WO2018232442A1 - Method and system for providing secure access to secret information - Google Patents

Method and system for providing secure access to secret information Download PDF

Info

Publication number
WO2018232442A1
WO2018232442A1 PCT/AU2018/050431 AU2018050431W WO2018232442A1 WO 2018232442 A1 WO2018232442 A1 WO 2018232442A1 AU 2018050431 W AU2018050431 W AU 2018050431W WO 2018232442 A1 WO2018232442 A1 WO 2018232442A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
modifying
string
modifying string
server
Prior art date
Application number
PCT/AU2018/050431
Other languages
French (fr)
Inventor
Blair Leslie Reid
Original Assignee
Australian Postal Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2017902439A external-priority patent/AU2017902439A0/en
Application filed by Australian Postal Corporation filed Critical Australian Postal Corporation
Priority to AU2018286642A priority Critical patent/AU2018286642A1/en
Publication of WO2018232442A1 publication Critical patent/WO2018232442A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the present invention generally relates to a method and system for providing secure access to secret information, such as encryption keys in a computer system, and more particularly, for enhancing the security of the secret information.
  • an encryption key is used to encrypt the confidential information before the information is stored or transmitted, while the same or a corresponding key is used to subsequently decrypt the information for use or display.
  • an approach can be seen as simply shifting the burden of security, as the encryption key itself becomes secret information which in turn must be protected.
  • One way of protecting secret information is to ensure that access to secret information in a computer system may only be granted to a user of that computer system upon the entry by that user of information that is only known to that user.
  • Examples of such information include alphanumeric strings such as Personal Identification Numbers (PINs) and passwords.
  • PINs Personal Identification Numbers
  • passwords passwords.
  • For the user to access the secret information they must either remember the alphanumeric string, or record it and store it in a location for later retrieval. The latter approach again shifts the burden of security, as the storage location will then need to be secured. Accordingly, it is generally considered better security practice for the user to memorise the alphanumeric string.
  • the strings are generally quite short. Many PINs are only 4 or 6 digits long. Such short strings have the drawback of being vulnerable to cryptanalytic attacks, for example, a brute-force attack. In a brute-force attack, an attacker tries many passwords randomly or systematically, in an exhaustive fashion, until the correct one is found.
  • the improvement in computing speed of hardware devices means that an attacker can try many alternative strings in a short space of time, increasing the vulnerability of short alphanumeric strings used as keys to unlock secret information.
  • the present invention provides a computer-implemented method executed at a terminal computing device, the method including the steps of:
  • the present invention provides a computer-implemented method, the method including the steps of:
  • the present invention provides a computer-implemented method, the method including the steps of:
  • the modified code being generated based on a user-entered code and a first modifying string, and having a length greater than the code before modification;
  • the present invention provides a computer-implemented method, the method including the steps of:
  • the modified code being generated based on a user-entered code and a first modifying string, and having a length greater than the code before modification;
  • the present invention provides a system for providing secure access to secret information, the system including one or more electronic processing devices configured to: receive input of a code from a user;
  • the present invention provides a system for providing secure access to secret information, the system including one or more electronic processing devices configured to:
  • FIG. 1 is a schematic diagram of an exemplary system for providing secure access to secret information
  • FIG. 2 is a schematic diagram showing an exemplary encryption process
  • Fig. 3 is an exemplary workflow for encrypting a secret executed by a terminal computing devices shown in Fig. 1;
  • Fig. 4 is an exemplary workflow for encrypting the secret executed by a server shown in Fig. 1;
  • FIG. 5 is a schematic diagram showing an exemplary decryption process
  • Fig. 6 is an exemplary workflow for decrypting a secret executed by a terminal computing device shown in Fig. 1;
  • Fig. 7 is an exemplary workflow for decrypting the secret executed by a server shown in Fig. 1;
  • Fig. 8 is an exemplary encryption process executed by the system shown in Fig. 1;
  • Fig. 9 is an exemplary decryption process executed by the system shown in Fig. 1;
  • Fig. 10 is an example of a PIN setting process implemented through an Android application (app);
  • Fig. 11 is an example of a PIN verification process implemented through an Android application (app);
  • Fig. 12 is an example of a PIN changing process implemented through an Android application (app);
  • Fig. 13 is a schematic diagram of an example of a server shown in Fig. 1; and [0028] Fig. 14 is a schematic diagram of a terminal computing device shown in Fig. 1.
  • the system 100 includes a server 110 and at least one terminal computing device 120, the terminal computing device 120 being used by a user 130.
  • the server 110 and the terminal computing device 120 are in communication with one another via at least one communication network 140.
  • the server 110 is also in communication with at least one local or remote data store 150.
  • the communication network 140 between the server 110 and the terminal computing device 120 may be direct communication, or indirect communication through one or more intermediary electronic processing devices, including e.g., a gateway server controlling or managing the data communication between the server 110 and the terminal computing device 120.
  • a gateway server controlling or managing the data communication between the server 110 and the terminal computing device 120.
  • the terminal computing device 120 is in the form of a mobile telephone handset, and preferably is a smart phone on which one or more mobile applications can be installed and executed.
  • the terminal computing device 120 may alternatively be any other appropriate terminal electronic device, such as a portable computer, a tablet computer, a desktop personal computer or the like. Outline of the encryption process
  • the user 130 inputs a code to the terminal computing device 120.
  • the terminal computing device 120 subsequently encrypts a secret, the encryption being based, at least in part on the code input from the user..
  • the code is a piece of information for user authentication to prove the user's identity or authority for accessing a resource, and is to be kept secret from those not allowed to access the resource.
  • the code may have any one of the following exemplary forms:
  • a password including a string of characters, e.g., a series of letters, a series of numbers, or a combination of alphanumeric characters;
  • PIN personal identification number
  • a passphrase including a sequence of words or other text, which may be longer than a password
  • a lock pattern e.g., a pattern on a grid of 9 circles. Such a pattern is subsequently converted into an alphanumeric string.
  • the secret may include any suitable type of confidential or secret information.
  • the secret may be an encryption key used for securing the communication between the terminal computing device 120 and the server 110, or the communication between the terminal computing device 120 and another device or server (not shown) that is different from the server 110.
  • the encryption key may be used to encrypt the confidential information before the information is transmitted.
  • the secret is a private key used in an asymmetric key encryption algorithm.
  • a pair of keys (which may also be referred to as a "key-pair") are used, which include a public key and a private key.
  • the public key may be used for encryption or signature verification, while the private key may be used for decryption or for the generation of a digital signature.
  • the private key is used for decrypting identity data of the user 130.
  • the terminal computing device 120 and the server 110 may form at least part of a digital identification verification system, in which identity data associated with the user 130 is encrypted using a public key, the encrypted identity data being stored at the server 110 or at the terminal computing device 120.
  • the server 110 may transmit the encrypted identity data of the user to the terminal computing device 120, requesting the terminal computing device 120 to decrypt the identity data using the private key stored at the terminal computing device 120. This may ensure that the use of the user's identity data is always authorised by the terminal computing device 120, which allows the user 130 to monitor and control the use of their identity data through the terminal computing device 120.
  • a necessary component for accessing the private key may be stored at the server 110, this information being sent to the terminal computing device 120 on request, enabling terminal computing device 120 to subsequently access the private key and then decrypt the identity data of the user stored at the terminal computing device 120.
  • the private key may be used for encrypting any other suitable type of confidential information.
  • the secret may be an encryption key used in a symmetric key encryption algorithm.
  • the decryption key used for decryption is the same as the encryption key.
  • Fig. 2 is a schematic diagram showing an exemplary encryption process 200.
  • the user 130 inputs a code (such as a personal identification number (PIN)) into the terminal computing device 120.
  • a code such as a personal identification number (PIN)
  • the terminal computing device 120 generates a first modifying string.
  • the first modifying string may be a random sequence, e.g., a random series of letters, a random series of numbers, or a random combination of alphanumeric characters.
  • the first modifying string may have a predetermined length.
  • the first modifying string may be a random sequence of 64 bits, 128 bits, or 256 bits.
  • the first modifying string may also be referred to as a "PIN encryption key” or "PEK”.
  • the first modifying string is used to modify the code (e.g., PIN) to generate, at the terminal computing device 120, a modified code (which may also be referred to as the "XPIN").
  • the modified code has a length greater than the code before modification, and thus is more difficult to be cracked by a brute-force attack.
  • the first modifying string (PEK) used for modifying the code is stored by the terminal computing device 120 for use in the decryption process.
  • the first modifying string (PEK) may be stored at a storage location accessible by the terminal computing device 120, e.g., an internal or external data store of the terminal computing device 120.
  • the terminal computing device 120 After generating the modified code (XPIN), the terminal computing device 120 sends the modified code (XPIN) to the server 110. In return, the server 110 generates a second modifying string. In alternative embodiments, the terminal computing device 120 may generate the second modifying string and send it to the server 110 together with the modified code (XPIN).
  • the second modifying string may be a random sequence, e.g., a random series of letters, a random series of numbers, or a random combination of alphanumeric characters.
  • the second modifying string may have a predetermined length.
  • the second modifying string may be a random sequence of 64 bits, 128 bits, or 256 bits.
  • the length of the second modifying string may be the same as the first modifying string, or different from the modifying string.
  • the second modifying string may also be referred to as the "Private Key Encryption Secret" or "PKS”.
  • PPS Primaryvate Key Encryption Secret
  • the generated second modifying string (PKS) is stored by the server 110 for use in the decryption process.
  • the second modifying string (PKS) may be stored at a storage location accessible by the server 110, e.g., the local or remote data store 150.
  • the server 110 also stores the modified code (XPIN), e.g., in the local or remote data store 150.
  • the server 110 sends the generated second modifying string (PKS) to the terminal computing device 120.
  • the first modifying string (PEK) and the second modifying string (PKS) generated by the terminal computing device 120 or received from the server 110 are used together to generate an encryption key to be used for encrypting the secret.
  • the encryption key may also be referred to as the "Private Key Encryption Key” or "PKK”.
  • the encryption key (PKK) may be generated based also on the modified code (XPIN), or the code (PIN) (modification by the modified code (XPIN) being shown in dotted lines in Figure 2).
  • the terminal computing device 120 then uses the encryption key (PKK) to encrypt the secret, as shown by block 230.
  • PKI encryption key
  • the code e.g., PIN
  • the terminal computing device 120 modifies the code (XPIN), which has a length greater than the code before modification.
  • this is performed by using a key stretching technique, which makes the possibly weak code more secure against a brute-force attack by increasing the time it takes to test each possible code, as the original code (e.g., a PIN, passwords or passphrases) created by the user 130 may be short or predictable enough to allow cracking by brute-force attacks.
  • the modified (stretched) code generated using the key stretching technique may make such attacks more difficult.
  • an iterative key derivation algorithm may be used to stretch the code (e.g., PIN) into the modified code based on the code and the first modifying string (PEK).
  • code e.g., PIN
  • PEK first modifying string
  • DK is the modified code (which may also be referred to as the "derived key”);
  • KDF is the key derivation function;
  • Key is the code (which may also be referred to as the "original key”);
  • Salt is a random number which acts as cryptographic salt, e.g., the first modifying string (PEK) in the embodiments described herein; and
  • the iterative key derivation algorithm used for modifying the code may be Password-Based Key Derivation Function 2 (PBKDF2).
  • PBKDF2 Password-Based Key Derivation Function 2
  • the PBKDF2 algorithm may be expressed as:
  • DK PBKDF2(PRF, Key, Salt, Iterations, dkLen) wherein:
  • PRF is a pseudo-random function, which may include, e.g., a cryptographic hash function
  • Key is the code (which may also be referred to as the "original key”);
  • Salt is the cryptographic salt e.g., the first modifying string (PEK) in the embodiments described herein;
  • the number of iterations may be 64,000, and the length of modified code may be 128 bits.
  • the modified code may have a length significantly greater than the length of the code before modification, e.g., greater than 50 times the length of the code before modification.
  • the code may be a 6 digit PIN, which may be stretched to a modified code of 32 bytes or more.
  • the modified code (XPIN) may be of any other suitable length, e.g., 8 bytes (64 bits), 128 bits, or 256 bits. Stretching the code into the modified code with greater length and higher entropy reduces the probability of the modified code (XPIN) being cracked by brute-force attack.
  • the modified code is further encoded into a sequence of Basel6 or Base64 characters, e.g., 44 Base64 characters or 62 basel6 characters.
  • the iterative key derivation algorithm for modifying the code may be any other suitable iterative key derivation algorithm, e.g., bcrypt, scrypt, Argon2, or Password-Based Key Derivation Function 1 (PBKDF1).
  • PBKDF1 Password-Based Key Derivation Function 1
  • the modified code (XPIN) may be generated using any suitable cryptographic hash function, e.g. SHA-2 256, SHA-2 512, or SHA-3.
  • SHA-2 256 may still make it difficult for an attacker to invert the hash by brute-force attack, while decreasing the time necessary to generate the encryption key (PKK).
  • PBKDF2 may allow greater flexibility in generating a modified code (XPIN) of a desired length.
  • the modified code (XPIN) generated using the key derivation algorithm may further be modified before being sent to the server 110.
  • the modified code (XPIN) may be further encrypted before being transmitted, so as to establish a more secure data communication session with the server 110. This may improve the security of the system against man-in-the-middle attack (MITM).
  • MITM man-in-the-middle attack
  • TLS Transport Layer Security
  • Alternative or additional controls may be implemented to thwart a passive attacker who can sniff network traffic, e.g., by using a zero -knowledge proof method.
  • the encryption key (PKK) may be generated (block 220) based on the modified code (XPIN), the first modifying string (PEK), and the second modifying string (PKS).
  • this is performed by using a key stretching technique, by stretching the code into modified code which is more difficult to crack using a brute-force attack.
  • DK KDF (Key, Salt, Iterations).
  • PBKDF2 Password-Based Key Derivation Function 2
  • the "Key” may be a suitable combination of the modified code (XPIN) and the first modifying string (PEK), for example, a combination (e.g., concatenation) of the two strings of the modified code (XPIN) and the first modifying string (PEK).
  • the "Salt" in the KDF or the PBKDF2 algorithm may be the second modifying string (PKS).
  • the "Key” may be a suitable combination (e.g., a concatenation) of the modified code (XPIN) and the second modifying string (PKS), while the "Salt” in the KDF or the PBKDF2 algorithm is the first modifying string (PEK).
  • the "Key” may be a suitable combination (e.g., a concatenation) of the first modifying string (PEK) and the second modifying string (PKS), while the "Salt” in the KDF or the PBKDF2 algorithm is the modified code (XPIN).
  • the iterative key derivation algorithm for generating the encryption key may be any other suitable iterative key derivation algorithm, e.g., bcrypt, scrypt, Argon2, or Password-Based Key Derivation Function 1 (PBKDF1).
  • PBKDF1 Password-Based Key Derivation Function 1
  • the encryption key (PKK) may be generated using any suitable cryptographic hash function, e.g. SHA-2 256, SHA-2 512, or SHA-3.
  • SHA-2 256 may still make it difficult for an attacker to invert the hash by brute-force attack, while decreasing the time required to generate the encryption key (PKK).
  • PBKDF2 may allow greater flexibility in generating an encryption key (PKK) of a desired length.
  • the encryption key (PKK) may be generated based on the code (e.g., PIN) together with the first modifying string (PEK) and the second modifying string (PKS).
  • PIN the code
  • PES the first modifying string
  • PES the second modifying string
  • the encryption key (PKK) may be generated based on the first modifying string (PEK) and the second modifying string (PKS), without using the code (e.g., PIN) or the modified code (XPIN).
  • PIN code
  • XPIN modified code
  • the first modifying string (PEK) may only be stored at the terminal computing device 120
  • the second modifying string (PKS) may only be stored at the server 110, using both of them to generate the encryption key (PKK) may ensure that the generated encryption key (PKK) is secure and robust against potential attacks.
  • the secret may be encrypted using the encryption key (PKK) generated based on the modified code (XPIN), the first modifying string (PEK) and the second modifying string (PKS).
  • PKI encryption key
  • XPIN modified code
  • PEK first modifying string
  • PES second modifying string
  • the secret may be encrypted using the first modifying string (PEK) and the second modifying string (PKS), without using the modified code (XPIN).
  • PEK first modifying string
  • PPS second modifying string
  • XPIN modified code
  • the encryption key (PKK) generated based on the modified code (XPIN) may enhance the security of the encrypted secret against potential attacks.
  • the first modifying string (PEK) and second modifying string (PKS) remain the same in the secret encryption and decryption processes.
  • the first modifying string (PEK) is stored at the terminal computing device 120.
  • the first modifying string (PEK) may be stored in a secure storage location of the terminal computing device 120, e.g., in a keychain file of an iOS or macOS device.
  • the second modifying string (PKS) is stored at the server 110.
  • the secret is the private key used for encrypting digital identification information associated with the user 130
  • the first modifying string (PEK) and second modifying string (PKS) may remain the same over the lifetime of the association between the terminal computing device 120 and the digital identification information of the user.
  • one or more groups of digital identification information of the user may be associated with a digital user account, in which case the first modifying string (PEK) and second modifying string (PKS) may remain the same over the lifetime of the association between the terminal computing device 120 and the digital user account.
  • PEK first modifying string
  • PES second modifying string
  • the first modifying string (PEK) and second modifying string (PKS) may be updated when the user changes an existing PIN or resets a PIN.
  • the second modifying string (PKS) is generated by the server 110 and sent to the terminal computing device 120 for the generation of the encryption key (PKK).
  • the second modifying string (PKS) may be generated by the terminal computing device 120, and subsequently sent to the server 110 for storage.
  • the second modifying string (PKS) that has been used for generating the encryption key (PKK) and has been sent to the server 110 for storage is then discarded by the terminal computing device 120, which may ensure that in the decryption process the second modifying string (PKS) can only be obtained from the server 110.
  • the security of the encryption mechanism may be enhanced.
  • the modified code (XPIN) is stored by the server 110, e.g., in the local or remote data store 150.
  • the modified code (XPIN) is also stored by the terminal computing device 120, which may allow a faster access to the modified code (XPIN) when decrypting the encrypted secret.
  • the terminal computing device 120 may provide a biometric authentication function, e.g. the fingerprint recognition feature ("Touch ID") provided by iPhone 5S, the iPad Air 2 and the MacBook Pro, and the fingerprint scanning feature provided by some Android 6.0 devices.
  • the modified code (XPIN) may be stored in a secure storage location of the terminal computing device 120, accessible only after authentication of a user using a biometric authentication mechanism, such as fingerprint authentication.
  • the biometric authentication mechanism may alternatively use any other suitable form of biometric characteristics, e.g., palm veins, face recognition, palm print, hand geometry, iris recognition, or retina scanning.
  • biometric characteristics e.g., palm veins, face recognition, palm print, hand geometry, iris recognition, or retina scanning.
  • the modified code may be encrypted using a modified code encryption key (XPINK), and the encrypted modified code may be stored in the terminal computing device 120.
  • XPINK modified code encryption key
  • the modified code encryption key may be a transient key, which may further be protected using the biometric authentication mechanism.
  • the modified code encryption key may be a public encryption key of a key-pair, e.g., a public key generated and managed by a mobile operation system (e.g., Android).
  • a mobile operation system e.g., Android
  • the modified code encryption key may then be stored in a secured data store of the terminal computing device 120, e.g., Keystore of an Android device.
  • the modified code may be stored directly in a secured data store of the terminal computing device 120, e.g., an iOS KeyChain of an iOS device.
  • a time restriction may be provided for the storage of the modified code (XPIN).
  • the stored modified code (XPIN) may be discarded after a predetermined period of time, e.g., 1 mins, 3 mins or 5 mins.
  • the user may be required to re-input the code (e.g., PIN) to allow decryption of the encrypted secret.
  • This arrangement may improve the security of the encryption and decryption mechanism.
  • terminal computing device 120 receives input of a code (PIN) from a user 130.
  • PIN a code
  • the terminal computing device Upon receiving the input of the code (PIN), the terminal computing device
  • PEK 120 generates a first modifying string (PEK), and stores the first modifying string (PEK) in an internal or external data store (Step 320).
  • terminal computing device Using the first modifying string (PEK), at step 330, terminal computing device
  • terminal computing device 120 sends the modified code (XPIN) to the server 110.
  • the terminal computing device 120 obtains a second modifying string (PKS).
  • the second modifying string (PKS) may be generated by the terminal computing device 120 locally, or generated by and received from the server 110.
  • the terminal computing device 120 Based on at least the first modifying string (PEK), and the second modifying string (PKS), the terminal computing device 120 generates an encryption key (PKK) at step 360.
  • the encryption key (PKK) may be generated further based on the modified code (XPIN) or the code (PIN).
  • the terminal computing device 120 encrypts the secret at step 370.
  • the server 110 receives a modified code (XPIN) from the terminal computing device 120, the modified code (XPIN) being generated based on the user-entered code (PIN) and a first modifying string (PEK), and having a length greater than the code (PIN) before modification.
  • XPIN modified code
  • PEK first modifying string
  • the server 110 stores the modified code (XPIN).
  • the server 110 stores a second modifying string (PKS).
  • PPS second modifying string
  • the second modifying string (PKS) may be generated by the terminal computing device 120 and sent to the server 110, or generated locally by the server 110.
  • step 440 the server 100 sends the second modifying string (PKS) to the terminal computing device 120.
  • PPS second modifying string
  • Fig. 4 after the storage of the modified code (XPIN), it may alternatively be performed before the storage of the modified code (XPIN), or in parallel with the storage of the modified code (XPIN).
  • Fig. 5 is a schematic diagram showing an example 500 of the decryption process.
  • the user 130 in order to decrypt the encrypted secret, the user 130 is required to input to the terminal computing device 120 the same code (e.g., PIN) used in the encryption of the secret.
  • the same code e.g., PIN
  • the terminal computing device 120 Upon receiving the code, the terminal computing device 120 retrieves the stored first modifying string (PEK), e.g., from an internal or external data store of the terminal computing device 120.
  • PEK stored first modifying string
  • the first modifying string (PEK) is used to modifying the code (e.g., PIN) to generate, at the terminal computing device 120, the modified code (XPIN) which has a length greater than the code before modification and thus is more difficult to be cracked by a brute-force attack.
  • the code e.g., PIN
  • XPIN modified code
  • the server 110 retrieves the stored modified code (XPIN), e.g., from the local or remote data store 150, and compares the received modified code (XPIN) with the modified code (XPIN) retrieved from the data store, to verify whether the modified code (XPIN) received from the terminal computing device 120 is the correct modified code (XPIN).
  • XPIN stored modified code
  • the server 110 retrieves the second modifying string (PKS), e.g., from the local or remote data store 150, and sends the retrieved second modifying string (PKS) back to the terminal computing device 120.
  • PPS second modifying string
  • the terminal computing device 120 regenerates (block 520) the encryption key (PKK) which has previously been used for encrypting the secret.
  • the encryption key (PKK) may be generated further based on the modified code (XPIN) or the code (PIN).
  • the terminal computing device 120 then uses the encryption key (PKK) to decrypt the encrypted secret, as shown by block 530.
  • PKI encryption key
  • the terminal computing device 120 receives input of a code (e.g.,
  • the terminal computing device 120 retrieves a stored first modifying string (PEK), e.g., from an internal or external data store of the terminal computing device 120.
  • PEK stored first modifying string
  • the terminal computing device 120 modifies the code (PIN) to generate a modified code (XPIN) having a length greater than the code before modification.
  • the modified code (XPIN) is then sent by the terminal computing device 120 to the server 110 at step 640.
  • the terminal computing device 120 receives a second modifying string (PKS) from the server 110.
  • PPS second modifying string
  • the terminal computing device 120 Based on at least the first modifying string (PEK) and the second modifying string (PKS), the terminal computing device 120 generates an encryption key (PKK) at step 660.
  • PKI first modifying string
  • PES second modifying string
  • the terminal computing device 120 decrypts the encrypted secret at step 670.
  • the server 110 receives a modified code (XPIN) from the terminal computing device 120, the modified code (XPIN) being generated based on a user-entered code (PIN) and a first modifying string (PEK), and having a length greater than the code (PIN) before modification.
  • XPIN modified code
  • PIN user-entered code
  • PEK first modifying string
  • the server 110 retrieves a stored modified code (XPIN) associated with the user or the terminal computing device 120, e.g., from the local or remote data store 150.
  • XPIN stored modified code
  • the server 110 compares the received modified code (XPIN) with the retrieved modified code (XPIN) at step 730.
  • step 740 If at step 740, the received modified code (XPIN) matches the retrieved modified code (XPIN), the server 110 proceeds to step 750 to retrieve the stored second modifying string (PKS), and sends the second modifying string (PKS) to the terminal computing device at step 760.
  • PPS stored second modifying string
  • the server 110 counts the number of times the received modified code (XPIN) does not match the stored modified code (XPIN), e.g., using a verification failure counter. This number may be stored as a verification failure value.
  • step 770 if the received modified code (XPIN) does not match the stored modified code (XPIN), the server 110 may increment the stored verification failure value.
  • the server 110 may trigger an alert or any other suitable response, e.g., by temporarily locking the user account associated with the user 130 or the terminal computing device 120, and may send a warning message to the terminal computing device 120.
  • Using a verification failure counter at the server 110 may prevent a potential attacker from decrypting the secret by trying a large number of alternative codes, thereby improving the security of the system.
  • the check of verification failure value is performed after the comparison of the received modified code (XPIN) with the retrieved modified code (XPIN), it may alternatively be performed before the comparison step.
  • a number of advantages may be provided by transmitting and comparing the modified code (XPIN) rather than the original code (e.g., PIN) inputted by the user 130.
  • the method and system for providing secure access to secret information described herein may effectively enhance the security of the secret by providing an encryption and decryption mechanism relying on the participation of both the terminal computing device 120 and the server 110.
  • This configuration may reduce or prevent the chance of unauthorised access to the secret from potential attackers attacking one side of the system, i.e., the terminal computing device 120 or the server 110 alone.
  • the method and system may further improve the security of the secret by providing one or more of the following advantage:
  • the system may still protect the clear text of the code from unauthorised release;
  • an attacker with access to persistent device state (e.g. a full device backup) of the terminal computing device 120 may be prevented from unlocking the secret; and • an attacker who can read the data communication traffic between the terminal computing device 120 and the server 110 may not be able to perform the authentication as the user 130, thereby enhancing the security against man-in-the- middle attack (MITM).
  • MITM man-in-the- middle attack
  • each of the encryption and decryption processes requires one device-server roundtrip.
  • the encryption and/or decryption processes may require more than one device-server roundtrip, e.g., two or three device-server roundtrips. Having more device-server roundtrips may further enhance the security of the system. However, having only one device- server roundtrip may increase the speed of the encryption and decryption processes, thereby providing a better user experience to the user 130 using the terminal computing device 120.
  • the code input by the user is a PIN of 4 or 6 digits
  • the secret is a private key used in a digital identification verification system for decrypting identity data
  • the algorithm for modifying the code to generate the modified code is an iterative key derivation algorithm using Password-Based Key Derivation Function 2 (PBKDF2).
  • PBKDF2 Password-Based Key Derivation Function 2
  • Each of the first modifying string (PEK) and the second modifying string (PKS) is a random numeric sequence of 128 bits.
  • the encryption process in this example may also be referred to as a "PIN establishment" process.
  • the process illustrated in the Fig. 8 assumes a key-pair including a public key and a private key has already been generated by the terminal computing device 120, and the public key has been sent to the server 110.
  • the establishment of the key-pair may be performed during the PIN establishment process, e.g., the public key may be sent to the server 110 together with the modified code (XPIN).
  • terminal computing device 120 In response to (or in other non-illustrated embodiments, in preparation for) receiving the PIN from the user, terminal computing device 120 generates and stores a first modifying string (PEK), which is a 128 bit random numeric sequence.
  • PEK first modifying string
  • the terminal computing device 120 stretches the user-entered PIN with the PEK using PBKDF2 to derive a modified code (XPIN).
  • the terminal computing device 120 then sends a "set PIN" request, transmitting the XPIN to the server 110.
  • the server 110 stores the XPIN, and generates and stores second modifying string (PKS).
  • PKS is a 128-bit random value.
  • the PKS is transmitted to the terminal computing device 120 by the server
  • the terminal computing device 120 uses PBKDF2(PEK + XPIN + PKS), to derive a private key encryption key (PKK).
  • PKS private key encryption key
  • the private key is then encrypted with the PKK, and the encrypted private key is stored by the terminal computing device 120.
  • the terminal computing device 120 stretches the PIN with the PEK to produce an XPIN.
  • the terminal computing device 120 sends the XPIN to the server 110.
  • the server 110 confirms whether the user account associated with the user or the terminal computing device 120 is in a lock state.
  • the server 110 If the user account is locked, the server 110 returns an error message to the terminal computing device 120.
  • the server 110 checks the received XPIN, e.g., by comparing the received XPIN with a stored XPIN retrieved from the data store 150.
  • the server 110 If the XPIN received from the terminal computing device 120 does not match the stored XPIN, the server 110 returns an error message to the terminal computing device 120 and increments any appropriate verification failure counters.
  • the server 110 If the XPIN check is successful, the server 110 returns the stored PKS to the terminal computing device 120.
  • the terminal computing device 120 Upon receiving the PKS, the terminal computing device 120 uses
  • PBKDF2 (PEK + XPIN + PKS) to derive the private key encryption key (PKK).
  • the terminal computing device 120 then decrypts the private key with the
  • the method described hereinbefore may be implemented using an application executing on the terminal computing device 120 (e.g., a mobile phone, a tablet computer, a laptop or desktop computer, or the like).
  • the terminal computing device 120 may be a smart phone, and the method may be implemented using a mobile application installed on the smart phone, as described in further detail as follows.
  • the iOS app generates a public and private key-pair in order to secure customer data.
  • the app generates a key-pair on the terminal computing device 120 and then stores one side of the pair (the private key) securely on the terminal computing device 120, and sends the other side (the public key) to the server 110.
  • the code entered by the user is a PIN of 4 or 6 digits.
  • the iOS mobile operating system provides an API SecKeyGeneratePair to generate RSA key-pairs through the keychain services system framework.
  • the SecKeyGeneratePair API may be used with the following parameters:
  • the iOS app uses the PIN entered by the user, the iOS app generates a stretched PIN by the following process:
  • the encryption key used for encrypting the private key is generated by the iOS app using the following process:
  • [00181] (1) generating a second 16 byte random array of bytes, which is to be used as the second modifying string (PKS), the PKS being generated using the same method as the PEK and only stored at the server 110; and
  • PBKDF2 PBKDF2 algorithm based on a concatenation of the XPIN and the PKS, with the PEK as the salt.
  • the private key is encrypted using the generated encryption key.
  • the encrypted private key is stored in the Keychain of the terminal computing device 120.
  • the app then retrieves the first modifying string (PEK) from the device
  • the PIN entered by the user is stretched using the PEK to generate a stretched
  • the app sends the generated XPIN to the server 110 to verify the XPIN, and obtains the second modifying string (PKS) if the XPIN is correct. [00188] This PKS is then used to derive the encryption key using the same PBKDF2 algorithm. The app then decrypts the private key, and uses the decrypted private key to decrypt user data, using tools such as JSON Web Encryption (JWE).
  • JWE JSON Web Encryption
  • the app also allows a user to change the PIN that has already been set.
  • the app then retrieves the first modifying string (PEK) and stretches the previous PIN using the PEK to generate a stretched PIN (XPIN) in Base64.
  • PEK first modifying string
  • XPIN stretched PIN
  • the app then sends the XPIN to the server 110 to verify the XPIN pin.
  • a new first modifying string (PEK) is then generated to replace the previous first modifying string (PEK), and the new PIN is stretched using this new first modifying string PEK, generating a new stretched PIN (XPIN).
  • the new XPIN is then sent to the server 110 for storage.
  • Touch ID is a fingerprint recognition feature provided by iOS devices, such as iPhones since iPhone 5S and iPads since the iPad Air 2.
  • the iOS app described herein allows a user to turn on the Touch ID function when a PIN has already be set, using the following process:
  • the app also allows the user to setup a new PIN when the Touch ID function is turned on, using the same process of setting up a new PIN as described hereinbefore. However, when setting up a new PIN with the Touch ID function on, the stretched pin (XPIN) generated will be stored in the device keychain, protected by Touch ID.
  • XPIN stretched pin
  • the app then sends the retrieved XPIN to the server 110 to verify the XPIN, and obtains the second modifying string (PKS) if the XPIN is correct.
  • PPS second modifying string
  • using Touch ID to obtain the XPIN may be restricted to a predetermined period of time, for example, 6 hours, 12 hours or one day after the PIN has been entered. If this period of time has passed since the last entry of the PIN, the user may be required to enter the PIN to allow the description process to be performed. This may ensure that the user uses their PIN periodically, thereby reducing the chance that the user forgets their PIN.
  • the Android app generates a public and private key-pair in order to secure customer data.
  • the app generates a key-pair on the terminal computing device 120 and then stores one side of the pair (i.e., the private key) securely on the terminal computing device 120, and sends the other side (i.e., the public key) to the server 110.
  • the code input by the user is a PIN of 4 or 6 digits.
  • Some Android devices provide biometric authentication functions, such as fingerprint authentication.
  • the app may allow the stretched PIN to be stored in a secure data store of the device protected by biometric authentication, such as fingerprint authentication.
  • the stretched pin generated in step 2 above is stored encrypted on the device, e.g., in a Keystore of the device protected by fingerprint authentication.
  • the public key and the encrypted private key may be stored in the Keystore of the device too, protected by fingerprint authentication.
  • the app may allow a user to set up a new PIN with fingerprint authentication using the following process:
  • FIG. 10 Exemplary processes of setting a PIN, verifying the PIN and changing the PIN in the Android app are illustrated in Figs. 10 - 12.
  • the terminal computing device 120 is a mobile device operating in an Android operation system.
  • the mobile device Upon receiving the PIN, the mobile device generates a 128bit random sequence as the PEK, which is subsequently stored in secure data storage of the mobile device.
  • the mobile device generates another 128bit random sequence as the
  • the mobile device uses the generated PEK and PKS, together with the PIN entered by the user, the mobile device generates a private key encryption key using the PBKDF2 algorithm, and encrypts the private key using this encryption key.
  • the encrypted private key is stored in the devices' secured data storage.
  • the mobile device then sends the XPIN, the PKS together with a device identification (device ID) of the mobile device to the server 110, the device ID being a distinctive alphanumeric sequence or number uniquely associated with a mobile phone or similar terminal device, e.g., the unique device ID number for an iOS device, or the Android device ID for an Android device.
  • device ID being a distinctive alphanumeric sequence or number uniquely associated with a mobile phone or similar terminal device, e.g., the unique device ID number for an iOS device, or the Android device ID for an Android device.
  • a unique identifier associated with the device may be used, rather than the existing device ID for the mobile device.
  • the unique identifier may be, for example, an encrypted ID generated based on the device ID or a hardware serial numbers of the device.
  • the existing device ID such as the iOS unique device ID number or the Android device ID
  • using a specially generated unique identifier may enhance the security of the encryption and decryption mechanism.
  • the server 110 checks whether there is already a stored XPIN associated with the device ID, which indicates whether the PIN of the device has previously been set.
  • the server 110 stores the XPIN, and returns a message to the mobile device, indicating that the PIN setting is successful. The mobile device then deletes its copy of the PKS.
  • the server 110 If the PIN has already been set, the server 110 returns an error message to the mobile device, notifying the mobile device that the PIN setting has failed.
  • the mobile device retrieves the stored PEK, and uses the
  • PBKDF2 PBKDF2 (PIN, PEK).
  • the mobile device then sends the XPIN together with the device ID to the server 110.
  • the server 110 Upon receiving the XPIN, the server 110 checks whether this XPIN matches the stored XPIN associated with the device ID.
  • the server 110 If the two XPINs match, the server 110 returns a message to the mobile device, which includes the PKS stored at the server 110.
  • the server If the XPIN received from the mobile device does not match the stored XPIN, the server returns an error message, notifying the mobile device that the PIN verification has failed.
  • the server 110 also maintains a PIN verification failure counter, which indicates the number of times that the PIN verification is unsuccessful.
  • the server 110 increments the counter every time the PIN verification fails, and locks the user account when the value of the counter reaches or exceeds a predetermined threshold value.
  • the mobile device Upon a successful XPIN verification at the server 110, the mobile device uses the PEK and the XPIN, together with the PKS received from the server 110, to generate a private key encryption key using the PBKDF2 algorithm, and decrypts the private key using this private key encryption key.
  • the mobile device then generates a 128bit random sequence as the new PEK, which will be subsequently stored in secure data storage of the mobile device if the PIN changing is successful.
  • the mobile device then sends the old XPIN, the new XPIN, the new PKS, together with the device ID to the server 110.
  • the server checks whether the received old XPIN matches the stored XPIN associated with the device ID.
  • the server 110 stores the new XPIN and the new PKS, and returns a message to the mobile device, which includes the old PKS stored at the server 110.
  • the server 110 returns an error message, notifying the mobile device that the PIN verification has failed.
  • the server 110 also maintains a PIN verification failure counter, which indicates the number of times that the PIN verification has failed. The server 110 increments the counter every time the PIN verification fails, and locks the user account when the value of the counter reaches a predetermined threshold value.
  • the mobile device Upon a successful XPIN verification at the server 110, the mobile device stores the new PEK in the secure data storage of the mobile device, and uses the old PEK and the old XPIN, together with the old PKS received from the server 110 to generate an old private key encryption key using the PBKDF2 algorithm, and decrypts the private key using this old private key encryption key.
  • the mobile device uses the new PEK, the new XPIN, and the new PKS to generate a new private key encryption key using the PBKDF2 algorithm, and re-encrypts the private key using this new private key encryption key.
  • the new private key encryption key may be generated using the same algorithm as the previous private key encryption key.
  • the various devices and data stores may communicate via any appropriate mechanism, such as via wired or wireless connections, including, but not limited to mobile networks, private networks, such as an 802.11 network, the Internet, LANs, WANs, as well as via direct or point-to-point connections, such as Bluetooth.
  • LANs local area networks
  • Bluetooth any appropriate mechanism, such as via wired or wireless connections, including, but not limited to mobile networks, private networks, such as an 802.11 network, the Internet, LANs, WANs, as well as via direct or point-to-point connections, such as Bluetooth.
  • FIG. 13 An example of a suitable server 110 of Fig. 1 is shown in Fig. 13.
  • the server 110 includes at least one processor 1310, a memory
  • the external interface 1330 may be utilised for connecting the server 110 to peripheral devices and/or networks, such as the communications network 140 and the local or remote data store 150.
  • peripheral devices and/or networks such as the communications network 140 and the local or remote data store 150.
  • a single external interface 1330 is shown, this is for the purpose of example only, and in practice multiple interfaces using various methods (e.g. Ethernet, serial, USB, wireless or the like) may be provided.
  • the processor 1310 may execute instructions in the form of applications software stored in the memory 1320 to allow the required processes to be performed, including: communicating with the terminal computing device 120, the local or remote data storage 150, and other suitable databases or devices, and performing the encryption (code setting) and decryption (code verification) workflows as described hereinbefore.
  • the applications software may include one or more software modules, and may be executed in a suitable execution environment, such as an operating system environment, or the like.
  • the server 110 may be formed from any suitable processing system, such as a suitably programmed computer system, PC, web server, network server, or the like.
  • the server 110 is a standard processing system such as an Intel Architecture based processing system, which executes software applications stored on non-volatile (e.g., hard disk) storage, although this is not essential.
  • the processing system could be any electronic processing device such as a microprocessor, microchip processor, logic gate configuration, firmware optionally associated with implementing logic such as an FPGA (Field Programmable Gate Array), or any other electronic device, system or arrangement.
  • FIG. 1 An example of a suitable terminal computing device 120 of Fig. 1 is shown in
  • the terminal computing device 120 includes at least one microprocessor 1410, a memory 1420, an output device 1430, an input device 1440, and an external input/output interface 1450, interconnected via a bus 1460 as shown.
  • the terminal computing device 120 may further include a biometric defection module, such as a fingerprint scanning module 1470.
  • the external interface 1450 may be utilised for connecting the terminal computing device 120 to peripheral devices and/or networks, such as the server 110, the communications network 140, any other suitable servers, data stores or the like. Although a single external interface 1450 is shown, this is for the purpose of example only, and in practice multiple interfaces using various methods (e.g. Ethernet, serial, USB, wireless or the like) may be provided.
  • the microprocessor 1410 executes instructions in the form of applications software stored in the memory 1420 to allow communication with the server 110, and to perform the encryption (code setting) and decryption (code verification) workflows as described hereinbefore.
  • the applications software may include one or more software modules, and may be executed in a suitable execution environment, such as an operating system environment, or the like.
  • the terminal computing device 120 may be formed from any suitable processing system, such as a mobile phone (e.g., a smart phone), a portable computer, a tablet computer, or the like.
  • a mobile phone e.g., a smart phone
  • a portable computer e.g., a laptop computer
  • a tablet computer e.g., a desktop computer
  • the terminal computing device 120 may be formed from any suitable processing system, such as a mobile phone (e.g., a smart phone), a portable computer, a tablet computer, or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • Storage Device Security (AREA)

Abstract

A computer- implemented method and a system for providing secure access to secret information, the method including the steps of: receiving input of a code from a user; generating and storing a first modifying string; modifying the code using the first modifying string to generate a modified code having a length greater than the code before modification; sending the modified code to a server; obtaining a second modifying string; generating an encryption key using at least the first modifying string and the second modifying string; and encrypting a secret using the encryption key.

Description

METHOD AND SYSTEM FOR PROVIDING SECURE ACCESS
TO SECRET INFORMATION
Technical Field
[0001] The present invention generally relates to a method and system for providing secure access to secret information, such as encryption keys in a computer system, and more particularly, for enhancing the security of the secret information.
Background
[0002] Data security has become an essential consideration in the design of computer systems involving the storage and transmission of secret information. Various techniques have been developed to protect secret information in computer systems.
[0003] For example, in many computer systems, in order to securely communicate or store secret or confidential information, an encryption key is used to encrypt the confidential information before the information is stored or transmitted, while the same or a corresponding key is used to subsequently decrypt the information for use or display. However, such an approach can be seen as simply shifting the burden of security, as the encryption key itself becomes secret information which in turn must be protected.
[0004] One way of protecting secret information is to ensure that access to secret information in a computer system may only be granted to a user of that computer system upon the entry by that user of information that is only known to that user. Examples of such information include alphanumeric strings such as Personal Identification Numbers (PINs) and passwords. For the user to access the secret information, they must either remember the alphanumeric string, or record it and store it in a location for later retrieval. The latter approach again shifts the burden of security, as the storage location will then need to be secured. Accordingly, it is generally considered better security practice for the user to memorise the alphanumeric string.
[0005] Where a user has secret information in a number of different computer systems, it is recommended that the user use a different alphanumeric string for each computer system, so that if one of the systems is compromised and the alphanumeric string becomes publicly available, an attacker in possession of that alphanumeric string will not be able to gain access to the secret information of the user stored in other computer systems. As a result, a user may be required to remember a large number of different alphanumeric strings.
[0006] To facilitate user memorisation and entry of a plurality of different alphanumeric strings, the strings are generally quite short. Many PINs are only 4 or 6 digits long. Such short strings have the drawback of being vulnerable to cryptanalytic attacks, for example, a brute-force attack. In a brute-force attack, an attacker tries many passwords randomly or systematically, in an exhaustive fashion, until the correct one is found. The improvement in computing speed of hardware devices means that an attacker can try many alternative strings in a short space of time, increasing the vulnerability of short alphanumeric strings used as keys to unlock secret information.
[0007] It is desired to address or ameliorate one or more disadvantages or limitations associated with the prior art, or to at least provide a useful alternative.
Summary
[0008] In a first aspect, the present invention provides a computer-implemented method executed at a terminal computing device, the method including the steps of:
receiving input of a code from a user;
generating and storing a first modifying string;
modifying the code using the first modifying string to generate a modified code having a length greater than the code before modification;
sending the modified code to a server;
obtaining a second modifying string; generating an encryption key using at least the first modifying string and the second modifying string; and
encrypting a secret using the encryption key.
[0009] In a second aspect, the present invention provides a computer-implemented method, the method including the steps of:
receiving input of a code from a user;
retrieving a stored first modifying string;
modifying the code using the first modifying string to generate a modified code having a length greater than the code before modification;
sending the modified code to the server;
receiving a second modifying string from the server;
generating an encryption key using at least the first modifying string, and the second modifying string; and
decrypting an encrypted secret using the encryption key.
[0010] In a third aspect, the present invention provides a computer-implemented method, the method including the steps of:
receiving a modified code from a terminal computing device, the modified code being generated based on a user-entered code and a first modifying string, and having a length greater than the code before modification;
storing the modified code;
storing a second modifying string; and
sending the second modifying string to the terminal computing device.
[0011] In a fourth aspect, the present invention provides a computer-implemented method, the method including the steps of:
receiving a modified code from a terminal computing device, the modified code being generated based on a user-entered code and a first modifying string, and having a length greater than the code before modification;
retrieving a stored modified code;
comparing the received modified code with the retrieved modified code; and if the received modified code matches the retrieved modified code:
retrieving a stored second modifying string; and
sending the second modifying string to the terminal computing device.
[0012] In a fifth aspect, the present invention provides a system for providing secure access to secret information, the system including one or more electronic processing devices configured to: receive input of a code from a user;
generate and storing a first modifying string;
modify the code using the first modifying string to generate a modified code having a length greater than the code before modification;
send the modified code to a server;
obtain a second modifying string;
generate an encryption key using at least the first modifying string and the second modifying string; and
encrypt a secret using the encryption key.
[0013] In a sixth aspect, the present invention provides a system for providing secure access to secret information, the system including one or more electronic processing devices configured to:
receive input of a code from a user;
retrieve a stored first modifying string;
modify the code using the first modifying string to generate a modified code having a length greater than the code before modification;
send the modified code to the server;
receive a second modifying string from the server;
generate an encryption key using at least the first modifying string and the second modifying string; and
decrypt an encrypted secret using the encryption key. Brief Description of the Drawings
[0014] Some embodiments of the present invention are hereinafter described, by way of example only, with reference to the accompanying drawings, wherein:
[0015] Fig. 1 is a schematic diagram of an exemplary system for providing secure access to secret information;
[0016] Fig. 2 is a schematic diagram showing an exemplary encryption process;
[0017] Fig. 3 is an exemplary workflow for encrypting a secret executed by a terminal computing devices shown in Fig. 1;
[0018] Fig. 4 is an exemplary workflow for encrypting the secret executed by a server shown in Fig. 1;
[0019] Fig. 5 is a schematic diagram showing an exemplary decryption process;
[0020] Fig. 6 is an exemplary workflow for decrypting a secret executed by a terminal computing device shown in Fig. 1;
[0021] Fig. 7 is an exemplary workflow for decrypting the secret executed by a server shown in Fig. 1;
[0022] Fig. 8 is an exemplary encryption process executed by the system shown in Fig. 1;
[0023] Fig. 9 is an exemplary decryption process executed by the system shown in Fig. 1;
[0024] Fig. 10 is an example of a PIN setting process implemented through an Android application (app);
[0025] Fig. 11 is an example of a PIN verification process implemented through an Android application (app);
[0026] Fig. 12 is an example of a PIN changing process implemented through an Android application (app);
[0027] Fig. 13 is a schematic diagram of an example of a server shown in Fig. 1; and [0028] Fig. 14 is a schematic diagram of a terminal computing device shown in Fig. 1.
Detailed Description
General structure of the system
[0029] An example of a system for providing secure access to secret information will now be described with reference to Fig. 1.
[0030] In this example, the system 100 includes a server 110 and at least one terminal computing device 120, the terminal computing device 120 being used by a user 130. The server 110 and the terminal computing device 120 are in communication with one another via at least one communication network 140. The server 110 is also in communication with at least one local or remote data store 150.
[0031] The communication network 140 between the server 110 and the terminal computing device 120 may be direct communication, or indirect communication through one or more intermediary electronic processing devices, including e.g., a gateway server controlling or managing the data communication between the server 110 and the terminal computing device 120.
[0032] In the examples described below, the terminal computing device 120 is in the form of a mobile telephone handset, and preferably is a smart phone on which one or more mobile applications can be installed and executed.
[0033] In some other embodiments, the terminal computing device 120 may alternatively be any other appropriate terminal electronic device, such as a portable computer, a tablet computer, a desktop personal computer or the like. Outline of the encryption process
[0034] As shown in Fig. 1, the user 130 inputs a code to the terminal computing device 120. As described below, the terminal computing device 120 subsequently encrypts a secret, the encryption being based, at least in part on the code input from the user..
[0035] The code is a piece of information for user authentication to prove the user's identity or authority for accessing a resource, and is to be kept secret from those not allowed to access the resource. The code may have any one of the following exemplary forms:
• a password, including a string of characters, e.g., a series of letters, a series of numbers, or a combination of alphanumeric characters;
• a personal identification number ("PIN"), e.g., a four-digit PIN or a six-digit PIN;
• a passphrase, including a sequence of words or other text, which may be longer than a password; and
• a lock pattern, e.g., a pattern on a grid of 9 circles. Such a pattern is subsequently converted into an alphanumeric string.
[0036] The secret may include any suitable type of confidential or secret information. For example, the secret may be an encryption key used for securing the communication between the terminal computing device 120 and the server 110, or the communication between the terminal computing device 120 and another device or server (not shown) that is different from the server 110. The encryption key may be used to encrypt the confidential information before the information is transmitted.
[0037] Preferably, the secret is a private key used in an asymmetric key encryption algorithm. In an asymmetric key encryption algorithm, a pair of keys (which may also be referred to as a "key-pair") are used, which include a public key and a private key. The public key may be used for encryption or signature verification, while the private key may be used for decryption or for the generation of a digital signature. [0038] Preferably, the private key is used for decrypting identity data of the user 130.
[0039] For example, the terminal computing device 120 and the server 110 may form at least part of a digital identification verification system, in which identity data associated with the user 130 is encrypted using a public key, the encrypted identity data being stored at the server 110 or at the terminal computing device 120. Where the encrypted identity is stored at the server and is desired to be transmitted to a third party or otherwise used by a user in control of the terminal computing device 120, the server 110 may transmit the encrypted identity data of the user to the terminal computing device 120, requesting the terminal computing device 120 to decrypt the identity data using the private key stored at the terminal computing device 120. This may ensure that the use of the user's identity data is always authorised by the terminal computing device 120, which allows the user 130 to monitor and control the use of their identity data through the terminal computing device 120. Alternatively, where the encrypted data is stored at the terminal computing device 120, a necessary component for accessing the private key may be stored at the server 110, this information being sent to the terminal computing device 120 on request, enabling terminal computing device 120 to subsequently access the private key and then decrypt the identity data of the user stored at the terminal computing device 120.
[0040] Alternatively, the private key may be used for encrypting any other suitable type of confidential information.
[0041] Further, in some other embodiments, rather than a private key, the secret may be an encryption key used in a symmetric key encryption algorithm. In a symmetric key encryption algorithm, the decryption key used for decryption is the same as the encryption key.
[0042] Fig. 2 is a schematic diagram showing an exemplary encryption process 200.
[0043] As shown in Fig. 2, the user 130 inputs a code (such as a personal identification number (PIN)) into the terminal computing device 120.
[0044] The terminal computing device 120 generates a first modifying string. The first modifying string may be a random sequence, e.g., a random series of letters, a random series of numbers, or a random combination of alphanumeric characters. The first modifying string may have a predetermined length. For example, in some embodiments, the first modifying string may be a random sequence of 64 bits, 128 bits, or 256 bits.
[0045] In embodiments where the code is a personal identification number (PIN), the first modifying string may also be referred to as a "PIN encryption key" or "PEK".
[0046] As shown by block 210, the first modifying string (PEK) is used to modify the code (e.g., PIN) to generate, at the terminal computing device 120, a modified code (which may also be referred to as the "XPIN"). The modified code (XPIN) has a length greater than the code before modification, and thus is more difficult to be cracked by a brute-force attack.
[0047] The first modifying string (PEK) used for modifying the code (e.g., PIN) is stored by the terminal computing device 120 for use in the decryption process. The first modifying string (PEK) may be stored at a storage location accessible by the terminal computing device 120, e.g., an internal or external data store of the terminal computing device 120.
[0048] After generating the modified code (XPIN), the terminal computing device 120 sends the modified code (XPIN) to the server 110. In return, the server 110 generates a second modifying string. In alternative embodiments, the terminal computing device 120 may generate the second modifying string and send it to the server 110 together with the modified code (XPIN).
[0049] The second modifying string may be a random sequence, e.g., a random series of letters, a random series of numbers, or a random combination of alphanumeric characters. The second modifying string may have a predetermined length. For example, in some embodiments, the second modifying string may be a random sequence of 64 bits, 128 bits, or 256 bits. The length of the second modifying string may be the same as the first modifying string, or different from the modifying string.
[0050] In the embodiments where the secret is a private key, the second modifying string may also be referred to as the "Private Key Encryption Secret" or "PKS". [0051] The generated second modifying string (PKS) is stored by the server 110 for use in the decryption process. For example, the second modifying string (PKS) may be stored at a storage location accessible by the server 110, e.g., the local or remote data store 150. In addition, the server 110 also stores the modified code (XPIN), e.g., in the local or remote data store 150.
[0052] In embodiments in which the server 110 generates the second modifying string (PKS), the server 110 sends the generated second modifying string (PKS) to the terminal computing device 120.
[0053] At the terminal computing device 120, as shown by block 220, the first modifying string (PEK) and the second modifying string (PKS) generated by the terminal computing device 120 or received from the server 110 are used together to generate an encryption key to be used for encrypting the secret. When the secret is a private key, the encryption key may also be referred to as the "Private Key Encryption Key" or "PKK". In some embodiments, the encryption key (PKK) may be generated based also on the modified code (XPIN), or the code (PIN) (modification by the modified code (XPIN) being shown in dotted lines in Figure 2).
[0054] The terminal computing device 120 then uses the encryption key (PKK) to encrypt the secret, as shown by block 230.
Modification of the code (e.g., PIN)
[0055] As described hereinbefore, the code (e.g., PIN) is modified (block 210) by the terminal computing device 120 to generate the modified code (XPIN), which has a length greater than the code before modification.
[0056] Preferably, this is performed by using a key stretching technique, which makes the possibly weak code more secure against a brute-force attack by increasing the time it takes to test each possible code, as the original code (e.g., a PIN, passwords or passphrases) created by the user 130 may be short or predictable enough to allow cracking by brute-force attacks. The modified (stretched) code generated using the key stretching technique may make such attacks more difficult.
[0057] For example, an iterative key derivation algorithm may be used to stretch the code (e.g., PIN) into the modified code based on the code and the first modifying string (PEK).
[0058] Such modification may be expressed as:
DK = KDF (Key, Salt, Iterations). wherein:
"DK" is the modified code (which may also be referred to as the "derived key"); "KDF" is the key derivation function;
"Key" is the code (which may also be referred to as the "original key");
"Salt" is a random number which acts as cryptographic salt, e.g., the first modifying string (PEK) in the embodiments described herein; and
"Iterations" refers to the number of iterations of a sub-function. The difficulty of a brute-force attack increases with the number of iterations.
[0059] Preferably, the iterative key derivation algorithm used for modifying the code may be Password-Based Key Derivation Function 2 (PBKDF2).
[0060] The PBKDF2 algorithm may be expressed as:
DK = PBKDF2(PRF, Key, Salt, Iterations, dkLen) wherein:
"PRF" is a pseudo-random function, which may include, e.g., a cryptographic hash function;
"Key" is the code (which may also be referred to as the "original key"); "Salt" is the cryptographic salt e.g., the first modifying string (PEK) in the embodiments described herein;
"Iterations" is the number of iterations desired; and
"dkLen" is the desired length of the modified code (derived key).
[0061] As one example, the number of iterations may be 64,000, and the length of modified code may be 128 bits.
[0062] The modified code may have a length significantly greater than the length of the code before modification, e.g., greater than 50 times the length of the code before modification. In some embodiments, the code may be a 6 digit PIN, which may be stretched to a modified code of 32 bytes or more. Alternatively, the modified code (XPIN) may be of any other suitable length, e.g., 8 bytes (64 bits), 128 bits, or 256 bits. Stretching the code into the modified code with greater length and higher entropy reduces the probability of the modified code (XPIN) being cracked by brute-force attack.
[0063] In some embodiments, the modified code is further encoded into a sequence of Basel6 or Base64 characters, e.g., 44 Base64 characters or 62 basel6 characters.
[0064] Alternatively, the iterative key derivation algorithm for modifying the code may be any other suitable iterative key derivation algorithm, e.g., bcrypt, scrypt, Argon2, or Password-Based Key Derivation Function 1 (PBKDF1).
[0065] Alternatively, in some embodiments, based on the code (e.g., PIN) and the first modifying string (PEK), the modified code (XPIN) may be generated using any suitable cryptographic hash function, e.g. SHA-2 256, SHA-2 512, or SHA-3. Using a relatively simple function such as SHA-2 256 may still make it difficult for an attacker to invert the hash by brute-force attack, while decreasing the time necessary to generate the encryption key (PKK). However, adopting a relatively stronger key derivation algorithm such as PBKDF2 may allow greater flexibility in generating a modified code (XPIN) of a desired length. [0066] In some embodiments, the modified code (XPIN) generated using the key derivation algorithm may further be modified before being sent to the server 110. For example, the modified code (XPIN) may be further encrypted before being transmitted, so as to establish a more secure data communication session with the server 110. This may improve the security of the system against man-in-the-middle attack (MITM). For example, Transport Layer Security (TLS) technique may be used to further protect the modified code (XPIN) in transit. Alternative or additional controls may be implemented to thwart a passive attacker who can sniff network traffic, e.g., by using a zero -knowledge proof method.
Generation of the encryption key (PKK)
[0067] As described hereinbefore, the encryption key (PKK) may be generated (block 220) based on the modified code (XPIN), the first modifying string (PEK), and the second modifying string (PKS).
[0068] Preferably, this is performed by using a key stretching technique, by stretching the code into modified code which is more difficult to crack using a brute-force attack.
[0069] For example, an iterative key derivation algorithm the same as or similar to the one used for modifying the code as described hereinbefore may be used: DK = KDF (Key, Salt, Iterations).
[0070] Preferably, the iterative key derivation algorithm used for generating the encryption key (PKK) may be Password-Based Key Derivation Function 2 (PBKDF2): DK = PBKDF2(PRF, Key, Salt, Iterations, dkLen).
[0071] Preferably, the "Key" may be a suitable combination of the modified code (XPIN) and the first modifying string (PEK), for example, a combination (e.g., concatenation) of the two strings of the modified code (XPIN) and the first modifying string (PEK). The "Salt" in the KDF or the PBKDF2 algorithm may be the second modifying string (PKS). [0072] Alternatively, in some other embodiments, the "Key" may be a suitable combination (e.g., a concatenation) of the modified code (XPIN) and the second modifying string (PKS), while the "Salt" in the KDF or the PBKDF2 algorithm is the first modifying string (PEK).
[0073] Alternatively, in some further embodiments, the "Key" may be a suitable combination (e.g., a concatenation) of the first modifying string (PEK) and the second modifying string (PKS), while the "Salt" in the KDF or the PBKDF2 algorithm is the modified code (XPIN).
[0074] Alternatively, the iterative key derivation algorithm for generating the encryption key (PKK) may be any other suitable iterative key derivation algorithm, e.g., bcrypt, scrypt, Argon2, or Password-Based Key Derivation Function 1 (PBKDF1).
[0075] Alternatively, in some embodiments, the encryption key (PKK) may be generated using any suitable cryptographic hash function, e.g. SHA-2 256, SHA-2 512, or SHA-3. Using a relatively simple function such as SHA-2 256 may still make it difficult for an attacker to invert the hash by brute-force attack, while decreasing the time required to generate the encryption key (PKK). However, adopting a relatively stronger key derivation algorithm such as PBKDF2 may allow greater flexibility in generating an encryption key (PKK) of a desired length.
[0076] Further, in some embodiments, instead of using the modified code (XPIN), the encryption key (PKK) may be generated based on the code (e.g., PIN) together with the first modifying string (PEK) and the second modifying string (PKS). However, as the modified code (XPIN) has a length greater than the code before modification, using the modified code (XPIN) to generate the encryption key (PKK) may increase the strength of the generated encryption key (PKK) against potential attacks.
[0077] In some further embodiment, the encryption key (PKK) may be generated based on the first modifying string (PEK) and the second modifying string (PKS), without using the code (e.g., PIN) or the modified code (XPIN). As the first modifying string (PEK) may only be stored at the terminal computing device 120, and the second modifying string (PKS) may only be stored at the server 110, using both of them to generate the encryption key (PKK) may ensure that the generated encryption key (PKK) is secure and robust against potential attacks.
Encryption of the secret
[0078] Further, in the embodiments described hereinbefore, the secret may be encrypted using the encryption key (PKK) generated based on the modified code (XPIN), the first modifying string (PEK) and the second modifying string (PKS).
[0079] Alternatively, in some other embodiments, the secret may be encrypted using the first modifying string (PEK) and the second modifying string (PKS), without using the modified code (XPIN).
[0080] However, using the encryption key (PKK) generated based on the modified code (XPIN), the first modifying string (PEK) and the second modifying string (PKS) together may enhance the security of the encrypted secret against potential attacks.
Storing of the first modifying string (PEK) and second modifying string (PKS)
[0081] The first modifying string (PEK) and second modifying string (PKS) remain the same in the secret encryption and decryption processes.
[0082] In the embodiments described herein, the first modifying string (PEK) is stored at the terminal computing device 120. For example, the first modifying string (PEK) may be stored in a secure storage location of the terminal computing device 120, e.g., in a keychain file of an iOS or macOS device.
[0083] In the embodiments described herein, the second modifying string (PKS) is stored at the server 110.
[0084] When the secret is the private key used for encrypting digital identification information associated with the user 130, the first modifying string (PEK) and second modifying string (PKS) may remain the same over the lifetime of the association between the terminal computing device 120 and the digital identification information of the user.
[0085] Further, one or more groups of digital identification information of the user may be associated with a digital user account, in which case the first modifying string (PEK) and second modifying string (PKS) may remain the same over the lifetime of the association between the terminal computing device 120 and the digital user account.
[0086] The first modifying string (PEK) and second modifying string (PKS) may be updated when the user changes an existing PIN or resets a PIN.
[0087] In the embodiments described hereinbefore, the second modifying string (PKS) is generated by the server 110 and sent to the terminal computing device 120 for the generation of the encryption key (PKK). Alternatively, the second modifying string (PKS) may be generated by the terminal computing device 120, and subsequently sent to the server 110 for storage. The second modifying string (PKS) that has been used for generating the encryption key (PKK) and has been sent to the server 110 for storage is then discarded by the terminal computing device 120, which may ensure that in the decryption process the second modifying string (PKS) can only be obtained from the server 110.
[0088] By storing the first modifying string (PEK) and the second modifying string (PKS) on different devices, i.e., the terminal computing device 120 and the server 110 respectively, the security of the encryption mechanism may be enhanced.
Storing of the modified code (XPIN)
[0089] In the embodiments described hereinbefore, the modified code (XPIN) is stored by the server 110, e.g., in the local or remote data store 150.
[0090] In some embodiments, the modified code (XPIN) is also stored by the terminal computing device 120, which may allow a faster access to the modified code (XPIN) when decrypting the encrypted secret. [0091] For example, the terminal computing device 120 may provide a biometric authentication function, e.g. the fingerprint recognition feature ("Touch ID") provided by iPhone 5S, the iPad Air 2 and the MacBook Pro, and the fingerprint scanning feature provided by some Android 6.0 devices. Accordingly, the modified code (XPIN) may be stored in a secure storage location of the terminal computing device 120, accessible only after authentication of a user using a biometric authentication mechanism, such as fingerprint authentication.
[0092] The biometric authentication mechanism may alternatively use any other suitable form of biometric characteristics, e.g., palm veins, face recognition, palm print, hand geometry, iris recognition, or retina scanning.
[0093] Alternatively, the modified code (XPIN) may be encrypted using a modified code encryption key (XPINK), and the encrypted modified code may be stored in the terminal computing device 120.
[0094] The modified code encryption key (XPINK) may be a transient key, which may further be protected using the biometric authentication mechanism.
[0095] Alternatively, the modified code encryption key (XPINK) may be a public encryption key of a key-pair, e.g., a public key generated and managed by a mobile operation system (e.g., Android).
[0096] The modified code encryption key (XPINK) may then be stored in a secured data store of the terminal computing device 120, e.g., Keystore of an Android device.
[0097] Alternatively, the modified code (XPIN) may be stored directly in a secured data store of the terminal computing device 120, e.g., an iOS KeyChain of an iOS device.
[0098] A time restriction may be provided for the storage of the modified code (XPIN). For example, the stored modified code (XPIN) may be discarded after a predetermined period of time, e.g., 1 mins, 3 mins or 5 mins. When the predetermined period has lapsed, the user may be required to re-input the code (e.g., PIN) to allow decryption of the encrypted secret. This arrangement may improve the security of the encryption and decryption mechanism. [0099] An example of a workflow 300 executed by the terminal computing device 120 for encrypting the secret will now be described with reference to Fig. 3.
[00100] At step 310, terminal computing device 120 receives input of a code (PIN) from a user 130.
[00101] Upon receiving the input of the code (PIN), the terminal computing device
120 generates a first modifying string (PEK), and stores the first modifying string (PEK) in an internal or external data store (Step 320).
[00102] Using the first modifying string (PEK), at step 330, terminal computing device
120 modifies the code (PIN) to generate a modified code (XPIN) having a length greater than the code before modification.
[00103] At step 340, terminal computing device 120 sends the modified code (XPIN) to the server 110.
[00104] Next, at step 350, the terminal computing device 120 obtains a second modifying string (PKS). The second modifying string (PKS) may be generated by the terminal computing device 120 locally, or generated by and received from the server 110.
[00105] Based on at least the first modifying string (PEK), and the second modifying string (PKS), the terminal computing device 120 generates an encryption key (PKK) at step 360. As described hereinbefore, in some embodiments, the encryption key (PKK) may be generated further based on the modified code (XPIN) or the code (PIN).
[00106] Next, using the encryption key (PKK), the terminal computing device 120 encrypts the secret at step 370.
[00107] An example of a workflow 400 executed by the server 110 in the encryption process will now be described with reference to Fig. 4.
[00108] At step 410, the server 110 receives a modified code (XPIN) from the terminal computing device 120, the modified code (XPIN) being generated based on the user-entered code (PIN) and a first modifying string (PEK), and having a length greater than the code (PIN) before modification.
[00109] At step 420, the server 110 stores the modified code (XPIN).
[00110] At step 430, the server 110 stores a second modifying string (PKS). As described hereinbefore, the second modifying string (PKS) may be generated by the terminal computing device 120 and sent to the server 110, or generated locally by the server 110.
[00111] Next, at step 440, the server 100 sends the second modifying string (PKS) to the terminal computing device 120.
[00112] Although the storage of the second modifying string (PKS) is illustrated in
Fig. 4 after the storage of the modified code (XPIN), it may alternatively be performed before the storage of the modified code (XPIN), or in parallel with the storage of the modified code (XPIN).
Outline of the decryption process
[00113] Fig. 5 is a schematic diagram showing an example 500 of the decryption process.
[00114] As shown in Fig. 5, in order to decrypt the encrypted secret, the user 130 is required to input to the terminal computing device 120 the same code (e.g., PIN) used in the encryption of the secret.
[00115] Upon receiving the code, the terminal computing device 120 retrieves the stored first modifying string (PEK), e.g., from an internal or external data store of the terminal computing device 120.
[00116] As shown by block 510, the first modifying string (PEK) is used to modifying the code (e.g., PIN) to generate, at the terminal computing device 120, the modified code (XPIN) which has a length greater than the code before modification and thus is more difficult to be cracked by a brute-force attack.
[00117] After generating the modified code (XPIN), the terminal computing device
120 sends the modified code (XPIN) to the server 110.
[00118] Upon receiving the modified code (XPIN) from the terminal computing device
120, the server 110 retrieves the stored modified code (XPIN), e.g., from the local or remote data store 150, and compares the received modified code (XPIN) with the modified code (XPIN) retrieved from the data store, to verify whether the modified code (XPIN) received from the terminal computing device 120 is the correct modified code (XPIN).
[00119] If this verification is successful, the server 110 retrieves the second modifying string (PKS), e.g., from the local or remote data store 150, and sends the retrieved second modifying string (PKS) back to the terminal computing device 120.
[00120] Using the second modifying string (PKS) received from the server 110, together with the first modifying string (PEK), the terminal computing device 120 regenerates (block 520) the encryption key (PKK) which has previously been used for encrypting the secret. As described hereinbefore, in some embodiments, the encryption key (PKK) may be generated further based on the modified code (XPIN) or the code (PIN).
[00121] The terminal computing device 120 then uses the encryption key (PKK) to decrypt the encrypted secret, as shown by block 530.
[00122] An example of a workflow 600 executed by the terminal computing device
120 for decrypting the secret will now be described with reference to Fig. 6.
[00123] At step 610, the terminal computing device 120 receives input of a code (e.g.,
PIN) from a user 130.
[00124] Next, at step 620, the terminal computing device 120 retrieves a stored first modifying string (PEK), e.g., from an internal or external data store of the terminal computing device 120. [00125] Using the retrieved first modifying string (PEK), at step 630 the terminal computing device 120 modifies the code (PIN) to generate a modified code (XPIN) having a length greater than the code before modification.
[00126] The modified code (XPIN) is then sent by the terminal computing device 120 to the server 110 at step 640.
[00127] At step 650, the terminal computing device 120 receives a second modifying string (PKS) from the server 110.
[00128] Based on at least the first modifying string (PEK) and the second modifying string (PKS), the terminal computing device 120 generates an encryption key (PKK) at step 660.
[00129] Using the encryption key (PKK), the terminal computing device 120 decrypts the encrypted secret at step 670.
[00130] An example of a workflow 700 executed by the server 110 for decrypting the secret will now be described with reference to Fig. 7.
[00131] At step 710, the server 110 receives a modified code (XPIN) from the terminal computing device 120, the modified code (XPIN) being generated based on a user-entered code (PIN) and a first modifying string (PEK), and having a length greater than the code (PIN) before modification.
[00132] Next, at step 720, the server 110 retrieves a stored modified code (XPIN) associated with the user or the terminal computing device 120, e.g., from the local or remote data store 150.
[00133] The server 110 then compares the received modified code (XPIN) with the retrieved modified code (XPIN) at step 730.
[00134] If at step 740, the received modified code (XPIN) matches the retrieved modified code (XPIN), the server 110 proceeds to step 750 to retrieve the stored second modifying string (PKS), and sends the second modifying string (PKS) to the terminal computing device at step 760.
[00135] In some embodiments, the server 110 counts the number of times the received modified code (XPIN) does not match the stored modified code (XPIN), e.g., using a verification failure counter. This number may be stored as a verification failure value.
[00136] For example, as shown in step 770, if the received modified code (XPIN) does not match the stored modified code (XPIN), the server 110 may increment the stored verification failure value.
[00137] Further, as shown in step 780, if the verification failure value reaches or exceeds a predetermined number, i.e., if the received modified code (XPIN) has failed to match the stored modified code (XPIN) more than a predetermined number of times, the server 110 may trigger an alert or any other suitable response, e.g., by temporarily locking the user account associated with the user 130 or the terminal computing device 120, and may send a warning message to the terminal computing device 120.
[00138] Using a verification failure counter at the server 110 may prevent a potential attacker from decrypting the secret by trying a large number of alternative codes, thereby improving the security of the system.
[00139] Further, although the check of verification failure value is performed after the comparison of the received modified code (XPIN) with the retrieved modified code (XPIN), it may alternatively be performed before the comparison step.
[00140] A number of advantages may be provided by transmitting and comparing the modified code (XPIN) rather than the original code (e.g., PIN) inputted by the user 130.
[00141] Firstly, this allows the code entered by the user to remain confidential, and not be transmitted to or stored by server 110, which is particularly advantageous if the user 130 also uses the same code for other computer systems. [00142] Secondly, as no clear text of the code is stored either by the terminal computing device 120 or the server 110, the security of the user's code is improved.
[00143] Thirdly, because the unmodified code is not transmitted, any potential attackers sniffing the data communication traffic between the terminal computing device 120 and the server 110 will not know the user's actual code.
Summary
[00144] According to at least some embodiments, the method and system for providing secure access to secret information described herein may effectively enhance the security of the secret by providing an encryption and decryption mechanism relying on the participation of both the terminal computing device 120 and the server 110. This configuration may reduce or prevent the chance of unauthorised access to the secret from potential attackers attacking one side of the system, i.e., the terminal computing device 120 or the server 110 alone.
[00145] The method and system may further improve the security of the secret by providing one or more of the following advantage:
• the secret may only be decrypted if the user 130 has entered the correct code;
• the number of attempts from potential attackers to gain access to the secret by trying alternative codes may be effectively limited, thereby improving the security against brute-force attacks;
• even when a persistent device state of the terminal computing device 120 is compromised (e.g., via a device backup or file transfer after gaining unfettered access to secure areas of a device), the system may still protect the clear text of the code from unauthorised release;
• an attacker with access to persistent device state (e.g. a full device backup) of the terminal computing device 120 may be prevented from unlocking the secret; and • an attacker who can read the data communication traffic between the terminal computing device 120 and the server 110 may not be able to perform the authentication as the user 130, thereby enhancing the security against man-in-the- middle attack (MITM).
[00146] In the embodiments described hereinbefore, each of the encryption and decryption processes requires one device-server roundtrip. However, in some embodiments, the encryption and/or decryption processes may require more than one device-server roundtrip, e.g., two or three device-server roundtrips. Having more device-server roundtrips may further enhance the security of the system. However, having only one device- server roundtrip may increase the speed of the encryption and decryption processes, thereby providing a better user experience to the user 130 using the terminal computing device 120.
Detailed examples
[00147] An example of an encryption process 800 will now be described in further detail with reference to Fig. 8.
[00148] In this example, the code input by the user is a PIN of 4 or 6 digits, the secret is a private key used in a digital identification verification system for decrypting identity data, and the algorithm for modifying the code to generate the modified code is an iterative key derivation algorithm using Password-Based Key Derivation Function 2 (PBKDF2). Each of the first modifying string (PEK) and the second modifying string (PKS) is a random numeric sequence of 128 bits.
[00149] Accordingly, the encryption process in this example may also be referred to as a "PIN establishment" process.
[00150] The process illustrated in the Fig. 8 assumes a key-pair including a public key and a private key has already been generated by the terminal computing device 120, and the public key has been sent to the server 110. Alternatively, the establishment of the key-pair may be performed during the PIN establishment process, e.g., the public key may be sent to the server 110 together with the modified code (XPIN).
[00151] In response to (or in other non-illustrated embodiments, in preparation for) receiving the PIN from the user, terminal computing device 120 generates and stores a first modifying string (PEK), which is a 128 bit random numeric sequence.
[00152] Next, the terminal computing device 120 stretches the user-entered PIN with the PEK using PBKDF2 to derive a modified code (XPIN).
[00153] The terminal computing device 120 then sends a "set PIN" request, transmitting the XPIN to the server 110.
[00154] The server 110 stores the XPIN, and generates and stores second modifying string (PKS). The PKS is a 128-bit random value.
[00155] The PKS is transmitted to the terminal computing device 120 by the server
110.
[00156] Next, the terminal computing device 120 uses PBKDF2(PEK + XPIN + PKS), to derive a private key encryption key (PKK).
[00157] The private key is then encrypted with the PKK, and the encrypted private key is stored by the terminal computing device 120.
[00158] Corresponding to the encryption process in Fig. 8, an example of a decryption process will now be described in further detail with reference to Fig. 9. The encryption process in this example may also be referred to as a "PIN verification" process.
[00159] First, in order to authorise access to the private key, the user inputs a PIN at the terminal computing device 120.
[00160] The terminal computing device 120 stretches the PIN with the PEK to produce an XPIN.
[00161] Next, the terminal computing device 120 sends the XPIN to the server 110. [00162] The server 110 confirms whether the user account associated with the user or the terminal computing device 120 is in a lock state.
[00163] If the user account is locked, the server 110 returns an error message to the terminal computing device 120.
[00164] If the account is not locked, the server 110 checks the received XPIN, e.g., by comparing the received XPIN with a stored XPIN retrieved from the data store 150.
[00165] If the XPIN received from the terminal computing device 120 does not match the stored XPIN, the server 110 returns an error message to the terminal computing device 120 and increments any appropriate verification failure counters.
[00166] If the XPIN check is successful, the server 110 returns the stored PKS to the terminal computing device 120.
[00167] Upon receiving the PKS, the terminal computing device 120 uses
PBKDF2(PEK + XPIN + PKS) to derive the private key encryption key (PKK).
[00168] The terminal computing device 120 then decrypts the private key with the
PKK.
[00169] The method described hereinbefore may be implemented using an application executing on the terminal computing device 120 (e.g., a mobile phone, a tablet computer, a laptop or desktop computer, or the like). For example, the terminal computing device 120 may be a smart phone, and the method may be implemented using a mobile application installed on the smart phone, as described in further detail as follows.
Mobile application - iOS
[00170] An example of the method implemented by a mobile application (app) executing on an iOS mobile operating system will now be described in further detail. [00171] In this example, the iOS app generates a public and private key-pair in order to secure customer data. The app generates a key-pair on the terminal computing device 120 and then stores one side of the pair (the private key) securely on the terminal computing device 120, and sends the other side (the public key) to the server 110. The code entered by the user is a PIN of 4 or 6 digits.
[Key-pair Generation]
[00172] The iOS mobile operating system provides an API SecKeyGeneratePair to generate RSA key-pairs through the keychain services system framework.
[00173] The SecKeyGeneratePair API may be used with the following parameters:
• kSecAttrKeyType as kSecAttrKeyTypeRSA; and
• kSecAttrKeySizelnBits as 2048.
[00174] Calling this API will return references to SecKey objects for both the private key and the public key.
[00175] The public key is sent to the server 110 for storage, while the private key is encrypted and stored at the terminal computing device 120 using the process described as follows.
[PIN Setup: PIN stretching]
[00176] Using the PIN entered by the user, the iOS app generates a stretched PIN by the following process:
[00177] (1) generating a 16 byte random array of bytes, which is to be used as the first modifying string (PEK), the PEK being stored in the Keychain of the device;
[00178] (2) based on the PIN and salted with the PEK, generating a modified PIN using an iterative key derivation algorithm such as PBKDF2; and [00179] (3) encoding the modified PIN into Base64 characters, this Base64 character sequence constituting the stretched PIN (XPIN), the XPIN being sent to the server 110.
[PIN Setup: Encryption Key Derivation]
[00180] The encryption key used for encrypting the private key is generated by the iOS app using the following process:
[00181] (1) generating a second 16 byte random array of bytes, which is to be used as the second modifying string (PKS), the PKS being generated using the same method as the PEK and only stored at the server 110; and
[00182] (2) generating an encryption key for encrypting the private key using the same
PBKDF2 algorithm based on a concatenation of the XPIN and the PKS, with the PEK as the salt.
[PIN Setup: Encryption of the Private Key]
[00183] The private key is encrypted using the generated encryption key. The encrypted private key is stored in the Keychain of the terminal computing device 120.
[Decryption with PIN]
[00184] In order to authorise use of the private key, the user is required to input their
PIN.
[00185] The app then retrieves the first modifying string (PEK) from the device
Keychain.
[00186] The PIN entered by the user is stretched using the PEK to generate a stretched
PIN (XPIN) in Base64.
[00187] The app sends the generated XPIN to the server 110 to verify the XPIN, and obtains the second modifying string (PKS) if the XPIN is correct. [00188] This PKS is then used to derive the encryption key using the same PBKDF2 algorithm. The app then decrypts the private key, and uses the decrypted private key to decrypt user data, using tools such as JSON Web Encryption (JWE).
[Change PIN]
[00189] The app also allows a user to change the PIN that has already been set.
[00190] When the user changes their PIN, the user is required to input their previously- set PIN.
[00191] The app then retrieves the first modifying string (PEK) and stretches the previous PIN using the PEK to generate a stretched PIN (XPIN) in Base64.
[00192] The app then sends the XPIN to the server 110 to verify the XPIN pin.
[00193] Upon successful verification, the app allows the user to enter their new PIN.
[00194] A new first modifying string (PEK) is then generated to replace the previous first modifying string (PEK), and the new PIN is stretched using this new first modifying string PEK, generating a new stretched PIN (XPIN).
[00195] The new XPIN is then sent to the server 110 for storage.
[Turn ON Touch ID]
[00196] Touch ID is a fingerprint recognition feature provided by iOS devices, such as iPhones since iPhone 5S and iPads since the iPad Air 2.
[00197] The iOS app described herein allows a user to turn on the Touch ID function when a PIN has already be set, using the following process:
[00198] (1) prompting the user to enter their PIN;
[00199] (2) stretching the PIN to generate an XPIN using the PIN stretching process as described hereinbefore; [00200] (3) sending the XPIN to the server 110 for verification;
[00201] (4) upon successful verification, storing the XPIN on the device keychain protected by Touch ID.
[PIN Setup with Touch ID]
[00202] The app also allows the user to setup a new PIN when the Touch ID function is turned on, using the same process of setting up a new PIN as described hereinbefore. However, when setting up a new PIN with the Touch ID function on, the stretched pin (XPIN) generated will be stored in the device keychain, protected by Touch ID.
[Decryption with Touch ID]
[00203] When the Touch ID function is turned on, the user needs to input their fingerprint to retrieve the stretched pin (XPIN) from the keychain.
[00204] The app then sends the retrieved XPIN to the server 110 to verify the XPIN, and obtains the second modifying string (PKS) if the XPIN is correct.
[00205] In some embodiments, using Touch ID to obtain the XPIN may be restricted to a predetermined period of time, for example, 6 hours, 12 hours or one day after the PIN has been entered. If this period of time has passed since the last entry of the PIN, the user may be required to enter the PIN to allow the description process to be performed. This may ensure that the user uses their PIN periodically, thereby reducing the chance that the user forgets their PIN.
[Change PIN using Touch ID]
[00206] When the user changes their PIN, the user is required to input their fingerprint to retrieve the stretched PIN (XPIN) from the keychain.
[00207] The app performs the same steps as in the workflow described hereinbefore.
[00208] Upon successful PIN change, the new stretched pin (XPIN) is stored on the device keychain, protected by Touch ID. [Turn OFF Touch ID]
[00209] When the user turns the Touch ID function off, the stretched PIN (XPIN) will be deleted from the device keychain.
Mobile application - Android
[00210] An example of the method being implemented by a mobile application (app) executing on a mobile device running an Android mobile operating system will now be described in further detail, with reference to Figs. 10 - 12.
[00211] In this example, the Android app generates a public and private key-pair in order to secure customer data. The app generates a key-pair on the terminal computing device 120 and then stores one side of the pair (i.e., the private key) securely on the terminal computing device 120, and sends the other side (i.e., the public key) to the server 110. The code input by the user is a PIN of 4 or 6 digits.
[00212] The process of key-pair generation, PIN stretching, encryption key derivation, encryption of the private key, and decryption with PIN may be similar to the corresponding processes in the iOS app as described above.
[00213] Some Android devices provide biometric authentication functions, such as fingerprint authentication. The app may allow the stretched PIN to be stored in a secure data store of the device protected by biometric authentication, such as fingerprint authentication.
[00214] When using fingerprint authentication, the stretched pin generated in step 2 above is stored encrypted on the device, e.g., in a Keystore of the device protected by fingerprint authentication. The public key and the encrypted private key may be stored in the Keystore of the device too, protected by fingerprint authentication.
[PIN setup with fingerprint authentication] [00215] The app may allow a user to set up a new PIN with fingerprint authentication using the following process:
[00216] (1) generating a key pair and storing it in the Key store in a manner that the public key is always available while the private key is only available during the fingerprint manager authentication callback;
[00217] (2) stretching the PIN entered by a user to generate a stretched PIN (XPIN), and encrypting the XPIN using the public key; and
[00218] (3) performing the encryption key derivation process as described above, and encrypting the private key using the encryption key.
[Decryption with fingerprint authentication]
[00219] The decryption of the private key with the fingerprint authentication function turned on is performed using the following process:
[00220] (1) receiving a cipher bound to the protected private key when a fingerprint manager authentication success callback is invoked;
[00221] (2) using the cipher to decrypt the encrypted stretched pin (XPIN), sending the
XPIN to the server 110 for verification, and in turn obtaining a copy of the second modifying string (PKS);
[00222] (3) performing the encryption key derivation process as described hereinbefore; and
[00223] (4) decrypting the private key using the encryption key generated, wherein the decrypted private key may be used to decrypt user data, using techniques such as JSON Web Encryption (JWE), or signing a JSON Web Token (JWT) to establish a new session with the server 110. [00224] Exemplary processes of setting a PIN, verifying the PIN and changing the PIN in the Android app are illustrated in Figs. 10 - 12. In these examples, the terminal computing device 120 is a mobile device operating in an Android operation system.
[00225] As shown in Fig. 10, in order to setup the PIN, the user enters the PIN on the mobile device, and is required to repeat the pin once for confirmation.
[00226] Upon receiving the PIN, the mobile device generates a 128bit random sequence as the PEK, which is subsequently stored in secure data storage of the mobile device.
[00227] The mobile device then uses the PBKDF2 algorithm to stretch the PIN to generate XPIN = PBKDF2 (PIN, PEK).
[00228] Next, the mobile device generates another 128bit random sequence as the
PKS, which will be sent to the server 110 for storage.
[00229] Using the generated PEK and PKS, together with the PIN entered by the user, the mobile device generates a private key encryption key using the PBKDF2 algorithm, and encrypts the private key using this encryption key.
[00230] The encrypted private key is stored in the devices' secured data storage.
[00231] The mobile device then sends the XPIN, the PKS together with a device identification (device ID) of the mobile device to the server 110, the device ID being a distinctive alphanumeric sequence or number uniquely associated with a mobile phone or similar terminal device, e.g., the unique device ID number for an iOS device, or the Android device ID for an Android device.
[00232] In some embodiments, a unique identifier associated with the device may be used, rather than the existing device ID for the mobile device. The unique identifier may be, for example, an encrypted ID generated based on the device ID or a hardware serial numbers of the device. As the existing device ID (such as the iOS unique device ID number or the Android device ID) may be shared by a plurality of applications executing on the mobile device, using a specially generated unique identifier may enhance the security of the encryption and decryption mechanism.
[00233] The server 110 checks whether there is already a stored XPIN associated with the device ID, which indicates whether the PIN of the device has previously been set.
[00234] If the PIN of the device has not been set, the server 110 stores the XPIN, and returns a message to the mobile device, indicating that the PIN setting is successful. The mobile device then deletes its copy of the PKS.
[00235] If the PIN has already been set, the server 110 returns an error message to the mobile device, notifying the mobile device that the PIN setting has failed.
[00236] As shown in Fig. 11, in the PIN verification process, the user first inputs the
PIN to the mobile device.
[00237] Accordingly, the mobile device retrieves the stored PEK, and uses the
PBKDF2 algorithm to stretch the PIN to generate an XPIN = PBKDF2 (PIN, PEK).
[00238] The mobile device then sends the XPIN together with the device ID to the server 110.
[00239] Upon receiving the XPIN, the server 110 checks whether this XPIN matches the stored XPIN associated with the device ID.
[00240] If the two XPINs match, the server 110 returns a message to the mobile device, which includes the PKS stored at the server 110.
[00241] If the XPIN received from the mobile device does not match the stored XPIN, the server returns an error message, notifying the mobile device that the PIN verification has failed.
[00242] The server 110 also maintains a PIN verification failure counter, which indicates the number of times that the PIN verification is unsuccessful. The server 110 increments the counter every time the PIN verification fails, and locks the user account when the value of the counter reaches or exceeds a predetermined threshold value.
[00243] Upon a successful XPIN verification at the server 110, the mobile device uses the PEK and the XPIN, together with the PKS received from the server 110, to generate a private key encryption key using the PBKDF2 algorithm, and decrypts the private key using this private key encryption key.
[00244] As shown in Fig. 12, to update a PIN, the user is required to enter the previously set old PIN and the new PIN to the mobile device.
[00245] The mobile device retrieves the stored old PEK, and uses the PBKDF2 algorithm to stretch the old PIN to generate the old XPIN = PBKDF2 (old PIN, old PEK).
[00246] The mobile device then generates a 128bit random sequence as the new PEK, which will be subsequently stored in secure data storage of the mobile device if the PIN changing is successful.
[00247] The mobile device also uses the PBKDF2 algorithm to stretch the new PIN to generate a new XPIN = PBKDF2 (new PIN, new PEK), and generates another 128bit random sequence as the new PKS.
[00248] The mobile device then sends the old XPIN, the new XPIN, the new PKS, together with the device ID to the server 110.
[00249] The server checks whether the received old XPIN matches the stored XPIN associated with the device ID.
[00250] If the old XPIN matches the stored XPIN, the server 110 stores the new XPIN and the new PKS, and returns a message to the mobile device, which includes the old PKS stored at the server 110.
[00251] If the old XPIN received from the mobile device does not match the stored
XPIN, the server returns an error message, notifying the mobile device that the PIN verification has failed. [00252] The server 110 also maintains a PIN verification failure counter, which indicates the number of times that the PIN verification has failed. The server 110 increments the counter every time the PIN verification fails, and locks the user account when the value of the counter reaches a predetermined threshold value.
[00253] Upon a successful XPIN verification at the server 110, the mobile device stores the new PEK in the secure data storage of the mobile device, and uses the old PEK and the old XPIN, together with the old PKS received from the server 110 to generate an old private key encryption key using the PBKDF2 algorithm, and decrypts the private key using this old private key encryption key.
[00254] Next, the mobile device uses the new PEK, the new XPIN, and the new PKS to generate a new private key encryption key using the PBKDF2 algorithm, and re-encrypts the private key using this new private key encryption key. The new private key encryption key may be generated using the same algorithm as the previous private key encryption key.
[00255] Referring back to Fig. 1, in practice, the communications network 140 in Fig.
1 may take any appropriate form, such as the Internet and/or one or a number of local area networks (LANs). In practice, the various devices and data stores may communicate via any appropriate mechanism, such as via wired or wireless connections, including, but not limited to mobile networks, private networks, such as an 802.11 network, the Internet, LANs, WANs, as well as via direct or point-to-point connections, such as Bluetooth.
[00256] An example of a suitable server 110 of Fig. 1 is shown in Fig. 13.
[00257] In this example, the server 110 includes at least one processor 1310, a memory
1320, an external input/output interface 1330, and an input/output device 1340 such as a keyboard and/or a display, interconnected via a bus 1350 as shown. The external interface 1330 may be utilised for connecting the server 110 to peripheral devices and/or networks, such as the communications network 140 and the local or remote data store 150. Although a single external interface 1330 is shown, this is for the purpose of example only, and in practice multiple interfaces using various methods (e.g. Ethernet, serial, USB, wireless or the like) may be provided. [00258] In use, the processor 1310 may execute instructions in the form of applications software stored in the memory 1320 to allow the required processes to be performed, including: communicating with the terminal computing device 120, the local or remote data storage 150, and other suitable databases or devices, and performing the encryption (code setting) and decryption (code verification) workflows as described hereinbefore. The applications software may include one or more software modules, and may be executed in a suitable execution environment, such as an operating system environment, or the like.
[00259] Accordingly, it will be appreciated that the server 110 may be formed from any suitable processing system, such as a suitably programmed computer system, PC, web server, network server, or the like. In one example, the server 110 is a standard processing system such as an Intel Architecture based processing system, which executes software applications stored on non-volatile (e.g., hard disk) storage, although this is not essential. However, it will also be understood that the processing system could be any electronic processing device such as a microprocessor, microchip processor, logic gate configuration, firmware optionally associated with implementing logic such as an FPGA (Field Programmable Gate Array), or any other electronic device, system or arrangement.
[00260] An example of a suitable terminal computing device 120 of Fig. 1 is shown in
Fig. 14.
[00261] In this example, the terminal computing device 120 includes at least one microprocessor 1410, a memory 1420, an output device 1430, an input device 1440, and an external input/output interface 1450, interconnected via a bus 1460 as shown. The terminal computing device 120 may further include a biometric defection module, such as a fingerprint scanning module 1470. The external interface 1450 may be utilised for connecting the terminal computing device 120 to peripheral devices and/or networks, such as the server 110, the communications network 140, any other suitable servers, data stores or the like. Although a single external interface 1450 is shown, this is for the purpose of example only, and in practice multiple interfaces using various methods (e.g. Ethernet, serial, USB, wireless or the like) may be provided. [00262] In use, the microprocessor 1410 executes instructions in the form of applications software stored in the memory 1420 to allow communication with the server 110, and to perform the encryption (code setting) and decryption (code verification) workflows as described hereinbefore. The applications software may include one or more software modules, and may be executed in a suitable execution environment, such as an operating system environment, or the like.
[00263] Accordingly, it will be appreciated that the terminal computing device 120 may be formed from any suitable processing system, such as a mobile phone (e.g., a smart phone), a portable computer, a tablet computer, or the like.
[00264] The reference in this specification to any prior publication (or information derived from it), or to any matter which is known, is not, and should not be taken as an acknowledgment or admission or any form of suggestion that that prior publication (or information derived from it) or known matter forms part of the common general knowledge in the field of endeavour to which this specification relates.
[00265] Many modifications will be apparent to those skilled in the art without departing from the scope of the present invention as hereinbefore described with reference to the accompanying drawings.

Claims

THE CLAIMS DEFINING THE INVENTION ARE AS FOLLOWS:
1. A computer-implemented method executed at a terminal computing device, the method including the steps of:
receiving input of a code from a user;
generating and storing a first modifying string;
modifying the code using the first modifying string to generate a modified code having a length greater than the code before modification;
sending the modified code to a server;
obtaining a second modifying string;
generating an encryption key using at least the first modifying string and the second modifying string; and
encrypting a secret using the encryption key.
2. The method of claim 1, wherein the encryption key is generated further based on the code or the modified code.
3. The method of claim 1 or 2, wherein obtaining the second modifying string includes: receiving the second modifying string from the server.
4. The method of claim 1 or 2, wherein obtaining the second modifying string includes: generating a second modifying string; and
sending the second modifying string to the server.
5. The method as claimed in any one of the preceding claims, wherein the code is one of:
a personal identification number;
a password;
a passphrase; or
a lock pattern.
6. The method as claimed in any one of the preceding claims, wherein the first modifying string is a random sequence.
7. The method as claimed in any one of the preceding claims, wherein the first modifying string is stored at a storage location accessible by the terminal computing device.
8. The method as claimed in any one of the preceding claims, wherein the second modifying string is a random sequence.
9. The method as claimed in any one of the preceding claims, wherein the second modifying string is stored at a storage location accessible by the server.
10. The method as claimed in any one of the preceding claims, wherein the secret is a private key of a key-pair.
11. The method of claim 10, wherein the private key can be used to decrypt identity data of the user.
12. The method as claimed in any one of the preceding claims, wherein the modified code has a length greater than 50 times the length of the code before modification.
13. The method as claimed in any one of the preceding claims, wherein modifying the code to generate the modified code includes:
generating the modified code by using an iterative key derivation algorithm, based on the code and the first modifying string.
14. The method as claimed in any one of the preceding claims, wherein generating the encryption key includes:
generating encryption key by using an iterative key derivation algorithm based on at least the first modifying string and the second modifying string.
15. The method of claim 13 or 14, wherein the iterative key derivation algorithm is PBKDF2.
16. The method as claimed in any one of the preceding claims, further including:
storing the modified code in a secure storage location of a device, accessible only after authentication of a user using a biometric authentication mechanism.
17. The method as claimed in any one of the preceding claims, further including the steps of:
receiving input of a second code from a user ;
retrieving the stored first modifying string;
modifying the second code using the first modifying string to generate a second modified code having a length greater than the second code before modification;
sending the second modified code to the server;
receiving the second modifying string from the server;
generating a second encryption key using at least the first modifying string and the second modifying string; and
decrypting the encrypted secret using the second encryption key.
18. A computer-implemented method, the method including the steps of:
receiving input of a code from a user;
retrieving a stored first modifying string;
modifying the code using the first modifying string to generate a modified code having a length greater than the code before modification;
sending the modified code to the server;
receiving a second modifying string from the server;
generating an encryption key using at least the first modifying string and the second modifying string; and
decrypting an encrypted secret using the encryption key.
19. The method of claim 18, wherein the encryption key is generated further based on the code or the modified code.
20. The method of claim 18 or 19, wherein the code is one of:
a personal identification number;
a password;
a passphrase; or
a lock pattern.
21. The method of any one of claims 18 - 20, wherein the first modifying string is a random sequence.
22. The method of any one of claims 18 - 21, wherein the first modifying string is retrieved from a storage location accessible by the terminal computing device.
23. The method of any one of claims 18 - 22, wherein the second modifying string is a random sequence.
24. The method of any one of claims 18 - 23, wherein the secret is a private key of a key- pair.
25. The method of claim 24, wherein the private key can be used to decrypt identity data of the user.
26. The method of any one of claims 18 - 25, wherein the modified code has a length greater than 50 times the length of the code before modification.
27. The method of any one of claims 18 - 26, wherein modifying the code to generate the modified code includes:
generating the modified code by using an iterative key derivation algorithm, based on the code and the first modifying string.
28. The method of any one of claims 18 - 27, wherein generating the encryption key includes:
generating encryption key by using an iterative key derivation algorithm based on at least the first modifying string and the second modifying string.
29. The method of claim 27 or 28, wherein the iterative key derivation algorithm is PBKDF2.
30. A computer-implemented method, the method including the steps of:
receiving a modified code from a terminal computing device, the modified code being generated based on a user-entered code and a first modifying string, and having a length greater than the code before modification;
storing the modified code;
storing a second modifying string; and
sending the second modifying string to the terminal computing device.
31. The method of claim 30, wherein the code is one of:
a personal identification number;
a password;
a passphrase; or
a lock pattern.
32. The method of claim 30 or 31, wherein the first modifying string is a random sequence.
33. The method of any one of claims 30 - 32, wherein the second modifying string is a random sequence.
34. The method of any one of claims 30 - 33, wherein the modified code has a length greater than 50 times the length of the code before modification.
35. A computer-implemented method, the method including the steps of: receiving a modified code from a terminal computing device, the modified code being generated based on a user-entered code and a first modifying string, and having a length greater than the code before modification;
retrieving a stored modified code;
comparing the received modified code with the retrieved modified code; and if the received modified code matches the retrieved modified code:
retrieving a stored second modifying string; and
sending the second modifying string to the terminal computing device.
36. The method of claim 35, further including the step of:
if the received modified code does not match the retrieved modified code, incrementing a stored verification failure value.
37. The method of claim 36, further including the step of:
triggering an alert if the verification failure value exceeds a predetermined number.
38. The method of any one of claims 35 - 37, wherein the code is one of:
a personal identification number;
a password;
a passphrase; or
a lock pattern.
39. The method of any one of claims 35 - 38, wherein the first modifying string is a random sequence.
40. The method of any one of claims 35 - 39, wherein the second modifying string is a random sequence.
41. The method of any one of claims 35 - 40, wherein the modified code has a length greater than 50 times the length of the code before modification.
42. A system for providing secure access to secret information, the system including one or more electronic processing devices configured to:
receive input of a code from a user;
generate and storing a first modifying string;
modify the code using the first modifying string to generate a modified code having a length greater than the code before modification;
send the modified code to a server;
obtain a second modifying string;
generate an encryption key using at least the first modifying string and the second modifying string; and
encrypt a secret using the encryption key.
43. A system for providing secure access to secret information, the system including one or more electronic processing devices configured to:
receive input of a code from a user;
retrieve a stored first modifying string;
modify the code using the first modifying string to generate a modified code having a length greater than the code before modification;
send the modified code to the server;
receive a second modifying string from the server;
generate an encryption key using at least the first modifying string and the second modifying string; and
decrypt an encrypted secret using the encryption key.
PCT/AU2018/050431 2017-06-23 2018-05-10 Method and system for providing secure access to secret information WO2018232442A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2018286642A AU2018286642A1 (en) 2017-06-23 2018-05-10 Method and system for providing secure access to secret information

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2017902439A AU2017902439A0 (en) 2017-06-23 Method and system for providing secure access to secret information
AU2017902439 2017-06-23

Publications (1)

Publication Number Publication Date
WO2018232442A1 true WO2018232442A1 (en) 2018-12-27

Family

ID=64735393

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2018/050431 WO2018232442A1 (en) 2017-06-23 2018-05-10 Method and system for providing secure access to secret information

Country Status (2)

Country Link
AU (1) AU2018286642A1 (en)
WO (1) WO2018232442A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726503A (en) * 2021-07-12 2021-11-30 国网山东省电力公司信息通信公司 Method and system for protecting web interaction information

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100208889A1 (en) * 2009-02-13 2010-08-19 Microsoft Corporation Two-party storage of encrypted sensitive information
EP2741444A1 (en) * 2012-12-10 2014-06-11 Gemalto SA Method for server assisted keystore protection
US20150178515A1 (en) * 2013-12-23 2015-06-25 Symantec Corporation Device-based pin authentication process to protect encrypted data

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100208889A1 (en) * 2009-02-13 2010-08-19 Microsoft Corporation Two-party storage of encrypted sensitive information
EP2741444A1 (en) * 2012-12-10 2014-06-11 Gemalto SA Method for server assisted keystore protection
US20150178515A1 (en) * 2013-12-23 2015-06-25 Symantec Corporation Device-based pin authentication process to protect encrypted data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113726503A (en) * 2021-07-12 2021-11-30 国网山东省电力公司信息通信公司 Method and system for protecting web interaction information
CN113726503B (en) * 2021-07-12 2023-11-14 国网山东省电力公司信息通信公司 Method and system for protecting web interaction information

Also Published As

Publication number Publication date
AU2018286642A1 (en) 2020-02-13

Similar Documents

Publication Publication Date Title
US10454691B2 (en) Systems implementing hierarchical levels of security
US7178025B2 (en) Access system utilizing multiple factor identification and authentication
US6950523B1 (en) Secure storage of private keys
US20170142082A1 (en) System and method for secure deposit and recovery of secret data
US10771467B1 (en) External accessibility for computing devices
EP2339777A2 (en) Method of authenticating a user to use a system
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
GB2543726B (en) Password-based generation and management of secret cryptographic keys
KR102510785B1 (en) Methods and systems for safely transmitting data
US20130097427A1 (en) Soft-Token Authentication System
WO2015108410A1 (en) Secure login without passwords
Dua et al. Replay attack prevention in Kerberos authentication protocol using triple password
US20230038949A1 (en) Electronic signature system and tamper-resistant device
US11677546B2 (en) Methods and systems of securely transferring data
Dowling et al. Secure messaging authentication against active man-in-the-middle attacks
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
US8806216B2 (en) Implementation process for the use of cryptographic data of a user stored in a data base
Gupta et al. Implementing high grade security in cloud application using multifactor authentication and cryptography
JP6174796B2 (en) Security system, management device, permission device, terminal device, security method, and program
WO2018232442A1 (en) Method and system for providing secure access to secret information
CN110768792B (en) Main key generation method, device and encryption and decryption method for sensitive security parameters
WO2018203902A1 (en) Assuring external accessibility for devices on a network
KR100842014B1 (en) Accessing protected data on network storage from multiple devices
CN115280813A (en) Interactive authentication method, device and system, computer equipment and readable storage medium
CN118233218A (en) Remote authentication system and method based on distributed trusted execution environment application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18820991

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018286642

Country of ref document: AU

Date of ref document: 20180510

Kind code of ref document: A

122 Ep: pct application non-entry in european phase

Ref document number: 18820991

Country of ref document: EP

Kind code of ref document: A1