WO1999031845A1 - Procede de securisation de la transmission d'un message d'un dispositif emetteur a un dispositif recepteur - Google Patents
Procede de securisation de la transmission d'un message d'un dispositif emetteur a un dispositif recepteur Download PDFInfo
- Publication number
- WO1999031845A1 WO1999031845A1 PCT/FR1998/002753 FR9802753W WO9931845A1 WO 1999031845 A1 WO1999031845 A1 WO 1999031845A1 FR 9802753 W FR9802753 W FR 9802753W WO 9931845 A1 WO9931845 A1 WO 9931845A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- prgm
- message
- receiving device
- encrypted
- elementary
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
Definitions
- the invention relates to a method for securing the transmission of messages from a sending device to a receiving device.
- this information When information is transmitted from a sending device to a receiving device, this information, contained in a message, is likely to be altered during its transmission. This alteration can come either from a defect in the transmission, transmission or reception of the message or from fraud by a third party. The received message is then not intact.
- a problem which the invention proposes to solve is to carry out a method of securing the transmission of a message from a sending device to a receiving device which does not require the implementation of the two aforementioned steps. decryption of the message and verification of the certificate.
- the subject of the invention is a method for securing the transmission of a message from a sending device to a receiving device, characterized in that:
- n being a number greater than or equal to 1;
- a logical property is defined so that, for any elementary unit, the logical property, applied to an authentic elementary unit, gives a logical value of the true type
- the message is encrypted by means of encryption of the sending device using an encryption algorithm comprising a key so as to obtain an encrypted result;
- the encrypted result is decrypted by the receiving device using a decryption algorithm comprising a secret key so as to obtain a decrypted result;
- the decrypted result is divided into elementary units; the logical property is applied to the elementary units so as to obtain, for each unit, a logical value of the true type or of the false type.
- the message is considered authentic and integral if, for each unit, the logical values have a value of the true type.
- the Prgm message is a computer program capable of being executed and / or of being interpreted by the receiving device R.
- the elementary units are instructions of the Prgm program.
- the receiving device R is a portable memory object of the smart card type.
- the receiving device R comprises a portable memory object of the smart card type.
- the portable memory object is a subscriber identification module (SIM).
- SIM subscriber identification module
- Prgm message is written in interpreted language high level.
- the high level language is the Java language.
- the computer program consists of a set of precompiled instructions.
- the Prgm message is encrypted in continuous stream or in chained blocks.
- the Prgm message is encrypted in blocks and the blocks of the encrypted Prgm message are swapped.
- One of the swapped blocks is a start or end block of the Prgm message.
- the result Kc (Prgm) is decrypted in blocks, each encrypted block being at the origin of a decrypted block taking the place of the encrypted block.
- the encryption and decryption algorithms involve a hazard, transmitted by the sending device E, to the receiving device R.
- the message Prgm is recorded, after verification, in a non-volatile memory of the receiving device R.
- the Prgm message is transmitted from a sending device E to a receiving device R.
- the Prgm message is for example a computer program capable of being executed and / or interpreted.
- the transmitter device E is, for example, a server, a computer, a transmitter station in a telecommunications network or a smart card reader with or without contact, in short, any device capable of encrypting and transmitting a message.
- the sending device E must be considered in a broad sense as including complex devices formed in particular of physically separate parts, one part ensuring for example the encryption of the message, another, the transmission stricto sensu of said message.
- the receiving device R is, for example, a computer possibly equipped with a smart card reader and a card inserted in said reader, a receiving station in a telecommunications network, a portable telephone with or without a module subscriber identification (SIM) or even a smart card or such a module, in short, any device capable of receiving a message or even storing this message and, advantageously, when the message is a computer program, to interpret and / or to run this program.
- SIM subscriber identification
- the receiving device advantageously comprises a portable object with memory of the chip card type
- this portable object can be a payment card or an access control card, for example, to a computer network.
- this Prgm computer program is divided into n elementary units I, n being an integer greater than or equal to 1. They are instructions, blocks of instructions or, in the case where the Prgm program is written in an interpretable Java-like language, from the program's precompiled instructions (or bytecodes).
- a logical property P is defined so that, for any elementary unit I, this property P, applied to an authentic elementary unit, gives a logical value P (I) of the true type.
- P (I) logical value of the true type.
- the Prgm program is encrypted by encryption means of the sending device E using an encryption algorithm comprising a key Kc known to said device E so as to obtain a result Kc (Prgm).
- the encryption guarantees the confidentiality of the Prgm program during its transmission and reception, but, above all, during its transmission to the receiving device R.
- This result KqPrgm) is then transmitted by the device E, to the receiving device R.
- Kc K (Prgm)
- Kc K (Prgm)
- This key Kc can be specific to the device E and known to the device R, or specific to the device R and also known to the device E.
- An example of the first configuration is the case where the device R subscribes to a service delivered by the device transmitter.
- An example of the second configuration is the case where the receiving device, when requesting a transmission of the program, supplies the key Kc, the decryption key Kd remaining known only to the receiving device.
- Kc and Kd are identical (private key system), and where this key is sent, in encrypted form, by the receiving device, to the sending device.
- the decrypted result Kd (Kc (Prgm)) is divided or decomposed into n elementary units, images of or corresponding to the n elementary units resulting from the division of the Prgm program into the sending device E.
- the logical property P is then applied to said n elementary units so as to obtain, for each unit, a logical value of the true type or of the false type.
- the decrypted program is different from Prgm and the receiving device R deduces therefrom that the program Prgm has been the subject of at least one modification on transmission. , upon reception or during its transmission and / or that said Prgm program has encrypted the message with a key other than Kc, an unexpected key.
- the program is therefore not complete or not authentic.
- the invention therefore makes it possible to guarantee, in a single encryption-decryption operation, both the integrity, the authentication and the confidentiality of the Prgm program.
- the instructions of the computer language in which the Prgm program is written are instructions coded on four bytes
- certain codes, defined by a set of parameters do not correspond to any comprehensible instruction.
- certain parameters of certain codes typically the last three bytes, have only certain allowed values.
- a memory address cannot thus be negative, or be outside the space allocated to the Prgm program. This is the reason why the property P advantageously includes a test of parameters, said test depending on the type of instruction.
- the unit non-detection rate C is defined as the percentage of possible instructions which are not recognized as false by the application of the property P during decryption and following a specific modification of the Prgm program
- prob (1 - C) n .
- the application of the P property does not require too heavy an implementation in particular a too long calculation time. It allows error detection in all types of Prgm programs when the encryption algorithm is of good quality, having regard to the pseudo-random nature of any decryption of a sequence of falsified instructions.
- the encryption algorithm is advantageously of the chained block or continuous flow type.
- a modification of an elementary instruction will involve a modification of other instructions.
- the encrypted program can be broken down into a series of for example n blocks corresponding more or less to the n elementary units.
- the probabil probability that the modification is not detected is then equal to 1 - C, therefore very high.
- the blocks of the encrypted program are swapped, for example, so that said head and tail blocks of the program are in a location which is not not predictable by a fraudster, but nevertheless known to devices E and R.
- Confidentiality is also improved when the encryption algorithm involves a hazard generated for example by the receiving device R and communicated to the sending device E. It can act, for example, of an "or exclusive operation applied to a determined number of bytes of the program or to all of it before encryption.
- NOP empty instructions
- the transmitting device E is a base station of a GSM (Global System for Mobil communication) telecommunications network or of any other mobile telephone system involving a security module
- the receiving device R is a subscriber identification module SIM associated with a mobile telephone.
- the Prgm program intended to be downloaded into said SIM module, is coded in the form of precompiled instructions (bytecodes) written for example in the Java language.
- the invention applies in the same way to other smart card systems, such as payment or access control systems.
- the program is divided into n elementary units, an elementary unit being an instruction precompiled with a determined number of bits (fixed or dependent on the type of instruction).
- the logical property P is defined so that it takes a true logical value when the elementary unit to which it is applied is an executable (or interpretable) instruction or corresponds to an NOP instruction.
- the Prgm program is then encrypted by the emitting device E with an encryption algorithm, for example of the RSA type (Rivest, Shamir and Adelman) as described in the US patent.
- an encryption algorithm for example of the RSA type (Rivest, Shamir and Adelman) as described in the US patent.
- the result Kc (Prgm) is then decrypted using a decryption algorithm comprising a secret key Kd.
- a decryption algorithm comprising a secret key Kd.
- Each block of the decrypted result is recorded in the non-volatile memory EEPROM of the SIM module, at the address of the block of the corresponding encrypted result.
- the memory space used for the implementation of the decryption according to the invention is minimal.
- the blocks of the decrypted result can be saved at memory addresses different from the encrypted blocks to which they correspond. A circular permutation is also possible, improving the security of the program during the decryption stage.
- the application of the property P is preferably carried out at the end of the complete decryption of the encrypted result Kc (Prgm), the final result (program accepted or refused) being given only at the end of all the verifications.
- the fraudster cannot simply detect the elementary unit I recognized as giving a false logical value during the application of the property P. Given the low memory available in the module
- SIM a simple function for calculating the property P is implemented. This is a function implemented by the interpreter himself even.
- the interpreter interprets the decrypted result by checking whether the instructions make sense or not. Ultimately, the interpreter performs the analysis of the program as it would during a normal interpretation, without however that said interpretation being followed by any effect other than checking that the decrypted result corresponds to a Prgm program.
- the sending device E is a server comprising a precompiled and encrypted form Kc (Prgm) of a Prgm program, written for example in the Java language.
- the receiving device R is a personal computer, which will be usefully provided with a smart card reader in which a card is inserted.
- the personal computer includes a hard disk and a secure memory area, i.e. one which cannot be read or written by a third party, for the storage, temporary or permanent, of the decrypted results Kd ( Kc (Prgm)) and keys.
- the computer also includes software for loading Prgm programs called Loader invoked whenever it is necessary to load a precompiled Prgm program, before said Prgm program is used (interpreted or executed).
- this software includes a decryption function, which advantageously includes functional elements necessary for decryption and in particular elements of the decryption algorithm.
- the program loading software is then said to be overloaded.
- other functional elements necessary for decryption can be contained in a non-volatile memory of the smart card. These elements will then called by the program loading software and the decryption function.
- the loading software allows, in association with the card, the decryption of the result Kc (Prgm) and the verification of the decrypted result Kd (Kc (Prgm)) before the interpretation of said decrypted result Kd (Kc (Prgm)), that is, when the P property has been successfully applied, the Prgm program, and the execution of this Prgm program.
- the constraints of time and memory space which have been mentioned during the description of the first mode of implementation of the method of the invention are, in this second mode of implementation, less, since the card is here only used as a secure physical medium for one or more keys or elements, tables for example, necessary for decryption.
- the card can even contain the entire secret decryption algorithm.
- the property P can, therefore, not only be of the type of the aforementioned, or else, be a particular property for which the verification algorithm will be implemented.
- the verification algorithm checks in an example the precompiled instructions each time an instruction block (s) of the encrypted result is decrypted.
- the exchange phases between, on the one hand, the personal computer provided with the interpreter, the loading device and associated with a card reader in which the card is inserted and, on the other hand, the card, can break down into three phases: an initialization phase, a transfer phase and a decryption / verification phase.
- the initialization phase is in fact a phase of exchanging a couple of public and secret keys. This phase is launched during initialization of the decryption process. Key pairs are not written to the hard drive of the personal computer and can be recalculated at any time. During this phase, a re-initialization order is transmitted by the personal computer to the card. The computer then calculates a pair of public key PKc - secret key PKd, then calculates a signature of the public key PKc using the secret key PKd. This signature is transmitted, with the public key PKc, to the card. It is then verified by the card, using the public key PKc. The card then calculates, using a secret key CKd, a signature of the public key CKc. This signature is transmitted, with the public key CKc, to the personal computer. The computer verifies the signature, using the public key CKc.
- the transfer phase is a phase of loading secret information from the card into the personal computer. This information allows the computer to decrypt the precompiled and encrypted form of the Prgm program.
- the computer requests the card to transfer the secret decryption key Kd which it has in its memory.
- the card encrypts this key using the PKc key, and sends it to the computer.
- This one decrypts this message using its key Kd, and thus has the key Kc. It is then possible for him to decrypt the program Kc (Prgm), in order to obtain a program Prgm ', which is none other than the original program Prgm if no attempt at fraud has taken place.
- the computer can at this time decompose the Prgm 'program into elementary units, and apply the property P to them, as in the first embodiment. If the result is satisfactory, it archives the said program, for example on its hard disk. he can also calculate verification information (for example a cheksum or, better, a hashing) and archive it in the memory of the card, for later verification of program integrity.
- verification information for example a cheksum or, better, a hashing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP98962482A EP1040620A1 (fr) | 1997-12-16 | 1998-12-16 | Procede de securisation de la transmission d'un message d'un dispositif emetteur a un dispositif recepteur |
JP2000539611A JP2002509269A (ja) | 1997-12-16 | 1998-12-16 | 送出器デバイスから受信器デバイスへのメッセージの伝達を安全にする方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR97/15971 | 1997-12-16 | ||
FR9715971A FR2772532B1 (fr) | 1997-12-16 | 1997-12-16 | Procede de securisation de la transmission d'un message d'un dispositif emetteur a un dispositif recepteur |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999031845A1 true WO1999031845A1 (fr) | 1999-06-24 |
Family
ID=9514695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR1998/002753 WO1999031845A1 (fr) | 1997-12-16 | 1998-12-16 | Procede de securisation de la transmission d'un message d'un dispositif emetteur a un dispositif recepteur |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1040620A1 (fr) |
JP (1) | JP2002509269A (fr) |
CN (1) | CN1284227A (fr) |
FR (1) | FR2772532B1 (fr) |
WO (1) | WO1999031845A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7373506B2 (en) * | 2000-01-21 | 2008-05-13 | Sony Corporation | Data authentication system |
CN100462992C (zh) * | 2007-04-30 | 2009-02-18 | 北京飞天诚信科技有限公司 | 生产信息安全设备的方法和系统 |
US9686077B2 (en) | 2014-03-06 | 2017-06-20 | Microsoft Technology Licensing, Llc | Secure hardware for cross-device trusted applications |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5155680A (en) * | 1986-10-24 | 1992-10-13 | Signal Security Technologies | Billing system for computing software |
EP0537738A2 (fr) * | 1991-10-17 | 1993-04-21 | Software Security, Inc. | Méthode de protection à cles multiples de logiciels d'ordinateur contre l'exécution d'ordre non-autorisée |
WO1997005551A1 (fr) * | 1995-07-31 | 1997-02-13 | Verifone, Inc. | Procede et appareil pour gerer des ressources sous la commande d'un module protege ou d'un autre processeur protege |
JPH09179951A (ja) * | 1995-12-22 | 1997-07-11 | Dainippon Printing Co Ltd | 携帯可能情報記憶媒体及びそのシステム |
-
1997
- 1997-12-16 FR FR9715971A patent/FR2772532B1/fr not_active Expired - Fee Related
-
1998
- 1998-12-16 JP JP2000539611A patent/JP2002509269A/ja active Pending
- 1998-12-16 EP EP98962482A patent/EP1040620A1/fr not_active Withdrawn
- 1998-12-16 CN CN 98813288 patent/CN1284227A/zh active Pending
- 1998-12-16 WO PCT/FR1998/002753 patent/WO1999031845A1/fr not_active Application Discontinuation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5155680A (en) * | 1986-10-24 | 1992-10-13 | Signal Security Technologies | Billing system for computing software |
EP0537738A2 (fr) * | 1991-10-17 | 1993-04-21 | Software Security, Inc. | Méthode de protection à cles multiples de logiciels d'ordinateur contre l'exécution d'ordre non-autorisée |
WO1997005551A1 (fr) * | 1995-07-31 | 1997-02-13 | Verifone, Inc. | Procede et appareil pour gerer des ressources sous la commande d'un module protege ou d'un autre processeur protege |
JPH09179951A (ja) * | 1995-12-22 | 1997-07-11 | Dainippon Printing Co Ltd | 携帯可能情報記憶媒体及びそのシステム |
Non-Patent Citations (2)
Title |
---|
MORI R ET AL: "SUPERDISTRIBUTION: THE CONCEPT AND THE ARCHITECTURE", TRANSACTIONS OF THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS OF JAPAN, vol. E73, no. 7, July 1990 (1990-07-01), TOKYO (JP), pages 1133 - 1146, XP002010383 * |
PATENT ABSTRACTS OF JAPAN vol. 097, no. 011 28 November 1997 (1997-11-28) * |
Also Published As
Publication number | Publication date |
---|---|
CN1284227A (zh) | 2001-02-14 |
FR2772532B1 (fr) | 2000-01-07 |
JP2002509269A (ja) | 2002-03-26 |
EP1040620A1 (fr) | 2000-10-04 |
FR2772532A1 (fr) | 1999-06-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP0675614B1 (fr) | Dispositif pour l'échange sécurisé de données du genre RSA limité à la signature numérique et la vérification des messages et carte à microcircuit comportant un tel dispositif | |
EP1687953B1 (fr) | Méthode d'authentification d'applications | |
EP1072124B1 (fr) | Procede de verification de l'usage de cles publiques engendrees par un systeme embarque | |
EP1305948B1 (fr) | Methode de distribution securisee de donnees numeriques representatives d'un contenu multimedia | |
EP1549011A1 (fr) | Procédé et système de communication entre un terminal et au moins un équipment communicant | |
EP3446436B1 (fr) | Procédé d'obtention par un terminal mobile d'un jeton de sécurité | |
EP1293062B1 (fr) | Procede d'authentification / identification biometrique securise , module de saisie et module de verification de donnees biometriques | |
EP1867189A1 (fr) | Communication securisee entre un dispositif de traitement de donnees et un module de securite | |
WO2016102833A1 (fr) | Entité électronique sécurisée, appareil électronique et procédé de vérification de l'intégrité de données mémorisées dans une telle entité électronique sécurisée | |
EP3732849B1 (fr) | Procédé et système d'identification de terminal d'utilisateur pour la réception de contenus multimédia protégés et fournis en continu | |
WO2016207715A1 (fr) | Gestion securisee de jetons électroniques dans un telephone mobile. | |
EP1514377A1 (fr) | Procede et dispositif d'interface pour echanger de maniere protegee des donnees de contenu en ligne | |
EP3185468A1 (fr) | Procédé de transmission de données, procédé de réception de données, dispositifs et programmes correspondants | |
WO1999031845A1 (fr) | Procede de securisation de la transmission d'un message d'un dispositif emetteur a un dispositif recepteur | |
EP3136283B1 (fr) | Dispositif et procédé sécurisation de commandes échangées entre un terminal et circuit intégré | |
FR2776454A1 (fr) | Systeme de telephonie mobile avec carte de prepaiement | |
EP2016700B1 (fr) | Procede d'activation d'un terminal | |
WO2021245351A1 (fr) | Procede de discrimination d'un message entre un terminal et un serveur de donnees | |
EP1216458B1 (fr) | Procede permettant de securiser des donnees lors de transactions et systeme pour sa mise en oeuvre | |
EP3021515B1 (fr) | Amélioration de l'intégrité authentique de données à l'aide du dernier bloc chiffrant ces données en mode cbc | |
WO2017005644A1 (fr) | Procédé et système de contrôle d'accès à un service via un média mobile sans intermediaire de confiance | |
FR2853785A1 (fr) | Entite electronique securisee avec compteur modifiable d'utilisations d'une donnee secrete | |
CN115361140A (zh) | 安全芯片密钥验证方法及装置 | |
FR3141538A1 (fr) | Procede et dispositif de stockage en ligne reparti de fichiers dans un contexte zero confiance | |
EP2180654A1 (fr) | Procédé de sécurisation des messages destinés à un terminal évolué dans une architecture distribuée |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 98813288.5 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CN JP US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1998962482 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09581646 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 1998962482 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1998962482 Country of ref document: EP |