WO2009107120A1 - Système de transmission sécurisé - Google Patents

Système de transmission sécurisé Download PDF

Info

Publication number
WO2009107120A1
WO2009107120A1 PCT/IL2008/000384 IL2008000384W WO2009107120A1 WO 2009107120 A1 WO2009107120 A1 WO 2009107120A1 IL 2008000384 W IL2008000384 W IL 2008000384W WO 2009107120 A1 WO2009107120 A1 WO 2009107120A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
server
random number
time
sending
Prior art date
Application number
PCT/IL2008/000384
Other languages
English (en)
Inventor
Katsuyoshi Okawa
Original Assignee
Modus Id Corp.
Fenster, Paul
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/071,993 external-priority patent/US20080162934A1/en
Application filed by Modus Id Corp., Fenster, Paul filed Critical Modus Id Corp.
Publication of WO2009107120A1 publication Critical patent/WO2009107120A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys

Definitions

  • the present invention in some embodiments thereof, relates to a communication system between a server and one or more clients and, more particularly, but not exclusively, to a system utilizing one time IDs.
  • WO 2004/01953 (also published in English as US 2006/0143453 Al) describes a system in which one time IDs are generated by server and clients and used to periodically identify server and clients to each other.
  • a communication system between a server and one or more clients and, more particularly, but not exclusively, to a system utilizing one time IDs.
  • a method of mutual authentication between a server and a plurality of clients comprising: (a) generating, by a client, a first client random number and a first client one time
  • first and second numbers are numbers that are pre-stored in the client and server and are used, prior to (a), to initiate a first authentication cycle in place of the client and server random numbers.
  • the first and second numbers are random numbers that are generated in accordance with a previous authentication cycle.
  • the method is initiated by a trigger from outside the client and outside the server.
  • the method is initiated by a trigger from the server.
  • the method is initiated by the client.
  • FIG. 4 shows an exemplary simplified client table for use in some embodiments of the invention
  • FIG. 8 illustrates a methodology for reset recovery from a loss of data in the server, in accordance with an embodiment of the invention.
  • Mutual authentication is performed by reversing the roles of the first and second parties and performing the same procedure.
  • IDs in a communication system between a server and a plurality of clients and to the avoidance of generation of conflicting (duplicate) IDs.
  • the server checks the ID received against a listing of next previous client IDs. If the ID is found on that list, then the server determines that there was a transmission error and cancels the change previously made and utilizes the presently received ID. Similar to this scenario is where the client receives a server ID which it does not recognize. In this case as well the client can reestablish communication in the same way as in the second scenario.
  • a third scenario is one in which the server crashes or otherwise loses the current random number. Since in the normal course of events the various transmissions do not directly identify the client, not only is the chain of authentication broken, but the server has no way of identifying the client when it receives an authentication message. In the prior art, where loss of information in the server occurred, the server had no way to restore communication than to broadcast a message to all clients that it has lost information and needs to be reset. This is provides a security weakness that can be exploited by hackers or the like.
  • An aspect of some embodiments of the invention is concerned with recovery from a loss of client data in a server and the identification of a client requesting authentication utilizing a one time ID, where the one-time ID does not specifically identify the client, unless the client data is known.
  • the server and all of the clients have emergency reset information stored in a memory which is non- volatile. This information includes two common numbers and two numbers that are different for each client. The clients have only the information specific to them while the server has information has information pertaining to all of the clients. .
  • the server after recovery from a loss of data, when receiving an authentication request from a client the server (which can not identify the client) sends a message that includes a function of the received client ID and optionally a random number.
  • both the client and the server have knowledge of a client random number, a server random number and an encryption key. With these in place, periodic authentication can proceed in the manner described above.
  • the encryption key in the first transmission from the server is also a function of a second common secret number to make it harder to hack into the system.
  • initial values for R, Q and K are stored (101) in both the server and the client. Where there are multiple clients, one or more (or all) of the initial values may differ from user to user. Preferably, all the values are different for each user.
  • the value Co acts as an ID and Co and random number Rl are transmitted to the server.
  • Rl is encrypted using key Ko.
  • the Rl is used as a challenge from the client to the server.
  • Rl replaces Ro in a store of the client.
  • the R and Q numbers are 160 bits long and the C and S values are 256 bits long. While any Hash or other one-way function can be used, the MD 5 Hash function is optionally used. The hash function generates a smaller, "digest" of the variables, which may not be unique to those variables.
  • a second authentication exchange 112 delineated by dotted lines 110, 114, the process of exchange 106 is repeated with starting values Rl, Ql and Kl (116). The exchanges of IDs and challenges and the generation of new values is repeated using the new starting values. This continues with third and subsequent authentication exchanges.
  • RAM 33 or ROM 32 Some of the data and programs can be stored on RAM 33 or ROM 32. Elements 31, 32, 33 and 34 sit on a bus 40 to enable communication between them an optional display 39 (via an optional image processing unit 38) and an optional input unit 37, via an I/F 36. Many systems can operate without either a display or input unit and can simply be plug and play.
  • input unit is used to input data to be sent to the server. Optionally, this information is sent to the server between authentications, optionally encrypted utilizing the current encryption key K.
  • the client device also includes preferably includes a communication unit 35 which connects the bus with a transmission medium 3.
  • transmission medium 3 is an internet. In some embodiments it may include means for connecting to the internet such as a wired or cable connection such as a telephone or other wired or cable connection or it can be a wireless connection. Other possible transmission media include wireless communication.
  • the client is used to authenticate the use of a computer.
  • the communications unit 35 would be a USB interface.
  • a server 1 has a similar construction to client 2 except that its memory 14 includes a client table 14c instead of the server data 34c of memory 34.
  • Client table 14c includes current ID of all the clients and current Ks associated with all the clients.
  • the client table is preferably in RAM which may be volatile. The server, can thus determine if the C which it receives corresponds to a valid client and identify the client.
  • a table containing the same information with respect to the previous authentication session is also optionally saved.
  • a sample table is shown in Fig. 4. This table is described below.
  • both the client and the server have software and/or hardware that can update the common key, encrypt the random number to be sent to the other of the server and client and to generate one time ID and random number.
  • the server checks if the one time ID C(i) is registered on the client table at S33. If it is the server decrypts Ac(i) to produce R(i+1) using a predetermined decryption function Fd and the known K(i) at S35.
  • the server generates its one time ID, as the hash of (Q(i), R(i+1)) at S36.
  • the server also generates a new server random number Q(i+1) at S37, which it encrypts using K(i) as an encryption key with function Fc to generate As (i) at S38.
  • the encryption function is different for the server and the client.
  • the same encryption function is used by both server and client.
  • the same function is used for both authentication and data, in other embodiments, different functions are used. Thus, between one and four encryption functions can be used, depending on the embodiment.
  • the server also generates a new C(i+1) and stores it.
  • the server sends (at S39) S(i) and As(i) to the client which receives the data (at S39).
  • a second authentication request is sent.
  • a new client random number R' n+ 2 (0) is used as shown in the transmission indicated at 202.
  • the server first searches the current client table. The one time ID C n+ ⁇ (0) is not present in this table, since it has been replaced by a new ID C n + 2 (0) -
  • the server checks the previous table. The server finds the previous ID C n+1 (0) in that table and authenticates the client.
  • the newly received R' n+2 CO) is decrypted and a new Q, is generated and used for the server transmission. This reestablishes the authentication cycle.
  • the client requires an additional authentication cycle to assure itself that the server is genuine. In some embodiments of the invention, requiring lower security the client accepts the server as authentic based on the recovery procedures described above. This is provided to avoid the remote possibility that a third party will be able to capture the communication when two same client IDs are sent. Optionally, in such cases, a "re-authentication" flag may sent by the client to warn the server. Otherwise a "normal" flag is sent.
  • Each client is provided with an emergency procedure for reestablishing communication and a number of secret numbers to be used in such reestablishment (reset).
  • Two common secret values are X and Qo.
  • each client preferably has two secret numbers Z (0) and Ro (0) . It should be understood that if the reset data is lost, then reset according to the following procedure can not be performed.
  • the reset data is stored on the HDD of the server and also in a different media, such as a CD-ROM, flash memory or other non- volatile memory that does not crash together with the HDD drive.
  • the client When reset is required, the client, who generally does not know of the need for a reset, sends an authentication request, utilizing an ID C n+1 ⁇ .
  • the server having lost the data needed to generate the current user ID can not recognize the ID as being genuine.
  • the server also can not determine which client is sending the request. In this case the server sends a special response to indicate the problem.
  • This response consists of a random number V (i) and the hash of V (i) , C n+1 (0) , X, which is designated on Fig. 8 as Y®.
  • V (i) is sent in the clear or preferably is sent encrypted using a stored secret emergency encryption key.
  • the client In addition the client generates an initial encryption key Ko (0) as Hash (Z (0) , Ro (0) , Qo) and sends R/ 0) in encrypted form using Ko (0) as the encryption key.
  • Z (0) is not absolutely required, but adds greater security to the system. If Z (0) is not present then Co (0) and Ko (0) are the same which is not desirable since this makes it easier to hack in. Therefore, it is desirable to utilize a number Z (0) in computing the encryption key.

Abstract

L'invention porte sur un procédé d'authentification mutuelle entre un serveur et une pluralité de clients, comprenant : (a) la génération, par un client, d'un premier nombre aléatoire de client et d'un premier identifiant unique de client sur la base de première et seconde valeurs; (b) l'envoi du premier identifiant unique de client et d'une version chiffrée du premier nombre aléatoire de client au serveur par le client; (c) la génération, par le serveur, d'un premier nombre aléatoire de serveur et d'un premier identifiant de serveur sur la base du premier nombre aléatoire de client et de la première valeur; (d) l'envoi, par le serveur, du premier identifiant unique de serveur et d'une version chiffrée du premier nombre aléatoire de serveur au client par le serveur; (e) la génération, par le client, d'un second nombre aléatoire de client et d'un second identifiant unique de client sur la base desdits premiers nombres aléatoires de serveur et de client; (f) l'envoi, par le client, du second identifiant unique de client et d'une version chiffrée du second nombre aléatoire de client au serveur par le client; (g) la génération, par le serveur, d'un second nombre aléatoire de serveur et d'un second identifiant unique de serveur sur la base du second nombre aléatoire de client et du premier nombre aléatoire de serveur; et (h) la répétition de (d) à (g), à l'aide des nombres aléatoires mis à jour et des identifiants uniques de client et de serveur pour fournir une authentification périodique, les identifiants uniques ainsi générés ne contenant aucun argument non changeant lié de manière intrinsèque aux deux parties.
PCT/IL2008/000384 2008-02-28 2008-03-19 Système de transmission sécurisé WO2009107120A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/071,993 2008-02-28
US12/071,993 US20080162934A1 (en) 2006-09-20 2008-02-28 Secure transmission system

Publications (1)

Publication Number Publication Date
WO2009107120A1 true WO2009107120A1 (fr) 2009-09-03

Family

ID=39537951

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2008/000384 WO2009107120A1 (fr) 2008-02-28 2008-03-19 Système de transmission sécurisé

Country Status (1)

Country Link
WO (1) WO2009107120A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347887A (zh) * 2018-12-17 2019-02-15 郑州云海信息技术有限公司 一种身份认证的方法及装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004079623A1 (fr) * 2003-02-27 2004-09-16 Imagineer Software, Inc. Procede et systeme a plusieurs parties de distribution de contenus ayant des caracteristiques de gestion des droits
EP1526677A1 (fr) * 2002-06-19 2005-04-27 Secured Communications, Inc. Proc d et dispositif d'interauthentification

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1526677A1 (fr) * 2002-06-19 2005-04-27 Secured Communications, Inc. Proc d et dispositif d'interauthentification
WO2004079623A1 (fr) * 2003-02-27 2004-09-16 Imagineer Software, Inc. Procede et systeme a plusieurs parties de distribution de contenus ayant des caracteristiques de gestion des droits

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MENEZES, VANSTONE, OORSCHOT: "Handbook of Applied Cryptography", 1997, CRC PRESS LLC, USA, XP002486592 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347887A (zh) * 2018-12-17 2019-02-15 郑州云海信息技术有限公司 一种身份认证的方法及装置

Similar Documents

Publication Publication Date Title
US20080162934A1 (en) Secure transmission system
CN109347835B (zh) 信息传输方法、客户端、服务器以及计算机可读存储介质
US8214649B2 (en) System and method for secure communications between at least one user device and a network entity
CN100581097C (zh) 在两计算机间传输数据的系统和方法
KR101265873B1 (ko) 분산된 단일 서명 서비스 방법
KR101237632B1 (ko) 토큰과 검증자 사이의 인증을 위한 네크워크 헬퍼
US8601267B2 (en) Establishing a secured communication session
US8396218B2 (en) Cryptographic module distribution system, apparatus, and program
EP3010174A1 (fr) Systèmes et procédés pour distribuer et sécuriser des données
CN1234662A (zh) 密码点火处理方法及其装置
US20060209843A1 (en) Secure spontaneous associations between networkable devices
KR102063031B1 (ko) 단일 큐빗을 이용한 양자 직접 통신 장치 및 방법
EP2060045A2 (fr) Procédé et système d'établissement de canaux de communcation sécurisés et authentifiés en temps réel dans un réseau public
KR102028092B1 (ko) 신뢰 양자 서명 장치 및 방법
Vokorokos et al. Yet another attempt in user authentication
CN102957704B (zh) 一种确定mitm攻击的方法、装置及系统
US8793494B2 (en) Method and apparatus for recovering sessions
GB2488753A (en) Encrypted communication
KR101014849B1 (ko) 제 3의 신뢰기관의 도움 없이 공개키에 대한 상호 인증 및키 교환 방법 및 그 장치
KR102029053B1 (ko) 가상 머신 마이그레이션 장치 및 방법
US8452968B2 (en) Systems, methods, apparatus, and computer readable media for intercepting and modifying HMAC signed messages
Costea et al. Secure opportunistic multipath key exchange
CN102014136B (zh) 基于随机握手的p2p网络安全通信方法
WO2009107120A1 (fr) Système de transmission sécurisé
JP2004274134A (ja) 通信方法並びにこの通信方法を用いた通信システム、サーバおよびクライアント

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08720009

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02/12/2010)

122 Ep: pct application non-entry in european phase

Ref document number: 08720009

Country of ref document: EP

Kind code of ref document: A1