WO2003001723A2 - Stabilised secure algorithms - Google Patents

Stabilised secure algorithms Download PDF

Info

Publication number
WO2003001723A2
WO2003001723A2 PCT/ZA2002/000085 ZA0200085W WO03001723A2 WO 2003001723 A2 WO2003001723 A2 WO 2003001723A2 ZA 0200085 W ZA0200085 W ZA 0200085W WO 03001723 A2 WO03001723 A2 WO 03001723A2
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
comparison
stabilised
correction parameter
value
Prior art date
Application number
PCT/ZA2002/000085
Other languages
French (fr)
Other versions
WO2003001723A3 (en
Inventor
Valentin Kisimov
Original Assignee
Valentin Kisimov
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Valentin Kisimov filed Critical Valentin Kisimov
Priority to AU2002306192A priority Critical patent/AU2002306192A1/en
Publication of WO2003001723A2 publication Critical patent/WO2003001723A2/en
Publication of WO2003001723A3 publication Critical patent/WO2003001723A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This invention relates to systems for enhancing the security of encryption algorithms and authentication algorithms predominantly used for smart devices.
  • the invention is particularly, but not exclusively, concerned with devices of processes that communicate over public networks, such as the Internet.
  • hackers A major risk in the use of digital transactions in unauthorised invasion by so called "hackers”. Attacks may take various forms including physical access to a computing device, infecting a computer with an intelligent agent to cause it to disclose when a user is on-line so that messages can be intercepted for subsequent deciphering, and tapping into a public network to monitor transactions. Once access is had, deciphering can be based on attacking the hardware, the power supply and/or timing of data transmissions and delays between responses. These attacks are used to limit or "scope down" the possible range of encryption keys and algorithms used, from which deciphering can become relatively trivial and even in real time.
  • smart devices means smart cards, SIM cards or other secure integrated circuits - chips in pervasive computing devices and like that include a processor, non-volatile memory (e.g. Rom, EEPROM, mini-disk), optional volatile memory (RAM), and an operating system, that can store and process data. Smart devices, while being capable of being used for more functions and on a wider scale, ace currently used to a limited extend for identification, authorisation and storing information.
  • non-volatile memory e.g. Rom, EEPROM, mini-disk
  • RAM optional volatile memory
  • an operating system that can store and process data.
  • Smart devices while being capable of being used for more functions and on a wider scale, ace currently used to a limited extend for identification, authorisation and storing information.
  • computing device means any device of a computer, which can run a program.
  • a computing device can be a smart device.
  • password refers to a password, a personal identification code or PIN, fingerprint, user ID and the like authentication initiator.
  • Encryption refers to any security function, such as encryption, decryption, signing, verification, hash function and the like.
  • This invention seeks to provide systems for enhancing the security of computer systems as applied to authentication or encryption. '
  • One aspect of the invention is concerned with providing increased security, nor necessarily but mostly for smart devices, in order to minimise attacks in recognising the security keys and comparing important values as password.
  • one aspect of the invention provides a method for providing stabilised encryption, wherein: • the encryption key is provided with an additional correction parameter and " the encryption function that uses the key is stimulated to use this parameter in a way, so independently of the content of the encryption key, the encryption function will have additional operations and will have time for execution not less that a constant. • optional spurious calculations are applied randomly to provide random timing of execution, which is added after the encryption.
  • the additional correction parameter is added as a part of the security key, whether symmetrical or asymmetrical.
  • Another aspect of the invention provides a method for providing stabilised computing important values, wherein:
  • the important value for comparison is provided with additional correction parameter, and the comparison of that important value with outside value is stimulated to use the parameter in a way, so independently of the content of the important value, the comparison will execute additional operations and will have time of execution not less than a constant.
  • spurious calculations are applied randomly to provide random timing of execution, which is added after the comparing important values.
  • spurious calculations are performed after the steps of comparing the entered data and stored important values like passwords to provide random timing for the generation of the output.
  • the method for stabilised encryption of data including the steps of: encrypting the data using a suitable algorithm and an encryption key and causing the computing device to perform a plurality of processing cycles, so as to cause timing delay between entering and encrypting information and generating the encrypted data, wherein a correction parameter is added to the encryption key to control the time required to generate the encrypted data and to additional spurious security functioning.
  • the correction parameter is also a function of the transaction state value that is dependent on the contents of a previous communication of the smart device with a server.
  • This method inhibits hacking by monitoring the power supply, the timing or the hardware by providing spurious information/timing and/or regularising the timing for performing the encryption.
  • Figure 1 shows an algorithms flow plan for achieving stabilised RSA encryption
  • Figure 2 shows as algorithms flow plan for achieving stabilised comparison of important values as password checking.
  • Figure 1 shows an algorithm flow plan 10 to obtain stabilised RSA encrypted data, which comprises three additional phases performed after the standard RSA encryption process.
  • the algorithm comprises an entry point 11 for data, a standard RSA encryption process 12 to encrypt the data, a process 13 to produce additional secure function driven by the correction parameter, a process 14 to cause looping driven by the correction parameter to achieve standardised timing between receiving the plain data and output point 16 for encrypted data, and process 15 to cause further cycling for random number of cycles.
  • processes 12 and 13 use the crypto controller in the smart device.
  • the correction value is a specific value for each type of computing device and is very specific for each chip of the smart device. It is an additional parameter added to the security key, for example to each RSA private key for the RSA encryption function.
  • the correction value is explicit for each security key of a computer device (private key and symmetrical key). The correction values acts to add additional spurious security function and to ensure that each duration of a particular security function appears for almost equal time, independently of the content of the key.
  • the algorithm is provided mainly to eliminate some attacks related to the smart device and to the environment in which the smart device is running.
  • Figure 2 shows a stabilised algorithm for comparing important values 20, usually password or a PIN for a smart device.
  • the algorithms 20 comprises a process 21 for receiving the important value (password), a process 22 for performing a comparison of the important value stored in a computer device and an entered important value during each transaction, a process 23 for performing a secure function over a value stored in a smart device, and a process 24 for outputting the result of the comparison.
  • the stored value is optionally a transaction state value representative of a previous communication of the computing device with a server and which differs for each message sent between the computing device and the server.
  • the stabilised algorithm for comparing important values improves the normal algorithm for comparing important values executed in a smart device to eliminate some attacks related to the smart device and to the environment in which it runs.
  • the important value comparison is a very important authentication mechanism.
  • the stabilised algorithm for comparing important values can be used for all password-checking operations, regardless whether this is for a major password of for secondary passwords that can also be stored in a smart device.
  • the invention is not limited to the precise details described above and shown in drawings. Modifications may be made and other embodiments developed without departing from the scope of the claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

This invention relates to systems for enhancing the security and authentication algorithms, providing stabilised encryption and stabilised comparing important values, wherein: the security key (symmetrical or asymmetrical) is extended with an additional correction parameter and the security function that uses the key is stimulated to use this parameter for additional operations; the important value for comparison is extended with additional correction parameter, and the comparison of that important value with outside value is stimulated to use the parameter for additional operations. The additional correction parameter consists of two parts - a constant part related to the security key or to the important value for comparison, and a variable part dynamically calculated during the stabilised algorithm being a result of a security function of a transaction state value representative of previous communications.

Description

STABILISED SECURE ALGORITHMS
TECHNICAL FILED:
This invention relates to systems for enhancing the security of encryption algorithms and authentication algorithms predominantly used for smart devices. The invention is particularly, but not exclusively, concerned with devices of processes that communicate over public networks, such as the Internet.
BACKGROUND ART:
A major risk in the use of digital transactions in unauthorised invasion by so called "hackers". Attacks may take various forms including physical access to a computing device, infecting a computer with an intelligent agent to cause it to disclose when a user is on-line so that messages can be intercepted for subsequent deciphering, and tapping into a public network to monitor transactions. Once access is had, deciphering can be based on attacking the hardware, the power supply and/or timing of data transmissions and delays between responses. These attacks are used to limit or "scope down" the possible range of encryption keys and algorithms used, from which deciphering can become relatively trivial and even in real time.
The term "smart devices" means smart cards, SIM cards or other secure integrated circuits - chips in pervasive computing devices and like that include a processor, non-volatile memory (e.g. Rom, EEPROM, mini-disk), optional volatile memory (RAM), and an operating system, that can store and process data. Smart devices, while being capable of being used for more functions and on a wider scale, ace currently used to a limited extend for identification, authorisation and storing information.
The term "computing device" means any device of a computer, which can run a program. A computing device can be a smart device.
The term "password" as used herein refers to a password, a personal identification code or PIN, fingerprint, user ID and the like authentication initiator. The term "encryption" as used herein refers to any security function, such as encryption, decryption, signing, verification, hash function and the like.
This invention seeks to provide systems for enhancing the security of computer systems as applied to authentication or encryption. '
DISCLOSURE OF THE INVENTION:
One aspect of the invention is concerned with providing increased security, nor necessarily but mostly for smart devices, in order to minimise attacks in recognising the security keys and comparing important values as password.
Thus one aspect of the invention provides a method for providing stabilised encryption, wherein: • the encryption key is provided with an additional correction parameter and "the encryption function that uses the key is stimulated to use this parameter in a way, so independently of the content of the encryption key, the encryption function will have additional operations and will have time for execution not less that a constant. • optional spurious calculations are applied randomly to provide random timing of execution, which is added after the encryption.
Preferably for the encryption the additional correction parameter is added as a part of the security key, whether symmetrical or asymmetrical.
Another aspect of the invention provides a method for providing stabilised computing important values, wherein:
• the important value for comparison is provided with additional correction parameter, and the comparison of that important value with outside value is stimulated to use the parameter in a way, so independently of the content of the important value, the comparison will execute additional operations and will have time of execution not less than a constant.
• optional spurious calculations are applied randomly to provide random timing of execution, which is added after the comparing important values. Preferably the spurious calculations are performed after the steps of comparing the entered data and stored important values like passwords to provide random timing for the generation of the output.
The method for stabilised encryption of data, including the steps of: encrypting the data using a suitable algorithm and an encryption key and causing the computing device to perform a plurality of processing cycles, so as to cause timing delay between entering and encrypting information and generating the encrypted data, wherein a correction parameter is added to the encryption key to control the time required to generate the encrypted data and to additional spurious security functioning.
Preferably the correction parameter is also a function of the transaction state value that is dependent on the contents of a previous communication of the smart device with a server.
This method inhibits hacking by monitoring the power supply, the timing or the hardware by providing spurious information/timing and/or regularising the timing for performing the encryption.
Further features, variants and/or advantages of aspects of the invention will emerge from the following non-limiting description of examples of the invention made with reference to accompanying schematic drawings.
BRIEF DESCRIPTION OF THE DRAWINGTS:
Figure 1 shows an algorithms flow plan for achieving stabilised RSA encryption; and
Figure 2 shows as algorithms flow plan for achieving stabilised comparison of important values as password checking.
BEST KNOWN MODE FOR CARRYING OUT THE INVENTION:
Figure 1 shows an algorithm flow plan 10 to obtain stabilised RSA encrypted data, which comprises three additional phases performed after the standard RSA encryption process. The algorithm comprises an entry point 11 for data, a standard RSA encryption process 12 to encrypt the data, a process 13 to produce additional secure function driven by the correction parameter, a process 14 to cause looping driven by the correction parameter to achieve standardised timing between receiving the plain data and output point 16 for encrypted data, and process 15 to cause further cycling for random number of cycles. In the event of the algorithms being processed in a smart device, then processes 12 and 13 use the crypto controller in the smart device.
The correction value is a specific value for each type of computing device and is very specific for each chip of the smart device. It is an additional parameter added to the security key, for example to each RSA private key for the RSA encryption function. The correction value is explicit for each security key of a computer device (private key and symmetrical key). The correction values acts to add additional spurious security function and to ensure that each duration of a particular security function appears for almost equal time, independently of the content of the key.
The algorithm is provided mainly to eliminate some attacks related to the smart device and to the environment in which the smart device is running.
Figure 2 shows a stabilised algorithm for comparing important values 20, usually password or a PIN for a smart device. The algorithms 20 comprises a process 21 for receiving the important value (password), a process 22 for performing a comparison of the important value stored in a computer device and an entered important value during each transaction, a process 23 for performing a secure function over a value stored in a smart device, and a process 24 for outputting the result of the comparison. The stored value is optionally a transaction state value representative of a previous communication of the computing device with a server and which differs for each message sent between the computing device and the server.
The stabilised algorithm for comparing important values improves the normal algorithm for comparing important values executed in a smart device to eliminate some attacks related to the smart device and to the environment in which it runs. The important value comparison is a very important authentication mechanism. The stabilised algorithm for comparing important values can be used for all password-checking operations, regardless whether this is for a major password of for secondary passwords that can also be stored in a smart device. The invention is not limited to the precise details described above and shown in drawings. Modifications may be made and other embodiments developed without departing from the scope of the claims.

Claims

CLAIMS:
1. A method for providing stabilised encryption or comparing important values, wherein:
• the encryption key is provided with an additional correction parameter and the encryption function that uses the key is stimulated to use this parameter in a way, so independently of the content of the encryption key, the encryption function will have additional operations and will have time for execution not less than a constant.
• the important value for comparison is provided with additional correction parameter, and the comparison of that important value with outside value is stimulated to use the parameter in a way, so independently of the content of the important value, the comparison will execute additional operations and will have time of execution not less than a constant.
• optional spurious calculations are applied randomly to provide random timing of execution, which is added after the encryption and/or comparing important values.
2. The method of claim 1 (encryption), wherein the additional correction parameter is added as an integral part of the security key (symmetrical or asymmetrical).
3. The method of claim 2, wherein the additional correction parameter consists of two parts - a constant part to the security key and a variable part dynamically calculated during the stabilised algorithm being a result of a security function of a transaction state value representative of previous communications .
4. The method of claim 1 (comparison), wherein the additional correction parameter is added as an integral part of the important value for comparison.
5. The method of claim 4, wherein the additional correction parameter consists of two parts - a constant part to the important value for comparison and a variable part dynamically calculated during the stabilised algorithm being a result of a security function of a transaction state value representative , of previous communications.
PCT/ZA2002/000085 2001-06-26 2002-05-23 Stabilised secure algorithms WO2003001723A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002306192A AU2002306192A1 (en) 2001-06-26 2002-05-23 Stabilised secure algorithms

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA200105248 2001-06-26
ZA2001/5248 2001-06-26

Publications (2)

Publication Number Publication Date
WO2003001723A2 true WO2003001723A2 (en) 2003-01-03
WO2003001723A3 WO2003001723A3 (en) 2004-01-22

Family

ID=25589215

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ZA2002/000085 WO2003001723A2 (en) 2001-06-26 2002-05-23 Stabilised secure algorithms

Country Status (2)

Country Link
AU (1) AU2002306192A1 (en)
WO (1) WO2003001723A2 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0851667A1 (en) * 1996-12-24 1998-07-01 Karl Michael Marks Method for the transmission of data, in particular for compressed fax and / or image data
EP1069726A2 (en) * 1999-07-13 2001-01-17 Lucent Technologies Inc. Secure mutual network authentication protocol

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0851667A1 (en) * 1996-12-24 1998-07-01 Karl Michael Marks Method for the transmission of data, in particular for compressed fax and / or image data
EP1069726A2 (en) * 1999-07-13 2001-01-17 Lucent Technologies Inc. Secure mutual network authentication protocol

Also Published As

Publication number Publication date
WO2003001723A3 (en) 2004-01-22
AU2002306192A1 (en) 2003-01-08

Similar Documents

Publication Publication Date Title
CA2554300C (en) System and method for encrypted smart card pin entry
US7080256B1 (en) Method for authenticating a chip card in a message transmission network
US5937068A (en) System and method for user authentication employing dynamic encryption variables
EP1659475B1 (en) Password protection
EP2695148B1 (en) Payment system
CN1770688B (en) User authentication system and method
EP1415430B1 (en) A method and a system for processing information in an electronic device
US7596704B2 (en) Partition and recovery of a verifiable digital secret
EP1933252A1 (en) Dynamic OTP Token
US20080212771A1 (en) Method and Devices For User Authentication
EP3608860A1 (en) Payment system for authorising a transaction between a user device and a terminal
US20030145203A1 (en) System and method for performing mutual authentications between security tokens
WO2012167352A1 (en) Credential authentication methods and systems
US10057254B2 (en) Mobile terminal for providing one time password and operating method thereof
JP6927981B2 (en) Methods, systems, and devices that use forward secure cryptography for passcode verification.
CN112787813B (en) Identity authentication method based on trusted execution environment
US20020018570A1 (en) System and method for secure comparison of a common secret of communicating devices
CN111884814B (en) Method and system for preventing intelligent terminal from being counterfeited
JP2002208925A (en) Qualification authentication method using variable authentication information
CN112703500A (en) Protecting data stored in memory of IoT devices during low power mode
CN100596219C (en) Communication terminal and its method and device for system bootstrapping
US7529369B2 (en) Data processing with a key
WO2003001723A2 (en) Stabilised secure algorithms
Chatterjee et al. Secure access of smart cards using elliptic curve cryptosystems
CN111262702A (en) Double-factor authentication method, device and system based on cryptographic algorithm and biological characteristics

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP