WO2016064362A1 - Encrypted messaging method over the smart cards - Google Patents

Encrypted messaging method over the smart cards Download PDF

Info

Publication number
WO2016064362A1
WO2016064362A1 PCT/TR2015/050135 TR2015050135W WO2016064362A1 WO 2016064362 A1 WO2016064362 A1 WO 2016064362A1 TR 2015050135 W TR2015050135 W TR 2015050135W WO 2016064362 A1 WO2016064362 A1 WO 2016064362A1
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
client
key
encrypted
session
Prior art date
Application number
PCT/TR2015/050135
Other languages
French (fr)
Inventor
Cengiz TOĞAY
Original Assignee
Netaş Telekomüni̇kasyon Anoni̇m Şi̇rketi̇
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netaş Telekomüni̇kasyon Anoni̇m Şi̇rketi̇ filed Critical Netaş Telekomüni̇kasyon Anoni̇m Şi̇rketi̇
Publication of WO2016064362A1 publication Critical patent/WO2016064362A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the client 1 (2.1 ) reads the key information of the smart card 2 (1 .2) belonging to the other user from the smart card 1 (1 .1 ).

Abstract

The invention is an encrypted messaging method which provides the messages formed to be transferred safely to the opposite user over the smart cards (1), characterized in transferring of the messages encrypted with the same session key between the client 1 (2.1) and the client 2 (2.2) by means of the server (3) until one of the parties terminates the session or the validity period of the session key expires upon the confirmation of the source with the key information of the smart card 1 (1.1) in the smart card 2 (1.2) and the interchange of the session key to be used during the session between the parties.

Description

ENCRYPTED MESSAGING METHOD OVER THE SMART CARDS
DESCRIPTION Technical Field
The invention relates to a method which provides transferring the messages formed safely to the opposite user over the smart cards. The invention especially relates to an encrypted messaging method which provides transferring the session-based key to the opposite user safely using the RSA based asymmetric cryptography method even on the unsecured networks over the smart cards used in the mobile devices.
State of the Art
Smart card is a plastic card which comprises therein a processor and/or a memory unit, and can have a process power required for different applications upon matching with a reader. Thanks to being capable of providing controlled access, it provides the personal or commercial information to be seen by the relevant persons. Data transmission is a technology which is being diversified and used more commonly day by day due to the safety of the data being transferred and the ease of transferring. Today, depending on the use of the mobile devices, access over the unsecured networks becomes widespread. Accordingly, obtaining the communication content is facilitated. This gives rise to the safe communication need. Although the use of the smart card in the mobile devices has not become widespread yet, it can be used in the security applications. In the state of the art, the message communication between the users is achieved by encrypting each message with the asymmetric cryptography methods. However, this method brings about the performance problems. In addition, the known intervention methods such as certificate attempts cause the content of the communication between the persons to be obtained. The keys used in the asymmetric cryptography can be stored by the devices or presented in the certificates signed by the authorized institutions. However, the fact that someone else can act as the real user or that the certificate or source certificates can be replaced in the devices or similar attempts can be made with the certificate attempts bring about the requirement to keep the public keys in safer environments.
In case the users communicate directly, the user learn the IP addresses of each other (Internet Protocol Address), which results in security gaps. The application No. WO200904180 encountered as a result of the technical researches relates to instant and safe messaging. In the method mentioned in the document, smart cards are utilized for authorizing the clients in the server. Thus, the users available in the clients on the server are confirmed. The messages of the users authorized over the TLS (Transport Layer Security) are first received by the server and then transmitted to the user authorized again over the TLS. As a result of this, the server can look at the content of the messages. However, authorization of the clients on the server is not mentioned in said application. The system comprises the signaling activities required for sending the messages by encrypting in a way to provide only the end users to see the content of the messages there between after the clients are confirmed to the server in any way. Moreover, the fact that confirmation of the server is based on the control of the certificate during TLS in the method presented in the patent No. WO200904180 creates an environment open to the certificate attempts and a risk of obtaining the content of the message by means of a false server. As seen, said system is related to an end-to-end safe messaging, however; an embodiment which will solve the aforementioned disadvantages is not mentioned.
Another application, the patent No. CN101330685 encountered as a result of the technical researches relates to forwarding encrypted short message using the smart card technology independently of the SIM card. In said method of the document, encrypting the content of the short message by formulating is disclosed. Said embodiment does not have the novelty aiming to solve the aforementioned performance problems or other drawbacks.
To conclude, due to the aforementioned drawbacks and the inadequacy of the existing solutions regarding the subject, a development is deemed necessary to be made in the related technical field. Objects of the Invention
Developed by being inspired by the present conditions, the present invention aims to eliminate the above mentioned drawbacks.
The primary object of the invention is to provide an encrypted message based communication even on the unsecured networks. With the method according to the invention, the session-based key can be transferred to the opposite user safely using the RSA (public-key encryption method developed by Ron Rivest, Adi Shamir and Leonard Adleman) based asymmetric cryptography method. The messages can be transferred with the key sent later using the symmetric cryptography methods such as AES (Advanced Encryption Standard).
Asymmetric key pairs are stored on the smart cards. Each card comprises the public key information of the other card to be communicated and its own private key. The number of the keys to be used in the communication depends on the capacity of the card. In addition to this perfect safe solution, in order to increase the capacity the hash information of the other keys can also be stored. Thereby, while a session is being opened, the parties first request the public keys of each other. Confirmation is made when the hash of the received public key is the same as the hash value of the card. In this manner, safe communication can be established with more users.
An object of the invention is to provide the transmission of the messages subject of the communication between the clients thanks to the servers between the parties and to protect the IP information of the users. The server forms each message again and sends the same to the other client. Thereby, the parties cannot see the IP information of each other.
In this method, the smart cards not only provide the users to connect to the system but the symmetric keys specific to the session are transferred safely, as well.
Another object of the invention is to provide the private key to be inaccessible by the devices and thereby to prevent the backward communication. Moreover, encrypted communication of the users independently of the device is provided. To achieve the aforementioned objects, the invention is an encrypted messaging method which provides the messages formed to be transferred safely to the opposite user over the smart cards, wherein it comprises the following process steps so as to provide transferring of the messages encrypted with the same session key between the client 1 and the client 2 by means of the server until one of the parties terminates the session or the validity period of the session key expires upon, the confirmation of the source with the key information of the smart card 1 in the smart card 2 and the interchange of the session key to be used during the session between the parties;
- generating a random session key by the client 1 in the smart card 1 ,
- reading, by the client 1 , the key information of the smart card 2 from the smart card 1 ,
- encrypting the generated session key with the key information of the smart card 2, - sending the encrypted session key to the smart card 1 so as to be signed,
- sending, by the smart card 1 , the encrypted session key to the client 1 by signing the same with its own private key,
- sending, by the client 1 , the message comprising the session key encrypted with the key information of the smart card 2 and signed with the private key by the smart card 1 , to the server so as to be directed with the username information of the client 2,
- sending, by the server, said message to the client 2,
- sending, by the client 2, said message to the smart card 2 so as to be decrypted with the private key,
- decrypting, by the smart card 2, said message and sending the same to the client 2.
Moreover, said key information is the public key information of the smart cards or public key hash information of the smart cards. Said clients, however, are mobile applications.
The structural and characteristic features and all the advantages of the present invention will be more clearly understood thanks to the figures below and the detailed description written with reference to those figures. Therefore, the evaluation needs to be done by taking said figures and the detailed description into consideration.
Figures for a Better Understanding of the Invention
Figure 1 is the view comprising the elements of the method according to the invention.
The drawings do not need to be scaled and the details that are not necessary for understanding the present invention may have been ignored. In addition, the members that are at least identical to a great extent or at least have identical functions to a great extent are referred with the same number. Description of the Part References
1 . Smart card
1 .1 . Smart card 1
1 .2. Smart card 2
2. Client
2.1 . Client 1
2.2. Client 2
3. Server
Detailed Description of the Invention
In this detailed description, the preferred embodiments of the invention are described only for a better understanding of the subject without any limiting effect.
The elements of the encrypted messaging method over the smart cards (1 ) are as follows; The smart cards (1 ) which perform the asymmetric cryptography method and comprise the public key or their hash information; clients (2) which are mobile applications developed in a device such as Android, IOS, Windows, MacOS; server (3) which provides the communication between the client 1 (2.1 ) and the client 2 (2.2) by forming each message again and sending the same to the other client (2).
The process steps of the encrypted messaging method over the smart cards (1 ) are as follows;
- If the one of the users in the clients (2), for instance in the client 1 (2.1 ), wants to message with the other, first a random session key is generated in the smart card 1 (1 .1 ) by the client 1 (2.1 ).
- The client 1 (2.1 ) reads the key information of the smart card 2 (1 .2) belonging to the other user from the smart card 1 (1 .1 ).
- The generated session key is encrypted with the key information of the smart card 2 (1 .2) and sent to the smart card 1 (1 .1 ) so as to be signed.
- The smart card 1 (1 .1 ) sends the encrypted session key to the client 1 (2.1 ) by signing the same with its own private key.
The client 1 (2.1 ) sends the message comprising the session key encrypted with the key information of the smart card 2 (1 .2) and signed with the private key by the smart card 1 (1 .1 ) , to the server (3) so as to be directed with the username information of the client 2
(2.2) .
- The server (3) sends said message to the client 2 (2.2).
- The client 2 (2.2) sends the message to the smart card 2 (1 .2) so as to be decrypted with the private key.
- The smart card 2 (1 .2) decrypts the message and sends the same to the client 2 (2.2).
The confirmation of the source is made with the key information of the smart card 1 (1 .1 ) in the smart card 2 (1 .2) and the interchange of the session key to be used during the session between the parties is realized.
- The messages encrypted with the same session key are transferred between the client 1 (2.1 ) and the client 2 (2.2) by means of the server (3) until one of the parties terminates the session or the validity period of the session key expires.

Claims

An encrypted messaging method which provides the messages formed to be transferred safely to the opposite user over the smart cards (1 ), characterized in comprising the following process steps so as to provide transferring of the messages encrypted with the same session key between the client 1 (2.1 ) and the client 2 (2.2) by means of the server (3) until one of the parties terminates the session or the validity period of the session key expires upon the confirmation of the source with the key information of the smart card 1 (1 .1 ) in the smart card 2 (1 .2) and the interchange of the session key to be used during the session between the parties;
- generating a random session key by the client 1 (2.1 ) in the smart card 1 (1 .1 ),
- reading, by the client 1 (2.1 ), the key information of the smart card 2 (1 .2) from the smart card 1 (1 .1 ),
- encrypting the generated session key with the key information of the smart card 2 (1 -2),
- sending the encrypted session key to the smart card 1 (1 .1 ) so as to be signed,
- sending, by the smart card 1 (1 .1 ), the encrypted session key to the client 1 (2.1 ) by signing the same with its own private key,
- sending, by the client 1 (2.1 ), the message comprising the session key encrypted with the key information of the smart card 2 (1 .2) and signed with the private key by the smart card 1 (1 .1 ), to the server (3) so as to be directed with the username information of the client 2 (2.2),
- sending, by the server (3), said message to the client 2 (2.2),
- sending, by the client 2 (2.2), said message to the smart card 2 (1 .2) so as to be decrypted with the private key,
- decrypting, by the smart card 2 (1 .2), said message and sending the same to the client 2 (2.2).
The encrypted messaging method as in Claim 1 , characterized in that said key information is the public key information of the smart cards (1 ).
The encrypted messaging method as in Claim 1 , characterized in that said key information is the public key hash information of the smart cards (1 ).
The encrypted messaging method as in Claim 1 , characterized in that said clients (2) are mobile applications.
PCT/TR2015/050135 2014-10-20 2015-10-12 Encrypted messaging method over the smart cards WO2016064362A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR201412291 2014-10-20
TR2014/12291 2014-10-20

Publications (1)

Publication Number Publication Date
WO2016064362A1 true WO2016064362A1 (en) 2016-04-28

Family

ID=55272563

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2015/050135 WO2016064362A1 (en) 2014-10-20 2015-10-12 Encrypted messaging method over the smart cards

Country Status (1)

Country Link
WO (1) WO2016064362A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030169884A1 (en) * 2000-07-28 2003-09-11 Pierre Girard Method for making secure a session with data processing means under the control of several entities
CN101330685A (en) 2008-05-19 2008-12-24 深圳市中兴集成电路设计有限责任公司 Method for ciphering and transmitting short message
WO2009004180A2 (en) 2007-06-12 2009-01-08 Ifp Two step hydroprocessing of a load from a renewable source using a first metal catalyst and a second sulphured catalyst

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030169884A1 (en) * 2000-07-28 2003-09-11 Pierre Girard Method for making secure a session with data processing means under the control of several entities
WO2009004180A2 (en) 2007-06-12 2009-01-08 Ifp Two step hydroprocessing of a load from a renewable source using a first metal catalyst and a second sulphured catalyst
CN101330685A (en) 2008-05-19 2008-12-24 深圳市中兴集成电路设计有限责任公司 Method for ciphering and transmitting short message

Similar Documents

Publication Publication Date Title
JP7119040B2 (en) Data transmission method, device and system
US10785019B2 (en) Data transmission method and apparatus
US11101999B2 (en) Two-way handshake for key establishment for secure communications
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
US10541814B2 (en) End-to-end encryption during a secure communication session
US11502816B2 (en) Generating new encryption keys during a secure communication session
US9716591B2 (en) Method for setting up a secure connection between clients
CN104219041A (en) Data transmission encryption method applicable for mobile internet
EP3476078B1 (en) Systems and methods for authenticating communications using a single message exchange and symmetric key
US10778432B2 (en) End-to-end encryption during a secure communication session
KR102325725B1 (en) Digital certificate management method and device
JP6548172B2 (en) Terminal authentication system, server device, and terminal authentication method
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN103036880A (en) Network information transmission method, transmission equipment and transmission system
CN103117851A (en) Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI)
CN111914291A (en) Message processing method, device, equipment and storage medium
CA3166510A1 (en) Sharing encrypted items with participants verification
US10218682B1 (en) Secure network protocol cryptographic processing
CN107409043B (en) Distributed processing of products based on centrally encrypted stored data
US10972912B1 (en) Dynamic establishment of trust between locally connected devices
US9876774B2 (en) Communication security system and method
Agrawal et al. Design of hybrid cryptography algorithm for secure communication
JP2009065226A (en) Authenticated key exchange system, authenticated key exchange method and program
CN105791301A (en) Key distribution management method with information and key separated for multiple user groups
WO2016064362A1 (en) Encrypted messaging method over the smart cards

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15830908

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15830908

Country of ref document: EP

Kind code of ref document: A1