WO2000010287A1 - Procede et dispositif d'authentification a algorithme symetrique - Google Patents

Procede et dispositif d'authentification a algorithme symetrique Download PDF

Info

Publication number
WO2000010287A1
WO2000010287A1 PCT/FR1999/001995 FR9901995W WO0010287A1 WO 2000010287 A1 WO2000010287 A1 WO 2000010287A1 FR 9901995 W FR9901995 W FR 9901995W WO 0010287 A1 WO0010287 A1 WO 0010287A1
Authority
WO
WIPO (PCT)
Prior art keywords
xor
faire
secret key
array
alg
Prior art date
Application number
PCT/FR1999/001995
Other languages
English (en)
French (fr)
Inventor
Ludovic Rousseau
Original Assignee
Gemplus
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemplus filed Critical Gemplus
Priority to EP99936740A priority Critical patent/EP1104607A1/fr
Priority to MXPA01001783A priority patent/MXPA01001783A/es
Priority to AU51731/99A priority patent/AU5173199A/en
Priority to JP2000565636A priority patent/JP2002523923A/ja
Publication of WO2000010287A1 publication Critical patent/WO2000010287A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Definitions

  • the present invention relates to an authentication method using a symmetric algorithm having the main characteristic that, each time two parts are authenticated, commonly called A and B, a cryptographic calculation with a variable key, called K ', is carried out.
  • the invention relates more precisely to the cryptographic calculations cited above during an authentication of the two parties, called A and B, independent of each other in the context of data exchange.
  • This can be between a PC and a server, a reader and a server, a smart card and a smart card reader such as, for example, a cash dispenser when using a credit card.
  • chip called A by a user who, wishing to obtain a few banknotes, goes to a place with an ATM, called B.
  • the two parts A and / or B can be considered as a smart card and / or a reader.
  • A who has a secret key K, chooses a random R or random number also called a message.
  • A sends this hazard R to B, which also has the same secret key K.
  • r is the result of the encryption of the message R with the algorithm ALG and the secret key K.
  • the algorithm called ALG is a symmetric encryption algorithm. This can be the DES (Data Encryption Message), the triple DES, the IDEA, etc.
  • the authentication of B by A is carried out in this way.
  • this operation is not sufficient because it is vulnerable to current measurements and therefore to attacks by a possible hacker.
  • An attacker, or hacker measures the electrical current consumption of the chip. According to the curve obtained, it can deduce information on the operations and the data used by the processor. In order to make precise measurements, the attacker must make several measurements and filter them.
  • the hacker To obtain a relevant measurement, the hacker must perform several measurements and filter them to extract the relevant information. Due to the use of the same constant key K, all the measurements use the same key K and therefore the filtering result is characteristic of the key K.
  • the invention proposes a first feature which consists of a brief modification which is carried out in the formula for calculating r ′ of the authentication protocol which is the subject of the invention.
  • Part A which has the secret key K, sends a random number chosen randomly] _, to part B.
  • the latter also has the same secret key K.
  • B chooses a random number R2, then calculates the number K ', which is also a secret key from the following formula:
  • the impossibility of attack to date stems from the fact that, since K ′ changes with each authentication, the current consumption of the calculation of r and r ′ is different with each execution of the authentication. However, the calculation of K 'remains vulnerable to attacks in current consumption.
  • the invention therefore provides a second feature not related to the first described above, concerning the calculation of K '.
  • the invention uses an encryption system independent and / or dependent on the authentication system described above.
  • K k ⁇ _ xor k2 xor ... xor k n .
  • K ' R2 xor k ⁇ _ xor ... xor k n .
  • the algorithm used comprises an initialization phase and a subset of loops.
  • a first table k called below in the description by k [], is used; this table contains the values of the n under keys kj_.
  • a second array called a_ttle hereinafter called a_excellent [] contains n booleans.
  • Each boolean contains the true value called “True” or “T”, below and in FIG. 2.
  • the arrays k [] and a_excellent [] contain the same number n of elements, representing the n sub-keys kj_ and the n booleans
  • the first step, or step a consists in that as long as there remains an element of the array a_ette [] at the value "T", then a random number i, between 1 and n, is chosen.
  • step b is the equality test of the element i of the array a_excellent [] and the value "T”, called below in the description and in the figure.
  • step b If the equality test in step b is false, then the calculation system returns to the first step, or step a.
  • This algorithm is not in constant time because it is possible to execute more loops than there are sub-keys k-j_.
  • the invention also relates to an authentication system with a symmetric encryption algorithm between two entities or parts A and B, having the same secret key K, which implements the method described above.
  • n number of sub-keys
  • n ⁇ 2 number of sub-keys
  • the initialization remains identical to the general case described above; it is mentioned in FIG. 2 by the reference A or 10.
  • the algorithm loop is performed as follows:
  • the probability of putting at the value "F” the two elements of the array a_ttle [] in two loops or tests is equal to half, or 1/2.
  • the probability of completing two elements in three loops or tests is equal to a quarter, or 1/4 (not shown in Figure 2).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)
PCT/FR1999/001995 1998-08-17 1999-08-16 Procede et dispositif d'authentification a algorithme symetrique WO2000010287A1 (fr)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP99936740A EP1104607A1 (fr) 1998-08-17 1999-08-16 Procede et dispositif d'authentification a algorithme symetrique
MXPA01001783A MXPA01001783A (es) 1998-08-17 1999-08-16 Procedimiento y dispositivo para auntentificar un algoritmo simetrico.
AU51731/99A AU5173199A (en) 1998-08-17 1999-08-16 Method and device for authenticating with symmetrical algorithm
JP2000565636A JP2002523923A (ja) 1998-08-17 1999-08-16 対称アルゴリズム式認証方法および装置

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR98/10591 1998-08-17
FR9810591A FR2782431B1 (fr) 1998-08-17 1998-08-17 Procede et dispositif d'authentification a algorithme symetrique

Publications (1)

Publication Number Publication Date
WO2000010287A1 true WO2000010287A1 (fr) 2000-02-24

Family

ID=9529804

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR1999/001995 WO2000010287A1 (fr) 1998-08-17 1999-08-16 Procede et dispositif d'authentification a algorithme symetrique

Country Status (7)

Country Link
EP (1) EP1104607A1 (US06811534-20041102-M00003.png)
JP (1) JP2002523923A (US06811534-20041102-M00003.png)
CN (1) CN1323478A (US06811534-20041102-M00003.png)
AU (1) AU5173199A (US06811534-20041102-M00003.png)
FR (1) FR2782431B1 (US06811534-20041102-M00003.png)
MX (1) MXPA01001783A (US06811534-20041102-M00003.png)
WO (1) WO2000010287A1 (US06811534-20041102-M00003.png)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2819079A1 (fr) * 2000-12-29 2002-07-05 Gemplus Card Int Procede de protection contre les attaques par mesure de courant ou de rayonnement electromagnetique
FR2819078A1 (fr) * 2000-12-29 2002-07-05 Gemplus Card Int Procede de protection contre les attaques par mesure de courant ou par mesure de rayonnement electromagnetique
CN100364262C (zh) * 2004-08-04 2008-01-23 中国联合通信有限公司 一种用于ev-do网络的接入鉴权方法及装置
CZ309614B6 (cs) * 2022-03-17 2023-05-17 Jan Ing. Topol Způsob čištění komunálních odpadních vod a zařízení k provádění způsobu

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2804524B1 (fr) * 2000-01-31 2002-04-19 Oberthur Card Systems Sas Procede d'execution d'un protocole cryptographique entre deux entites electroniques
US6950517B2 (en) * 2002-07-24 2005-09-27 Qualcomm, Inc. Efficient encryption and authentication for data processing systems
CN1684411B (zh) * 2004-04-13 2010-04-28 华为技术有限公司 一种验证移动终端用户合法性的方法
US7401222B2 (en) * 2004-12-16 2008-07-15 Xerox Corporation Method of authentication of memory device and device therefor
CN100405395C (zh) * 2005-03-22 2008-07-23 刘普合 商品复合防伪码与对称验证防伪方法
CN1863042B (zh) * 2005-12-13 2011-05-04 华为技术有限公司 对信息进行加解密的方法
CN102411692B (zh) * 2010-09-25 2015-07-01 中国移动通信有限公司 一种运行终端的方法、系统及设备
CN101997880A (zh) * 2010-12-01 2011-03-30 湖南智源信息网络技术开发有限公司 一种用于网络页面或接口的安全验证方法及其装置
CN102014136B (zh) * 2010-12-13 2013-03-06 南京邮电大学 基于随机握手的p2p网络安全通信方法
FR2974694B1 (fr) * 2011-04-27 2013-05-31 Peugeot Citroen Automobiles Sa Procede d'echange securise de messages cryptes symetriquement

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4549075A (en) * 1982-07-08 1985-10-22 Cii Honeywell Bull (Societe Anonyme) Method for certifying the origin of at least one item of information stored in the memory of a first electronic device and transmitted to a second electronic device, and system for carrying out the method
FR2738972A1 (fr) * 1995-09-15 1997-03-21 Thomson Multimedia Sa Procede de mise en gage de donnees pour un protocole d'echange de donnees securise
US5642401A (en) * 1993-06-29 1997-06-24 Nec Corporation System and method of authenticating a service request in a mobile communication system
DE19716111A1 (de) * 1997-04-17 1998-10-22 Giesecke & Devrient Gmbh Verfahren zur gegenseitigen Authentifizierung zweier Einheiten

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2612315A1 (fr) * 1987-03-13 1988-09-16 Trt Telecom Radio Electr Procede pour simultanement lire a distance et certifier une information presente dans une memoire d'un support electronique

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4549075A (en) * 1982-07-08 1985-10-22 Cii Honeywell Bull (Societe Anonyme) Method for certifying the origin of at least one item of information stored in the memory of a first electronic device and transmitted to a second electronic device, and system for carrying out the method
US5642401A (en) * 1993-06-29 1997-06-24 Nec Corporation System and method of authenticating a service request in a mobile communication system
FR2738972A1 (fr) * 1995-09-15 1997-03-21 Thomson Multimedia Sa Procede de mise en gage de donnees pour un protocole d'echange de donnees securise
DE19716111A1 (de) * 1997-04-17 1998-10-22 Giesecke & Devrient Gmbh Verfahren zur gegenseitigen Authentifizierung zweier Einheiten

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2819079A1 (fr) * 2000-12-29 2002-07-05 Gemplus Card Int Procede de protection contre les attaques par mesure de courant ou de rayonnement electromagnetique
FR2819078A1 (fr) * 2000-12-29 2002-07-05 Gemplus Card Int Procede de protection contre les attaques par mesure de courant ou par mesure de rayonnement electromagnetique
WO2002054342A2 (fr) * 2000-12-29 2002-07-11 Gemplus Procede de protection contre les attaques par mesure de courant ou de rayonnement electromagnetique
WO2002054343A1 (fr) * 2000-12-29 2002-07-11 Gemplus Procede de protection contre les attaques par mesure de courant ou par mesure de rayonnement electromagnetique
WO2002054342A3 (fr) * 2000-12-29 2003-05-15 Gemplus Card Int Procede de protection contre les attaques par mesure de courant ou de rayonnement electromagnetique
CN100364262C (zh) * 2004-08-04 2008-01-23 中国联合通信有限公司 一种用于ev-do网络的接入鉴权方法及装置
CZ309614B6 (cs) * 2022-03-17 2023-05-17 Jan Ing. Topol Způsob čištění komunálních odpadních vod a zařízení k provádění způsobu

Also Published As

Publication number Publication date
AU5173199A (en) 2000-03-06
EP1104607A1 (fr) 2001-06-06
CN1323478A (zh) 2001-11-21
JP2002523923A (ja) 2002-07-30
FR2782431A1 (fr) 2000-02-18
MXPA01001783A (es) 2002-07-22
FR2782431B1 (fr) 2000-09-29

Similar Documents

Publication Publication Date Title
EP1529369B1 (fr) Proc d d' change s curis d'informations entre deux dispositifs
CA2112518C (fr) Procede d'authentification d'au moins un dispositif d'identification par un dispositif de verification et dispositif pour sa mise en oeuvre
WO2000010287A1 (fr) Procede et dispositif d'authentification a algorithme symetrique
FR2689264A1 (fr) Procédé d'authentification accompli entre une carte à circuit intégré et une unité terminale et système prévu dans ce but.
EP1159797A1 (fr) Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle secrete
EP0756398B1 (fr) Système et procédé de communication de messages cryptés selon un procédé de type R.S.A. avec réduction modulaire pour obtenir un décryptage rapide
EP1119940B1 (fr) Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle secrete
EP3991381A1 (fr) Procédé et système de génération de clés de chiffrement pour données de transaction ou de connexion
EP1119939B1 (fr) Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle secrete
CA2613884C (fr) Procede pour disposer d'un lien de communication securise entre un utilisateur et une entite
EP3035583A1 (fr) Dispositif et système de communication, méthode de traitement de données et méthode d'échange sécurisé de données
EP1125394B1 (fr) Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle secrete
EP1180260B1 (fr) Procede de contre-mesure dans un composant electronique mettant en oeuvre un algorithme de cryptographie a cle secrete et dynamique
FR2830147A1 (fr) Procede et dispositif de la verification de la detention d'une donnee confidentielle sans communication de celle-ci, selon un processus dit de "a divulgation nulle"
EP3842970B1 (fr) Procédé de vérification du mot de passe d'un dongle, programme d'ordinateur, dongle et terminal utilisateur associés
FR2830146A1 (fr) Procede de mise en oeuvre, dans un composant electronique, d'un algorithme de cryptographie et composant correspondant
FR3086417A1 (fr) Procede cryptographique de comparaison securisee de deux donnees secretes x et y
WO2010106042A1 (fr) Procédé de production de données de sécurisation, dispositif et programme d'ordinateur correspondant
EP4246880A1 (fr) Protection d'une clef secrete
FR2811443A1 (fr) Procede et systeme pour limiter la possibilite de transformation de donnees a constituer, notamment, des jetons de pre-paiement
WO2008081151A2 (fr) Procede de signature de liste anonyme et correlable
WO2008017765A1 (fr) Systeme et procede cryptographique a cle publique
WO2003023606A1 (fr) Procede pour le calcul d'une exponentiation dans un groupe et son application a l'authentification d'un utilisateur
WO2008132382A1 (fr) Procede de generation d'un alea a partir d'une donnee biometrique

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 99812286.6

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AU CA CN IN JP MX SG US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1999936740

Country of ref document: EP

Ref document number: PA/a/2001/001783

Country of ref document: MX

WWP Wipo information: published in national office

Ref document number: 1999936740

Country of ref document: EP