WO2003055118A2 - Method of controlling a public key certification system - Google Patents

Method of controlling a public key certification system Download PDF

Info

Publication number
WO2003055118A2
WO2003055118A2 PCT/EP2002/014118 EP0214118W WO03055118A2 WO 2003055118 A2 WO2003055118 A2 WO 2003055118A2 EP 0214118 W EP0214118 W EP 0214118W WO 03055118 A2 WO03055118 A2 WO 03055118A2
Authority
WO
WIPO (PCT)
Prior art keywords
certification
public key
controlling
entity
paths
Prior art date
Application number
PCT/EP2002/014118
Other languages
French (fr)
Other versions
WO2003055118A3 (en
Inventor
Alain Zahm
Original Assignee
Schlumberger Systèmes
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Schlumberger Systèmes filed Critical Schlumberger Systèmes
Priority to AU2002361058A priority Critical patent/AU2002361058A1/en
Publication of WO2003055118A2 publication Critical patent/WO2003055118A2/en
Publication of WO2003055118A3 publication Critical patent/WO2003055118A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • H04L9/007Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models involving hierarchical structures

Definitions

  • the present invention relates to securing communications between computers and more particularly to controlling a public key certification infrastructure.
  • the establishment of secure applications based on a public key encryption method also requires the creation of a certification infrastructure involving certification authorities intended to generate, store and distribute certificates attesting to the correspondence between the public key of an interlocutor and the data allowing his identification, used in the application.
  • the main drawback of existing public key certification infrastructures is that compliance with the rules by the entities responsible for issuing certificates is taken for granted. Indeed, it may be that, voluntarily or not, errors occur as to the identity of an entity A, when registering the latter with a CA certification authority.
  • the CA authority can issue a certificate attesting that the public key KPA is indeed that of entity A, whereas in fact KPA is that issued by an entity A having succeeded in usurping from CA the identity of A.
  • Such fraud is currently undetectable for third parties, but the risk of such fraud is becoming increasingly important due to the development of public key infrastructures.
  • the object of the present invention is therefore to propose a method for controlling public key infrastructures which limits any risk of fraud and / or error in the production of certificates by the certification authorities.
  • the control method according to the invention is more particularly intended for issuing, distributing and verifying certificates in a public key certification system bringing together a plurality of users and certification entities arranged according to a hierarchical infrastructure.
  • this method is characterized in that, with the exception of the highest hierarchical level entity, each of the certification entities have at least two certificates issued by two other distinct entities, of the same level hierarchical or higher.
  • each of the users has at least two certificates issued, a first certificate issued by a first certification entity of the lowest hierarchical level and a second certificate issued either by another user. or by a second certification entity distinct from said first certification entity.
  • the verification of a certificate relating to a first given element of said infrastructure (this first element being a user or a certification entity not belonging to the most hierarchical level high), consists of:
  • the second element considered for constructing the certification paths to be compared is the certification entity of the highest hierarchical level.
  • the second element considered for building the certification paths to be compared is any element of the infrastructure, distinct from said first element, and chosen at random.
  • the verification operation is carried out by each user on receipt of any message accompanied by a certificate.
  • the verification operation is carried out by a certification entity given at the request of a user. According to another characteristic of the method which is the subject of the invention, the verification operation is carried out by a given certification entity after random drawing of the certificate to be verified.
  • FIG. 1 is a block diagram of a public key infrastructure according to the invention.
  • the present invention will be more particularly detailed in the context of a secure electronic messaging application using a public key certification infrastructure meeting the X509 standard.
  • the invention is not limited to such a standard or to such an application.
  • the invention can be implemented whatever the application considered, such as for example securing electronic transactions.
  • the electronic messaging application given by way of example relates to users equipped with computers linked together by an appropriate telecommunications network such as the Internet. Each computer is equipped with messaging software implementing automatic verification of signatures and certificates.
  • Such software is able to operate such verification by accessing directories of certificates, directories stored in the memories of the computer or else stored in remote servers accessible from said computer via an appropriate communication network such as the Internet. .
  • Each user of such a secure messaging has a public key Kp and a secret key Ks and the corresponding encryption software P and S, P and S are chosen so as to be the reverse of other and in such a way that the knowledge of one (P) does not lead to the knowledge of the other (S).
  • P and S are chosen so as to be the reverse of other and in such a way that the knowledge of one (P) does not lead to the knowledge of the other (S).
  • any message encrypted with the function P and the key Kp can only be decrypted by the user possessing the function S and the key Ks, and vice versa.
  • any message encrypted using the S function and the Ks key can only have been encrypted by their sole owner.
  • her identity As a result, proving her identity, user Alice only needs to sign her messages, that is, to apply her secret algorithm SA and her secret key KsA to all or part of her messages, and to provide a certificate issued by a certification authority certifying that the KpA key (and therefore KsA) is indeed its property.
  • CA certificate of Cisco Systems
  • the general format of a certificate issued by a CA certification authority includes the following fields: i) Version number; ii) Serial number: a unique number assigned by the CA certification authority issuing a certificate; iii) Signature algorithm and parameters used by CA: for example: PKCS # 1 which is the specification of a signature method based on RSA, relating to an MD5 digest of the message to be signed; iv) Issuer: identity of the certification authority; v) Period of validity; vi) Owner: "X", identity of the certificate holder; vii) Owner's public key: Kpx; viii) Public key encryption function and parameters used by the owner: P; ix) Signature: signature obtained using the algorithm defined in point iii) of the preceding data (from i) to viii)
  • the conditions required by a certification authority to provide a certificate to an entity which requests it is capable of taking several forms and are the responsibility of the free will of each certification authority.
  • the entity to be certified may be asked to present itself physically on the premises of the certification authority and to prove its identity.
  • the entity 'to certify may also file its application for certification "on line" by using a line of secure telecommunications or even after proving the possession of such authentication means that a bank card chip type which only the owner knows the secret code also called PIN code.
  • Alice will therefore send not only the message M, but also her certificate, noted Cert (Alice, CA), issued by a CA certification authority and the signature of the message Sig (M) operated using the signature algorithm. , the encryption function SA and the secret key KsA.
  • the recipient Bob verifies the Cert certificate (A-.ice, CA) using the public key Kpca and the public key encryption function of the CA certification authority which can be stored in the verification software fitted Bob's computer, or even obtained after consulting a directory of public keys. Then, thanks to the public key KpA contained and the public key function PA in the certificate, Bob checks the signature Sig (M). All of these operations having been carried out Bob is able to process the message M, with a certain assurance that it has indeed been sent by Alice.
  • FIG. 1 a public key infrastructure comprising several certification authorities. These certification authorities conventionally obey a given hierarchical organization, the document US5745574 describes in detail the principle of such a tree structure. We can also refer to the ISO X509 standard which presents the possibility that a CA2 certification authority may receive a certificate from another CA1 certification authority.
  • the tree illustrated in FIG. 1 describes a tree structure comprising four levels including three levels of certification authorities. The classic certification chain connecting the different entities to each other is described in dotted lines, the arrows indicate the direction of the certification.
  • the CA1 authority is located at the top of the tree and therefore occupies only level 1, also called the root.
  • the CA21 and CA22 authorities occupy level 2.
  • Level 1 is made up of authorities CA31, CA32 and CA33, which have respectively received a certificate from level 2 authorities: CA21, CA21 and CA22.
  • Level 3 is made up of authorities CA31, CA32 and CA33, which have respectively received a certificate from level 2 authorities: CA21, CA21 and CA22.
  • the fourth level are the entities users X, X ', Y and Z who obtained certificates respectively from level 3 authorities: CA31, CA32, CA33 and CA33.
  • each authority therefore certifies the users or the authorities attached to it. With such an infrastructure, it is possible to verify not only the identity of a user X but also the certification authority CA31 having certified it, then the certification authority CA21 having certified said certification authority CA31 and this so continue up to the CA1 certification authority.
  • Such a cascade of certifications is called the “certification path”.
  • the certification path between X and Y is formed by the following set of certificates: Cert (Y, CA33), Cert (CA33, CA22), Cert (CA22, CAl), Cert (CA21, CAl ), Cert (CA31, CA21) and Cert (X, CA31).
  • the certification path between X and X is formed by the set Cert (X, CA32), Cert (CA32, CA21), Cert (CA31, CA21) and Cert (X, CA31).
  • the practical construction of the certification paths can be deduced from the information present in the directories stored locally and accessed by the verification software or even obtained after consulting one or more directories of public keys and associated certificates hosted on remote servers to which verification software can connect.
  • X sends a message M to Y to which is attached its certificate Cert (X, CA31) supplied by CA31 and the signature of the message M, Sig (M) using the secret key Ksx.
  • Y then proceeds with its verification software to cascade authentication of the different certificates, starting with the Cert certificate (X, CA31) using the public key Kpca31 of the certification authority CA31, a public key previously memorized. or even obtained from a specialized directory.
  • Y proceeds to verify Cert (CA31, CA21) using the public key Kpca21 of the CA21 certification authority, a public key previously stored or else obtained from a specialized directory, and so on until 'to reach a certification authority belonging to its own certification path going back to CA1, path that the verification software travels in parallel or that is stored in Y's computer.
  • This method does not, however, make it possible to identify possible dysfunction in the system such as for example that constituted by the existence of a certificate issued by the authority CA32 to X, X being a fraudster having usurped the identity of X with the authority CA32.
  • the Cert certificate (X ', CA32) associates the key Kpx' with the identity X.
  • each entity (user or certification authority) must have at least one second certification obtained either from another entity of the same level or from an entity of a lower level, whatever the latter, provided that this entity is distinct from the aforementioned certification authority.
  • a cross-certification is then carried out, that is to say that the entities certify each other (lines provided with a double arrow in FIG. 1).
  • CA21 and CA22 operate a cross-certification of their public keys.
  • CA31 obtains certification from CA22, while CA32 obtains certification from CA22 and operates cross certification with CA33.
  • X operates a cross certification with Z, X and Y obtain certification of CA31 and CA32 respectively. Due to the existence of such additional certifications, there is no longer a certification path between two entities, but a multiplicity of paths.
  • Entity Y receiving a message from X is now able to traverse a plurality of possible certification paths and to detect possible discrepancies between these paths. For example, a path may reveal the existence of an expired certificate, etc.
  • Path checking can be done in several ways. The evaluation can be carried out using a signed document and verifying the signature using the certification path or alternatively by verifying each of the certificates on the path.
  • the recipient Y verification software is provided with a graph traversing algorithm which will identify the different paths through the public key infrastructure considered which connect the recipient Y to the sender X of the message M.
  • the graph browsing software is known in itself and will not be detailed here further, cf. in particular the book "Introduction to the algorithmic" published by Dunod and whose authors are Cormen et al., which describes in particular graphs in depth and in width.
  • X obtained a certificate from another CA31 authority but under another identity than that of X, certificate shown in double line on the drawing, the course of the different paths then reveals to recipient Y, discrepancies between the certificates issued by the CA31 and CA32 authorities, discrepancies relating to the identity of the user of the Kpx 'and Ksx' keys.
  • the course of the graph that constitutes the public key infrastructure according to the invention also allows the recipient Y to find the certificate issued by the authority CA31 to the entity X, so that Y from the certificates Cert (X, CA31) and Cert (X ', CA32) detects the existence of the same entity X then managing the distinct key sets Kpx', Ksx 'on the one hand and Kpx, Ksx on the other hand.
  • the deception of X will, if not revealed, at least be suspected by the identification of a problem with regard to its certificates.
  • the route of the different paths can be implemented in different ways.
  • the route of the various certification paths following the reception by the user Y of a message M sent by the user X is directly operated by the computer of the recipient Y from the information accompanying said message, data stored in the computer memories and / or information accessed through the consultation of databases providing information on the certificates issued by the various entities of the public key infrastructure considered, this consultation being carried out at through specialized networks or via the Internet.
  • the software is able to construct the graph formed by the public key infrastructure and to browse the different certification paths existing between the sender X of the message and its recipient Y.
  • the route of the different paths can be operated not by a user's computer, but by the server of a security organization having more particularly in charges the security of the public key infrastructure in question.
  • this organization regularly browses the graph in order to detect any anomalies.
  • this organization can be requested by the recipient of a message in order to authenticate its sender.
  • the verification of the different certification paths by a recipient can be carried out by means of (or more) software (s) moving through the infrastructure to be hosted in the servers of the different authorities of certification in order to operate locally the control of certificates and the construction of certification paths.
  • the software When verifications are made for a certification authority, the software is transferred to another authority to perform the following verifications there.
  • the software returns to its starting computer and then delivers a report as to the consistency of the different paths of certification explored.
  • Such mobile agents have in particular been described by the authors Ferber et al.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a control method which is designed to issue, distribute and verify certificates in a public key certification system involving numerous certification entities and users which are arranged according to a hierarchical infrastructure. The inventive method is characterised in that at least two certificates are issued to each of said certification entities, except the highest entity in the hierarchical structure, by two other different entities of the same level or a higher level in the hierarchical structure.

Description

PROCEDE DE CONTROLE D'UN SYSTEME DE CERTIFICATION A CLE PUBLIQUEMETHOD FOR CONTROLLING A PUBLIC KEY CERTIFICATION SYSTEM
La présente invention concerne la sécurisation des communications entre ordinateurs et plus particulièrement le contrôle d'une infrastructure de certification à clé publique.The present invention relates to securing communications between computers and more particularly to controlling a public key certification infrastructure.
Le développement des échanges de données à travers des réseaux de communication ouverts comme l'Internet a engendré d'importants besoins de sécurisation afin de garantir la confidentialité et l'authenticité des données transmises.The development of data exchanges through open communication networks such as the Internet has generated significant security needs in order to guarantee the confidentiality and authenticity of the data transmitted.
A cette fin, de nombreuses techniques de chiffrement ont été développées. Parmi celles-ci, on peut mentionner les chiffrements symétriques à clé secrète (DES, etc.) et les chiffrements asymétriques à clés publiques (RSA, etc.). L'emploi de méthodes de chiffrement à clés publiques est apparu préférable à l'emploi des méthodes de chiffrement à clés secrètes pour réaliser les fonctions d'authentification, de signature/vérification et de distribution/ échange de clé, parce que de telles méthodes à clés publiques évitent tout partage préalable, entre les personnes échangeant des données, d'un secret commun.To this end, numerous encryption techniques have been developed. Among these, we can mention symmetric ciphers with secret key (DES, etc.) and asymmetric ciphers with public keys (RSA, etc.). The use of public key encryption methods appeared preferable to the use of secret key encryption methods to perform the authentication, signature / verification and key distribution / exchange functions, because such methods public keys avoid any prior sharing, between people exchanging data, of a common secret.
La mise en place d'applications sécurisées reposant sur une méthode de chiffrement à clé publique nécessite l'emploi de moyens de chiffrement appropriés dans les ordinateurs, les serveurs, etc., mettant en œuvre des protocoles de sécurité reposant sur des algorithmes appropriés. Un logiciel de messagerie sécurisée, un navigateur Internet capable d'établir une session sécurisée, une carte à mémoire, sont des exemples mettant en œuvre de tels moyens de chiffrement.The implementation of secure applications based on a public key encryption method requires the use of appropriate encryption means in computers, servers, etc., implementing security protocols based on appropriate algorithms. Secure messaging software, an Internet browser capable of establishing a secure session, a memory card are examples of such encryption means.
La mise en place d'applications sécurisées reposant sur une méthode de chiffrement à clé publique nécessite également la création d'une infrastructure de certification impliquant des autorités de certification ayant pour objet de générer, stocker et distribuer des certificats attestant la correspondance entre la clé publique d'un interlocuteur et les données permettant son identification, utilisées dans l'application. Le principal inconvénient des infrastructures de certification à clé publique existantes est qu'on y considère comme acquis le respect des règles par les entités responsables de l'émission des certificats. En effet, il se peut que, volontairement ou non, des erreurs surviennent quant à l'identité d'une entité A, lors de l'enregistrement de cette dernière auprès d'une autorité de certification CA. Ainsi l'autorité CA peut délivrer un certificat attestant que la clé publique KPA est bien celle de l'entité A, alors qu'en fait KPA est celle émise par une entité A ayant réussi à usurper auprès de CA l'identité de A. Une telle fraude est actuellement indétectable pour les tiers, or le risque d'une telle fraude devient de plus en plus important du fait du développement des infrastructures à clé publique.The establishment of secure applications based on a public key encryption method also requires the creation of a certification infrastructure involving certification authorities intended to generate, store and distribute certificates attesting to the correspondence between the public key of an interlocutor and the data allowing his identification, used in the application. The main drawback of existing public key certification infrastructures is that compliance with the rules by the entities responsible for issuing certificates is taken for granted. Indeed, it may be that, voluntarily or not, errors occur as to the identity of an entity A, when registering the latter with a CA certification authority. Thus the CA authority can issue a certificate attesting that the public key KPA is indeed that of entity A, whereas in fact KPA is that issued by an entity A having succeeded in usurping from CA the identity of A. Such fraud is currently undetectable for third parties, but the risk of such fraud is becoming increasingly important due to the development of public key infrastructures.
Il est connu, par le document « Modelling a Public-Key Infrastructure » par Ueli Maurer, Computer Security - Esorics 96. 4th European Symposium on Research in Computer Security. Proceedings, Computer Security - Esorics 96. 4th European Symposium on Research in Computer Security. Proceedings, Rome, Italy, 25-27 Sept. 1996, pages 325-350, XP002212747, une approche probabiliste d'une infrastructure à clé publique. Selon cette approche, l'utilisateur détermine l'authenticité de clés publique d'autre utilisateurs à partir de valeurs de confiance. Ces valeurs de confiance sont déterminées à partir de recommendation sur la crédibilité des utilisateurs. La valeur de confiance est augmentée en vérifiant une chaîne de différents certificats pour une même clé publique. Une telle approche présente l'inconvénient de laisser la détermination des valeurs de confiance au soin de l'utilisateur. Cette approche ne permet pas de résoudre le risque de fraude dans la production des certificats par les autorités de certification.It is known from the document “Modeling a Public-Key Infrastructure” by Ueli Maurer, Computer Security - Esorics 96. 4th European Symposium on Research in Computer Security. Proceedings, Computer Security - Esorics 96. 4th European Symposium on Research in Computer Security. Proceedings, Rome, Italy, 25-27 Sept. 1996, pages 325-350, XP002212747, a probabilistic approach to a public key infrastructure. According to this approach, the user determines the authenticity of other users' public keys from trusted values. These trust values are determined from recommendations on the credibility of users. The trust value is increased by checking a chain of different certificates for the same public key. Such an approach has the disadvantage of leaving the determination of confidence values to the care of the user. This approach does not resolve the risk of fraud in the production of certificates by certification authorities.
L'objet de la présente invention est donc de proposer un procédé de contrôle des infrastructures à clé publique qui limite tout risque de fraude et/ou d'erreur dans la production des certificats par les autorités de certification.The object of the present invention is therefore to propose a method for controlling public key infrastructures which limits any risk of fraud and / or error in the production of certificates by the certification authorities.
Le procédé de contrôle selon l'invention est plus particulièrement destiné à émettre, distribuer et vérifier des certificats dans un système de certification à clé publique réunissant une pluralité d'utilisateurs et d'entités de certification agencées selon une infrastructure hiérarchisée.The control method according to the invention is more particularly intended for issuing, distributing and verifying certificates in a public key certification system bringing together a plurality of users and certification entities arranged according to a hierarchical infrastructure.
Selon l'invention, ce procédé est caractérisé en ce qu'à l'exception de l'entité de niveau hiérarchique le plus élevé, chacune des entités de certification disposent d'au moins deux certificats délivrés par deux autres entités distinctes, de même niveau hiérarchique ou de niveau hiérarchique supérieur.According to the invention, this method is characterized in that, with the exception of the highest hierarchical level entity, each of the certification entities have at least two certificates issued by two other distinct entities, of the same level hierarchical or higher.
Selon une autre caractéristique du procédé objet de l'invention, chacun des utilisateurs dispose d'au moins deux certificats délivrés, un premier certificat délivré par une première entité de certification du niveau hiérarchique le moins élevé et un second certificat délivré soit par un autre utilisateur soit par une seconde entité de certification distincte de ladite première entité de certification.According to another characteristic of the method which is the subject of the invention, each of the users has at least two certificates issued, a first certificate issued by a first certification entity of the lowest hierarchical level and a second certificate issued either by another user. or by a second certification entity distinct from said first certification entity.
Selon une autre caractéristique du procédé objet de l'invention, la vérification d'un certificat relatif à un premier élément donné de ladite -infrastructure, (ce premier élément étant un utilisateur ou une entité de certification n'appartenant pas au niveau hiérarchique le plus élevé), consiste :According to another characteristic of the process which is the subject of the invention, the verification of a certificate relating to a first given element of said infrastructure, (this first element being a user or a certification entity not belonging to the most hierarchical level high), consists of:
• à considérer au moins deux chemins de certification reliant ce premier élément à un second élément appartenant également à ladite infrastructure, • à vérifier les certificats de chacune des entités appartenant à chacun desdits chemins,To consider at least two certification paths connecting this first element to a second element also belonging to said infrastructure, • to verify the certificates of each of the entities belonging to each of said paths,
• à vérifier l'authenticité des signatures de chacune desdites entités• to verify the authenticity of the signatures of each of said entities
• et, à vérifier la cohérence des informations ainsi recueillies. Selon une autre caractéristique du procédé objet de l'invention, le second élément considéré pour bâtir les chemins de certification à comparer, est l'entité de certification de niveau hiérarchique le plus élevé. Selon une autre caractéristique du procédé objet de l'invention, le second élément considéré pour bâtir les chemins de certification à comparer est un élément quelconque de l'infrastructure, distinct dudit premier élément, et choisi de façon aléatoire.• and to check the consistency of the information thus collected. According to another characteristic of the method which is the subject of the invention, the second element considered for constructing the certification paths to be compared is the certification entity of the highest hierarchical level. According to another characteristic of the method which is the subject of the invention, the second element considered for building the certification paths to be compared is any element of the infrastructure, distinct from said first element, and chosen at random.
Selon une autre caractéristique du procédé objet de l'invention, l'ensemble des chemins de certification reliant le premier élément au second élément sont considérés.According to another characteristic of the process which is the subject of the invention, all the certification paths connecting the first element to the second element are considered.
Selon une autre caractéristique du procédé objet de l'invention, seuls certains chemins de certification reliant le premier élément au second élément et répondant à des critères prédéterminés sont considérés. Selon une autre caractéristique du procédé objet de l'invention, seuls sont considérés un nombre prédéterminé de chemins ayant été sélectionnés aléatoirement parmi l'ensemble des chemins de certification reliant le premier élément au second élément. Selon une autre caractéristique du procédé objet de l'invention, l'opération de vérification est opérée par chaque utilisateur à la réception de tout message accompagné d'un certificat.According to another characteristic of the method which is the subject of the invention, only certain certification paths connecting the first element to the second element and meeting predetermined criteria are considered. According to another characteristic of the process which is the subject of the invention, only a predetermined number of paths are considered which have been randomly selected from the set of certification paths connecting the first element to the second element. According to another characteristic of the method which is the subject of the invention, the verification operation is carried out by each user on receipt of any message accompanied by a certificate.
Selon une autre caractéristique du procédé objet de l'invention, l'opération de vérification est opérée par une entité de certification donnée à la demande d'un utilisateur. Selon une autre caractéristique du procédé objet de l'invention, l'opération de vérification est opérée par une entité de certification donnée après tirage aléatoire du certificat à vérifier.According to another characteristic of the method which is the subject of the invention, the verification operation is carried out by a certification entity given at the request of a user. According to another characteristic of the method which is the subject of the invention, the verification operation is carried out by a given certification entity after random drawing of the certificate to be verified.
La description qui va suivre en regard d'un dessin annexé, donné à titre d'exemple non limitatif, fera bien comprendre en quoi consiste l'invention et comment elle peut être réalisée.The description which follows with reference to an attached drawing, given by way of nonlimiting example, will make it clear what the invention consists of and how it can be implemented.
La figure 1 est un schéma de principe d'une infrastructure à clé publique conforme à l'invention. La présente invention va être plus particulièrement détaillée dans le cadre d'une application de messagerie électronique sécurisée utilisant une infrastructure de certification à clé publique répondant à la norme X509. Bien évidemment, l'invention n'est pas limitée à une telle norme ni à une telle application. En particulier l'invention peut être mise en œuvre quelle que soit l'application considérée, comme par exemple la sécurisation de transactions électroniques.Figure 1 is a block diagram of a public key infrastructure according to the invention. The present invention will be more particularly detailed in the context of a secure electronic messaging application using a public key certification infrastructure meeting the X509 standard. Obviously, the invention is not limited to such a standard or to such an application. In particular, the invention can be implemented whatever the application considered, such as for example securing electronic transactions.
L'application de messagerie électronique donnée à titre d'exemple, concerne des utilisateurs équipés d'ordinateurs reliés entre eux par un réseau de télécommunication approprié tel que l'Internet. Chaque ordinateur est muni d'un logiciel de messagerie mettant en œuvre la vérification automatique des signatures et des certificats.The electronic messaging application given by way of example relates to users equipped with computers linked together by an appropriate telecommunications network such as the Internet. Each computer is equipped with messaging software implementing automatic verification of signatures and certificates.
Un tel logiciel est apte à opérer de telle vérification en accédant à des répertoires de certificats, répertoires stockés dans les mémoires de l'ordinateur ou bien encore stockés dans des serveurs distants accessibles depuis ledit ordinateur via un réseau de communication approprié tel que l'Internet.Such software is able to operate such verification by accessing directories of certificates, directories stored in the memories of the computer or else stored in remote servers accessible from said computer via an appropriate communication network such as the Internet. .
Chaque utilisateur d'une telle messagerie sécurisée dispose d'une clé publique Kp et d'une clé secrète Ks et des logiciels de chiffrement correspond P et S, P et S sont choisis de façon à être l'inverse l'un de l'autre et de façon que la connaissance de l'un (P) n'entraîne pas la connaissance de l'autre (S). Ainsi tout message chiffré avec la fonction P et de la clé Kp ne peut être déchiffré que par l'utilisateur possesseur de la fonction S et de la clé Ks, et inversement.Each user of such a secure messaging has a public key Kp and a secret key Ks and the corresponding encryption software P and S, P and S are chosen so as to be the reverse of other and in such a way that the knowledge of one (P) does not lead to the knowledge of the other (S). Thus any message encrypted with the function P and the key Kp can only be decrypted by the user possessing the function S and the key Ks, and vice versa.
Par ailleurs, tout message chiffré au moyen de la fonction S et de la clé Ks ne peut l'avoir été que par leur unique possesseur.Furthermore, any message encrypted using the S function and the Ks key can only have been encrypted by their sole owner.
Il en résulte que prouver son identité, il suffit à l'utilisatrice Alice de signer ses messages, c'est à dire d'appliquer son algorithme secret SA et sa clé secrète KsA à tout ou partie de ses messages, et de fournir un certificat délivré par une autorité de certification attestant que la clé KpA (et donc KsA) est bien sa propriété.As a result, proving her identity, user Alice only needs to sign her messages, that is, to apply her secret algorithm SA and her secret key KsA to all or part of her messages, and to provide a certificate issued by a certification authority certifying that the KpA key (and therefore KsA) is indeed its property.
L'objet d'un tel certificat est de garantir vis-à-vis des tiers qu'une clé donnée correspond bien à un utilisateur donné. Ce certificat est émis par une autorité de certification notée CA, appelée encore autorité de confiance. Conformément à la norme X509, le format général d'un certificat émis par une autorité de certification CA comporte les champs suivants : i) Numéro de version ; ii) Numéro de série : un numéro unique affecté par l'autorité de certification CA émettrice à un certificat ; iii) Algorithme de signature et paramètres utilisés par CA : par exemple : PKCS#1 qui est la spécification d'une méthode de signature basée sur RSA, portant sur un condensé MD5 du message à signer ; iv) Emetteur : identité de l'autorité de certification ; v) Période de validité ; vi) Propriétaire : « X », identité du détenteur du certificat ; vii) Clé publique du propriétaire : Kpx ; viii) Fonction de chiffrement à clé publique et paramètres utilisés par le propriétaire : P ; ix) Signature : signature obtenue en utilisant l'algorithme défini au point iii) des données précédentes ( de i) à viii) ) à l'aide de la clé secrète Ksca et de la fonction de chiffrement à clé secrète Sca de l'autorité de certification CA et vérifiable à l'aide de la clé publique Kpca de CA.The purpose of such a certificate is to guarantee vis-à-vis third parties that a given key corresponds to a given user. This certificate is issued by a certification authority marked CA, also called a trusted authority. In accordance with the X509 standard, the general format of a certificate issued by a CA certification authority includes the following fields: i) Version number; ii) Serial number: a unique number assigned by the CA certification authority issuing a certificate; iii) Signature algorithm and parameters used by CA: for example: PKCS # 1 which is the specification of a signature method based on RSA, relating to an MD5 digest of the message to be signed; iv) Issuer: identity of the certification authority; v) Period of validity; vi) Owner: "X", identity of the certificate holder; vii) Owner's public key: Kpx; viii) Public key encryption function and parameters used by the owner: P; ix) Signature: signature obtained using the algorithm defined in point iii) of the preceding data (from i) to viii)) using the secret key Ksca and the secret key encryption function Sca of the authority CA certification and verifiable using the CA public key Kpca.
Les conditions exigées par une autorité de certification pour fournir un certificat à une entité qui en fait la demande est à même de prendre plusieurs formes et relève du libre arbitre de chaque autorité de certification. Il peut être notamment demandé à l'entité à certifier de se présenter physiquement dans les locaux de l'autorité de certification et de faire la preuve de son identité. L'entité' à certifier peut également déposer sa demande de certification « on line » en utilisant une ligne de télécommunication sécurisée ou bien encore après avoir prouvé la possession d'un moyen d'authentification telle qu'une carte bancaire du type à puce dont seul le propriétaire connaît le code secret encore appelé PIN code. Ces conditions ne faisant pas l'objet de la présente invention, elles ne seront donc pas plus amplement détaillées. Considérons qu'Alice envoie un message M à Bob. Alice va donc envoyer non seulement le message M, mais également son certificat, noté Cert(Alice,CA), délivré par une autorité de certification CA et la signature du message Sig(M) opérée à l'aide de l'algorithme de signature, de la fonction de chiffrement SA et de la clé secrète KsA. Le destinataire Bob vérifie le certificat Cert(A-.ice,CA) à l'aide de la clé publique Kpca et de la fonction de chiffrement à clé publique de l'autorité de certification CA qui peuvent être mémorisées dans le logiciel de vérification équipant l'ordinateur de Bob, ou bien encore obtenues après consultation d'un annuaire de clés publiques. Puis, grâce à la clé publique KpA contenue et de la fonction à clé publique PA dans le certificat, Bob vérifie la signature Sig(M). L'ensemble de ces opérations ayant été accompli Bob est à même de traiter le message M, en ayant une certaine assurance qu'il a bien été envoyé par Alice. Pour des messageries sécurisées concernant un grand nombre de d'utilisateurs, il est nécessaire de prévoir la coexistence de plusieurs autorités de certifications. On retrouve notamment un tel besoin dans des applications de sécurisation de transactions électroniques, comme par exemple le système SET qui concerne les millions d'utilisateurs de cartes bancaires et qui comporte quatre niveaux d'autorités de certification (niveau racine, niveau réseau de cartes bancaire, niveau national et niveau banque).The conditions required by a certification authority to provide a certificate to an entity which requests it is capable of taking several forms and are the responsibility of the free will of each certification authority. In particular, the entity to be certified may be asked to present itself physically on the premises of the certification authority and to prove its identity. The entity 'to certify may also file its application for certification "on line" by using a line of secure telecommunications or even after proving the possession of such authentication means that a bank card chip type which only the owner knows the secret code also called PIN code. These conditions are not the subject of the present invention, they will therefore not be further detailed. Consider that Alice sends a message M to Bob. Alice will therefore send not only the message M, but also her certificate, noted Cert (Alice, CA), issued by a CA certification authority and the signature of the message Sig (M) operated using the signature algorithm. , the encryption function SA and the secret key KsA. The recipient Bob verifies the Cert certificate (A-.ice, CA) using the public key Kpca and the public key encryption function of the CA certification authority which can be stored in the verification software fitted Bob's computer, or even obtained after consulting a directory of public keys. Then, thanks to the public key KpA contained and the public key function PA in the certificate, Bob checks the signature Sig (M). All of these operations having been carried out Bob is able to process the message M, with a certain assurance that it has indeed been sent by Alice. For secure messaging concerning a large number of users, it is necessary to provide for the coexistence of several certification authorities. One finds in particular such a need in applications for securing electronic transactions, such as for example the SET system which concerns the millions of bank card users and which comprises four levels of certification authorities (root level, bank card network level , national level and bank level).
En se reportant à la figure 1, on a figuré une infrastructure à clé publique comportant plusieurs autorités de certification. Ces autorités de certification obéissent classiquement à une organisation hiérarchique donnée, le document US5745574 décrit en détail le principe d'une telle arborescence. On pourra également se référer à la norme ISO X509 qui présente la possibilité qu'une autorité de certification CA2 reçoive un certificat d'une autre autorité de certification CA1. L'arborescente illustrée à la figure 1 , à titre d'exemple non limitatif de la présente invention, décrit une arborescence comportant quatre niveaux dont trois niveaux d'autorités de certification. La chaîne classique de certification reliant les différentes entités entre elles est décrite en traits pointillés, les flèches indiquent le sens de la certification. L'autorité CA1 est située au sommet de l'arborescence et occupe donc seule le niveau 1 encore appelé racine. Les autorités CA21 et CA22 occupent le niveau 2. Elles ont reçu chacune un certificat de l'autorité de niveau 1 : CA1. Le niveau 3 est formé des autorités CA31, CA32 et CA33, lesquelles ont respectivement reçu un certificat des autorités de niveau 2 : CA21, CA21 et CA22. Enfin au quatrième niveau se trouvent les entités utilisatrices X, X', Y et Z lesquelles ont obtenu des certificats issus respectivement des autorités de niveau 3 : CA31, CA32, CA33 et CA33. A l'intérieur d'une telle infrastructure hiérarchique traditionnelle, chaque autorité certifie donc les utilisateurs ou les autorités qui lui sont rattachés. Avec une telle infrastructure, il possible de vérifier non seulement l'identité d'un utilisateur X mais encore l'autorité de certification CA31 l'ayant certifié, puis l'autorité de certification CA21 ayant certifié ladite autorité de certification CA31 et ce ainsi de suite jusqu'à remonter à l'autorité de certification CA1. Une telle cascade de certifications est dite « chemin de certification ».Referring to Figure 1, there is shown a public key infrastructure comprising several certification authorities. These certification authorities conventionally obey a given hierarchical organization, the document US5745574 describes in detail the principle of such a tree structure. We can also refer to the ISO X509 standard which presents the possibility that a CA2 certification authority may receive a certificate from another CA1 certification authority. The tree illustrated in FIG. 1, by way of nonlimiting example of the present invention, describes a tree structure comprising four levels including three levels of certification authorities. The classic certification chain connecting the different entities to each other is described in dotted lines, the arrows indicate the direction of the certification. The CA1 authority is located at the top of the tree and therefore occupies only level 1, also called the root. The CA21 and CA22 authorities occupy level 2. They each received a certificate from the level 1 authority: CA1. Level 3 is made up of authorities CA31, CA32 and CA33, which have respectively received a certificate from level 2 authorities: CA21, CA21 and CA22. Finally on the fourth level are the entities users X, X ', Y and Z who obtained certificates respectively from level 3 authorities: CA31, CA32, CA33 and CA33. Within such a traditional hierarchical infrastructure, each authority therefore certifies the users or the authorities attached to it. With such an infrastructure, it is possible to verify not only the identity of a user X but also the certification authority CA31 having certified it, then the certification authority CA21 having certified said certification authority CA31 and this so continue up to the CA1 certification authority. Such a cascade of certifications is called the “certification path”.
Selon, l'infrastructure traditionnelle, il existe un unique chemin de certification entre l'autorité de certification CA1 de niveau 1 et chacune des entités de l'infrastructure. De même, il existe un unique chemin de certification entre deux utilisateurs ou deux autorités quelconques appartenant à l'infrastructure. Ce chemin de certification unique entre deux entités est défini par la réunion des deux chemins reliant chacune des entités à CA1, en supprimant l'éventuelle partie commune qui existe dés lors que les deux chemins passent par une même autorité de certification autre que CA1. A titre d'exemple, le chemin de certification entre X et Y est formé par l'ensemble des certificats suivant : Cert(Y,CA33), Cert(CA33,CA22), Cert(CA22,CAl), Cert(CA21,CAl), Cert(CA31,CA21) et Cert(X,CA31). De la même manière, le chemin de certification entre X et X est formé de l'ensemble Cert(X,CA32), Cert(CA32,CA21), Cert(CA31,CA21) et Cert(X,CA31).According to the traditional infrastructure, there is a single certification path between the CA1 level 1 certification authority and each of the entities of the infrastructure. Similarly, there is a single certification path between two users or any two authorities belonging to the infrastructure. This single certification path between two entities is defined by the meeting of the two paths connecting each of the entities to CA1, by removing the possible common part which exists as soon as the two paths pass through the same certification authority other than CA1. For example, the certification path between X and Y is formed by the following set of certificates: Cert (Y, CA33), Cert (CA33, CA22), Cert (CA22, CAl), Cert (CA21, CAl ), Cert (CA31, CA21) and Cert (X, CA31). In the same way, the certification path between X and X is formed by the set Cert (X, CA32), Cert (CA32, CA21), Cert (CA31, CA21) and Cert (X, CA31).
La construction pratique des chemins de certification peut être déduite des informations présentes dans les répertoires stockés localement et accédées par le logiciel de vérification ou bien encore obtenues après consultation d'un ou plusieurs annuaires de clés publiques et de certificats associés hébergés dans des serveurs distants auxquels peut se connecter le logiciel de vérification.The practical construction of the certification paths can be deduced from the information present in the directories stored locally and accessed by the verification software or even obtained after consulting one or more directories of public keys and associated certificates hosted on remote servers to which verification software can connect.
Ainsi, supposons que X envoie un message M à Y auquel est attaché son certificat Cert(X,CA31) fourni par CA31 et la signature du message M, Sig(M) à l'aide de la clé secrète Ksx. Y procède alors grâce à son logiciel de vérification à l'authentification en cascade des différents certificats en commençant par le certificat Cert(X,CA31) à l'aide de la clé publique Kpca31 de l'autorité de certification CA31, clé publique préalablement mémorisée ou bien encore obtenue auprès d'un annuaire spécialisé. Puis Y procède à la vérification de Cert(CA31,CA21) à l'aide de la clé publique Kpca21 de l'autorité de certification CA21, clé publique préalablement mémorisée ou bien encore obtenue auprès d'un annuaire spécialisé, et ainsi de suite jusqu'à atteindre une autorité de certification appartenant à son propre chemin de certification remontant à CA1, chemin que le logiciel de vérification parcourt en parallèle ou bien qui se trouve mémorisé dans l'ordinateur de Y. Cette méthode ne permet toutefois pas de repérer d'éventuel dysfonctionnement dans le système tel que par exemple celui constitué par l'existence d'un certificat délivré par l'autorité CA32 à X, X étant un fraudeur ayant usurpé l'identité de X auprès de l'autorité CA32. Le certificat Cert(X',CA32) associe la clé Kpx' à l'identité X. Y recevant un message en provenance de X est incapable de détecter la supercherie, même en parcourant le chemin de certification reliant X à Y. Pour pallier cet inconvénient, la présente invention se propose de créer des certifications croisées, figurées en traits pleins sur la figure 1, à travers l'infrastructure tant au niveau des autorités de certification que des utilisateurs. Ainsi, en plus de la certification « classique » obtenue de son autorité de certification située au niveau inférieur, chaque entité (utilisateur ou autorité de certification) doit disposer d'au moins une seconde certification obtenue soit auprès d'une autre entité de même niveau soit auprès d'une entité d'un niveau inférieur quel que soit ce dernier à la condition que cette entité soit distincte de l'autorité de certification précitée. De préférence, lorsqu'une entité certifie une entité de même niveau, on opère alors une certification croisée, c'est-à-dire que les entités se certifient mutuellement (traits munis d'une double flèche sur la figure 1).Thus, suppose that X sends a message M to Y to which is attached its certificate Cert (X, CA31) supplied by CA31 and the signature of the message M, Sig (M) using the secret key Ksx. Y then proceeds with its verification software to cascade authentication of the different certificates, starting with the Cert certificate (X, CA31) using the public key Kpca31 of the certification authority CA31, a public key previously memorized. or even obtained from a specialized directory. Then Y proceeds to verify Cert (CA31, CA21) using the public key Kpca21 of the CA21 certification authority, a public key previously stored or else obtained from a specialized directory, and so on until 'to reach a certification authority belonging to its own certification path going back to CA1, path that the verification software travels in parallel or that is stored in Y's computer. This method does not, however, make it possible to identify possible dysfunction in the system such as for example that constituted by the existence of a certificate issued by the authority CA32 to X, X being a fraudster having usurped the identity of X with the authority CA32. The Cert certificate (X ', CA32) associates the key Kpx' with the identity X. Y receiving a message from X is unable to detect the deception, even by traversing the certification path linking X to Y. To overcome this drawback, the present invention proposes to create crossed certifications, shown in solid lines in FIG. 1, through the infrastructure both at the level of the certification authorities and of the users. Thus, in addition to the “classic” certification obtained from its certification authority located at the lower level, each entity (user or certification authority) must have at least one second certification obtained either from another entity of the same level or from an entity of a lower level, whatever the latter, provided that this entity is distinct from the aforementioned certification authority. Preferably, when an entity certifies an entity of the same level, a cross-certification is then carried out, that is to say that the entities certify each other (lines provided with a double arrow in FIG. 1).
Conformément à cette règle, en se référant à la figure 1, on voit que CA21 et CA22 opèrent une certification croisée de leurs clés publiques. CA31 obtient une certification de CA22, tandis que CA32 obtient une certification de CA22 et opère une certification croisée avec CA33. X opère une certification croisée avec Z, X et Y obtiennent une certification respectivement de CA31 et de CA32. De fait de l'existence de telles certifications additionnelles, il n'existe alors plus un chemin de certification entre deux entités, mais une multiplicité de chemins.In accordance with this rule, with reference to FIG. 1, it can be seen that CA21 and CA22 operate a cross-certification of their public keys. CA31 obtains certification from CA22, while CA32 obtains certification from CA22 and operates cross certification with CA33. X operates a cross certification with Z, X and Y obtain certification of CA31 and CA32 respectively. Due to the existence of such additional certifications, there is no longer a certification path between two entities, but a multiplicity of paths.
Ainsi pour passer de X à Y il existe maintenant plusieurs chemins possibles. Pour simplifier, nous noterons le chemin entre X et Y par les entités ayant une relation de certification entre elles. Les nouveaux chemins entre X et Y sont alors : (X,Z,CA33,Y) (X.CA31 ,CA21 ,CA32,Y) (X,CA31 ,CA21 ,CA32,CA33,Y) (X.CA31 ,CA21 ,CA22,CA33,Y) (X,CA31,CA21,CA22)CA32,CA33,Y) (X,CA31 ,CA22,CA33,Y) (X,CA31 ,CA22,CA32,CA33,Y)So to go from X to Y there are now several possible paths. For simplicity, we will note the path between X and Y by the entities having a certification relation between them. The new paths between X and Y are then: (X, Z, CA33, Y) (X.CA31, CA21, CA32, Y) (X, CA31, CA21, CA32, CA33, Y) (X.CA31, CA21, CA22, CA33, Y) (X, CA31, CA21, CA22 ) CA32, CA33, Y) (X, CA31, CA22, CA33, Y) (X, CA31, CA22, CA32, CA33, Y)
L'entité Y recevant un message en provenance de X est maintenant à même de parcourir une pluralité de chemins de certification possibles et de détecter d'éventuelles discordances entre ces chemins. Par exemple un chemin peut révéler l'existence d'un certificat venu à expiration, etc. La vérification des chemins peut s'opérer de plusieurs manières. L'évaluation peut être opérée en utilisant un document signé et en vérifiant la signature en utilisant le chemin de certification ou bien encore en vérifiant chacun des certificats du chemin. Pour mettre en œuvre la présente invention, le logiciel de vérification du destinataire Y est muni d'un algorithme de parcours de graphe qui va identifier les différents chemins à travers l'-infrastructure à clé publique considérée qui relient le destinataire Y à l'émetteur X du message M. Les logiciels de parcours de graphe sont connus en eux-même et ne seront pas ici détaillés plus avant, cf. notamment le livre « Introduction à l'algorithmique » publié par Dunod et dont les auteurs sont Cormen et al., qui décrit en particulier des parcours de graphes en profondeur et en largeur.Entity Y receiving a message from X is now able to traverse a plurality of possible certification paths and to detect possible discrepancies between these paths. For example, a path may reveal the existence of an expired certificate, etc. Path checking can be done in several ways. The evaluation can be carried out using a signed document and verifying the signature using the certification path or alternatively by verifying each of the certificates on the path. To implement the present invention, the recipient Y verification software is provided with a graph traversing algorithm which will identify the different paths through the public key infrastructure considered which connect the recipient Y to the sender X of the message M. The graph browsing software is known in itself and will not be detailed here further, cf. in particular the book "Introduction to the algorithmic" published by Dunod and whose authors are Cormen et al., which describes in particular graphs in depth and in width.
Grâce à la règle établie ci-dessus quant à l'existence de certifications multiples pour chaque entité, il est possible de vérifier plusieurs chemins entre deux entités mais également possible d'inclure ou d'exclure dans les chemins considérés des autorités de certification prédéterminées.Thanks to the rule established above as to the existence of multiple certifications for each entity, it is possible to verify several paths between two entities but also possible to include or exclude in the paths considered predetermined certification authorities.
Conformément à la présente invention, il n'est pas nécessaire d'opérer une mise en œuvre systématique l'algorithme de parcours de graphe pour chaque message reçu. Cette opération peut être opérée par sondage. De même, conformément à la présente invention, il n'est pas nécessaire de calculer tous les chemins possibles, mais seulement de calculer un nombre prédéterminé de chemins, par exemple au moins deux chemins ou au moins trois (dans la mesure où autant de chemins existeraient), etc., et de vérifier la cohérence entre ces différents chemins. Ainsi, certains chemins seulement peuvent être recherchés : le chemin le plus court impliquant le plus petit nombre possible d'autorités de certification, le chemin le plus long, le chemin le moins cher (dans la mesure où les certificats sont payants), etc.In accordance with the present invention, it is not necessary to carry out a systematic implementation of the graph traversal algorithm for each message received. This can be done by sampling. Similarly, in accordance with the present invention, it is not necessary to calculate all the possible paths, but only to calculate a predetermined number of paths, for example at least two paths or at least three (insofar as as many paths would exist), etc., and check the consistency between these different paths. Thus, only certain paths can be searched: the most short involving the smallest possible number of certification authorities, the longest path, the cheapest path (insofar as certificates are payable), etc.
Conformément, à la présente invention toute discordance entre les différents chemins analysés : existence de certificat non valide ou de signature invalide pour certain(s) chemin(s), va générer l'émission d'un signal d'alerte avertissant l'entité destinataire Y de l'existence d'un problème quant au message M reçu de l'émetteur X, ce problème pouvant porter tant sur l'identité réelle de l'émetteur X que sur également :In accordance with the present invention, any discrepancy between the different paths analyzed: existence of an invalid certificate or invalid signature for certain path (s), will generate the emission of an alert signal warning the recipient entity Y of the existence of a problem regarding the message M received from the transmitter X, this problem being able to relate as much to the real identity of the transmitter X as also to:
• l'expiration de la validité des certificats utilisés,• the expiration of the validity of the certificates used,
• le non respect de certaines politiques de sécurité imposant la vérification de la révocation éventuelle d'un ou plusieurs parmi les certificats utilisés, « la persistance d'informations dont la validité est arrivée à échéance, dans des caches dont le but est d'accélérer les temps de traitement.• non-compliance with certain security policies requiring verification of the possible revocation of one or more of the certificates used, "the persistence of information whose validity has expired, in caches whose purpose is to speed up processing times.
En revenant à l'exemple illustré, considérons que X adresse un message à Y en alléguant l'identité de X grâce au certificat obtenu frauduleusement de l'autorité CA32. Plusieurs cas peuvent alors être envisagés.Returning to the illustrated example, consider that X sends a message to Y alleging the identity of X thanks to the certificate obtained fraudulently from the CA32 authority. Several cases can then be considered.
Premier cas, X n'a pu abuser qu'une seule autorité de certification et ne dispose donc que d'un seul certificat de l'autorité CA32, le parcours des différents chemins opérés par le destinataire Y révèle alors cette particularité et attire l'attention de Y sur le fait que l'émetteur du message ne peut produire qu'un seul certificat.First case, X could only abuse a single certification authority and therefore only has a single certificate from the CA32 authority, the course of the different routes operated by recipient Y then reveals this particularity and attracts the Y's attention to the fact that the sender of the message can only produce one certificate.
Deuxième cas, X a obtenu un certificat d'une autre autorité CA31 mais sous une autre identité que celle de X, certificat schématisé en trait double sur le dessin, le parcours des différents chemins révèle alors au destinataire Y, des discordances entre les certificats émis par les autorités CA31 et CA32, discordances portant sur l'identité de l'utilisateur des clés Kpx' et Ksx'.Second case, X obtained a certificate from another CA31 authority but under another identity than that of X, certificate shown in double line on the drawing, the course of the different paths then reveals to recipient Y, discrepancies between the certificates issued by the CA31 and CA32 authorities, discrepancies relating to the identity of the user of the Kpx 'and Ksx' keys.
Par ailleurs, le parcours du graphe que constitue l'infrastructure à clé publique selon l'invention, permet également au destinataire Y de retrouver le certificat émis par l'autorité CA31 à l'entité X, de sorte que Y à partir des certificats Cert(X,CA31) et Cert(X',CA32) détecte l'existence d'une même entité X gérant alors les jeux de clés distincts Kpx', Ksx' d'une part et Kpx, Ksx d'autre part. Ainsi grâce à l'évaluation des différents chemins de certification conformément à la présente invention, la supercherie de X sera, si non révélée, du moins suspectée par l'identification d'un problème quant à ses certificats.Furthermore, the course of the graph that constitutes the public key infrastructure according to the invention also allows the recipient Y to find the certificate issued by the authority CA31 to the entity X, so that Y from the certificates Cert (X, CA31) and Cert (X ', CA32) detects the existence of the same entity X then managing the distinct key sets Kpx', Ksx 'on the one hand and Kpx, Ksx on the other hand. Thus thanks to the evaluation of the various certification paths in accordance with the present invention, the deception of X will, if not revealed, at least be suspected by the identification of a problem with regard to its certificates.
Le parcours des différents chemins peut être mis en œuvre de différentes manières. Selon un mode de réalisation, le parcours des différents chemins de certification suite à la réception par l'utilisateur Y d'un message M émis par l'utilisateur X, est directement opéré par l'ordinateur du destinataire Y à partir des informations accompagnant ledit message, des données stockées dans les mémoires de l'ordinateur et/ ou des informations accédées à travers à la consultation de bases de données fournissant des informations sur les certificats émis par les différentes entités de rinfrastructure à clé publique considérée, cette consultation étant opérée à travers des réseaux spécialisés ou encore via l'Internet. A travers les informations reçues, le logiciel est à même de bâtir le graphe formé par l'infrastructure à clé publique et à parcourir les différents chemins de certifications existant entre l'émetteur X du message et son destinataire Y.The route of the different paths can be implemented in different ways. According to one embodiment, the route of the various certification paths following the reception by the user Y of a message M sent by the user X, is directly operated by the computer of the recipient Y from the information accompanying said message, data stored in the computer memories and / or information accessed through the consultation of databases providing information on the certificates issued by the various entities of the public key infrastructure considered, this consultation being carried out at through specialized networks or via the Internet. Through the information received, the software is able to construct the graph formed by the public key infrastructure and to browse the different certification paths existing between the sender X of the message and its recipient Y.
Selon autre un mode de réalisation, le parcours des différents chemins peut être opéré non par l'ordinateur d'un utilisateur, mais par le serveur d'un organisme de sécurisation ayant plus particulièrement en charge la sécurité de l'infrastructure à clé publique considérée. Dans ce cas, cet organisme parcourt régulièrement le graphe afin de détecter les éventuelles anomalies. En variante, cet organisme peut être sollicité par le destinataire d'un message afin d'authentifier son émetteur. Selon un autre mode de réalisation, la vérification des différents chemins de certification par un destinataire peut être opérée au moyen d'un (ou plusieurs) logiciel(s) se déplaçant à travers l'infrastructure pour être hébergé dans les serveurs des différentes autorités de certification afin d'y opérer localement le contrôle des certificats et la construction des chemins de certification. Les avantages de cette approche est de réduire les temps de calcul en traitant localement les données et en évitant les transferts d'information vers un site centralisé. Quant les vérifications sont faites pour une autorité de certification, le logiciel est transféré vers une autre autorité pour y opérer les vérifications suivantes. Lors que l'infrastructure a ainsi été parcourue de proche en proche, le logiciel réintègre son ordinateur de départ et délivre alors un rapport quant à la cohérence des différents chemins de certifications explorés. De tels agents mobiles ont notamment été décrits par les auteurs Ferber et al. According to another embodiment, the route of the different paths can be operated not by a user's computer, but by the server of a security organization having more particularly in charges the security of the public key infrastructure in question. In this case, this organization regularly browses the graph in order to detect any anomalies. Alternatively, this organization can be requested by the recipient of a message in order to authenticate its sender. According to another embodiment, the verification of the different certification paths by a recipient can be carried out by means of (or more) software (s) moving through the infrastructure to be hosted in the servers of the different authorities of certification in order to operate locally the control of certificates and the construction of certification paths. The advantages of this approach is to reduce computing times by processing data locally and avoiding the transfer of information to a centralized site. When verifications are made for a certification authority, the software is transferred to another authority to perform the following verifications there. When the infrastructure has thus been traversed step by step, the software returns to its starting computer and then delivers a report as to the consistency of the different paths of certification explored. Such mobile agents have in particular been described by the authors Ferber et al.

Claims

REVENDICATIONS
[1] Procédé de contrôle destiné à émettre, distribuer et vérifier des certificats dans un système de certification à clé publique réunissant une pluralité d'utilisateurs et d'entités de certification agencées selon une infrastructure hiérarchisée, caractérisé en ce qu'à l'exception de l'entité de niveau hiérarchique le plus élevé, chacune desdites entités de certification disposent d'au moins deux certificats délivrés par deux autres entités distinctes, de même niveau hiérarchique ou de niveau hiérarchique supérieur.[1] Control method intended to issue, distribute and verify certificates in a public key certification system bringing together a plurality of users and certification entities arranged according to a hierarchical infrastructure, characterized in that with the exception of the highest hierarchical level entity, each of said certification entities has at least two certificates issued by two other distinct entities, of the same hierarchical level or of a higher hierarchical level.
[2] Procédé de contrôle d'un système de certification à clé publique selon la revendication 1, caractérisé en ce que chacun desdits utilisateurs dispose d'au moins deux certificats délivrés, un premier certificat délivré par une première entité de certification du niveau hiérarchique le moins élevé et un second certificat délivré soit par un autre utilisateur soit par une seconde entité de certification distincte de ladite première entité de certification.[2] Method for controlling a public key certification system according to claim 1, characterized in that each of said users has at least two certificates issued, a first certificate issued by a first certification entity of the highest hierarchical level lower and a second certificate issued either by another user or by a second certification entity distinct from said first certification entity.
[3] Procédé de contrôle d'un système de certification à clé publique selon l'une quelconque des revendications précédentes, caractérisé en ce que la vérification d'un certificat relatif à un premier élément donné de ladite infrastructure, ledit premier élément étant un utilisateur ou une entité de certification n'appartenant pas au niveau hiérarchique le plus élevé, consiste à considérer au moins deux chemins de certification reliant ledit premier élément à un second élément appartenant également à ladite infrastructure, à vérifier les certificats de chacune des entités appartenant à chacun desdits chemins, à vérifier l'authenticité des signatures de chacune desdites entités et à vérifier la cohérence des i-nforrnations ainsi recueillies. [3] Method for controlling a public key certification system according to any one of the preceding claims, characterized in that the verification of a certificate relating to a first given element of said infrastructure, said first element being a user or a certification entity not belonging to the highest hierarchical level, consists of considering at least two certification paths connecting said first element to a second element also belonging to said infrastructure, of verifying the certificates of each of the entities belonging to each of said paths, to verify the authenticity of the signatures of each of said entities and to verify the consistency of the information thus collected.
[4] Procédé de contrôle d'un système de certification à clé publique selon la revendication 3, caractérisé en ce que ledit second élément est l'entité de certification de niveau hiérarchique le plus élevé.[4] Method for controlling a public key certification system according to claim 3, characterized in that said second element is the highest hierarchical level certification entity.
[5] Procédé de contrôle d'un système de certification à clé publique selon la revendication 3, caractérisé en ce que ledit second élément est un élément quelconque de l'infrastructure, distinct dudit premier élément, et choisi de façon aléatoire.[5] Method for controlling a public key certification system according to claim 3, characterized in that said second element is any element of the infrastructure, distinct from said first element, and chosen randomly.
[6] Procédé de contrôle d'un système de certification à clé publique selon l'une quelconque des revendications 3 à 5, caractérisé en ce que l'ensemble des chemins de certification reliant ledit premier élément audit second élément sont considérés.[6] Method for controlling a public key certification system according to any one of claims 3 to 5, characterized in that all of the certification paths connecting said first element to said second element are considered.
[7] Procédé de contrôle d'un système de certification à clé publique selon l'une quelconque des revendications 3 à 5, caractérisé en ce que seuls certains chemins de certification reliant ledit premier élément audit second élément et répondant à des critères prédéterminés sont considérés.[7] Method for controlling a public key certification system according to any one of claims 3 to 5, characterized in that only certain certification paths connecting said first element to said second element and meeting predetermined criteria are considered .
[8] Procédé de contrôle d'un système de certification à clé publique selon l'une quelconque des revendications 3 à 5, caractérisé en ce que seuls sont considérés un nombre prédéterminé de chemins ayant été sélectionnés aléatoirement parmi l'ensemble des chemins de certification reliant ledit premier élément audit second élément sont considérés.[8] Method for controlling a public key certification system according to any one of claims 3 to 5, characterized in that only a predetermined number of paths having been selected randomly from all of the certification paths are considered connecting said first element to said second element are considered.
[9] Procédé de contrôle d'un système de certification à clé publique selon l'une quelconque des revendications 3 à 8, caractérisé en ce que ladite opération de vérification est opérée par chaque utilisateur à la réception de tout message accompagné d'un certificat.[9] Method for controlling a public key certification system according to any one of claims 3 to 8, characterized in that said verification operation is carried out by each user upon receipt of any message accompanied by a certificate.
[10] Procédé de contrôle d'un système de certification à clé publique selon l'une quelconque des revendications 3 à 8, caractérisé en ce que ladite opération de vérification est opérée par une entité de certification donnée à la demande d'un utilisateur.[10] Method for controlling a public key certification system according to any one of claims 3 to 8, characterized in that said verification operation is carried out by a given certification entity at the request of a user.
[11] Procédé de contrôle d'un système de certification à clé publique selon l'une quelconque des revendications 3 à 8, caractérisé en ce que ladite opération de vérification est opérée par une entité de certification donnée après tirage aléatoire du certificat à vérifier. [11] Method for controlling a public key certification system according to any one of claims 3 to 8, characterized in that said verification operation is carried out by a given certification entity after random drawing of the certificate to be verified.
PCT/EP2002/014118 2001-12-10 2002-12-10 Method of controlling a public key certification system WO2003055118A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002361058A AU2002361058A1 (en) 2001-12-10 2002-12-10 Method of controlling a public key certification system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR01/16081 2001-12-10
FR0116081A FR2833439A1 (en) 2001-12-10 2001-12-10 Secure computer communication having shared public key and hierarchical infra structure certification with each certificate made up two certificates same/higher hierarchical level excepting where highest hierarchical level used.

Publications (2)

Publication Number Publication Date
WO2003055118A2 true WO2003055118A2 (en) 2003-07-03
WO2003055118A3 WO2003055118A3 (en) 2004-03-11

Family

ID=8870409

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2002/014118 WO2003055118A2 (en) 2001-12-10 2002-12-10 Method of controlling a public key certification system

Country Status (3)

Country Link
AU (1) AU2002361058A1 (en)
FR (1) FR2833439A1 (en)
WO (1) WO2003055118A2 (en)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MAURER U: "Modelling a public-key infrastructure" COMPUTER SECURITY-ESORICS 96. 4TH EUROPEAN SYMPOSIUM ON RESEARCH IN COMPUTER SECURITY PROCEEDINGS, COMPUTER SECURITY - ESORICS 96. 4TH EUROPEAN SYMPOSIUM ON RESEARCH IN COMPUTER SECURITY. PROCEEDINGS, ROME, ITALY, 25-27 SEPT. 1996, pages 325-350, XP002212747 1996, Berlin, Germany, Springer-Verlag, Germany ISBN: 3-540-61770-1 cité dans la demande *

Also Published As

Publication number Publication date
FR2833439A1 (en) 2003-06-13
AU2002361058A8 (en) 2003-07-09
AU2002361058A1 (en) 2003-07-09
WO2003055118A3 (en) 2004-03-11

Similar Documents

Publication Publication Date Title
CN109829326B (en) Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
US10121143B1 (en) Method and system for blockchain-based combined identity, ownership, integrity and custody management
Yu et al. DTKI: A new formalized PKI with verifiable trusted parties
AU2003259136B2 (en) A remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components
US6134327A (en) Method and apparatus for creating communities of trust in a secure communication system
CN112580102A (en) Multi-dimensional digital identity authentication system based on block chain
CN110300112A (en) Block chain key tiered management approach
CN112418860A (en) Block chain efficient management framework based on cross-chain technology and working method
CN111159288A (en) Method, system, device and medium for storing, verifying and realizing chain structure data
KR20190075772A (en) AuthenticationSystem Using Block Chain Through Combination of Data after Separating Personal Information
US6215872B1 (en) Method for creating communities of trust in a secure communication system
WO2011117486A1 (en) Non-hierarchical infrastructure for the management of paired security keys of physical persons
GB2446199A (en) Secure, decentralised and anonymous peer-to-peer network
WO2007012583A1 (en) Method for controlling secure transactions using a single physical device, corresponding physical device, system and computer programme
Brunner et al. A Comparison of Blockchain-based PKI Implementations.
WO2008065345A1 (en) Cyber cash
CN115567312A (en) Alliance chain data authority management system and method capable of meeting multiple scenes
WO2008065349A1 (en) Worldwide voting system
EP1779635B1 (en) Method for assigning an authentication certificate and infrastructure for assigning a certificate
Yeh et al. Applying lightweight directory access protocol service on session certification authority
WO2003055118A2 (en) Method of controlling a public key certification system
CA2831167C (en) Non-hierarchical infrastructure for managing twin-security keys of physical persons or of elements (igcp/pki)
Khacef Trade-off betweew security and scalability in blockchain systems
CN117354329A (en) Method and system for managing place name information based on block chain technology
CN116668458A (en) Address information management method and system based on block chain technology

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP