WO2001039466A1 - Dispositif informatique pour securiser des messages au niveau d'une couche reseau - Google Patents
Dispositif informatique pour securiser des messages au niveau d'une couche reseau Download PDFInfo
- Publication number
- WO2001039466A1 WO2001039466A1 PCT/FR2000/003230 FR0003230W WO0139466A1 WO 2001039466 A1 WO2001039466 A1 WO 2001039466A1 FR 0003230 W FR0003230 W FR 0003230W WO 0139466 A1 WO0139466 A1 WO 0139466A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- network security
- security layer
- function
- layer
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Definitions
- Computing device for securing messages at a network layer.
- the field of the invention is that of computer networks and more particularly that of securing the routing of messages on these networks.
- a public network such as the Internet, makes it possible to interconnect numerous private networks linked by access points and routers which route messages.
- the ease of access to such a network is an advantage for the free flow of ideas and a great deal of knowledge, it is also a disadvantage for the confidentiality of certain information. This is why it is advisable to secure certain messages so that only the recipient can understand them, be assured of their origins and or of their integrity.
- a message security processing can be envisaged in different communication layers of a computer device.
- an application such as http, ftp or mail, can take care of performing encryption and decryption, signature and authentication processing.
- the message is only available in the user layer of the original transmitter and the final receiver.
- a network security layer such as Ipsec takes care of securing processing at the very level of message routing.
- the network layer is generally considered as a communication resource of a computing device.
- the object of the invention is a computer device comprising a memory and a network security layer for applying security processing on presentation of a message in the memory.
- the computing device is characterized in that: - the presentation of the message switches the network security layer from an initial state to a first state which saves an execution context in an area memory;
- the network security layer does not use any resources of the computing device. Returning the network security layer to its initial state without waiting for an end to processing of the message avoids blocking the computing device. Saving the execution context allows the network security layer to be replaced at the end of message processing in the context it was in before processing began. Thus, the processing for securing the message is performed asynchronously.
- - Figure 1 shows a secure network architecture
- - Figure 2 shows a computer device for processing messages
- FIG. 3 shows the essential steps of a security processing layer in the form of a machine with finite number of prior art
- FIGS. 3 and 4 show the essential steps of a safety treatment layer in the form of a machine with finite number of states according to the invention
- FIG. 6 represents the essential steps of a hardware processing card driver in the form of a machine with finite number of states for implementing the machine according to FIGS. 3 and 4.
- FIG. 7 shows an architecture of memory backup areas
- FIG. 8 shows a first step of a method of producing code for a network security layer
- FIG. 9 shows a second step of the method of producing code for a network security layer
- FIG. 10 shows a method of producing secure messages.
- a computer device 67 is physically connected to a first private network 69 and a computer device 68 is physically connected to a second private network 70.
- Messages can circulate in complete confidentiality on each of the private networks 69 and 70 insofar as no intrusion can be made from outside on these networks.
- confidentiality is not guaranteed without taking special precautions.
- the public network 71 is for example the network known as the Internet, often represented in the form of a cloud in the literature.
- the public network 71 groups together several networks 72, 73, interconnected by means of computer devices such as a computer device 65 not controlled by the devices 67, 68.
- the private network 69 is connected to the public network 71 by a computer device 66 and the private network 70 is connected to the public network 71 by a computer device 1.
- the computer devices 1 and 66 are called gateways in the following description.
- Each computing device 1, 65, 66, 67, 68 traditionally comprises a network layer using a communication protocol such as the known protocol IP, topped with a transport layer using a protocol such as the known protocol TCP, UDP or other, overcome in turn from an application layer such as http, ftp or the like which send and receive messages. If a message crosses the TCP then IP layers in the device 67 and crosses the IP then TCP layers in the device 68, the routing of the message through the public network 71 normally remains in the IP layers of the devices 66, 65, 1.
- the device 65 can encourage a foreign intrusion on the networks 72, 73 with a danger of picking up the message to read it, modify it, or even generate a message by impersonating the device 67.
- One solution consists in encrypting and / or sign the message in the IP layer of gateway 66, when it leaves the interconnection network 72, then decrypt the message in the IP layer of gateway 1, when it enters the interconnection network 73.
- a solution known as Ipsec thus makes it possible to create a tunnel 74 which crosses the public network 71, so as to create a virtual private network usable by the devices 67 and 68.
- a computing device 1 comprises a memory 2, one or more network access cards 3 and one or more cryptography cards 4.
- the network access card 3 is intended to be connected to one or more physical connections, not shown.
- the memory 2, of known type such as the random access memories RAM, is intended to contain data and processing programs of the computer device 1.
- the network access card 3 is of known type such as for example ethemet, for receive and send messages circulating on a computer network.
- the cryptography card 4 is intended to encode and decode secure messages by means of dedicated hardware circuits which implement encryption algorithms of known type such as for example tripleDES.
- the dedicated hardware circuits, not shown, allow faster coding and decoding processing than purely software programs. These circuits are not the subject of the present invention.
- the memory 1 comprises data and programs of a user layer 5 and of a kernel layer 6.
- the user layer 5 is of a type known for executing applications such as client or server applications on the Internet such as http, www, telnet or others.
- the kernel layer 6 is intended to contain data structures and primitive functions of an operating system such as for example the known operating system LINUX.
- the core layer 6 comprises a network layer 7 and a driver 8.
- the network layer 7 is intended to execute network protocols such as for example the IP protocol.
- the network layer 7 comprises a security layer 9 intended to execute secure communication protocols such as for example Ipsec. Pilot 8 is intended for order the cryptography card 4, essentially on request from the security layer 9.
- the network security layer 9 does not consume any system resources.
- a transition 13, 14, 15, 16 places the network security layer respectively in a state 17, 18, 19, 20 which calls a function F1, F2, F3, F4 for processing the message.
- a transition 21, 22, 23, 24, signaling that the message is processed returns the network security layer 9 to the initial state 12, thus freeing up system resources necessary for the network security layer 9.
- the transition 13 corresponds to a message detection M1 to be decrypted.
- the function F1 called is a function of the pilot 8 which commands the cryptography card 4 to decrypt the message.
- the cryptography card is equipped with the algorithm and the keys necessary for decrypting the message. For example, in the case of the tripleDES algorithm, the cryptography card has the secret key to decode the message.
- the pilot 8 validates the transition 21 by delivering the message M1 to the network security layer 9.
- the transition 14 corresponds to a detection of message M2 to be authenticated.
- the function F2 called is a function of the pilot 8 which commands the cryptography card 4 to authenticate the message.
- the cryptography card is equipped with the algorithm and the keys necessary for authentication of the message. For example, in the case of the HMAC-SHA1 algorithm, the cryptography card has the secret key so as to verify the signature of the gateway 66.
- the pilot 8 validates the transition 22 by delivering the message M2 to the network security layer 9.
- the transition 15 corresponds to a detection of message M4 to be signed.
- the function F4 called is a function of the pilot 8 which commands the cryptography card 4 to sign the message.
- the cryptography card is equipped with the algorithm and the keys necessary to sign the message. For example, in the case of the HMAC-SHA1 algorithm, the cryptography card has the secret key to develop its signature.
- the pilot 8 validates the transition 21 by delivering the message M4 to the network security layer 9.
- the transition 16 corresponds to a message detection M3 to be encrypted.
- the function F3 called is a function of the pilot 8 which commands the cryptography card 4 to encrypt the message.
- the cryptography card is equipped with the algorithm and the keys necessary for encrypting the message. For example, in the case of the tripleDES algorithm, the cryptography card has the secret key to code the message.
- the pilot 8 validates the transition 24 by delivering the message M3 to the network security layer 9.
- the disadvantage of the state of the art here described with reference to FIG. 3 is that the processing of the message needs to be completed to allow the network security layer 9 to return to the initial state 12 and release the resources of the system or be available for further processing of another or the same message.
- a message which presents itself for example, as a message M1 to be decrypted
- a message M2 to be authenticated after being decrypted can be presented as a message M2 to be authenticated after being decrypted. All combinations are possible.
- the encryption and decryption processing are particularly long, even carried out by means of hardware circuits.
- the network security layer 9 does not consume any system resources.
- a transition 13, 14, 15, 16 puts the network security layer respectively in a state 25, 26, 27, 28 which triggers a save sequence F5, F6, F7, F8 of the current CE execution context.
- a transition 29, 30, 31, 32 is validated by a pointer value PZS (M1), PZS (M2), PZS (M4), PZS (M3) on a backup zone resulting from the previous state 25, 26, 27, 28.
- Each backup sequence F5, F6, F7, F8 is specific to the processing to be carried out for each type of message M1, M2, M4, M3.
- the sequence F5, F6, F7, F8 essentially consists in saving in a memory zone the context of execution CE in progress.
- the current CE execution context is made up of local and global variables which are used by the network security layer 9 for processing the message, such as message security characteristics, protocols and keys to be used.
- the beginning of the memory area is identified by a pointer PZS (M1), PZS (M2), PZS (M4), PZS (M3) so that the execution context CE linked to the processing of the message M1, M2, M4, M3, can be restored later.
- the transition 29 switches the network security layer 9 to a state 33 which makes a call to a function F9 executed by the pilot 8 to command the card 4, a decryption of message M1.
- the function F9 passes in parameters, an address @ F13 of so-called return function, a so-called correlation variable VC1 and the value of the pointer PZS (M1).
- a transition 37 is validated by an acknowledgment of the function F9, returned by the pilot 8.
- the transition 37 restores the network security layer 9 to its initial state 12.
- the transition 30 passes the network security layer 9 into a state 34 which makes a call to a function F10 executed by the pilot 8 to command the card 4, a authentication of the M2 message.
- the function F10 passes into parameters, an address @ F14 of so-called return function, a so-called correlation variable VC2 and the value of the pointer PZS (M2).
- a transition 38 is validated by an acknowledgment of the function F10, returned by the pilot 8.
- the transition 38 restores the network security layer 9 to its initial state 12.
- the transition 31 passes the network security layer 9 into a state 35 which performs a call to a function F11 executed by the pilot 8 to command the card 4 to sign the message M4.
- the function F11 passes in parameters, an address @ F15 of the so-called return function, a so-called correlation variable VC4 and the value of the pointer
- a transition 39 is validated by an acknowledgment of the function F11, returned by the pilot 8.
- the transition 39 restores the network security layer 9 to its initial state 12.
- the transition 32 passes the network security layer 9 into a state 36 which makes a call to a function F12 executed by the pilot 8 to command the card 4, a signature of message M3.
- the function F12 passes in parameters, an address @ F16 of the so-called return function, a so-called correlation variable VC3 and the value of the PZS pointer (M3).
- a transition 40 is validated by an acknowledgment of the function F12, returned by the pilot 8.
- the transition 40 restores the network security layer 9 to its initial state 12.
- FIG. 6 presents states and transitions of the cryptography card driver 8 which are particularly suitable for interfacing with the states and transitions of the network security layer 9 according to the invention, with reference to FIGS. 3 and 4.
- Other states of the pilot, applicable to the control of the card 4 are not described here because these other states are outside the scope of the present invention.
- the states described are those which correspond to the encryption and decryption processing.
- the resulting teaching is applicable to authentication, signature and or to any other security processing such as the message summary by means of the hardware card 4.
- a transition 42 is activated by calling the function F9, carried out in the state 33 of the network security layer 9.
- a transition 43 is activated by calling the function F12, carried out in the state 36 of the layer network security 9.
- the transition 42 places the pilot 8 in a state 44.
- the pilot 8 immediately sends acknowledgment Acq (F9) which validates the transition 37 and activates the card 4 to carry out a hardware processing of decryption of the message M1.
- the card 4 then takes care of the message M1.
- a transition 46 restores the driver to the initial state 41 which makes it available to take care of other processing requests by the network security layer 9.
- a transition 48 places the pilot in a state 50.
- the pilot makes a connection to the return function address @ F13 by communicating the pointer PZS (M1) previously given in state 33 of the network security layer.
- the pilot also places in the correlation variable VC1, the coordinates for making available the message M1 decrypted by the card 4. Then the pilot returns to its initial state 41.
- the transition 43 places the pilot 8 in a state 45.
- the pilot 8 immediately sends acknowledgment Acq (F12) which validates the transition 40 and activates the card 4 to carry out a hardware processing of encryption of the message M3.
- the card 4 then takes care of the message M3.
- a transition 47 restores the driver to the initial state 41 which makes it available to take care of other processing requests by the network security layer 9.
- a transition 49 places the pilot in a state 51.
- the pilot makes a connection to the return function address @ F16 by communicating the pointer PZS (M3) previously given in state 36 of the network security layer.
- the pilot also places in the correlation variable VC3, the coordinates for making available the message M3 encrypted by the card 4. Then the pilot returns to its initial state 41.
- a transition 52 changes the network security layer from the initial state 12 to a state 56
- a transition 53 changes the network security layer from the initial state 12 to a state 57
- a transition 54 switches the network security layer from the initial state 12 to a state 58
- a transition 55 switches the network security layer from the initial state 12 to a state 59.
- the transition 52 is validated by the connection to the address @ F13 and the communication of the PZS pointer (M1) carried out in state 50.
- the network security layer 9 restores the execution context saved in the memory area pointed to by PZS (M1). The network security layer 9 thus returns to the configuration in which it was when it was in state 25 for the message M1 while the message M1 was not decrypted.
- the correlation variable VC1 immediately validates a transition 60 which returns the network security layer to its initial state 12.
- the correlation variable VC1 makes the message M1 available to the network security layer 9 to provide other functions of the network layer or to present the message M1 processed as a message of type M2, M3, M4 for another processing.
- the value of the correlation variable VC1 is for example a value making it possible to resume execution at a suitable location.
- the transition 55 is validated by the connection to the address @ F16 and the communication of the PZS pointer (M3) carried out in the state 51.
- the network security layer 9 restores the execution context saved in the memory area pointed to by PZS (M3).
- the network security layer 9 thus returns to the configuration in which it was when it was in state 28 for the message M3 while the message M3 was not encrypted.
- the correlation variable VC3 immediately validates a transition 64 which returns the network security layer to its initial state 12.
- the correlation variable VC3 makes the message M3 available to the network security layer 9 to provide other functions of the network layer 7 or to present the message M3 processed as a message of type M2, M1, M4 for another processing.
- the transition 53 is validated by the connection to the address @ F14 and the communication of the PZS pointer (M2) carried out in a state not shown of the pilot 8.
- the network security layer 9 restores the execution context saved in the memory area pointed to by PZS (M2).
- the network security layer 9 thus returns to the configuration in which it was when it was in state 26 for the message M2 while the message M2 was not authenticated.
- the correlation variable VC2 immediately validates a transition 62 which returns the network security layer to its state initial 12.
- the correlation variable VC2 makes the message M2 available to the network security layer 9 for providing other functions of the network layer 7 or to present the message M2 processed as a message of type M1, M3, M4 for another treatment.
- the transition 54 is validated by the connection to the address @ F15 and the communication of the PZS pointer (M4) carried out in an unrepresented state of the pilot 8.
- the network security layer 9 restores the execution context saved in the memory area pointed to by PZS (M4).
- the network security layer 9 thus returns to the configuration in which it was when it was in state 27 for the message M4 while the message M2 was not signed.
- the correlation variable VC4 immediately validates a transition 63 which returns the network security layer to its initial state 12.
- the correlation variable VC4 makes the message M4 available to the network security layer 9 to provide other functions of the network layer 7 or to present the message M4 processed as a message of type M1, M3, M2 for another processing.
- this has the advantage of making the network security layer quickly available again for the presentation of another message to be processed.
- the state 50 of the pilot 8 validates the transition 52 of the network security layer 9.
- the network security layer 9 remains little time in the resulting state 56, since the restitution of the execution context CE is a relatively rapid operation.
- the transition 21 quickly returns the network security layer 9 to the initial state 12 because the correlation value VC1 immediately makes the message M1 in decrypted form available to the network security layer 9 to be retransmitted. , in the case of FIG.
- the decryption time of the message M1 is completely transparent for the network security layer 9, activated only a short time after presentation of the message M1 to be decrypted, then reactivated only a short time after presentation of the message M1 decrypted.
- the paths 10 and 11 of Figure 2 are symbolic for the sole purpose of showing the interest of the invention. Those skilled in the art also know that one or more layers can separate the network layer 7 from the user layer 5, such as a transport layer of known TCP type, not shown so as not to unnecessarily overload Figure 2.
- the path 11 can also be redirected to the card 3 by the network layer 7 or again to the card 4 for subsequent processing.
- the kernel layer 6 is not blocked awaiting the end of processing of a message, it is advantageous to have other messages which appear at the network security layer 9 take care of when a first message does not is not yet finished being treated.
- the pointer PZS (M1) has the value of that of a word 56 which contains a start address of an area 52 of memory 2.
- Zone 52 contains the CE execution context when the network security layer was in state 25 for the message MI
- a word 55 is intended to contain an address following a last address in zone 52.
- word 55 defines a free zone pointer PZL on a save zone for the following execution context 53.
- the value of word 55 is transferred into a word 57 to define a new PZS pointer (M'1) at the start of the area 53 where is saved the CE execution context when the network security layer is in state 25 for the message M'1.
- the word 55 is then contains an address following a last address in the area 53.
- the word 55 defines a free area pointer PZL on a backup area of the following execution context 54, available for the execution context CE linked to a new message M "1. This process is repeated for any new message so as to chain the backups of the CE execution context.
- the start address of the freed backup area is taken as the next address of the last saved backup area according to a chaining mechanism classic.
- the network security layer can be programmed in different ways to implement the previously described states.
- a first code sequence 75 is intended to be activated by a message presentation M1, M2, M3 or M4 to which to apply a processing of security, decryption, authentication, encryption or signature.
- the code sequence 75 consists of several lines of standard code which are not the subject of the present invention. At this stage, there is only a line 76 and a last line of the sequence 75 identified by an End indicator. Line 76 contains a call to the call processing function. standard security, for example the first function F1 if the code sequence 75 is that activated by the presentation of the message M1.
- the first code sequence 75 is modified by inserting before line 75, a second code sequence 77.
- the code sequence 77 begins with one or more lines F5 (CE) which save the current CE execution context when the first sequence is activated, ie essentially the values of the local and global variables used in the code sequence 75.
- CE lines
- the backup code then consists of writing the values of these variables in an area of memory 2, identified by the PZS pointer (M1).
- the sequence 77 contains the code for calling a second security function, for example the function F9 (@ F13, VC1, PZS (M1)) in the case described here.
- the second function is intended to be executed by the pilot 8.
- the parameters passed are essentially a function address @ F13 and the PZS pointer to the backup area.
- the code sequence 77 ends with a connection to the last line of the code sequence 75 of the "Goto Fin" type.
- the second step is explained with reference to FIG. 9.
- the first code sequence 75 is copied so as to generate a third code sequence 78, taken as being the code of the function F13 whose address @ F13 is identified by a pointer 81.
- a fourth code sequence 80 is inserted after line 76 of sequence 78.
- Sequence 80 is identified by a label and contains instructions for reading the memory area indicated by the PZS pointer.
- a line 79 is inserted at the start of sequence 78. Line 79 contains a connection instruction "Goto Etiquette" on the code sequence 80.
- the network security layer (9) obtained by the method described above is faster than the original standard network security layer.
- the execution of the unmodified sequence 75 is carried out as follows.
- the standard code statements preceding line 76 are executed.
- Line 76 makes a call to the standard processing function F1.
- the instructions of standard code following line 76 are executed after the return of the function F1 which indicates the end of processing of the message.
- cryptographic processing is long by nature. This has the effect of delaying the reaching in execution of the last "End" line of the unmodified sequence 75.
- the execution of the modified sequence 75 is carried out as follows.
- the standard code instructions preceding line 76 and sequence 77 are executed.
- Line 76 and the following lines of sequence 75 are never executed because of the first connection to the last line of sequence 75.
- the first connection is made quickly because function F9 immediately sends an acknowledgment before the message is finished to be treated.
- the pilot 8 triggers an execution of the code sequence 78 by means of the address @ F13.
- the line of code 76 and the lines of code of the preceding sequence 78 are never executed because of the connection at the start of the sequence 78 to the sequence 80 which allows the execution of the following lines of code, thus masking the processing time of the message.
- the computer device which has just been described makes it possible to implement a method of obtaining a secure message from another message.
- a first step 82 the current execution context is saved. This step is carried out in one of the states 25, 26, 27, 28 of the layer 9.
- a security processing request is sent from the layer 9, in one of the states 33, 34 , 35, 36, towards an element external to the layer 9, so that the layer 9 is returned to its initial state which does not use any resource of the device.
- the steps 82 and 83 are implemented by means of the sequence 77.
- the saved context is restored in a step 84 so as to produce the secure message.
- This method has the advantage of being able to produce secure messages in large numbers because step 84 can be activated after several successive activations of steps 82, 83 for different messages.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP00988864A EP1147644A1 (fr) | 1999-11-23 | 2000-11-21 | Dispositif informatique pour securiser des messages au niveau d'une couche reseau |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9914755A FR2801459B1 (fr) | 1999-11-23 | 1999-11-23 | Dispositif informatique pour securiser des messages au niveau d'une couche reseau |
FR99/14755 | 1999-11-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001039466A1 true WO2001039466A1 (fr) | 2001-05-31 |
Family
ID=9552464
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2000/003230 WO2001039466A1 (fr) | 1999-11-23 | 2000-11-21 | Dispositif informatique pour securiser des messages au niveau d'une couche reseau |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1147644A1 (fr) |
FR (1) | FR2801459B1 (fr) |
WO (1) | WO2001039466A1 (fr) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5485579A (en) * | 1989-09-08 | 1996-01-16 | Auspex Systems, Inc. | Multiple facility operating system architecture |
EP0942369A2 (fr) * | 1998-03-10 | 1999-09-15 | Lucent Technologies Inc. | Controleur de contexte avec sélection de vecteurs dépendants d'évènement et processeur utilisant celui-ci |
-
1999
- 1999-11-23 FR FR9914755A patent/FR2801459B1/fr not_active Expired - Fee Related
-
2000
- 2000-11-21 WO PCT/FR2000/003230 patent/WO2001039466A1/fr not_active Application Discontinuation
- 2000-11-21 EP EP00988864A patent/EP1147644A1/fr not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5485579A (en) * | 1989-09-08 | 1996-01-16 | Auspex Systems, Inc. | Multiple facility operating system architecture |
EP0942369A2 (fr) * | 1998-03-10 | 1999-09-15 | Lucent Technologies Inc. | Controleur de contexte avec sélection de vecteurs dépendants d'évènement et processeur utilisant celui-ci |
Non-Patent Citations (2)
Title |
---|
HUNT R: "Internet/Intranet firewall security-policy, architecture and transaction services", COMPUTER COMMUNICATIONS,GB,BUTTERWORTHS & CO. PUBLISHERS LTD, vol. 21, no. 13, 1 September 1998 (1998-09-01), pages 1107 - 1123, XP004146571, ISSN: 0140-3664 * |
LIU Y ET AL: "OSI remote procedure call: Standardization issues, design and implementation", COMPUTER COMMUNICATIONS,NL,ELSEVIER SCIENCE PUBLISHERS BV, AMSTERDAM, vol. 20, no. 6, 25 July 1997 (1997-07-25), pages 462 - 474, XP004126700, ISSN: 0140-3664 * |
Also Published As
Publication number | Publication date |
---|---|
FR2801459B1 (fr) | 2001-12-21 |
FR2801459A1 (fr) | 2001-05-25 |
EP1147644A1 (fr) | 2001-10-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2480896C (fr) | Procede de securisation d'une entite electronique a acces crypte | |
BE1003932A6 (fr) | Systeme cryptographique par bloc de donnees binaires. | |
EP0346180B1 (fr) | Dispositif de communication sécurisée de données | |
WO2015052084A1 (fr) | Procede et dispositif d'authentification et d'execution securisee de programmes | |
EP2619941A1 (fr) | Procede, serveur et systeme d'authentification d'une personne | |
EP3790223A1 (fr) | Génération d'un portefeuille contextuel multi-utilisateur de clés privées et utilisation d'un tel portefeuille | |
EP1514377A1 (fr) | Procede et dispositif d'interface pour echanger de maniere protegee des donnees de contenu en ligne | |
WO2016207715A1 (fr) | Gestion securisee de jetons électroniques dans un telephone mobile. | |
WO2003042813A2 (fr) | Procede pour generer des nombres aleatoires | |
EP1413088B2 (fr) | Methode pour creer un reseau virtuel prive utilisant un reseau public | |
WO2001039466A1 (fr) | Dispositif informatique pour securiser des messages au niveau d'une couche reseau | |
FR2965431A1 (fr) | Systeme d'echange de donnees entre au moins un emetteur et un recepteur | |
EP3568964A1 (fr) | Procédé de transmission d'une information numérique chiffrée de bout en bout, application de ce procédé et objet mettant en oeuvre ce procédé | |
WO2005107206A1 (fr) | Procede de transmission d’un fichier de donnees numeriques au travers de reseaux de telecommunications | |
CA1243738A (fr) | Procede et systeme pour chiffrer et dechiffrer des informations transmises entre un dispositif emetteur et un dispositif recepteur | |
FR2899750A1 (fr) | Procede et terminal pour securiser la generation d'une cle de chiffrement | |
EP3623979A1 (fr) | Methode de stockage securise dans un reseau d'une image de conteneur dans un registre de conteneurs | |
EP3340096B1 (fr) | Procédé de configuration d'un programme cryptographique destiné à être exécuté par un terminal | |
WO1998010563A2 (fr) | Instrument de securisation d'echanges de donnees | |
WO2024083855A1 (fr) | Clés cryptographiques en boite blanche | |
FR3135854A1 (fr) | Fourniture sécurisée de clefs pour un cryptage totalement homomorphe | |
FR3105850A1 (fr) | Procédé de codage d'un motif d'intégrité cryptographique de faible taille et dispositifs associés | |
WO2010133459A1 (fr) | Procede de chiffrement de parties particulieres d' un document pour les utilisateurs privileges | |
WO2021165625A1 (fr) | Procede de calcul d'une cle de session, procede de recuperation d'une telle cle de session | |
WO2004040818A2 (fr) | Procede de transmission securisee de messages ou de donnees entre deux entites |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2000988864 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09889856 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWP | Wipo information: published in national office |
Ref document number: 2000988864 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000988864 Country of ref document: EP |