S307 that if there is no match between the identifying information and any one of the identities of the user accounts as present in the digital identification codes and stored on the digital services server, the digital services server 10 is configured to send information to the content server that no match is found. The method then comprises that the content server carries out an additional step S308 based on this non-matching information.
Based on the information that no match occurs for the addressee of the digital content and one of the user accounts, the content server 18 can be configured to try delivery of hardcopy of the digital content to the addressee by means of the name and physical address.
According to an embodiment, where the digital content relates to printable matter, the content server 18 is arranged to forward the digital content to a printer (not shown) in case no match was found. The printer is then arranged to print hardcopy of the digital content which is labelled by the name and address from the identifying information.
According to the embodiment that a match was found, the content server 18 receives information of the match from the digital services server 18. Accordingly, the content server is configured to omit the step of forwarding the digital content to the printer.
Alternatively, if no match is found the digital services server 10 can be configured to forward the digital content to the printer, without reporting to the content server.
In the foregoing description, the invention has been described with reference to specific embodiments thereof. It will, however, be evident that various modifications and changes may be made thereto without departing from the scope of the invention as summarized in the claims set out below.
In addition, modifications may be made to adapt a particular situation to the teachings of the invention without departing from the essential scope thereof. Therefore, it is intended that the invention is not limited to the particular embodiments disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.

Claims (12)

ConclusiesConclusions 1. Werkwijze voor het verschaffen van digitale diensten in een systeem dat een digitale dienstenserver (10) en ten minste een gebruikersapparatuur (12) die verbonden zijn over een netwerknetwerk (100), omvat, waarbij de digitale diensten worden uitgevoerd ten minste tussen de ten minste ene gebruikersapparatuur (12) en een digitale dienstenserver (10) over het netwerk (100), waarbij de werkwijze omvat:A method for providing digital services in a system comprising a digital service server (10) and at least one user equipment (12) connected over a network network (100), wherein the digital services are performed at least between the at least at least one user equipment (12) and a digital service server (10) over the network (100), the method comprising: het vormen van een digitale identificatiecode (ID2) welke geassocieerd is met de gebruikersapparatuur op de server, omvattend:forming a digital identification code (ID2) associated with the user equipment on the server, comprising: -- door de gebruikersapparatuur, het verschaffen van een identiteit (ID) van een gebruiker van de gebruikersapparatuur en ten minste een identificeerkenmerkcode (IC) van de gebruikersapparatuur, aan de server;- by the user equipment, providing an identity (ID) of a user of the user equipment and at least one identifier code (IC) of the user equipment to the server; -- op de server, het valideren van de identiteit (ID) van de gebruiker, en indien gevalideerd, het vormen van een paar encryptiesleutels op basis van een combinatie van de identiteit (ID) van de gebruiker en ten minste de identificeerkenmerkcode (IC) van de gebruikersapparatuur;- on the server, validating the user's identity (ID), and if validated, forming a pair of encryption keys based on a combination of the user's identity (ID) and at least the identifier code (IC) of the user equipment; -- op de server, het vormen van de digitale identificatiecode (ID2) op basis van de encryptiesleutels in het paar;- on the server, forming the digital identification code (ID2) based on the encryption keys in the pair; -- op de server, het vormen van een account voor de gebruiker met de digitale identificatiecode (ID2) als gebruikersidentiteit, en het gebruiken van de digitale identificatiecode (ID2) voor het instellen van versleutelde communicatie tussen de gebruikersapparatuur (12) en het account voor de gebruiker op de server (10) om de digitale diensten te gebruiken.- on the server, forming an account for the user with the digital identification code (ID2) as user identity, and using the digital identification code (ID2) for setting up encrypted communication between the user equipment (12) and the account for the user on the server (10) to use the digital services. 2. Werkwijze volgens conclusie 1, waarbij de stap van het gebruiken van de digitale identificatiecode (ID2) voor het instellen van communicatie omvat dat de server (10) de digitale identificatiecode (ID2) ontvangt vanuit de gebruikersapparatuur (12) en de digitale identificatiecode (IC) verifieert.The method of claim 1, wherein the step of using the digital identification code (ID2) to set up communication comprises that the server (10) receives the digital identification code (ID2) from the user equipment (12) and the digital identification code ( IC). 3. Werkwijze volgens conclusie 1 of 2, waarbij de digitale identificatiecode (ID2) is opgeslagen op de server.Method according to claim 1 or 2, wherein the digital identification code (ID2) is stored on the server. 4. Werkwijze volgens willekeurig welke van conclusies 1 - 3, verder omvattend: het opslaan van een van het paar encryptiesleutels op de gebruikersapparatuur (12) en de andere van het paar encryptiesleutels op de server (10), en waarbij de communicatie tussen de gebruikersapparatuur (12) en de server (10) wordt versleuteld door een schema dat gebruikmaakt van het paar encryptiesleutels.The method of any one of claims 1 to 3, further comprising: storing one of the pair of encryption keys on the user equipment (12) and the other of the pair of encryption keys on the server (10), and wherein communication between the user equipment (12) and the server (10) is encrypted by a scheme that uses the pair of encryption keys. 5. Werkwijze volgens willekeurig welke van conclusies 1 - 4, waarbij de server (10) is geconfigureerd voor:The method of any one of claims 1 to 4, wherein the server (10) is configured for: - het ontvangen van content voor een geadresseerde vanuit een derde partij (14, 18) over het netwerk waarbij de content voorde geadresseerde van een label wordt voorzien door middel van een identiteit van de geadresseerde;- receiving content for an addressee from a third party (14, 18) over the network wherein the content for the addressee is labeled by means of an identity of the addressee; - wanneer de content ontvangen wordt: het vergelijken van de van een label voorziene identiteit van de geadresseerde met de identiteit (ID) van één of meer gebruikers in de digitale identificatiecode (ID2) opgeslagen op de server (10), en indien de identiteit (ID) van de geadresseerde overeenkomt met de identiteit van de gebruiker in de opgeslagen digitale identificatiecode (ID2), het opslaan van de ontvangen content in het account van de gebruiker.- when the content is received: comparing the tagged identity of the addressee with the identity (ID) of one or more users in the digital identification code (ID2) stored on the server (10), and if the identity ( ID) of the addressee corresponds to the identity of the user in the stored digital identification code (ID2), storing the received content in the user's account. 6. Werkwijze volgens willekeurig welke van conclusies 1 - 5, waarbij de digitale diensten ten minste één van post, e-mail, e-payment, bestandsopslag, spraakcommunicatie, videocommunicatie, berichtendienst, digitale documentendiensten, gedigitaliseerde documentendiensten en adreslijstdiensten.The method of any one of claims 1 to 5, wherein the digital services include at least one of mail, e-mail, e-payment, file storage, voice communication, video communication, messaging service, digital document services, digitized document services and address list services. 7. Werkwijze volgens conclusie 1, waarbij het valideren van de identiteit (ID) van de gebruiker omvat dat de identiteit van de gebruiker wordt gevalideerd door een vertrouwde derde partij server (18).The method of claim 1, wherein validating the user's identity (ID) comprises that the user's identity is validated by a trusted third party server (18). 8. Werkwijze voor het distribueren van content aan een geadresseerde over een netwerk (100) onder gebruikmaking van een contentserver (18) en een digitale dienstenserver (10) welke gebruikersaccounts bevat die zijn geassocieerd met gebruikersapparatuurinrichtingen (12), waarbij elke gebruikersapparatuurinrichting is geassocieerd met een digitale identificatiecode (ID2) die is opgeslagen op de digitale dienstenserver (10) en waarbij de digitale identificatiecode (ID2) is gebaseerd op een gevalideerde identiteit (ID) van een digitale diensten gebruiker van de respectieve gebruikersapparatuur (12) en ten minste een identificeerkenmerkcode (IC) van die gebruikersapparatuur;A method for distributing content to an addressee over a network (100) using a content server (18) and a digital service server (10) which contains user accounts associated with user equipment devices (12), each user equipment device being associated with a digital identification code (ID2) stored on the digital service server (10) and wherein the digital identification code (ID2) is based on a validated identity (ID) of a digital services user of the respective user equipment (12) and at least one identification feature code (IC) of that user equipment; waarbij de werkwijze omvat:wherein the method comprises: het verzenden door de contentserver (18) voor de geadresseerde van de content die van een label met de identiteit van een geadresseerde is voorzien, aan de digitale dienstenserver; waarbij de digitale dienstenserver is geconfigureerd voor het ontvangen van de content voor een respectieve geadresseerde, en voor het vergelijken van de ontvangen van een label voorziene identiteit van de geadresseerde met identiteiten (ID) van de digitale dienstengebruikers in digitale identificatiecodes (ID2) die daarop zijn opgeslagen, en indien de ontvangen van een label voorziene identiteit overeenkomt met de identiteit van een digitale dienstengebruiker in de digitale identificatiecode, het opslaan van de ontvangen content voor de digitale dienstengebruiker met de overeenkomende digitale identificatiecode in het account van de overeenkomende digitale dienstengebruiker op de digitale dienstenserver.sending by the content server (18) for the addressee the content provided with a label with the identity of a addressee to the digital service server; wherein the digital service server is configured to receive the content for a respective addressee, and to compare the received tagged identity of the addressee with identities (ID) of the digital service users in digital identification codes (ID2) that are thereon stored, and if the received tagged identity matches the identity of a digital service user in the digital identification code, storing the received content for the digital service user with the corresponding digital identification code in the account of the corresponding digital service user on the digital service server. 9. Werkwijze voor het distribueren van content volgens conclusie 8, waarbij de contentserver is geconfigureerd om de content voorde geadresseerde te verzenden naar een printerfaciliteit voor het printen van de content onder gebruikmaking van een label met de identiteit van de geadresseerde indien de digitale dienstenserver de contentserver bericht dat de ontvangen van een label voorziene identiteit niet overeenkomt met willekeurig welke van de identiteiten van digitale dienstengebruikers zoals opgeslagen in de digitale identificatiecodes op de digitale dienstenserver.The method for distributing content according to claim 8, wherein the content server is configured to send the content for the addressee to a printer facility for printing the content using a label with the identity of the addressee if the digital service server provides the content server message that the tagged identity received does not match any of the identities of digital service users as stored in the digital identification codes on the digital service server. 10. Werkwijze voor het distribueren van content volgens conclusie 9, waarbij de contentserver (18) is geconfigureerd om het verzenden van de content voor de geadresseerde naarde printerfaciliteit achterwege te laten, indien de digitale dienstenserver de contentserver bericht dat de ontvangen van een label voorziene identiteit overeenkomt met een van de identiteiten van digitale dienstengebruikers zoals opgeslagen in de digitale identificatiecodes op de digitale dienstenserver.The method for distributing content according to claim 9, wherein the content server (18) is configured to omit sending the content for the addressee to the printer facility if the digital service server notifies the content server that the tagged identity received corresponds to one of the identities of digital service users as stored in the digital identification codes on the digital service server. 11. Computerprogrammaproduct voor het verschaffen van digitale diensten in een systeem dat een digitale dienstenserver (10) en ten minste een gebruikersapparatuur (12) die verbonden zijn over een netwerk (100) omvat, waarbij het computerprogrammaproduct instructies omvat voor de ten minste ene gebruikersapparatuur, die wanneer ze zijn geladen in een geheugen van de gebruikersapparatuur, ervoor zorgen dat de gebruikersapparatuur om een gebruikersaccount op de server in te stellen:A computer program product for providing digital services in a system comprising a digital service server (10) and at least one user equipment (12) connected over a network (100), the computer program product comprising instructions for the at least one user equipment, which, when loaded in a memory of the user equipment, cause the user equipment to set up a user account on the server: een identiteit (ID) van een gebruiker van de gebruikersapparatuur en ten minste een identificeerkenmerkcode (IC) van de gebruikersapparatuur, aan de server verschaft.an identity (ID) of a user of the user equipment and at least one identifier code (IC) of the user equipment provided to the server. 12. Computerprogrammaproduct voor het verschaffen van digitale diensten in een systeem dat een digitale dienstenserver (10) en ten minste een gebruikersapparatuur (12) die zijn verbonden overeen netwerk (100) omvat, waarbij het computerprogrammaproduct instructies omvat voor de server, die wanneer ze zijn geladen in een geheugen van de server, ervoor zorgen dat de server in reactie op het ontvangen van de identiteit (ID) van een gebruiker van de gebruikersapparatuur en ten minste een identificeerkenmerkcode (IC) van de gebruikersapparatuur:A computer program product for providing digital services in a system comprising a digital service server (10) and at least one user equipment (12) connected to a network (100), the computer program product comprising instructions for the server that when they are loaded into a memory of the server, causing the server to respond to receiving a user's identity (ID) from the user equipment and at least one identifier code (IC) from the user equipment: de identiteit (ID) van de gebruiker valideert, en indien gevalideerd, een paar encryptiesleutels vormt op basis van een combinatie van de identiteit (ID) van de gebruiker en ten minste de identificeerkenmerkcode (IC) van de gebruikersapparatuur;validates the user's identity (ID), and if validated, forms a pair of encryption keys based on a combination of the user's identity (ID) and at least the identifier code (IC) of the user equipment; de digitale identificatiecode (ID2) vormt op basis van de encryptiesleutels in het paar;the digital identification code (ID2) forms on the basis of the encryption keys in the pair; een account voor de gebruiker vormt met de digitale identificatiecode (ID2) als identiteit van de gebruiker;forms an account for the user with the digital identification code (ID2) as the user's identity; en de digitale identificatiecode (ID2) gebruikt voor het instellen van versleutelde communicatie tussen de gebruikersapparatuur (12) en het account voor de gebruiker op de server (10) voor het gebruiken van de digitale diensten.and the digital identification code (ID2) used for setting up encrypted communication between the user equipment (12) and the user account on the server (10) for using the digital services. 200200 300300
NL2021222A 2018-07-02 2018-07-02 Method for secure encrypted digital services NL2021222B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
NL2021222A NL2021222B1 (en) 2018-07-02 2018-07-02 Method for secure encrypted digital services

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
NL2021222A NL2021222B1 (en) 2018-07-02 2018-07-02 Method for secure encrypted digital services

Publications (1)

Publication Number Publication Date
NL2021222B1 true NL2021222B1 (en) 2020-01-07

Family

ID=63405319

Family Applications (1)

Application Number Title Priority Date Filing Date
NL2021222A NL2021222B1 (en) 2018-07-02 2018-07-02 Method for secure encrypted digital services

Country Status (1)

Country Link
NL (1) NL2021222B1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060248346A1 (en) * 2005-03-18 2006-11-02 Kentaro Shiomi Method for generating device unique key, secret information LSI with secret information processing function using the method, host device mounted with the LSI, recording medium with authentication function used in the host device, and portable terminal with the recording medium having authentication function
US20060277598A1 (en) * 2003-09-30 2006-12-07 Inka Entworks, Inc. Method of synchronizing data between contents providers and a portable device via network and a system thereof
WO2008061344A1 (en) * 2006-11-20 2008-05-29 Tet Hin Yeap System and method for secure electronic communication services

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060277598A1 (en) * 2003-09-30 2006-12-07 Inka Entworks, Inc. Method of synchronizing data between contents providers and a portable device via network and a system thereof
US20060248346A1 (en) * 2005-03-18 2006-11-02 Kentaro Shiomi Method for generating device unique key, secret information LSI with secret information processing function using the method, host device mounted with the LSI, recording medium with authentication function used in the host device, and portable terminal with the recording medium having authentication function
WO2008061344A1 (en) * 2006-11-20 2008-05-29 Tet Hin Yeap System and method for secure electronic communication services

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
KUMAR K THIRUMAL ET AL: "Secure strategic mail application with hardware device", 2016 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI), IEEE, 21 September 2016 (2016-09-21), pages 887 - 892, XP032989899, DOI: 10.1109/ICACCI.2016.7732157 *

Similar Documents

Publication Publication Date Title
EP1622301B1 (en) Methods and system for providing a public key fingerprint list in a PK system
US11336641B2 (en) Security enhanced technique of authentication protocol based on trusted execution environment
US10313136B2 (en) Method and a system for verifying the authenticity of a certificate in a web browser using the SSL/TLS protocol in an encrypted internet connection to an HTTPS website
US8196186B2 (en) Security architecture for peer-to-peer storage system
FI115098B (en) Authentication in data communication
US7334255B2 (en) System and method for controlling access to multiple public networks and for controlling access to multiple private networks
US20090240936A1 (en) System and method for storing client-side certificate credentials
US20050278538A1 (en) Method for naming and authentication
US10250589B2 (en) System and method for protecting access to authentication systems
US20080141352A1 (en) Secure password distribution to a client device of a network
US10579809B2 (en) National identification number based authentication and content delivery
CA2551113A1 (en) Authentication system for networked computer applications
JP2006525563A (en) User and web site authentication method and apparatus
US11349646B1 (en) Method of providing secure communications to multiple devices and multiple parties
Dua et al. Replay attack prevention in Kerberos authentication protocol using triple password
Chalaemwongwan et al. A practical national digital ID framework on blockchain (NIDBC)
CN113886771A (en) Software authorization authentication method
US20080034212A1 (en) Method and system for authenticating digital content
CN100499453C (en) Method of the authentication at client end
CN112565294A (en) Identity authentication method based on block chain electronic signature
NL2021222B1 (en) Method for secure encrypted digital services
US11461451B2 (en) Document signing system for mobile devices
Patiyoot Patiyoot 2: Key Distribution, and Session Key for Authentication Protocol in Wireless Network
CN116186664A (en) Image interaction method and system based on trusted execution environment
Townsend et al. Software Implementation using Hardware-Based Verification for Secure Content Delivery

Legal Events

Date Code Title Description
MM Lapsed because of non-payment of the annual fee

Effective date: 20210801