WO2000079368A1 - Carte a puce de logiciel - Google Patents

Carte a puce de logiciel Download PDF

Info

Publication number
WO2000079368A1
WO2000079368A1 PCT/US2000/017307 US0017307W WO0079368A1 WO 2000079368 A1 WO2000079368 A1 WO 2000079368A1 US 0017307 W US0017307 W US 0017307W WO 0079368 A1 WO0079368 A1 WO 0079368A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
encrypted
data
password
user identification
Prior art date
Application number
PCT/US2000/017307
Other languages
English (en)
Inventor
Paul Rubin
Theodore Charles Goldstein
Original Assignee
The Brodia Group
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Brodia Group filed Critical The Brodia Group
Priority to AU56341/00A priority Critical patent/AU5634100A/en
Publication of WO2000079368A1 publication Critical patent/WO2000079368A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Definitions

  • the present invention relates to the security of data stored in digital form and, more particularly, relates to security and encryption protocols for preventing unauthorized access to data stored on a computerized database.
  • a database management system is a collection of computer programs allowing the storage and extraction of information on a database.
  • Database management systems range from small systems running on a personal computer to large systems running on mainframes.
  • Database management systems have a variety of applications, including automated teller systems, flight reservation systems, medical records systems and the like. Given the sensitive nature of the information discussed above, much effort in the art has been devoted to data security.
  • Data security generally refers to techniques for preventing unauthorized access to data stored on a computer, computerized database, or even a smart card. Many data security techniques involve data encryption and the use of passwords.
  • Data encryption generically refers to methods for translating data into a secret code, called cipher text.
  • asymmetric encryption also known as public-key encryption
  • symmetric encryption is the two main types of encryption.
  • Database systems storing data in encrypted form to protect unauthorized access to data are well known in the art For example, when a user attempts to access a database, the database server prompts the user for a user name and password. If the user is authenticated, he is granted access to the database.
  • the files corresponding to an individual user account may be encrypted with a key unique to that account.
  • the key used to encrypt the files may be the result of a salted one-way hash of the password corresponding to the user's account.
  • a one-way hash function is an algorithm that converts a data collection (such as the contents of a file) into a string of bytes.
  • NISTs Secure Hash Algorithm is an example of a one-way hash function (Federal Information Processing Standard (FIPS) publication 1 80-1 ).
  • FIPS Federal Information Processing Standard
  • the resulting string is nearly impossible to invert back to the original file.
  • the password the user inputs is hashed as before and used as a key to decrypt the files stored on the database belonging to that user.
  • a list of passwords or keys must be stored to recover the data. Accordingly, account users must trust the administrators of the database facility not to use their passwords or keys to gain access to their data.
  • Smart cards offer an alternative way of storing information in encrypted form.
  • a smart card is a small electronic device resembling a credit card.
  • a smart card generally contains memory and an embedded microprocessor and may have a variety of cryptographic protocols and algorithms programmed into it. Smart cards are used in a variety of applications, including, inter alia, storing an individual's medical records, passwords, and secret encryption keys.
  • To read from or write to a smart card the user must insert it into smart card reader.
  • the stored data remains in the physical possession of the user. Therefore, regardless of the knowledge of others regarding a user's secret password or key, the data stored on the card is only accessible to the physical possessor of the card.
  • One drawback, however, is that, when the smart card is lost, the data stored therein is lost with it.
  • the present invention provides methods and systems for preventing unauthorized access to data stored on a computerized database.
  • the present invention contemplates storing data corresponding to individual user accounts in encrypted form.
  • the present invention involves two separate entities to accomplish enhanced data security: a database facility and an escrow facility.
  • the database facility is in physical possession of and administers the database.
  • data corresponding to an individual account is encrypted with a unique cryptographic key.
  • the cryptographic key is derived from the password corresponding to each account.
  • the database facility has no possession or knowledge of the cryptographic keys used to encrypt the data corresponding to individual user accounts. Rather, after the data is encrypted, the encryption key is transmitted to an escrow facility, which is independent from the database facility. Alternatively, the encryption key is itself encrypted and stored at the database facility in a form that only the escrow facility can readily decrypt. Accordingly, the present invention establishes a system where one entity stores data in encrypted form, while another independent entity possesses the keys for decrypting the data. This configuration achieves, in essence, a remotely accessible smart card implemented in software, in that the physical possessor of the data has no access to it without a password.
  • the operation of the present invention generally includes three phases: 1 ) account initialization (establishing a new account); 2) logging in to an existing account; and 3) changing a password to an existing account.
  • the initialization method of the present invention is a protocol for preventing unauthorized access to data stored on a computerized database.
  • the method comprises the steps of (a) receiving a user identification and a password corresponding to the user identification; (b) transforming the password into an encryption key; (c) encrypting, with the key, data corresponding to the user identification; (d) storing the encrypted data in association with the user identification; and (e) encrypting the key for transmission to an escrow facility.
  • the method comprises (f) transmitting the key to an escrow facility.
  • other embodiments of the method also comprise the step of (g) storing a second encrypted representation of the key in association with the user identification and the encrypted data, wherein the second encrypted representation results from the application of a one-way hash function to the cryptographic key.
  • alternative forms of the method feature transmitting an encrypted representation of the key to the escrow facility.
  • the initialization method uses a public key provided by the escrow facility to prevent unauthorized access to the user's cryptographic key.
  • This method generally comprises (a) receiving a user identification and a password corresponding to the user identification; (b) transforming the password into an encryption key; (c) encrypting, with the encryption key, data corresponding to the user identification; (d) storing the encrypted data in association with the user identification; and (e) storing an encrypted representation of the key, wherein the encrypted representation of the key is created by encrypting the key with an asymmetric encryption algorithm according to the public key of the escrow facility.
  • Yet another preferred embodiment features two layers of encryption.
  • This preferred method comprises the steps of (a) receiving a user identification and a password corresponding to the user identification; (b) transforming the password into a first encryption key; (c) encrypting data corresponding to the user identification with a second encryption key; (d) encrypting, with the first encryption key, the data encrypted according to step (c); (e) storing the data encrypted in step (d) in association with the user identification; and (f) transmitting an encrypted representation of the first encryption key to an escrow facility.
  • the cryptographic key is encrypted with the escrow facility's public key and stored, rather than being transmitted.
  • the configuration of the present invention also requires certain unique protocols for changing passwords corresponding to database accounts. As discussed more fully below, the steps involved in a change of password protocol depend on how the database accounts were initialized. In general, however, after a user has been authenticated, a new password is provided. This new password and the data are sent to the escrow facility, which decrypts the data with the old cryptographic key and re-encrypts the data with the new cryptographic key. The re-encrypted data is then transmitted to the database facility for storage.
  • One preferred method assumes that the escrow facility has possession of the original cryptographic key. This method comprises the steps of (a) receiving a new password corresponding to a user identification; (b) transforming the new password into a second cryptographic key; (c) transmitting to the escrow facility encrypted data corresponding to the user identification and an encrypted representation of the second cryptographic key; and (d) receiving from the escrow agent the data encrypted according to the new cryptographic key.
  • Another preferred embodiment corresponds to the situation where the database includes an encrypted representation of the first cryptographic key, where the encrypted representation of the first key is created by the application of an asymmetric encryption algorithm to the first key using a public key of an escrow facility.
  • the method comprises (a) receiving a new password corresponding to a user identification; (b) transforming the new password into a second cryptographic key; (c) transmitting to the escrow facility encrypted data corresponding to the user identification, the encrypted representation of the first cryptographic key, and an encrypted representation of the second cryptographic key; and (d) receiving from the escrow agent the data encrypted according to the second cryptographic key.
  • Another aspect of the present invention includes the protocols performed by the escrow facility.
  • One such protocol is a method for changing a password corresponding to a user account, the user account having a user identification, the user account including data maintained on a database of a database facility, wherein the data is encrypted with a first cryptographic key, the first cryptographic key being stored by an escrow facility remote from the database.
  • the method comprises the steps of (a) receiving from a database facility and storing an encrypted representation of a first cryptographic key and a designation of a user identification corresponding to the encrypted representation; (b) receiving encrypted data corresponding to the user identification and an encrypted representation of a second cryptographic key, wherein the encrypted data was encrypted with the first cryptographic key; (c) decrypting the encrypted representations of the first cryptographic key and the second cryptographic key; (d) decrypting the encrypted data with the first cryptographic key; (e) encrypting the data, which was decrypted under the step (d), according to the second cryptographic key; and (f) transmitting the data encrypted according to the encrypting step (e) to the database facility.
  • Another preferred protocol performed by the escrow facility is a method for changing a password corresponding to a user account, the user account including data maintained on a database, wherein the data is encrypted with a first cryptographic key, the database storing an encrypted representation of the first cryptographic key, wherein the encrypted representation of the first key is created by the application of an asymmetric encryption algorithm to the first key using a public key of an escrow facility, the method comprising the steps of (a) receiving from a database facility encrypted data, the encrypted representation of the first cryptographic key, and an encrypted representation of a second cryptographic key, wherein the encrypted data is encrypted with the first cryptographic key; (b) decrypting the encrypted representations of the first cryptographic key and the second cryptographic key; (c) decrypting the encrypted data with the first cryptographic key; (d) encrypting the data, which was decrypted under the step (c), with the second cryptographic key; and (e) transmitting the data encrypted according to the encrypting step (d) to the database facility.
  • a “database facility” is an entity independent from an escrow facility, discussed below, and stores data in encrypted form.
  • a database facility can be a large entity administering a database management system comprising several database servers and managing multiple user accounts.
  • the "database facility” can be the personal computer of an individual account user.
  • an "escrow facility” is an entity independent from the database facility. According to the present invention, its function is to receive cryptographic keys or cryptographic representations of keys and store them in association with a user identification. In other embodiments, the escrow facility provides a public key to the database facility, as more fully described below. In addition, when called upon, the escrow facility will receive encrypted data corresponding to a user identification and decrypt the data with the cryptographic key corresponding to the user identification.
  • FIG. 1 is a functional block diagram illustrating one embodiment of the system of the present invention.
  • Figure 2 is a flowchart diagram showing one preferred method for initializing a database account.
  • Figure 3 is a flowchart diagram illustrating one preferred method for accessing a secure database account.
  • Figure 4 is a flowchart diagram illustrating a preferred authentication protocol for use in conjunction with the present invention.
  • Figure 5 is a flowchart diagram showing a preferred method for changing a password corresponding to a user account.
  • Figure 6 is a flowchart diagram illustrating a second preferred method for initializing a database account.
  • Figure 7 is a flowchart diagram showing the protocol for changing a password to an account initialized according to the second preferred embodiment.
  • Figure 8 is a flowchart diagram illustrating a third preferred method for initializing a user account.
  • Figure 1 illustrates a preferred embodiment of the present invention as applied to the Internet.
  • the present invention can be applied across any computer network.
  • communication among account users, database facility 20, and escrow facility 40 can be accomplished over direct (such as dial-up access) or dedicated communications lines, not involving an open computer network.
  • escrow facility 40 receives encrypted representations of the cryptographic keys used to encrypt the data stored in database 26 of database facility 20.
  • escrow facility 40 provides a public key for use in an asymmetric (or public-key) encryption algorithm. The database facility uses this public key to store encrypted representations of the cryptographic keys corresponding to user accounts, rather than the cryptographic keys themselves. In this manner, database facility 20 has no access to the cryptographic keys (without having the escrow facility's private key) and cannot decrypt the data stored in database 26.
  • database facility 20 includes database servers 22, which receive and process requests submitted by users.
  • Database servers 22 are operably connected to at least one database 26.
  • the database can be any database known in the art.
  • the database is implemented in hardware including a collection of computer programs enabling the storage, modification, and extraction of information on the database.
  • Database hardware may range from personal computers (for small systems) to mainframes (for large systems).
  • Database servers 22 may be implemented in hardware or software, or preferably a combination of both.
  • the server is implemented in computer programs executing on programmable computers each comprising at least one processor, a data storage system (including volatile and non-volatile media), at least one input device, and at least one output device.
  • database servers 22 are web or Internet servers operably connected to the Internet. In other preferred embodiments, database servers 22 can be directly connected to client computers 30 through dedicated lines.
  • the one embodiment of the present invention works in conjunction with a conventional computer having Internet Browsing Software and a connection to the Internet.
  • the user's computer can be any conventional personal computer known in the art.
  • the user's computer is connected to the Internet via a dial-up connection or through a network line. Such communication could also be wireless.
  • suitable Internet browsers for use with the present invention include NETSCAPE NAVIGATOR® or MICROSOFT INTERNET EXPLORER®.
  • the browser implemented on client computer 30 preferably supports the SSL ("Secure Sockets Layer") protocol, the S-HTTP ("Secure HTTP”) protocol, or any other similar protocol for transmitting confidential or private information over an open computer network.
  • communication of passwords and sensitive data for example, between database facility 20 and client computer 30 employs 7
  • a user accesses a database account by launching the browsing software contained in client computer 30 and directs the browser to the web site corresponding to database facility 20.
  • client computer 30 launches the browsing software contained in client computer 30 and directs the browser to the web site corresponding to database facility 20.
  • present invention has application beyond the Internet and the World Wide Web and may be employed on any computer network.
  • the operation of the present invention generally comprises three phases: 1 ) account initialization (establishing a new account); 2) logging in to an existing account; and 3) changing a password to an existing account.
  • Figure 2 illustrates a first preferred method for initializing a data storage account with the database facility.
  • Database facility 20 receives from client computer 30 a user identification, a password and data to be stored in encrypted form. (Step 100).
  • Database facility then transforms the password to create a cryptographic key that will be used to encrypt the user's data.
  • a one-way hash function is applied to the inputted password to create the cryptographic key. (Step 102).
  • Suitable one-way hash functions include, but are not limited to, MD4, MD5, SHA, Snefru and the like.
  • the one-way hash function can be per ormed on client computer 30 and subsequently transmitted to database server 22 over a secure communications protocol, such as SSL.
  • Digital data, D is received at server 22 and then encrypted with the cryptographic key, K, derived in step 102 and stored in database 26 of database facility 20 in association with the user identification.
  • Suitable encryption algorithms include symmetric algorithms, such as DES, 3DES or RC4, and asymmetric or public-key algorithms, such as RSA or ElGamal.
  • the random string, S is stored in the database alongside the hashed password, so that H(P+S) can be re-computed from P and S when the user logs in.
  • S is optional; however, it is customary in the art to include S in order to impede dictionary attacks against the password.
  • client computer 30 receives the cryptographic key, K, from server 22 using a secure communications protocol, encrypts data with the key, and transmits the encrypted data to server 22 for storage on database 26.
  • the cryptographic key, K is then transmitted to escrow facility 40.
  • the database facility stores user accounts in database 26 as a series of records, each record including a field for the user identification, UserlD, the encrypted data K(D).
  • a second one-way hash function, H can be applied to the cryptographic key, K, of step 102 and stored in the same record as the encrypted data, K(D) and the user identification, UserlD.
  • H(K) The results of this second hashing, H(K), can be used to authenticate a user at login (described more fully below).
  • the user's files are encrypted with a random key created when the account is first created. This random key is encrypted by the user's password (or a key derived from the user's password) and the encrypted key is stored in the database. The password-derived key is then transmitted to the escrow facility and stored. Therefore, if the user's password changes, only one record in the database needs to be updated. This is preferable to using the password directly if the amount of user data requiring encryption is large. Under this embodiment, the encrypted key is transmitted to the escrow facility, which decrypts the key with the user's password and transmits it back to the database facility or the user.
  • the cryptographic key is then transmitted to escrow facility 40, which stores the cryptographic key in association with a user identification.
  • the cryptographic key may be transmitted by database facility 20 or client computer 30.
  • the cryptographic key is encrypted using the escrow facility's public key and stored either at database facility 20 or locally at client computer 30. See Figure 6, step 508.
  • database facility 20 to store the cryptographic keys, which are used to encrypt account data, in unencrypted form or in an encrypted form invertible by the database facility, when the user is not logged in.
  • the protocol where the cryptographic key is transmitted to escrow facility 40 many variations are possible.
  • the cryptographic key can be further encrypted using a public key of the escrow facility and then transmitted in association with the corresponding user identification, or an encrypted representation thereof.
  • the cryptographic key can be encrypted and transmitted by a secure processor.
  • the secure processor can encrypt the key using a symmetric or asymmetric encryption algorithm with a secret key known by escrow facility 40.
  • a secure cryptographic processor is a hardware device that performs cryptographic operations (encryption, decryption, etc.) using a stored internal key.
  • the device is designed to perform these operations only in strict accordance with a programmed security policy (such as, restrict use of certain keys to certain users) and to resist attempts to circumvent the policy or extract the key, including by physical means such as dismantling the hardware or probing it with electronic instruments.
  • a secure processor is the NFast CA Cryptographic Accelerator made by NCipher Corp. (http://www.ncipher.com).
  • FIPS 140-1 http://csrc.nist.gov/cryptval
  • the NFast/CA Cryptographic Accelerator is certified at FIPS 140-1 level 3.
  • the features of the secure processor must include the capability of storing secret keys in a manner that: 1 ) the secret key cannot be extracted from the processor, except possibly by defeating the processor's security features; 2) the secret key can be tagged inside the processor as being useable to encrypt data but not to decrypt it (so that decryption requests will be refused). Furthermore, the same secret key in the secure processor must be embedded in the escrow facility's system (either in another secure processor or in software) in a way that it is capable of decryption. In this manner, the system combines the high speed and compact key representation of secret key systems with the one-way encryption capability of public key systems. Public key systems provide one-way encryption capability because of the mathematical difficulty of inverting the public key function. The secure processor provides one-way encryption because of the physical difficulty of getting the secret key out of the secure processor.
  • Figure 6 illustrates another preferred embodiment of the present invention.
  • the second preferred embodiment differs from the first preferred initialization protocol in that the password derived key is encrypted with an asymmetric (or public key) algorithm using a public key, PK, of the escrow facility and stored at the database facility rather than being transmitted.
  • PK public key
  • the encrypted representation of the key and the data encrypted with this key is transmitted to the escrow facility during execution of a password change.
  • account data passes through two layers of encryption. More specifically, data (D) corresponding to a particular users account is first encrypted using the secret key (SK) of storage facility 20. (Step 706). The encrypted data, SK(D) is then encrypted using the password-derived key, K, of step 704. Because the data is first encrypted using the secret key of storage facility 20, escrow facility 40 has no meaningful access to the data, when it is sent the data during a password change protocol (discussed more fully below). As one skilled in the art will recognize, the encryption step 706 can be performed using a symmetric encryption algorithm with a secret key or an asymmetric encryption algorithm using a public key for encryption and the private key for decryption.
  • Login to Existing Account Figures 3 and 4 show a preferred method whereby a user gains access to an existing account.
  • a user logs in to an account by accessing database server 22 and, when prompted, provides a user identification or user name (UserlD) and a password (P).
  • UserlD user identification or user name
  • P password
  • a session key, K. is derived from a single hash of the user's salted password and used by server 22 to decrypt the data stored in the user's account (See Figure 3, steps 206 and 208). Once a user has gained access to his or her account, the user may read the data or change the data. At logout or, optionally, before logout, the changed data is re-encrypted using K- and stored in database 26. h is erased from database server 22 at logout as well.
  • communication of data between database facility 20 and client computer 30 is preferably conducted using a security protocol, like SSL or S-HTTP.
  • database 22 server transmits both the encrypted data and the key to client computer 30, again preferably using a secure communications protocol (SSL, S-HTTP, or the like).
  • client computer 30 decrypts the data using the key derived at login.
  • Change Password to Existing Account Figure 5 provides a protocol for changing passwords corresponding to accounts that have been initialized according to the steps outlined in Figure 2.
  • a password change occurs either because the user desires a new password or has lost or forgotten the existing password.
  • a user simply enters the old password and indicates that a password change is desired and enters the new password, as is conventional.
  • the user In the second case, the user must contact the administrators of the database facility who authenticate the user by criteria other than the old password. How this authentication is accomplished is not critical to the present invention. Any conventional method may be used.
  • a new cryptographic key is created in either case. More specifically, in response to a request for a change of the password to an account, database server 22 receives the user identification corresponding to a particular account and a new password (step 402). The new password is hashed to create a new cryptographic key (step 404). In step 406, the user's data and the new key are sent to the escrow facility 40. Escrow facility 40 decrypts the data with the old cryptographic key it received according to step 106 of Figure 2 and re-encrypts the data with the new cryptographic key (step 408). Escrow facility 40 stores the new key in association with the user identification corresponding to the account data and transmits the encrypted data to the storage facility 20, where the user can again access the data as provided above.
  • Figure 7 illustrates a preferred protocol for changing the password to accounts that have been initialized according to the steps outlined in Figure 6.
  • Step 606 involves transmitting, to the escrow facility, the previous cryptographic key encrypted with the escrow facility's public key, the data encrypted according to the previous key, and an encrypted representation of the new key.
  • escrow facility decrypts the data with the previous key and re-encrypts the data with the new key (step 608).
  • Escrow facility 40 then transmits the encrypted data to storage facility 20 and deletes both the old and new cryptographic keys.
  • Storage facility 20 stores an encrypted representation of the new cryptographic key in association with the encrypted data and corresponding user identification.
  • the encrypted representation of the new cryptographic key is generated by applying an asymmetric encryption algorithm to the cryptographic key using a public key of escrow facility 40.
  • the change of password protocol according to Figure 7 is essentially the same as the protocol outlined in Figure 6.
  • escrow facility has access to the user's data.
  • the preferred protocol of Figure 8 includes an additional data encryption step (step 706) and such access. More specifically, since the data is encrypted with a secret key provided by database facility 20, escrow facility has no access to the data when it receives it for decryption with the old key and re-encryption with the new key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention porte sur des procédés et systèmes empêchant l'accès non autorisé à des données stockées dans une base de données (26) informatique et consistant à stocker des données sous forme cryptée correspondant aux comptes d'utilisateurs individuels, et à utiliser deux entités séparées pour rendre la base de données (26) sûre, c.-à-d. une installation (20) de base de données (26) et un compte bloqué (40) de garantie. L'installation (20) de la base de données possède la base de données (26) et l'administre. Selon l'invention, les données correspondant à un compte individuel sont cryptées au moyen d'un code cryptographique propre, qui lui n'est pas possesseur de l'installation (20) de la base de données (26), ni connu d'elle. Après cryptage le code est transmis à un gestionnaire de compte bloqué (40) de garantie indépendant de l'installation (20) de base de données (26), En variante, le code est stocké dans la base de données (26) sous une forme que seul le gestionnaire de compte bloqué peut décrypter. L'invention aboutit donc à un système où une entité stocke des données sous forme cryptée alors qu'une autre entité indépendante possède le code de déchiffrage des données. Cette configuration permet, en soi, l'accès à distance à une carte à puce utilisée dans un logiciel et à laquelle son possesseur physique ne peut avoir accès sans un mot de passe.
PCT/US2000/017307 1999-06-23 2000-06-21 Carte a puce de logiciel WO2000079368A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU56341/00A AU5634100A (en) 1999-06-23 2000-06-21 Software smart card

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US33891599A 1999-06-23 1999-06-23
US09/338,915 1999-06-23

Publications (1)

Publication Number Publication Date
WO2000079368A1 true WO2000079368A1 (fr) 2000-12-28

Family

ID=23326676

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/017307 WO2000079368A1 (fr) 1999-06-23 2000-06-21 Carte a puce de logiciel

Country Status (2)

Country Link
AU (1) AU5634100A (fr)
WO (1) WO2000079368A1 (fr)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1273996A2 (fr) * 2001-07-06 2003-01-08 Texas Instruments Incorporated Chargeur-amorce securise pur la securisation de un dispositif numeriques
WO2003010722A2 (fr) * 2001-07-24 2003-02-06 Scm Microsystems Gmbh Procede d'enregistrement local de donnees numeriques pour la television
WO2003062968A1 (fr) * 2002-01-24 2003-07-31 Activcard Ireland, Limited Procede flexible d'authentification d'utilisateur pour un systeme fonde sur des mots de passe
GB2386710A (en) * 2002-03-18 2003-09-24 Hewlett Packard Co Controlling access to data or documents
EP1558983A2 (fr) * 2002-10-25 2005-08-03 Grand Virtual Inc. Cle de chiffrement de mot de passe
US7191466B1 (en) 2000-07-25 2007-03-13 Laurence Hamid Flexible system and method of user authentication for password based system
US7237121B2 (en) 2001-09-17 2007-06-26 Texas Instruments Incorporated Secure bootloader for securing digital devices
US8712474B2 (en) 2007-04-20 2014-04-29 Telefonaktiebolaget L M Ericsson (Publ) Secure soft SIM credential transfer
US8848608B1 (en) 2011-01-14 2014-09-30 Cisco Technology, Inc. System and method for wireless interface selection and for communication and access control of subsystems, devices, and data in a vehicular environment
EP2845343A4 (fr) * 2012-04-04 2016-01-27 Zooz Mobile Ltd Système anti-intrusion pour le stockage d'enregistrements de données sensibles
CN107306181A (zh) * 2016-04-18 2017-10-31 杭州云沣科技有限公司 鉴权系统及其鉴权信息的加密、验证方法与装置
WO2018089006A1 (fr) * 2016-11-10 2018-05-17 Ernest Brickell Équilibrage de besoins de sécurité publique et personnelle
GB2560434A (en) * 2017-01-26 2018-09-12 Wickr Inc Securely transferring user information between applications
CN108694333A (zh) * 2017-04-07 2018-10-23 华为技术有限公司 用户信息处理方法及装置
US10348706B2 (en) 2017-05-04 2019-07-09 Ernest Brickell Assuring external accessibility for devices on a network
US10498712B2 (en) 2016-11-10 2019-12-03 Ernest Brickell Balancing public and personal security needs
US10652245B2 (en) 2017-05-04 2020-05-12 Ernest Brickell External accessibility for network devices
US10855465B2 (en) 2016-11-10 2020-12-01 Ernest Brickell Audited use of a cryptographic key
US11398906B2 (en) 2016-11-10 2022-07-26 Brickell Cryptology Llc Confirming receipt of audit records for audited use of a cryptographic key
US11405201B2 (en) 2016-11-10 2022-08-02 Brickell Cryptology Llc Secure transfer of protected application storage keys with change of trusted computing base

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0647895A1 (fr) * 1993-10-04 1995-04-12 Addison M. Fischer Méthode pour empêcher la révélation accidentelle des secrets stockés digitalement par une personne de confiance
US5719941A (en) * 1996-01-12 1998-02-17 Microsoft Corporation Method for changing passwords on a remote computer
EP0843449A2 (fr) * 1996-11-08 1998-05-20 Sunhawk Corporation, Inc. Système de chiffrement avec clé de décryptage pour transaction chiffrée
US5768373A (en) * 1996-05-06 1998-06-16 Symantec Corporation Method for providing a secure non-reusable one-time password
US5818936A (en) * 1996-03-15 1998-10-06 Novell, Inc. System and method for automically authenticating a user in a distributed network system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0647895A1 (fr) * 1993-10-04 1995-04-12 Addison M. Fischer Méthode pour empêcher la révélation accidentelle des secrets stockés digitalement par une personne de confiance
US5719941A (en) * 1996-01-12 1998-02-17 Microsoft Corporation Method for changing passwords on a remote computer
US5818936A (en) * 1996-03-15 1998-10-06 Novell, Inc. System and method for automically authenticating a user in a distributed network system
US5768373A (en) * 1996-05-06 1998-06-16 Symantec Corporation Method for providing a secure non-reusable one-time password
EP0843449A2 (fr) * 1996-11-08 1998-05-20 Sunhawk Corporation, Inc. Système de chiffrement avec clé de décryptage pour transaction chiffrée

Cited By (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7191466B1 (en) 2000-07-25 2007-03-13 Laurence Hamid Flexible system and method of user authentication for password based system
EP1273996A3 (fr) * 2001-07-06 2003-10-01 Texas Instruments Incorporated Chargeur-amorce securise pur la securisation de un dispositif numeriques
EP1273996A2 (fr) * 2001-07-06 2003-01-08 Texas Instruments Incorporated Chargeur-amorce securise pur la securisation de un dispositif numeriques
WO2003010722A3 (fr) * 2001-07-24 2003-04-17 Scm Microsystems Gmbh Procede d'enregistrement local de donnees numeriques pour la television
WO2003010722A2 (fr) * 2001-07-24 2003-02-06 Scm Microsystems Gmbh Procede d'enregistrement local de donnees numeriques pour la television
US7237121B2 (en) 2001-09-17 2007-06-26 Texas Instruments Incorporated Secure bootloader for securing digital devices
WO2003062968A1 (fr) * 2002-01-24 2003-07-31 Activcard Ireland, Limited Procede flexible d'authentification d'utilisateur pour un systeme fonde sur des mots de passe
GB2386710A (en) * 2002-03-18 2003-09-24 Hewlett Packard Co Controlling access to data or documents
WO2003079165A2 (fr) * 2002-03-18 2003-09-25 Hewlett-Packard Development Company, L.P. Garantie de l'application d'une politique avant l'autorisation d'utilisation d'une cle privee
WO2003079165A3 (fr) * 2002-03-18 2005-03-31 Hewlett Packard Development Co Garantie de l'application d'une politique avant l'autorisation d'utilisation d'une cle privee
EP1558983A2 (fr) * 2002-10-25 2005-08-03 Grand Virtual Inc. Cle de chiffrement de mot de passe
EP1558983A4 (fr) * 2002-10-25 2010-07-14 Cambridge Interactive Dev Corp Cle de chiffrement de mot de passe
US8447990B2 (en) 2002-10-25 2013-05-21 Cambridge Interactive Development Corp. Password encryption key
US9292674B2 (en) 2002-10-25 2016-03-22 Cambridge Interactive Development Corp. Password encryption key
US8712474B2 (en) 2007-04-20 2014-04-29 Telefonaktiebolaget L M Ericsson (Publ) Secure soft SIM credential transfer
US8848608B1 (en) 2011-01-14 2014-09-30 Cisco Technology, Inc. System and method for wireless interface selection and for communication and access control of subsystems, devices, and data in a vehicular environment
US8903593B1 (en) 2011-01-14 2014-12-02 Cisco Technology, Inc. System and method for analyzing vehicular behavior in a network environment
US8989954B1 (en) 2011-01-14 2015-03-24 Cisco Technology, Inc. System and method for applications management in a networked vehicular environment
US9036509B1 (en) 2011-01-14 2015-05-19 Cisco Technology, Inc. System and method for routing, mobility, application services, discovery, and sensing in a vehicular network environment
US9083581B1 (en) 2011-01-14 2015-07-14 Cisco Technology, Inc. System and method for providing resource sharing, synchronizing, media coordination, transcoding, and traffic management in a vehicular environment
US9154900B1 (en) 2011-01-14 2015-10-06 Cisco Technology, Inc. System and method for transport, network, translation, and adaptive coding in a vehicular network environment
US9225782B2 (en) 2011-01-14 2015-12-29 Cisco Technology, Inc. System and method for enabling a vehicular access network in a vehicular environment
US8863256B1 (en) 2011-01-14 2014-10-14 Cisco Technology, Inc. System and method for enabling secure transactions using flexible identity management in a vehicular environment
US10117066B2 (en) 2011-01-14 2018-10-30 Cisco Technology, Inc. System and method for wireless interface selection and for communication and access control of subsystems, devices, and data in a vehicular environment
US9654937B2 (en) 2011-01-14 2017-05-16 Cisco Technology, Inc. System and method for routing, mobility, application services, discovery, and sensing in a vehicular network environment
US10979875B2 (en) 2011-01-14 2021-04-13 Cisco Technology, Inc. System and method for wireless interface selection and for communication and access control of subsystems, devices, and data in a vehicular environment
US9860709B2 (en) 2011-01-14 2018-01-02 Cisco Technology, Inc. System and method for real-time synthesis and performance enhancement of audio/video data, noise cancellation, and gesture based user interfaces in a vehicular environment
US9888363B2 (en) 2011-01-14 2018-02-06 Cisco Technology, Inc. System and method for applications management in a networked vehicular environment
EP2845343A4 (fr) * 2012-04-04 2016-01-27 Zooz Mobile Ltd Système anti-intrusion pour le stockage d'enregistrements de données sensibles
CN107306181A (zh) * 2016-04-18 2017-10-31 杭州云沣科技有限公司 鉴权系统及其鉴权信息的加密、验证方法与装置
US10498712B2 (en) 2016-11-10 2019-12-03 Ernest Brickell Balancing public and personal security needs
WO2018089006A1 (fr) * 2016-11-10 2018-05-17 Ernest Brickell Équilibrage de besoins de sécurité publique et personnelle
US11115208B2 (en) 2016-11-10 2021-09-07 Ernest Brickell Protecting sensitive information from an authorized device unlock
US11398906B2 (en) 2016-11-10 2022-07-26 Brickell Cryptology Llc Confirming receipt of audit records for audited use of a cryptographic key
US10855465B2 (en) 2016-11-10 2020-12-01 Ernest Brickell Audited use of a cryptographic key
US11405201B2 (en) 2016-11-10 2022-08-02 Brickell Cryptology Llc Secure transfer of protected application storage keys with change of trusted computing base
US10230524B2 (en) 2017-01-26 2019-03-12 Wickr Inc. Securely transferring user information between applications
DE102018101812B4 (de) 2017-01-26 2024-02-08 Amazon Technologies, Inc. Sicheres Übertragen von Benutzerinformationen zwischen Anwendungen
US10396987B2 (en) 2017-01-26 2019-08-27 Wickr Inc. Securely provisioning an application with user information
GB2560434B (en) * 2017-01-26 2019-08-07 Wickr Inc Securely transferring user information between applications
GB2560434A (en) * 2017-01-26 2018-09-12 Wickr Inc Securely transferring user information between applications
CN108694333A (zh) * 2017-04-07 2018-10-23 华为技术有限公司 用户信息处理方法及装置
US10348706B2 (en) 2017-05-04 2019-07-09 Ernest Brickell Assuring external accessibility for devices on a network
US10904256B2 (en) 2017-05-04 2021-01-26 Ernest Brickell External accessibility for computing devices
US10771467B1 (en) 2017-05-04 2020-09-08 Ernest Brickell External accessibility for computing devices
US10652245B2 (en) 2017-05-04 2020-05-12 Ernest Brickell External accessibility for network devices

Also Published As

Publication number Publication date
AU5634100A (en) 2001-01-09

Similar Documents

Publication Publication Date Title
US5590199A (en) Electronic information network user authentication and authorization system
US6601169B2 (en) Key-based secure network user states
US8185942B2 (en) Client-server opaque token passing apparatus and method
US7631184B2 (en) System and method for imposing security on copies of secured items
US6173402B1 (en) Technique for localizing keyphrase-based data encryption and decryption
WO2000079368A1 (fr) Carte a puce de logiciel
US6950523B1 (en) Secure storage of private keys
CA2551113C (fr) Systeme d'authentification pour applications informatiques en reseau
US6044155A (en) Method and system for securely archiving core data secrets
US7320076B2 (en) Method and apparatus for a transaction-based secure storage file system
US20160204941A1 (en) Password Encryption Key
EP1866873B1 (fr) Procédé, système, dispositif de sécurité personnelle et produit de programme informatique pour authentification biométrique sécurisée par cryptographie
US9053313B2 (en) Method and system for providing continued access to authentication and encryption services
US20030188201A1 (en) Method and system for securing access to passwords in a computing network environment
US20050071657A1 (en) Method and system for securing digital assets using time-based security criteria
US20110126008A1 (en) Method and Apparatus for Sharing Documents
EP1757006A2 (fr) Procede et systeme de chiffrement d'une base de donnees de preservation des structures
US20030210791A1 (en) Key management
JP4167476B2 (ja) データ保護・保管方法/サーバ
KR101078546B1 (ko) 범용 저장장치의 식별정보를 기반으로 하는 보안 데이터 파일 암호화 및 복호화 장치, 그를 이용한 전자 서명 시스템
US7076062B1 (en) Methods and arrangements for using a signature generating device for encryption-based authentication
US7234060B1 (en) Generation and use of digital signatures
US8307209B2 (en) Universal authentication method
JP4612951B2 (ja) ローミング中のユーザに認証信用証明を安全に配布するための方法および装置
EP2920732A1 (fr) Système informatique de stockage et de récupération d'éléments de données chiffrés, ordinateur client, produit de programme informatique et procédé implémenté par ordinateur

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ CZ DE DE DK DK DM DZ EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP