WO2013065057A1 - Introduction sécurisée - Google Patents

Introduction sécurisée Download PDF

Info

Publication number
WO2013065057A1
WO2013065057A1 PCT/IN2011/000753 IN2011000753W WO2013065057A1 WO 2013065057 A1 WO2013065057 A1 WO 2013065057A1 IN 2011000753 W IN2011000753 W IN 2011000753W WO 2013065057 A1 WO2013065057 A1 WO 2013065057A1
Authority
WO
WIPO (PCT)
Prior art keywords
public key
electronic device
record
revocation
person
Prior art date
Application number
PCT/IN2011/000753
Other languages
English (en)
Inventor
Nishant Kumar
Kapaleewaran VISWANATHAN
Amitabh SAXENA
Original Assignee
Hewlett-Packard Development Company L.P.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett-Packard Development Company L.P. filed Critical Hewlett-Packard Development Company L.P.
Priority to PCT/IN2011/000753 priority Critical patent/WO2013065057A1/fr
Publication of WO2013065057A1 publication Critical patent/WO2013065057A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Definitions

  • Electronic devices sometimes employ public key cryptography for secure communications and coordination of contact information.
  • the public keys used in public key cryptography are sometimes subject to tampering.
  • Existing methods to distribute and authenticate public keys are not well-suited for sharing and updating contact or profile information in an easily understood and secure manner.
  • Figure 1 is a schematic illustration of an example of a secure introduction system.
  • Figure 2 is a flow diagram of an example method for claiming, sharing and validating a public key and its associated profile information.
  • Figure 3 is a flow diagram of an example method for validating a shared public key.
  • Figure 4 is a flow diagram of an example method for updating the personal profile associated with a public key at a public key repository.
  • Figure 5 is a flow diagram of an example method for claiming a public key at a public key repository and subsequently revoking and rolling over the public key at the public key repository.
  • Figures 6-22 illustrate example screenshots presented by the secure introduction system of Figure 1.
  • Figure 23 is a flow diagram of an example method for creating or claiming a public key and associated personal profile.
  • Figure 24 is a flow diagram of an example method for validating a received public key.
  • Figure 25 is a flow diagram of an example method for updating a public key record at a public key repository.
  • Figure 26 is a flow diagram of an example method for provoking and rolling over a public key at a public key repository.
  • FIG 1 schematically illustrates an example of a secure introduction system 20 for distributing and authenticating public keys and associated contact or profile information.
  • secure introduction system 20 facilitates the authentication sharing of public keys and their associated profile or contact information in an easily understood and secure manner.
  • Secure introduction system 20 comprises public key repository 24, electronic devices 28A, 28B (collectively referred to as electronic devices 28) and external storage sites 30A, 30B (collectively referred to as storage sites 30).
  • Public key repository 24 comprises a server or other computing device that facilitates the sharing of public keys and associated profile information or contact information, the updating of the profile information or the contact information and the revocation or rollover of public keys by different persons 34A and 34B using their associated electronic devices 28A and 28B, respectively.
  • Public key repository 24 comprises memory 40, communication device 42 and controller 44.
  • Memory 40 comprises a non-transient computer-readable medium providing a persistent storage device which stores collection 46 of profiles or public key records 48, collection 50 of revocation or rollover public key records 52, collection 54 of follower records 56 and instructions 58.
  • Profiles or public key records 48 each comprise a record or user profile, wherein each record comprises a record identifier or label 60, an associated public key 62, and associated personal identifier 64 and an associated set of user data 66.
  • Record label 60 comprises an identification of the profile.
  • record label 60 may be omitted where the public key or personal identifier 64 identifies a profile and is used to label or distinguish one record from another record.
  • Public key 62 comprises a public key provided by the person claiming the particular record 48.
  • Public key 62 serves as a component of a asymmetric key cryptology, wherein public key 62 is mathematically linked to a private key with an asymmetric key algorithm and wherein the public key in the private key are used to lock or encrypt plaintext and to unlock or decrypt cyphertext.
  • the public key and the private key are related mathematically, parameters are chosen such that determining the private key from the public key is prohibitively expensive.
  • Public key 62 may be widely distributed, originating from one of electronic devices 28.
  • Personal identifier 64 comprises at least one piece of data that facilitates personal authentication, recognition or confirmation of a person associated with the profile 48.
  • the term "personal confirmation” shall mean a visual or audible in-person confirmation during which the confirming person or device and the person being confirmed are in the physical presence of one another.
  • personal identifier 64 is presented to a recipient of a record or profile 48 being shared (a person and his or her associated electronic device), wherein the recipient uses a personal identifier 64 to confirm that the person sharing the record 48 is actually associated with the record 48. In other words, the recipient visually determines whether the personal identifier 64 displayed on his or her electronic device 28 is that of the other person who is attempting to share the record 48. If the personal identifier 64 matches the record sharing person, the record sharing person is authorized to share the record 48. If the personal identifier 64 does not match the record sharing person, the record sharing person is not authorized to share the record 48.
  • personal identifier 64 comprises a name of a person, wherein authentication, recognition, or confirmation is performed by the recipient visually inspecting the record sharing person to determine if the record sharing person has a name that matches the name of the personal identifier 64.
  • personal identifier 64 comprises a digital photograph of a person, wherein authentication, recognition or confirmation is performed by the record recipient visually inspecting the record sharing person to determine if the digital photograph of personal identifier 64 is that of the record sharing person.
  • personal identifier 64 comprises a digital photograph of a person, wherein a camera or other image capture device captures an image of the record sharing person and an associated processor or computing device, with facial or other person recognition software or programming, compares the image of the record sharing person to the digital photograph to perform the authentication, recognition or confirmation.
  • the authentication, recognition or confirmation is automatically completed upon the processor determining that the record sharing person is indeed the same person depicted or otherwise identified by personal identifier 64.
  • the electronic device may indicate a match, but further prompt and await acceptance or approval from the person associated with the electronic device.
  • personal identifier 64 may comprise more than one visually confirmable identifying indicia, such as each of a name and a digital photograph of the person associated with the record 48. In yet other implementations, additional or alternative visually confirmable personal identifiers may be utilized.
  • User data 66 comprise additional data or contact information of record 48.
  • Examples of user data 66 include, but are not limited to, electronic contact information such as a home and/or business phone number, a home and/or business e- mail address, a webpage address, a home and/or business fax number, a home and/or business mobile or cell phone number; mailing addresses, company names, job title, security clearance or authorizations, personal preferences, sales lists or references and the like.
  • additional data 66 may be omitted or may be retrievable from repository 24 independent of record 48.
  • each record 48 is illustrated as including profile identifier 60, the public key 62, personal identifier 64 and data 66, in other implementations, each record 48 may include additional information.
  • collection 46 of record 48 is illustrated as comprising a table, such as a digital lookup table, in other implementations, collection 46 of records 48 may be stored as separate files or stored in other manners.
  • Rollover public key records 52 of set or collection 50 each comprise a record or profile identifier label 70 and an associated revocation or rollover public key 72.
  • Label 70 is similar to label 60 of record 48. Label 70 identifies the profile to which the revocation or rollover public key is associated.
  • Revocation or rollover public key 72 is similar to public key 66 in that revocation key 72 serves as a component of asymmetric key cryptology, wherein revocation public key 72 is mathematically linked to a private key with an asymmetric key algorithm and wherein the public key and the private key are used to lock or encrypt plaintext and to unlock or decrypt cyphertext.
  • Revocation or rollover public key 72 is associated with a particular profile and is configured to subsequently facilitate a revocation or rollover of the existing public key 62 for the associated profile. In one implementation, upon revocation of the previous public key 62 for a particular profile, the revocation public key 72 becomes the new public key 62.
  • revocation public keys 72 are illustrated as being stored as part of a separate collection 50 independent of collection 48, in other implementations, revocation public key 72 may be stored as part of records 48 of collection 46. In such an implementation, the record 48 being shared or transmitted to recipient would omit the associated revocation public key 72.
  • Follower records 56 of collection 54 each comprise a record or profile identifier label 80 and an associated revocation or rollover public key 82.
  • Label 80 is similar to label 60 of record 48.
  • Label 80 identifies the profile to which the followers 82 are associated.
  • Each follower 82 comprises information identifying recipients of the associated profile which or who have registered an interest in receiving changes or updates to the profile.
  • each follower 82 may comprise an electronic address to facilitate communication with the follower.
  • repository 24 upon receiving a change or update to a particular profile, repository 24 automatically transmits the update or change in the profile to each identified follower 82. In one implementation, the changes are automatically made to the follower's files.
  • followers 82 are illustrated as being stored as part of a separate collection 54 independent of collection 48, in other implementations, followers 82 may be stored as part of records 48 of collection 46. In such an implementation, the record 48 being shared or transmitted to recipient may omit the associated followers 82.
  • Instructions 58 comprise computer readable code or computer readable programming contained on the non-transient medium of memory 40. Instructions 58 direct the operation of controller 44 in the sharing of public keys and associated profile information or contact information, the updating of the profile information or the contact information and the revocation or rollover of public keys by different persons 34A and 34B using their associated electronic devices 28A and 28B, respectively.
  • Communication device 42 comprises at least one device configured to facilitate electronic communication with each of electronic devices 28.
  • communication device 42 may facilitate communication across a local area network or a wide area network (Internet) in a wired or wireless fashion.
  • communication device 42 may comprise a modem and router.
  • communication device 42 may facilitate additional or alternative modes of communication.
  • Communication device 42 facilitates the transmission of records 48 and security measures between repository 24 and electronic devices 28.
  • Controller 44 comprises at least one processing unit configured to carry out processes or protocols for the sharing of public keys and associated profile information or contact information, the updating of the profile information or the contact information and the revocation or rollover of public keys by different persons 34A and 34B using their associated electronic devices 28A and 28B, respectively, according to instructions 58.
  • processing unit shall mean a presently developed or future developed processing unit that executes sequences of instructions contained in a memory. Execution of the sequences of instructions causes the processing unit to perform steps such as generating control signals.
  • the instructions may be loaded in a random access memory (RAM) for execution by the processing unit from a read only memory (ROM), a mass storage device, or some other persistent storage.
  • RAM random access memory
  • ROM read only memory
  • mass storage device or some other persistent storage.
  • controller 44 may be embodied as part of one or more application-specific integrated circuits (ASICs). Unless otherwise specifically noted, the controller is not limited to any specific combination of hardware circuitry and software, nor to any particular source for the instructions executed by the processing unit.
  • ASICs application-specific integrated circuits
  • Electronic devices 28 comprise devices configured to share public keys 62, receive public keys 62 and display personal identifiers 64. In the implementation illustrated, electronic devices 28 are further configured to store one or more profiles of the person associated with the electronic device 28 as well as profiles of others received as a result of the sharing of public keys 62. Although electronic devices 28 are illustrated as identical to one another, electronic devices may be different from one another, each electronic device including additional or alternative components as shown. Examples of electronic devices 28 include, but are not limited to, portable or handheld electronic devices such as smart phones, personal data assistants, digital computing tablets, flash memory players, net books, laptops and the like. In some implementations, at least one of electronic devices 28 may comprise a stationary computing device, such as a desk top computer or the like, wherein a portable electronic device is brought or carried into visual proximity with the stationary computing device.
  • each of electronic devices 28 comprises memory 100, communication device 102, external interface 104 and controller 106.
  • Memory 100 comprises, a non-transient computer-readable medium storing personal profiles 110, acquaintance profiles 112 and instructions 1 14.
  • Personal profiles 110 comprise profile and contact information pertaining to the person owning or otherwise properly associated with the particular electronic device 28. In those circumstances where the electronic device 28 has been stolen or is no longer in use by the person who created profiles 110, such profiles 110 may not pertain to the person in possession of electronic device 28.
  • Each personal profile 1 10 contains different sets of personal information for the properly associated person P.
  • personal profiles 110 stored in electronic device 28A properly contain personal information for a person (PI) 34A.
  • personal profiles 110 stored in electronic device 28B properly contain personal information for a person (P2) 34B.
  • Different profiles 110 may contain different sets of personal information for sharing or distribution to different individuals. In one
  • each personal profile 1 10 comprises information similar to that found in a record 48, namely, the public key (PKo) 62, a personal identifier 64 and user data 66.
  • User data 66 may include contact information facilitating direct communication with the electronic device 28 using the personal profile 1 10.
  • personal profile 110 does not include a revocation or rollover public key for the stored public key 62.
  • Acquaintance profiles 112 are similar to personal profiles 1 10 except that acquaintance profiles 112 contain information pertaining to others that has been received from others as a result of the sharing of a public key 62 by another person.
  • Acquaintance profiles 112 contain personal information drawn from a received record 48 or acquired subsequently to the receipt of a record 48 using information contained in the received record 48.
  • Such acquaintance profiles 1 12 may include electronic contact information facilitating direct communication between electronic device 28 and the person associated with the acquaintance profile 112.
  • Instructions 114 comprise computer readable code, software or computer readable programming contained on the non- transient medium of memory 100.
  • Instructions 1 14 direct the operation of controller 106 in the uploading, claiming and creation of a record 48 at repository 24, sharing of public keys to other electronic devices 28, the updating of the profile information or the contact information stored at repository 24 and the revocation or rollover of public keys at repository 24.
  • Communication device 102 comprises at least one device configured to facilitate electronic communication with public key repository 24 and each of electronic devices 28.
  • communication device 42 may facilitate communication across a local area network or a wide area network (Internet) in a wired or wireless fashion.
  • communication device 102 may comprise a modem and router. In other implementations, communication device 102 may facilitate additional or alternative modes of communication.
  • Communication device 102 facilitates the transmission of records 48 and security measures between repository 24 and electronic device 28.
  • External interface 104 comprises one or more devices to interface with the person 34 holding or otherwise in control of the associated electronic device 28.
  • External interface 104 may comprise a keyboard, keypad, display screen, a touchpad, a microphone with associated speech recognition software, mouse, touch screen, switches or the like.
  • External interface 104 receives commands or selections from the associated person 34.
  • external interface 104 facilitates close proximity
  • close proximity communications means the capturing or wireless transfer of data between electronic devices while the electronic devices are in at least visual or audible proximity to one another.
  • close proximity communications comprise short-range communication technologies such as Bluetooth and near field communication.
  • Close proximity communications further comprise communications wherein a sender or transmitter provides an image or sound and where the recipient receives or captures the sound or image.
  • external interface 104 may comprise a display screen or speaker to emit an image or sound.
  • External interface 104 may additionally comprise a camera, infrared sensor, scanner, barcode reader to capture the image or a microphone to receive audible signals or other sounds.
  • External interface 104 facilitates the sharing of the public key 62 stored as part of personal profiles 1 10.
  • external interface 104 may be configured to transmit or share information pertaining to public key 62, wherein external interface 62 comprises a display screen to present a barcode or other image identifying the public key 62, either the public key 62 itself or a fingerprint of the public key 62 (a hash of the public key 62).
  • External interface 104 may also be configured to receive or take in information pertaining to public key 62 from another electronic device 28.
  • external interface 104 may comprise a camera to capture the displayed public key or public key fingerprint presented by another electronic device 28.
  • external interface 104 may be configured to facilitate the transmission of the public key or public key fingerprint from one electronic device to another electronic device using non-visual short-range communication technologies such as Bluetooth and near field communication.
  • the visual confirmation of the personal identifier presented on an electronic device that has received a shared public key 62 may be performed at least in part by the electronic device itself.
  • external interface 104 may comprise a camera, wherein the controller 106 causes the camera to capture an image of the other person holding or otherwise controlling the electronic device 28 that has sent the public key 62 and wherein the controller 106, operating under the instruction of instructions 1 14, performs facial recognition.
  • the camera that is used for visual confirmation may be additionally used for capturing of the public key information from the other electronic device.
  • Controller 106 comprises at least one processing unit configured to follow instructions 1 14 to carry out operations as using communication device 102 and external interface 104. Examples of such operations comprise sharing the public key, receiving a public key, requesting a record 48 from repository 24, storing shared information, creating personal information for profiles 62, updating information of profile 62, uploading profile information to repository 24, provoking or rolling over the public key at repository 24 and storing a roller public key at an external storage 30.
  • External storage sites 30 comprise locations remote from electronic devices 28 for storing a revocation or rollover public key.
  • External storage sites 30 each comprise a non-transient computer-readable medium or persistent storage device upon which is stored or recorded the revocation public key 72.
  • External storage sites 30 provide an off-site (relative to electronic device 28) storage location for revocation public key 72, allowing such revocation keys 72 to be retrieved for revocation and rollover when the electronic device having the public key 62 has been lost or stolen. Because the revocation public key 72 is stored at site 30 and not stored on the electronic device 28 that has been lost or stolen, misappropriation of the revocation public key 72 is inhibited.
  • the revocation public key 72 may be stored on the electronic device in an encrypted manner, wherein the keys or credentials to decrypt the encrypted revocation key on the stolen electronic device 28 are maintained at an associated storage site 30.
  • Figures 2-5 illustrate various methods for carrying out public key transactions.
  • Figure 2 illustrates one example method 200 for claiming or creating a public key record 48 by a person 34A and four sharing of the public key record 48 with person 34B.
  • person 34A initially creates or claims a public key record at public key repository 24.
  • person 34A enters commands causing electronic device 28A to upload or transmit a locally created personal profile 110 to repository 24.
  • the personal profile 1 10 comprises a public key 62 and at least one personal identifier 64.
  • personal profile may include additional data 66.
  • Public key repository stores the. ersonal profile 110 as a public key record 48 in memory 40.
  • electronic device 28 of person 34A additionally generates and transmits a revocation public key 72 which is stored in an associated revocation record 52 at repository 24.
  • the revocation public key 72 is not stored at the electronic device 28 A of person 34A, the revocation record 12 is stored at storage site 30A (shown in Figure 1).
  • Steps 204-210 in Figure 2 illustrate an example method by which the now stored public key record 48 is shared with another person, person 34B with electronic device 28B.
  • person 34A transmits or shares his or her public key (PKo) 62 to person 34B using external interfaces 104 of electronic devices 28 while persons 34A and 34B are in visual proximity to one another.
  • person 34A may input commands to electronic device 28A causing a display of the external interface 104 of device 28A to present a barcode or other image visually presenting the public key or a fingerprint of the public key associated with the profile of person 34A.
  • Person 34B may enter commands causing a camera of the external interface 104 electronic device 28B to capture a digital image of the public key or public key fingerprint on the display of electronic device 28A.
  • the public-key or public key fingerprint may be transmitted from electronic device 28A to electronic device 28B via Bluetooth or by other short- range communication technology.
  • step 206 upon receiving the shared public key or public key fingerprint, electronic device 28B, under the direction of person 34B, checks or validates the received public key with repository 24.
  • electronic device 34B transmits the received public key 62 to repository 24 using communication device 102 of electronic device 28B and communication device 42 of repository 24.
  • public key repository 24 responds by transmitting the public key record 48 corresponding to the received public key 62 to electronic device 34B.
  • the public key record 48 transmitted by repository 24 includes the personal identifier 64 and a digital signature.
  • the public key record transmitted also includes data 66.
  • repository 24 further transmits the actual public key itself as part of the public key record.
  • step 210 upon receiving the public key record 48 from repository 24, electronic device 28B verifies the digital signature using the received public key.
  • a personal confirmation is made that the personal identifier received as part of the public key record 48 is that of the person 34A who is attempting to share the public key record 48.
  • electronic device 28B presents on its display a name, a digital photograph or both of the person associated with the received public key record 48, wherein person 34B or electronic device 28B (using a camera and facial recognition software) visually confirms that person 34A is a person depicted by the one or more personal identifiers 64 on the display screen of electronic device 28B.
  • the personal identifier 64 may comprise a voice signature.
  • person 34A may be asked to speak into a microphone of electronic device 28B, wherein electronic device 28B, using voice recognition software, determines whether a person 34A corresponds to the voice signature of the received public key record 48.
  • other personal identifiers such as fingerprints or the like may part of public key record 48 and may be obtained while persons 34A and 34B are in the presence of one another to perform the personal confirmation.
  • FIG. 3 illustrates an example method 250 for be carried out by an electronic device 28 receiving a shared public key 62. , As indicated by step 252, electronic device 28 receives a shared public key (PKo) 62 or a signature of the public key 62 from another electronic device associated with another person.
  • PKo shared public key
  • step 254 electronic device 28 then accesses the public key record 48 of public key repository 24 using the received public key 62 or fingerprint of the public key 62.
  • step 256 electronic device verifies the digital signature of the public key record using the received public key 62.
  • electronic device 28 stores information from the public key record 48 based upon a personal confirmation.
  • the personal confirmation may be achieved using display of a personal identifier comprising a digital photograph, wherein the visual confirmation is made by a person 34B or electronic device 28B using facial recognition software.
  • the personal confirmation may be made using a personal identifier comprising a person's name, wherein visual confirmation is made by person 34B.
  • the personal confirmation may be made using a personal identifier comprising recorded and played back voice clip, wherein the personal confirmation is made by person 34B or by electronic device 28B using voice recognition software. If the personal identifier is that of the person sharing the public key record 48, the public key record 48 is stored.
  • storage of the public key record in the receiving electronic device 28B also results in the electronic device 28B or the person 34B being added to collection 54 as a follower 82 of the received profile (public key record 48).
  • a new follower record 56 is created for the received profile upon transmission of the public key record 48 by repository 24, wherein the follower record 56 is removed or deregistered if the transmitted public key record 48 is ultimately not accepted due a personal confirmation failure.
  • electronic device 28B or person 34B will be automatically subscribed to receive any changes or updates to the received public key record 48 shared by person 34A.
  • Figure 4 illustrates an example of a method 270 for being carried out by electronic device 28 to update an existing public key record 48 at repository 24.
  • Step 272 indicates the initial creation of a public key record and a transmission to repository 24.
  • the personal profile stored on electronic device 28 is changed or updated. For example, a person may change his or her e-mail address, residential address, office address, title or the like.
  • step 276 once a profile has been updated on the person electronic device 28, the updated or modified personal profile 1 10 is uploaded with the original public key record (which includes public key 62) and a digital signature to repository 24. As indicated by step 278, the changes or updates to profile 1 10 are recorded in the public key record 48 in memory 40 for the profile associated with the public key 62 and the modified public key 48 is transmitted to each of followers 82 and stored for the profile in collection 54.
  • the original public key record which includes public key 62
  • step 278 the changes or updates to profile 1 10 are recorded in the public key record 48 in memory 40 for the profile associated with the public key 62 and the modified public key 48 is transmitted to each of followers 82 and stored for the profile in collection 54.
  • Figure 5 illustrates an example method 284 being carried out by electronic device 28 to claim or establish a public key record at repository 24 and to subsequently revoke or rollover the current public key at repository 24.
  • a created public key record 48 which includes the public key 62 and a personal identifier 64, is transmitted to repository 24.
  • a revocation record including a revocation or rollover public key is also transmitted from an electronic device 28 to repository 24.
  • the revocation or rollover public key PKr transmitted to repository 24 is also stored off- device.
  • the revocation or rollover public key PKr is stored at an off- site storage site such as a storage site 30.
  • the revocation public key PKr is not stored on the electronic device itself.
  • the person or owner of the existing public key record 48 at repository 24 obtains his or her revocation public key PKr from the off-device storage site such as storage site 30. As indicated by step 288, the person or owner then transmits, presumably with another electronic device or the reacquired electronic device, the revocation public key PKrl, a new or replacement revocation public keyPKr2 and a new public key revocation record REV. REC. 2 to repository 24.
  • the new public key revocation record REV. REC. 2 includes a digital signature generated using both the previous revocation public key PKrl and the replacement or new revocation public key PKr2.
  • repository 24 updates the profile and public key record 48.
  • the record is provided with a new public key 62 .corresponding to the previous revocation public key.
  • repository 24 further updates the corresponding revocation key record 52, wherein the new revocation public key 72 comprises the replacement revocation public key PKr2.
  • the replacement revocation public key PKr2 is stored at storage site 30. The replacement revocation public key PKr2 is not stored on the new electronic device or the reacquired original electronic device.
  • Figures 6-22 illustrate example screenshots which may be presented on a display of an external interface 104 of electronic device 28 during example secure introduction transactions.
  • Figure 6 illustrates a screen shot 300 prompting a user person to enter his or her password to log into the secure introduction system 20 (shown in Figure 1) (sometimes referred to as a secure introductions program).
  • the entered password 302 serves as a master secret to encrypt all stored data on electronic device 28.
  • Figure 8 illustrates an example screen shot 308 which displays a menu presenting several options from which the person may select.
  • the options fall under two major categories: “theirs” and “mine”.
  • the option “accept profiles” allows a person to receive profiles or introductions from others.
  • the option “view profiles” allows a person to view previously accepted and shared profiles, such as those profile stored in the acquaintance profiles 1 12 (shown in Figure 1).
  • the option “send profile” allows a person to send a personal profile (stored in personal profiles 110) to an electronic device 28 under the control of another person.
  • the option “view profile” allows a person to his or her personal profiles 1 10.
  • the option “create profile” allows a person to create a new personal profile 1 10.
  • FIG 8 illustrates screenshot 312 which is displayed in response to the person selecting the "accept profiles" option in screenshot 308.
  • screenshot 312 presents the person with two example ways by which the person may accept the public key of another person.
  • the person is offered the choices of accepting or obtaining the public key of the other person by either reading a QR code or by reading files transmitted over electronic communications such as from a chat or e-mail communications.
  • other choices may be offered for reading or otherwise obtaining the public key associated with another person (the sharing party).
  • Figure 9 illustrates a screenshot which is presented in response to the person selecting the "read QR code” option in screenshot 312.
  • a QR code reader interface one example of external interface 104 on electronic device 28
  • the person scans a profile barcode 316 being displayed on the other person's electronic device 28.
  • the profile barcode 316 corresponds to a fingerprint of the other person's public key.
  • the barcode may correspond to the other person's public key itself.
  • Figure 10 illustrates screenshot 318.
  • electronic device 28 upon the successful scanned of the profile barcode 316 shown in Figure 9, electronic device 28 decodes the barcode to obtain a profile or public key fingerprint 320, which in the implementation illustrated, is a hash of the public key.
  • electronic device 28 Upon obtaining the fingerprint 320, electronic device 28 communicates with public key repository 24, and uses fingerprint 320 to request secure profile information in the form of the public key record 48.
  • screenshot 318 the person is further presented with options for going back to reread or rescan the public key fingerprint, or to exit.
  • Figure 1 1 illustrates screenshot 324 depicting personal identifiers 64 (a name of a person and a digital photograph of the person) which were a part of the public key record 48 received from repository 24 using the public key fingerprint.
  • personal identifiers 64 are presented after electronic device 28 has verified the digital signature which is also part of the received public key record 48.
  • electronic device 28 upon displaying personal identifiers 64, electronic device 28 prompts the receiving person to confirm that the personal identifiers present on the display are those of or correspond to the person attempting to share the received personal record 48. If indeed the picture and the name are those of the person before the recipient of the public key, the recipient may accept the shared profile information from the public key record 48. Alternatively, if the person's name or photograph being displayed does not correspond to the person physically or visually before the recipient, the recipient may reject the received public key record 48.
  • Figure 12 illustrates screenshot 328 which is displayed if the person chooses to accept the received public key record 48 during the display of screenshot 324 in Figure 11.
  • the recipient accepts the received profile information (the personal identifiers 64 correspond to the person before the recipient)
  • the recipient is then prompted to indicate whether he or she chooses to follow the profile.
  • the recipient's selection is then transmitted to repository 24 by electronic device 28. If the recipient chooses to follow the profile (by selecting or clicking on "yes" in screenshot 328), the recipient's request (and possibly his or her contact information) are registered or remain registered or stored in a corresponding record 56 at public key repository 24.
  • future updates to the received public key record 48 will be automatically transmitted or made available to the recipient. If the recipient decides not to file the profile, the recipient is not registered or is removed from collection 54 of follower records 56.
  • Figure 13 illustrates screenshot 330 which is presented on the display of electronic device 28 in response to a person selecting the "view profiles" option in screenshot 308 shown in Figure 7.
  • electronic device 28 presents a list of accepted profiles or public key records 48 stored in acquaintance profiles i 12 (shown in Figure 1). In the example illustrated, three such previously accepted profiles 48 are shown.
  • an update indicator 50 is displayed next to the public key record or profile.
  • the public key indicator comprises a star. In other implementations, other indicators may be employed.
  • Figure 14 illustrates screenshot 334 which is displayed in response to a person selecting an updated profile, such as the updated profile 50 shown in Figure 13.
  • the display comprises a touch screen, such that selection occurs by a person touching the updated profile.
  • pointers in combination with a click or other methods may be utilized to select an updated profile.
  • the acquaintance profiles 1 12 may be more extensive, wherein selecting the profile in screenshot 330 results in additional details for the profile being presented.
  • electronic device 28 prompts the person to accept or reject any picture change that has. been made to the acquaintance profile 1 12. Other changes to the acquaintance profile 112, such as textual changes, are verified by electronic device 28 without human assistance.
  • Figure 15 illustrates screenshot 340 which is displayed in response to the person selecting the "send profile” option in screenshot 308 in Figure 7.
  • the person owning electronic device 28 has multiple different personal profiles 110.
  • a drop-down menu is presented for the person to choose which profile he or she wishes to share or send.
  • the person is also prompted to select how he or she wishes to share or send the public key 62 corresponding to the selected profile 1 10.
  • the person has decided to send his or her public key to another electronic device 28 and its recipient using the QR code option. Once such selections are made, the "send" button may be touched or selected to initiate the transmission or display.
  • Figure 16 illustrates screenshot 344 which is displayed in response to the person identifying which of his or her profiles to share, identifying that the public key corresponding to the identified profile is to be sent using a QR code and touching her selecting the "send” button.
  • electronic device displays a QR code of a fingerprint of the public key 62 that corresponds to the public key record 48 at repository 24 to be shared. Once the other person has received (digitally captured) the QR code, the sender may touch or select the "done” button. Thereafter, the sharing continues on the recipient electronic device 28 and repository 24 as described above with respect to Figures 8-13.
  • FIG 17 illustrates screenshot 350 which is displayed by electronic device 28 in response to a person selecting the "view profile” option under the "mine” category shown in screenshot 308 in Figure 7.
  • Screenshot 350 presents a selected one of the person's personal profiles 110 (shown in Figure 1) and provides prompts or text boxes 352 by which the person may edit profile information such as the profile name, the person's name, the person's e-mail address, the person's picture and so on.
  • the person may press, or select the update button 356 which causes electronic device 28 to transmit the updated information to the server of public key repository 24.
  • the person is also provided with the opportunity to press or select a revert button 358, which reverts the existing profile to prior sets of information or data.
  • Figure 18 illustrates screenshot 360 which is displayed by electronic device 28 in response to a person selecting the "create profile” option of screenshot 308 in Figure 7.
  • Screenshot 360 allows a person to create one of multiple personal profiles 1 10, each profile identified by a unique public key.
  • the user can create a personal profile 1 10 directly on electronic device 28 by selecting the "generate profile” button or option 362.
  • the person may press or select the "import profile” button or option 364 to import a previously created or generated profile from a file.
  • person may exit by selecting the "exit” option.
  • FIG 19 illustrates screenshot 370 which is displayed in response to the person selecting or pressing the "generate profile” button 362 at screenshot 360.
  • one of the personal identifier 64 used for a personal profile 1 10 and ultimately the public key record 48 at repository 24 is a digital photograph.
  • Screenshot 370 prompts the person to selected how the digital photograph is to be provided.
  • the person enters a command by which controller 106 captures a digital image of the person using a camera (one of external interfaces 104) provided as part of the electronic device 28.
  • the person may choose to import a previously captured digital photograph stored in a gallery of photographs in memory 100 or stored in another persistent storage device in communication with electronic device 28, such as a flash memory card inserted into a flash memory slot in the electronic device 28.
  • screen shot 370 offers a person the option to exit by pressing or otherwise selecting the "exit” button.
  • FIG 20 illustrates screenshot 380 which is presented before or after the provision of the digital photograph per screenshot 370.
  • Screenshot 380 prompts the person to enter additional information for the personal profile 1 10 being created.
  • electronic device 28 prompts the person to enter his or her name as well as his or her e-mail address. In other implementations, additional or alternative information may be requested.
  • screenshot 380 is presented after obtaining the digital photograph such that the digital photograph is presented in screenshot 380. Once all information has been entered, the user person may press or select the "upload" to transfer the newly created personal profile 1 10, which is stored on electronic device 28, to public key repository 24 by pressing or selecting button 384.
  • one or both of such sets of profiles 110, 112 may alternatively be stored at public key repository 24 or at another external storage device, wherein the electronic device 28 accesses and either downloads or views the profiles that are stored elsewhere. In such an alternative implementation, memory of electronic device 28 is conserved.
  • Figure 21 illustrates screenshot 388 which is displayed by electronic device in response to the "upload" button 384 being pressed or chosen in screenshot 380.
  • Screenshot 388 indicates or otherwise confirms to the user that the newly created personal profile 1 10 is being registered with the server of public key repository 24 and that a public key record 48 is being claimed at repository 24. During such registration, electronic device 28 generates the associated public key 62 and uploads a self signed public key record 48 to repository 24.
  • Figure 22 illustrates screenshot 390 which is displayed on electronic device 28 once the upload of the public key record 48, created from the newly generated personal profile 1 10, has been successfully uploaded and registered.
  • electronic device 28 further identifies where the public key is stored on the electronic device 28 (the location in memory 100) as well as the public key fingerprint. After viewing, the person may select the "ok" button to end the profile generation sequence and to return to the main menu of screenshot 308.
  • Figures 23-26 illustrate example detailed protocol implementations for use by secure introduction system 20.
  • FIG. 23 illustrates an example protocol 400 for an electronic device 28 (user device) claiming or registering a public key record 48 at public key repository 24.
  • electronic device 28 uploads a claimed public key (PKo) and revocation public key PKr to the public key repository 24.
  • public key repository 24 calculates a challenge for the received data [PKo, PKr, Timestamp 1], wherein the challenge is a method authentication code (MAC) of the data calculated with a Secret Key of the server of repository 24.
  • MAC method authentication code
  • repository 24 sends a challenge to the electronic device 28 along with a timestamp. The timestamp discards the replay of challenges.
  • electronic device 20 Each time a user or electronic device 28 receives a challenge, electronic device 20 checks the timestamp on it. If the timestamp differs from these timestamp by the predefined extent, for example 10 minutes in one implementation, the electronic device 28 device accepts the challenge. Else, electronic device 28 refuses the challenge.
  • electronic device 28 In response to receiving the challenge, electronic device 28 verifies the timestamp. If the timestamp is accepted (is recent), electronic device 20 signs the PKo, Name, Photo, Challenge, TimeStamp with a secret key, So, of the public key PKo . Electronic device 28 further signs S 0 , Pko, PKr, Name, Photo, Challenge and TimeStamp to generate Sr, the revocation secret key. As indicated by transaction 406, electronic device 28 transmits or sends the So, Sr, PK 3 ⁇ 4 PKr, Name, Photo,
  • TimeStamp and Challenge The TimeStamp in transaction 406 serves for the calculation of a challenge again so that the challenge can be verified against the server signed challenge.
  • a replay attack is inhibited because a change to the time stamp in plain text will result in the challenge calculated by electronic device 28 not matching the challenge signed by repository 24. If both the time stamp and the signed challenge are replayed, the repository 24 will discard the reply due to time out.
  • repository 24 regenerates the challenge and verifies against the challenge in the reply packet. If the challenge verification succeeds, repository 24 verifies the signatures. Repository 24 verifies both the signatures So and Sr. As indicated by transaction 408, if the verification of both the signatures is successful, the receipt is transmitted to electronic device 28 and is stored by electronic device 28 as well as by repository 24 in case of any repudiation issues. In one implementation, every entry or public key record 48 in the repository 24 contains the receipt of the transaction.
  • FIG 24 illustrates an example validate protocol 420 for validating a public key 62 (PKc) received' from or shared by another electronic device for future communications.
  • the electronic device 28 that has received the shared public key 62 (the recipient or verifier) transmits the claimed or shared public key PKc and the public key 62 associated with the recipient performing the verification.(PKv).
  • a fingerprint of the public key (a hash of the public key) serves as a public key identifier rather than the public key itself.
  • the fingerprint of the claimed public key PKc and the verifier public key PKv are transmitted in transaction 422.
  • repository 24 responds by transmitting the data associated with the received public key PKc (the hash of the public key PKc).
  • This data includes the claimed public key itself PKc, Name, Photo, TimeStamp, Challenge and So.
  • the repository further initially registers PKv as an interest or follower 56 for the public key record 48 associated with the public key PKc. This default interest registration insures against changes that may take place on the public key record corresponding to PKc just after validation such that even if there is a change in the public key record corresponding to PKc, the verifier associated with PKv will be advised about the change.
  • electronic device 28 Upon receiving the public key record in transaction 424, electronic device 28 verifies the digital signature and then prompts the verifying person to perform a personal confirmation using the received personal identifiers, Name and Photo. If the personal identifiers are that of the person sharing the claimed public key PKc, the information in public record received in transaction 424 is accepted and stored electronic device 28.
  • FIG 25 illustrates an example updating method or protocol 430 being carried out by secure introduction system 20.
  • the person claiming a public key record 48 at repository 24 updates his or her personal profile 110 on electronic device 28 and transmits an update request to the repository 24 along with a signature of the public key (a hash of the public key).
  • depository 24 responds with a challenge.
  • the challenge is a method authentication code (MAC) of the data calculated with a Secret Key (SS) of the server of repository 24.
  • MAC method authentication code
  • SS Secret Key
  • repository 24 sends a challenge to the electronic device 28 along with a timestamp (TimeStamp).
  • electronic device 28 creates a digital signature So using the same set of data that was used when the original public key record 48 and public key PKo were initially claimed or transmitted to the public key repository 24 and using a private or secret key corresponding to the public key PKo.
  • Electronic device 28 then transmits a response with the updated personal profile 110 (the updated public key record 48) along with the digital signature So.
  • the response comprises: PKO, Name, Photo, TimeStamp, Challenge, So.
  • repository 24 updates a public key record 48 and transmits the update information to all persons having a previous verifier public key PKv that is registered as a follower in follower record 56 for the public key record PKo.
  • Figure 26 illustrates an example revocation method or protocol 450 are being performed by secure introduction system 20 shown in Figure 1.
  • the revocation method or protocol 450 may be carried out to revoke an existing public key PKo at repository 24 when and electronic device 28 of the revoking person is lost or stolen into rollover the associated record to a new public key.
  • the person requesting the revocation rollover transmits the request along with the data set PKr and PKnew, where PKr is the revocation public key obtained from off- site storage 30 and where PKnew is a public key corresponding to a new key pair generated on another device which will serve as a new revocation public key upon completion of the revocation and rollover.
  • repository 24 responds with a challenge composed of the data PKr, PKnew, TimeStamp).
  • electronic device 28 responds by generating two sets of signed data (PKr, Name, Photo, TimeStamp, Challenge) with its secret or private key, Sr, corresponding to PKr and Snew as signing data (PKnew, Name, TimeStamp, Challenge, Sr).
  • Electronic device 28 replies back to repository 24 with the data set (PKr, PKnew, Name, Photo, TimeStamp, Challenge, Sr, Snew).
  • public key repository 24 verifies the TimeStamp and the Challenge.
  • the public key repository 24 transmits a receipt to electronic device 28.
  • the receipt is a sign of the server on the data set (TimeStamp, Sr, Snew).
  • repository 24 may send an update of the rollover to all interested users or followers 56 for the prior revoked public key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un appareil d'introduction sécurisée qui utilisent un enregistrement de clé publique (48) ayant un identificateur personnel (64) au niveau d'un répertoire de clés publiques (24). Selon un exemple, l'identificateur personnel (64) est utilisé pour une confirmation personnelle avant de stocker l'enregistrement de clé publique (48).
PCT/IN2011/000753 2011-11-01 2011-11-01 Introduction sécurisée WO2013065057A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IN2011/000753 WO2013065057A1 (fr) 2011-11-01 2011-11-01 Introduction sécurisée

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IN2011/000753 WO2013065057A1 (fr) 2011-11-01 2011-11-01 Introduction sécurisée

Publications (1)

Publication Number Publication Date
WO2013065057A1 true WO2013065057A1 (fr) 2013-05-10

Family

ID=48191472

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2011/000753 WO2013065057A1 (fr) 2011-11-01 2011-11-01 Introduction sécurisée

Country Status (1)

Country Link
WO (1) WO2013065057A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003085090A (ja) * 2001-09-07 2003-03-20 Fuji Electric Co Ltd 情報共有システム
US20070008987A1 (en) * 2005-07-06 2007-01-11 Microsoft Corporation Capturing contacts via people near me
CN101052167A (zh) * 2007-02-14 2007-10-10 乔超 一种通信号码自动更新系统及其实现方法
CN101202621A (zh) * 2006-12-13 2008-06-18 联想(北京)有限公司 非接触设备间对数据进行安全验证的方法和系统
WO2011000608A1 (fr) * 2009-06-30 2011-01-06 Siemens Aktiengesellschaft Dispositifs et procédé pour établir et valider un certificat numérique

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003085090A (ja) * 2001-09-07 2003-03-20 Fuji Electric Co Ltd 情報共有システム
US20070008987A1 (en) * 2005-07-06 2007-01-11 Microsoft Corporation Capturing contacts via people near me
CN101202621A (zh) * 2006-12-13 2008-06-18 联想(北京)有限公司 非接触设备间对数据进行安全验证的方法和系统
CN101052167A (zh) * 2007-02-14 2007-10-10 乔超 一种通信号码自动更新系统及其实现方法
WO2011000608A1 (fr) * 2009-06-30 2011-01-06 Siemens Aktiengesellschaft Dispositifs et procédé pour établir et valider un certificat numérique

Similar Documents

Publication Publication Date Title
US10652018B2 (en) Methods and apparatus for providing attestation of information using a centralized or distributed ledger
US9698992B2 (en) Method for signing electronic documents with an analog-digital signature with additional verification
EP3343831B1 (fr) Procédé et appareil d'authentification d'identité
US20220239499A1 (en) System and method for high trust cloud digital signing
US7552322B2 (en) Using a portable security token to facilitate public key certification for devices in a network
US8433914B1 (en) Multi-channel transaction signing
US9166986B1 (en) Witnessing documents
JP2008312048A (ja) 情報端末の認証方法
WO2008030184A1 (fr) Systeme d'authentification perfectionne
TW201408030A (zh) 身份認證裝置及其方法
JPWO2007094165A1 (ja) 本人確認システムおよびプログラム、並びに、本人確認方法
CN106656505A (zh) 一种基于事件证书的移动终端电子签名系统及方法
JPWO2005024645A1 (ja) 情報処理サーバ及び情報処理方法
CN108833431B (zh) 一种密码重置的方法、装置、设备及存储介质
EP2083374A1 (fr) Procédé de signature de documents électroniques et procédé pour la vérification d'une signature électronique
KR20160123752A (ko) 스마트폰 화면 캡쳐 이미지 인증 기능을 가지는 스마트폰 및 스마트폰 화면 캡쳐 이미지 인증 방법
JP4611988B2 (ja) 端末装置
JP2006155547A (ja) 本人認証システム、端末装置、およびサーバ
KR102068041B1 (ko) 유저 바이오 데이터를 이용한 유저 인증 및 서명 장치와 방법
US20130090059A1 (en) Identity verification
KR20200139641A (ko) 제 3자 검증에 사용되는 신분 등록 및 액세스 제어 방법
Osho et al. Framework for an e-voting system applicable in developing economies
JP2011209833A (ja) ユーザ認証システム、ユーザ認証方法及びプログラム
WO2013065057A1 (fr) Introduction sécurisée
CN111179522A (zh) 自助设备程序安装方法、装置及系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11875065

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11875065

Country of ref document: EP

Kind code of ref document: A1