WO2019066640A1 - Procédé de transfert hors ligne sécurisé de documents par l'intermédiaire d'un code à barres bidimensionnel dynamique - Google Patents
Procédé de transfert hors ligne sécurisé de documents par l'intermédiaire d'un code à barres bidimensionnel dynamique Download PDFInfo
- Publication number
- WO2019066640A1 WO2019066640A1 PCT/MY2018/050061 MY2018050061W WO2019066640A1 WO 2019066640 A1 WO2019066640 A1 WO 2019066640A1 MY 2018050061 W MY2018050061 W MY 2018050061W WO 2019066640 A1 WO2019066640 A1 WO 2019066640A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile device
- signed
- timestamp
- barcode
- data
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
Definitions
- the invention relates to a document transfer method. More particularly, the invention relates to a secured offline document transfer via dynamic two-dimensional barcode.
- Two-dimensional (2D) barcodes comes in the shape of squares or rectangles that contain many small and individual dots.
- a single 2D barcode can hold a significant amount of information and may remain legible even when printed at a small size or etched onto a product.
- 2D barcodes are widely used in the industries of manufacturing, warehousing, logistics and healthcare for data transmitting purpose.
- it is a risk to share documents such as sensitive client and patient information where the encrypted information is not secured and can be decode by anyone with a barcode scanner. Therefore, it is crucial to provide a secure yet accessible document sharing method which can be applied widely in any industries.
- the main objective of the invention is to provide a method for secure transmission of data between two mobile devices via at least one 2D barcode comprising the steps of encrypting a timestamp using a sender private key to form a signed timestamp by a first mobile device, converting a signed data block and the signed timestamp into at least one 2D barcode by the first mobile device; wherein the signed data block includes a data and a sender public key pre-signed by a first private key, displaying the 2D barcode by the first mobile device on a display unit for a second mobile device to scan and retrieve the 2D barcode, retrieving the signed data block and the signed timestamp by decoding the 2D barcode by the second mobile device, decoding the signed data block using a first public key to retrieve and verify the data and the sender public key by the second mobile device, decoding the signed timestamp using the verified sender public key to retrieve and verify the timestamp by the second mobile device and authenticating the validity of the data by determining if the current time falls within range
- the data block is pre-signed by the steps of generating an asymmetric key pair which includes the sender private key and the sender public key by the first mobile device, transmitting the sender public key to a trusted party server by the first mobile data, encrypting the data and the sender public key using the first private key to form the signed data block by the trusted party server and transmitting the signed data block to the first mobile device by the trusted party server.
- the timestamp is a preset range of time for determining the validity of data.
- the mobile device further comprises means for establishing communication link with the trusted party server and the second mobile device.
- the mobile device further comprises built in mobile application or third party mobile application for facilitating the communication between the trusted party server and the mobile devices.
- Figure 1 is a flowchart illustrating the method for offline document transfer via
- Figure 2 is a diagram illustrating the enrolment of new sending mobile device.
- the invention provides a computer-implemented method and system to transfer any confidential data from one mobile device into multiple mobile devices via a 2D barcode as the method limits the validity period of the transferred confidential data such that the cloning of the confidential data is prevented.
- the 2D barcode is preferably an Aztec Code, QR code, AR code, NexCode or any combination thereof.
- the confidential data includes social security number, credit card number, driver's license number, bank account number, protected health information or any combination thereof.
- the transferring of the confidential data is further protected by integrity validation and non-repudiation through signature verification between the sending and receiving devices.
- the system is built up by a server and a plurality of mobile devices being linked together via a communication network.
- the server may comprises one or more heavy duty computers for processing the received data and transferring the received data to the mobile devices through the communication network, and any known devices or group of devices to provide sufficient capacity for data storing.
- the mobile device is a personal digital assistants (PDA), smart phones, tablets, laptops, netbooks, phablets, phoblets, iPad, or any suitable means which capable of processing data, displaying data and scanning 2D barcode.
- PDA personal digital assistants
- the mobile devices are categorised into two types, sender mobile devices and recipient mobile devices.
- Each sender mobile device is installed with a mobile application which is capable of encoding 2D-barcode containing sensitive information
- each recipient mobile device is installed with a mobile application which is capable of scanning and decoding the 2D-barcode from the sender mobile device.
- Graphical User Interface is also provided to the types of mobile devices through the application for user to trigger a mode of operation.
- the communication network is preferably a wireless network which may include but is not limited to a Code Division Multiple Access (CDMA) network, a General Packet Radio Service (GPRS) network for use in conjunction with Global System for Mobile Communication (GSM) network, and future third-generation (3G) network like Enhanced Data rates for GSM Evolution (EDGE) and Universal Mobile Telecommunications System (UMTS).
- CDMA Code Division Multiple Access
- GPRS General Packet Radio Service
- GSM Global System for Mobile Communication
- 3G Third-generation
- EDGE Enhanced Data rates for GSM Evolution
- UMTS Universal Mobile Telecommunications System
- a new sending mobile device 100 generates an asymmetric key pair, the key pair includes a sender private key and a sender public key.
- the new sending mobile device 100 transmits the sender public key to a trusted party server for signing.
- the trusted party server encrypts a data and the sender public key using a trusted party private key to form a signed data block.
- the trusted party server transmits the signed data block back to the new sending mobile device 100 for the further data transferring process to be carried out.
- the method can be split into an encoding process and a decoding process.
- the encoding process includes the following steps.
- a sending mobile device 100 encrypts a timestamp using a sender private key to form a signed timestamp.
- timestamp is refer to a preset range of time for the mobile device to determine the validity of data transferred.
- the sending mobile device 100 converts a signed data block and timestamp into at least one 2D barcode, wherein the signed data block includes a data 200 and a sender public key pre-signed by the sender private key.
- step 203 the sending mobile device 100 displays the 2D barcode on a display unit for a receiving mobile device to scan and retrieve the 2D barcode.
- the step 203 is where the encoding process ends and the starting of the decoding process.
- step 204 the receiving mobile device retrieve the signed data block and the signed timestamp by decoding the 2D barcode.
- steps 205 and 206 the receiving mobile device decodes the signed timestamp using the trusted party public key to retrieve and verify the data 200 and the sender public key.
- step 207 the receiving mobile device decodes the signed timestamp using the verified sender public key to retrieve and verify the timestamp.
- step 208 the receiving mobile device authenticates the validity of the data by determining if the current time falls within range of the verified timestamp.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
La présente invention concerne un procédé de transmission sécurisée de données (200) entre deux dispositifs mobiles par l'intermédiaire d'au moins un code à barres 2D qui comprend : un premier dispositif mobile générant (201) un indicateur temporel signé à l'aide d'une clé privée d'expéditeur ; la conversion (202) d'un bloc de données signé et de l'indicateur temporel signé en au moins un code à barres 2D ; le bloc de données signé comprend des données et une clé publique d'expéditeur pré-signée par une première clé privée ; l'affichage (203) du code à barres 2D sur une unité d'affichage pour un second dispositif mobile afin de balayer et de récupérer le code à barres 2D ; la récupération (204), par le second dispositif mobile, du bloc de données signé et l'indicateur temporel signé par décodage du code à barres 2D ; le décodage (205, 206) du bloc de données signé utilisant une première clé publique afin de récupérer et vérifier les données et la clé publique d'expéditeur ; le décodage (207) de l'indicateur temporel signé à l'aide de la clé publique d'expéditeur vérifiée afin de récupérer et vérifier l'indicateur temporel.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MYPI2017703693 | 2017-09-29 | ||
MYPI2017703693 | 2017-09-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019066640A1 true WO2019066640A1 (fr) | 2019-04-04 |
Family
ID=65901862
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/MY2018/050061 WO2019066640A1 (fr) | 2017-09-29 | 2018-09-26 | Procédé de transfert hors ligne sécurisé de documents par l'intermédiaire d'un code à barres bidimensionnel dynamique |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2019066640A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114448714A (zh) * | 2022-02-25 | 2022-05-06 | 百果园技术(新加坡)有限公司 | 数据加密解密方法、装置、设备和存储介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130126619A1 (en) * | 2011-11-18 | 2013-05-23 | Unisys Corporation | Method and system for certifying contact information |
US20170255805A1 (en) * | 2016-03-07 | 2017-09-07 | ShoCard, Inc. | Transferring Data Files Using a Series of Visual Codes |
-
2018
- 2018-09-26 WO PCT/MY2018/050061 patent/WO2019066640A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130126619A1 (en) * | 2011-11-18 | 2013-05-23 | Unisys Corporation | Method and system for certifying contact information |
US20170255805A1 (en) * | 2016-03-07 | 2017-09-07 | ShoCard, Inc. | Transferring Data Files Using a Series of Visual Codes |
Non-Patent Citations (1)
Title |
---|
ANONYMOUS: "Certificate Authority", WIKIPEDIA, 23 September 2017 (2017-09-23), XP055586048, Retrieved from the Internet <URL:https://en.wikipedia.org/w/index.php?title=Certificate_authority&otdid=802065569#Emple> [retrieved on 20181211] * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114448714A (zh) * | 2022-02-25 | 2022-05-06 | 百果园技术(新加坡)有限公司 | 数据加密解密方法、装置、设备和存储介质 |
CN114448714B (zh) * | 2022-02-25 | 2024-02-13 | 百果园技术(新加坡)有限公司 | 数据加密解密方法、装置、设备和存储介质 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111079128B (zh) | 一种数据处理方法、装置、电子设备以及存储介质 | |
CN105099692B (zh) | 安全校验方法、装置、服务器及终端 | |
JP2018516030A (ja) | ブロックチェーンを使用するid管理サービス | |
EP2961094A1 (fr) | Système et procédé pour générer un nombre aléatoire | |
CN105450395A (zh) | 一种信息加解密处理方法及系统 | |
Purnomo et al. | Mutual authentication in securing mobile payment system using encrypted QR code based on public key infrastructure | |
CN102073977A (zh) | 数字签名的生成和验证方法、设备及系统 | |
CN110771190A (zh) | 对数据的控制访问 | |
CN104243149A (zh) | 加、解密方法,装置和服务器 | |
US11882214B2 (en) | Technique for cryptographic document protection and verification | |
KR102567737B1 (ko) | 보안 메시지 서비스 제공 방법 및 이를 위한 장치 | |
US20220114596A1 (en) | Method, apparatus, and system for transmitting and receiving information by using qr code | |
CN111161056A (zh) | 一种提高数字资产交易安全性的方法、系统及设备 | |
US20140298014A1 (en) | Systems and methods for establishing trusted, secure communications from a mobile device to a multi-function device | |
EP3921774A1 (fr) | Chiffrement de contenu et déchiffrement sur place à l'aide d'un texte chiffré visuellement | |
US10552618B2 (en) | Method and apparatus for transmission of visually encoded data | |
CN103813321B (zh) | 一种基于协商密钥的数据处理方法和手机 | |
Murkute et al. | Online banking authentication system using qr-code and mobile OTP | |
CN110175471B (zh) | 一种档案的存储方法及系统 | |
CN104868994A (zh) | 一种协同密钥管理的方法、装置及系统 | |
WO2019066640A1 (fr) | Procédé de transfert hors ligne sécurisé de documents par l'intermédiaire d'un code à barres bidimensionnel dynamique | |
Song et al. | Security improvement of an RFID security protocol of ISO/IEC WD 29167-6 | |
CN110011808B (zh) | 具有保护数位签章机制的方法及系统与伺服器 | |
CN112560050A (zh) | 安全的电子证件颁发方法、装置、终端设备及存储介质 | |
EP1691502A1 (fr) | Procede d'emission/reception d'informations cryptees |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18860383 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18860383 Country of ref document: EP Kind code of ref document: A1 |