WO2021062453A1 - End-to-end encrypted information exchange system, without the need of a trusted third party, associated process and program - Google Patents

End-to-end encrypted information exchange system, without the need of a trusted third party, associated process and program Download PDF

Info

Publication number
WO2021062453A1
WO2021062453A1 PCT/ZA2020/050052 ZA2020050052W WO2021062453A1 WO 2021062453 A1 WO2021062453 A1 WO 2021062453A1 ZA 2020050052 W ZA2020050052 W ZA 2020050052W WO 2021062453 A1 WO2021062453 A1 WO 2021062453A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
encrypted
password
key
Prior art date
Application number
PCT/ZA2020/050052
Other languages
French (fr)
Inventor
Remy EISENSTEIN
Original Assignee
Token Economics
Van Der Walt, Louis Stephanus
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Token Economics, Van Der Walt, Louis Stephanus filed Critical Token Economics
Publication of WO2021062453A1 publication Critical patent/WO2021062453A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/18Commands or executable codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Definitions

  • the current invention is related to the information exchange of computing systems between several persons, in particular messaging systems.
  • the invention is particularly aimed at securing these systems to prevent user information and transmitted information from being accessible to malicious persons.
  • the invention furthermore relates to a computer process and a program for this purpose.
  • US document 2002/129238 A1 discloses a secure and reliable document transmission system using routing lists. This document proposes to use a password to secure the document.
  • a password to secure the document.
  • such a system is not fully satisfactory because it stores all sensitive information on its servers or with a trusted third party. If the server and/or the trusted third party were to be forced, third parties would have access to the passwords and thus to the sensitive information, such as the documents to be transmitted.
  • US document 2015/199528 A1 discloses a data storage system using a secret key. In the same way, this system, although it proposes a password, is vulnerable in case of server forcing.
  • a first objective of the invention is to propose an improved system and process that does not store any data in clear text and does not use a trusted third party.
  • a second objective is to improve the security of identification and password change.
  • the invention proposes an information exchange system, in particular a remote messaging system including:
  • said module is configured to decrypt said information based on user data, in particular a user password.
  • the system is configured to transmit the encrypted password and preferably the encrypted private key to the server.
  • the invention does not require a trusted third party storing unencrypted data because the validly registered user has the necessary elements to decrypt the messages exchanged, in particular his password. Moreover, server data are not readable in clear text in case of forcing.
  • the invention allows the encryption and decryption of information exchanged between two or more persons from their respective web browsers in such a way that no unencrypted confidential information is transmitted to a third party.
  • system further includes at least one module for encrypting/decrypting user data, preferably configured to
  • encrypt the user password especially in SHA256;
  • said module for encrypting said information is configured to
  • said module for decrypting said information is configured to
  • the user's private key is encrypted with the user's password and said module for decrypting said information is configured to decrypt the user's private key with the user's password.
  • the invention further relates to a method for remote information exchange, in particular remote messaging, comprising steps for implementing the modules of a system according to the invention.
  • the invention also relates to a method for remote information exchange, in particular remote messaging, comprising at least one of the following steps, in particular on a web application such as a browser
  • . preferably encode the entered password, especially in SHA256; . if the user is registered, transmit his private key being in particular encrypted, and his public key;
  • encrypt the new password especially in SHA256.
  • Another object of the invention relates to a computer program product comprising portions of program code recorded on a medium usable in a control unit, for implementing the modules of a system according to the invention or the steps of a process according to the invention, when executed by the control unit.
  • the invention further carries a server configured for a system according to the invention or to implement a process according to the invention.
  • Another object of the invention relates to an application, such as a browser, configured for a system according to the invention or to implement a process according to the invention.
  • the process is distinguished from the following - 1/ By the speed of encryption and decryption of the exchanged documents;
  • FIG. 1 is a diagram of the system and process according to a preferred variant when registering a user
  • FIG. 2 is a schematic similar to that of the preceding figure but when a user logs on;
  • FIG. 3 is similar to the previous figures, but when sending a message from user A, for example, to user B ;
  • FIG. 4 is a similar pattern to the previous figures but when receiving a message by user B, for example, from user A.
  • FIG. 5 is a similar pattern to the previous figures but when changing the password.
  • the invention relates to a computer system for exchanging information, in particular between several persons. It is more particularly a highly secure messaging system.
  • the invention aims to prevent information about users and information from being accessible to malicious persons, such as through hacking, espionage or any other such process.
  • the invention relates to a remote information exchange system.
  • the messages are in the form of rich text.
  • messages may include attachments such as documents, images, videos and sound recordings.
  • the system includes at least one server 1 through which the information exchanged, in particular messages.
  • This includes, for example, one or more web browser servers such as web servers and decentralized data servers.
  • the system also includes at least one web 2 application for exchanging information to be transmitted, in particular messages and attachments.
  • Application 2 is in particular a web browser.
  • the system also includes at least one module 3 to encrypt/decrypt the information to be transmitted.
  • module 3 to encrypt/decrypt the information to be transmitted.
  • the system also includes at least one module for encrypting/decrypting user data 4, such as the user ID and/or password.
  • this includes in particular several specific modules (4a, 4b, 4c) which are further detailed below.
  • the module for encrypting user data includes at least one registration module 4a. This module intervenes during user registration/registration, by entering a password and preferably a user ID.
  • the 4a registration module or another specific module is configured to encrypt the user's password, particularly in SHA256. Cryptographic hash encoding can be done according to other standards.
  • Registration Module 4a is configured to randomly generate a user private key and a user public key.
  • registration module 4a or another specific module is configured to encrypt, especially symmetrically, the user private key with the user password.
  • the registration module 4a or another specific module is configured to transmit the corresponding information to server 1, in particular for secure transmission via the Internet.
  • the browser transmits to the server:
  • the invention enables the encryption and decryption of information exchanged between two or more persons from their respective web browsers in such a way that no unencrypted confidential information, including the password and private key, is transmitted to a third party.
  • the invention makes it possible to encrypt user data, which significantly increases the security of the system, more particularly the security of user identification.
  • the system also includes at least one 4b connection module.
  • the user identification is carried out beforehand.
  • the 4b login module is configured to encode the entered password, especially in SHA256, during identification.
  • the 4b login module can then decrypt its encrypted private key with its encrypted password.
  • this further enhances the security when logging in.
  • the system also includes at least one transmission module 3a among the modules for encrypting/decrypting the information to be transmitted 3, in particular messages.
  • This module is used to send the information to be transmitted.
  • the transmission module 3a is configured to randomly create a transmission key. This is in particular a message key for the message to be transmitted.
  • the random generation of the key increases the security, and the transmission facilitates decryption for the validly identified user.
  • the transmission module 3a or another specific module is configured to encrypt, especially symmetrically, the information to be transmitted with the transmission key.
  • transmission module 3a or another specific module is configured to encrypt, in particular asymmetrically, the transmission key with the public key of the sender and/or the recipient.
  • this further improves the security when sending the message.
  • the transmission key is encrypted with the sender's public key and then with the recipient's public key.
  • the information to be transmitted is then sent, preferably to server 1, more preferably via secure internet.
  • the system also includes at least one 3b receiver module among the modules for encrypting/decrypting the information to be transmitted, in particular the messages.
  • This module is used to receive information, in particular messages, when they are received.
  • the message is received via the secure Internet. It is more specifically the encrypted message and the encrypted message key.
  • the receiver module 3b is configured to decrypt the transmission key with the recipient's password.
  • the recipient's password encrypted in SHA256 is used to decrypt the encrypted private key, which is used to decrypt the encrypted transmission key.
  • the 3b receiver module is configured to decrypt the said information to be transmitted with the transmission key.
  • this further improves the security when receiving the message.
  • said module for encrypting user data includes at least a 4c secure modification module. This module intervenes when the password is changed. The user identification is done beforehand.
  • the 4c change module is configured to encrypt the old password, especially SHA256.
  • the whole, in particular the user ID and the old encrypted password, is transmitted to the server in a secure manner.
  • the 4c modification module or another specific module is configured to decrypt the user's private key with the old password.
  • the 4c modification module or another specific module is configured to encrypt, in particular symmetrically, the user's private key with the new password.
  • the 4c modification module is configured to encrypt the new password entered, especially in SHA256.
  • the 4c modification module is configured to transmit the corresponding information to server 1.
  • this includes
  • the invention relates to a method for remote information exchange, in particular remote messaging, comprising steps for implementing the modules of a system as described above.
  • user A can register/register.
  • a first step El user A enters his user name and password in his web browser (A's web browser) to register.
  • a third step E3 there is a secure transmission via the Internet to the web server.
  • a fourth step E4 user A enters his username and password in his web browser (A's web browser) to log in.
  • A's web browser encodes the password entered in SHA256.
  • a sixth step E6 there is a secure transmission via the Internet to the web server of the encrypted entered password.
  • a seventh step E7 if user "A" is registered, the web server returns via secure Internet transmission to the web browser of "A".
  • user A can send a particular message to user B.
  • a ninth step E9 user A enters his message and attaches documents to his message.
  • a tenth step E10 the browser of "A" enters his message and attaches documents to it.
  • an eleventh step Ell there is a secure transmission via the Internet of the encrypted message and the encrypted message key.
  • a twelfth step E12 there is a secure transmission via the Internet from the web server of the encrypted message and the encrypted message key to the browser of B.
  • user B can receive a message from user A in particular.
  • a thirteenth step E13 there is a secure transmission via the Internet of information to the server.
  • the eleventh and thirteenth steps Ell, E13 can be one and the same step.
  • a fourteenth step E14 there is a secure transmission via the Internet from the web server of an encrypted message or the encrypted message and the encrypted message key, to the browser of B.
  • the twelfth and fourteenth steps E12, E14 can be one and the same step.
  • step E16 user "B" reads the message and the attached documents in his browser.
  • step E17 user "A" enters his old password and his new password.
  • step E18 user "A'"s browser encodes the old password in SHA256.
  • step E19 there is a secure Internet transmission of the identifier to the web server of "A's" old encrypted password.
  • step E20 if user "A" is registered, the server returns to "A's" web browser via secure Internet transmission:
  • step E22 there is a secure transmission via the Internet to the web server:
  • the invention further relates to a computer program product comprising portions of program code recorded on a medium usable in a control unit, for implementing the modules of a process as previously described or the steps of a process as previously described, when executed by the control unit.
  • the invention also relates to a server as described above and/or a web application such as that of a browser as described above.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a remote information exchange system, in particular remote messaging, comprising - at least one web application (2) for exchanging information to be transmitted, in particular messages, - at least one module (3, 3a, 3b) to encrypt/decrypt the information to be transmitted; characterized in that the module (3, 3a, 3b) is configured to decrypt said information according to user data, in particular a user password. The invention furthermore relates to an associated process and program. The invention thus makes it possible to encrypt/decrypt information without the need to go through a trusted third party.

Description

END-TO-END ENCRYPTED INFORMATION EXCHANGE SYSTEM, WITHOUT THE NEED OF A TRUSTED THIRD PARTY, ASSOCIATED PROCESS AND PROGRAM
DESCRIPTION
[0001] The current invention is related to the information exchange of computing systems between several persons, in particular messaging systems.
[0002] The invention is particularly aimed at securing these systems to prevent user information and transmitted information from being accessible to malicious persons.
[0003] The invention furthermore relates to a computer process and a program for this purpose.
[0004] In this field, messaging systems have been proposed where messages are encrypted at each exchange.
[0005] Unfortunately, prior art systems are not satisfactory because highly sensitive information is generated on web servers and then stored on data servers or use a trusted third party.
[0006] Moreover, the security in the anterior is not satisfactory because it does not remove the imposters mails and does not solve the problem of password loss.
[0007] US document 2002/129238 A1 discloses a secure and reliable document transmission system using routing lists. This document proposes to use a password to secure the document. However, such a system is not fully satisfactory because it stores all sensitive information on its servers or with a trusted third party. If the server and/or the trusted third party were to be forced, third parties would have access to the passwords and thus to the sensitive information, such as the documents to be transmitted.
[0008] US document 2015/199528 A1 discloses a data storage system using a secret key. In the same way, this system, although it proposes a password, is vulnerable in case of server forcing.
[0009] A first objective of the invention is to propose an improved system and process that does not store any data in clear text and does not use a trusted third party.
[0010] A second objective is to improve the security of identification and password change.
[0011] To achieve these objectives, the invention proposes an information exchange system, in particular a remote messaging system including:
- at least one web application for exchanging information to be transmitted, in particular messages and/or associated files, associated with an application server,
- at least one module running on the user's web application browser to encrypt/decrypt the information to be transmitted. [0012] According to a first aspect, said module is configured to decrypt said information based on user data, in particular a user password. Preferably, the system is configured to transmit the encrypted password and preferably the encrypted private key to the server.
[0013] Advantageously, the invention does not require a trusted third party storing unencrypted data because the validly registered user has the necessary elements to decrypt the messages exchanged, in particular his password. Moreover, server data are not readable in clear text in case of forcing.
[0014] In particular, the invention allows the encryption and decryption of information exchanged between two or more persons from their respective web browsers in such a way that no unencrypted confidential information is transmitted to a third party.
[0015] According to other aspects taken in isolation or combined in any technically feasible combination:
- the system further includes at least one module for encrypting/decrypting user data, preferably configured to
. generate a private key and a public user key;
. preferably encrypt the user password, especially in SHA256;
. more preferably encrypt the user's private key with the user's password; and/or
- said module for encrypting said information is configured to
. generate a transmission key for the information to be transmitted;
. symmetrically encrypt the information according to the transmission key,
. asymmetrically encrypt the transmission key according to a public key of the sending and/or receiving user. so as to transmit the encrypted information and the encrypted transmission key; and/or
- said module for decrypting said information is configured to
. receive encrypted information and encrypted transmission key.
. decrypt the encrypted transmission key using the user's private key ;
. decrypt the encrypted information using the decrypted transmission key; and/or
- the user's private key is encrypted with the user's password and said module for decrypting said information is configured to decrypt the user's private key with the user's password.
[0016] The invention further relates to a method for remote information exchange, in particular remote messaging, comprising steps for implementing the modules of a system according to the invention.
[0017] More generally, the invention also relates to a method for remote information exchange, in particular remote messaging, comprising at least one of the following steps, in particular on a web application such as a browser
- at the time of registration, randomly generate a private key and a public user key;
. encoding the password, especially in SHA256;
. more preferably encrypt the private key with the password; and/or
- when logging in
. preferably encode the entered password, especially in SHA256; . if the user is registered, transmit his private key being in particular encrypted, and his public key;
. preferably decrypt the private key with the password; and/or
- when sending the information to be transmitted
. randomly create a transmission key;
. preferably encrypt the information to be transmitted, with the transmission key;
. more preferably encrypt the transmission key with the sender's public key and/or the recipient's public key; and/or
- upon receipt of the information transmitted
. preferably decrypt the encrypted transmission key with the recipient's password;
. decrypt the said information to be transmitted with the transmission key; and/or
- when changing the password
. encoding the old password entered, especially in SHA256;
. if the user is registered, transmit his private key being in particular encrypted, and his public key;
. use the private key and the public key retransmitted by the server to the browser after identification;
. preferably decrypt the private key with the password;
. preferably encrypt the private key with the new password;
. more preferably encrypt the new password, especially in SHA256.
[0018] Another object of the invention relates to a computer program product comprising portions of program code recorded on a medium usable in a control unit, for implementing the modules of a system according to the invention or the steps of a process according to the invention, when executed by the control unit.
[0019] The invention further carries a server configured for a system according to the invention or to implement a process according to the invention.
[0020] Another object of the invention relates to an application, such as a browser, configured for a system according to the invention or to implement a process according to the invention.
[0021] In particular, the process is distinguished from the following - 1/ By the speed of encryption and decryption of the exchanged documents;
- 2/ By the saving of space for the storage of encrypted documents, by using a randomly generated message key which is encrypted asymmetrically as many times as there are people with the public key of the different people (sender and recipients);
- 3/ By saving time in case one of the users changes his password: it is sufficient to decrypt the user's private key from his web browser with his old password and to re-encrypt it with his new password.
[0022] The invention will be further detailed by the description of non-limiting modes of realization, and on the basis of the annexed figures illustrating variants of the invention, in which : [Fig. 1] is a diagram of the system and process according to a preferred variant when registering a user;
[Fig. 2] is a schematic similar to that of the preceding figure but when a user logs on;
[Fig. 3] is similar to the previous figures, but when sending a message from user A, for example, to user B ;
[Fig. 4] is a similar pattern to the previous figures but when receiving a message by user B, for example, from user A.
[Fig. 5] is a similar pattern to the previous figures but when changing the password.
[0023] The invention relates to a computer system for exchanging information, in particular between several persons. It is more particularly a highly secure messaging system.
[0024] The invention aims to prevent information about users and information from being accessible to malicious persons, such as through hacking, espionage or any other such process.
[0025] Thus, the invention relates to a remote information exchange system. We can speak of information exchange or data exchange. It is in particular a remote messaging system. The messages are in the form of rich text. In particular, messages may include attachments such as documents, images, videos and sound recordings.
[0026] The system includes at least one server 1 through which the information exchanged, in particular messages. This includes, for example, one or more web browser servers such as web servers and decentralized data servers.
[0027] The system also includes at least one web 2 application for exchanging information to be transmitted, in particular messages and attachments. Application 2 is in particular a web browser.
[0028] Messages are thus exchanged between users.
[0029] The system also includes at least one module 3 to encrypt/decrypt the information to be transmitted. In particular, there are several specific modules (3a, 3b) which are described in more detail below.
[0030] Preferably, the system also includes at least one module for encrypting/decrypting user data 4, such as the user ID and/or password. Similarly, this includes in particular several specific modules (4a, 4b, 4c) which are further detailed below.
[0031] According to one variant, the module for encrypting user data includes at least one registration module 4a. This module intervenes during user registration/registration, by entering a password and preferably a user ID.
[0032] Preferably, the 4a registration module or another specific module is configured to encrypt the user's password, particularly in SHA256. Cryptographic hash encoding can be done according to other standards. [0033] Registration Module 4a is configured to randomly generate a user private key and a user public key.
[0034] More preferably, registration module 4a or another specific module is configured to encrypt, especially symmetrically, the user private key with the user password.
[0035] The registration module 4a or another specific module is configured to transmit the corresponding information to server 1, in particular for secure transmission via the Internet. In particular, the browser transmits to the server:
- the user's identifier,
- the user's encrypted password,
- the user's public key,
- the user's encrypted private key.
[0036] Advantageously, this allows to significantly strengthen security by having in the web servers an encrypted password and an encrypted private key.
[0037] Moreover, these elements are easily decryptable for the validly identified user because his password allows him to decrypt the encrypted private key in his browser.
[0038] In the preferred mode of implementation, the invention enables the encryption and decryption of information exchanged between two or more persons from their respective web browsers in such a way that no unencrypted confidential information, including the password and private key, is transmitted to a third party.
[0039] Advantageously, the invention makes it possible to encrypt user data, which significantly increases the security of the system, more particularly the security of user identification.
[0040] According to a variant, the system also includes at least one 4b connection module. The user identification is carried out beforehand.
[0041] Preferably, the 4b login module is configured to encode the entered password, especially in SHA256, during identification.
[0042] If the user is registered, he receives his encrypted private key and his public key.
[0043] The 4b login module can then decrypt its encrypted private key with its encrypted password.
[0044] Advantageously, this further enhances the security when logging in.
[0045] According to one variant, the system also includes at least one transmission module 3a among the modules for encrypting/decrypting the information to be transmitted 3, in particular messages. This module is used to send the information to be transmitted. [0046] The transmission module 3a is configured to randomly create a transmission key. This is in particular a message key for the message to be transmitted.
[0047] Advantageously, the random generation of the key increases the security, and the transmission facilitates decryption for the validly identified user.
[0048] Preferably, the transmission module 3a or another specific module is configured to encrypt, especially symmetrically, the information to be transmitted with the transmission key.
[0049] More preferably, transmission module 3a or another specific module is configured to encrypt, in particular asymmetrically, the transmission key with the public key of the sender and/or the recipient.
[0050] Advantageously, this further improves the security when sending the message.
[0051] Preferably, the transmission key is encrypted with the sender's public key and then with the recipient's public key.
[0052] Advantageously, it makes the message sending more secure, and facilitates decryption on the recipient's side.
[0053] The information to be transmitted is then sent, preferably to server 1, more preferably via secure internet.
[0054] In particular, the encrypted message and the encrypted message key.
[0055] According to one variant, the system also includes at least one 3b receiver module among the modules for encrypting/decrypting the information to be transmitted, in particular the messages. This module is used to receive information, in particular messages, when they are received.
[0056] In particular, the message is received via the secure Internet. It is more specifically the encrypted message and the encrypted message key.
[0057] Preferably, the receiver module 3b is configured to decrypt the transmission key with the recipient's password. In particular, the recipient's password encrypted in SHA256 is used to decrypt the encrypted private key, which is used to decrypt the encrypted transmission key.
[0058] In addition, the 3b receiver module, or another specific module, is configured to decrypt the said information to be transmitted with the transmission key.
[0059] Advantageously, this further improves the security when receiving the message.
[0060] Thus, the invention makes it possible to have all information and identification data encrypted, requiring only the user's password to decrypt the information received. [0061] According to a variant, said module for encrypting user data includes at least a 4c secure modification module. This module intervenes when the password is changed. The user identification is done beforehand.
[0062] The 4c change module is configured to encrypt the old password, especially SHA256. The whole, in particular the user ID and the old encrypted password, is transmitted to the server in a secure manner.
[0063] If the user is registered, his private key being in particular encrypted, and his public key are then accessible to him.
[0064] In addition, preferably the 4c modification module or another specific module is configured to decrypt the user's private key with the old password.
[0065] The 4c modification module or another specific module is configured to encrypt, in particular symmetrically, the user's private key with the new password.
[0066] In addition, more preferably, the 4c modification module is configured to encrypt the new password entered, especially in SHA256.
[0067] The 4c modification module is configured to transmit the corresponding information to server 1. In particular, this includes
- the new private key encrypted with the new password,
- the new encrypted password.
[0068] Advantageously, this further improves the security when changing the password.
[0069] In addition, the invention relates to a method for remote information exchange, in particular remote messaging, comprising steps for implementing the modules of a system as described above.
[0070] In a first step, user A can register/register.
[0071] In a first step El, user A enters his user name and password in his web browser (A's web browser) to register.
[0072] In a second step E2, the web browser of A
- encodes the password (password of "A") in SHA256 ;
- randomly generates a private key and a public key of "A";
- symmetrically encrypts the private key of "A" with password of "A".
[0073] In a third step E3, there is a secure transmission via the Internet to the web server.
- of the identifier,
- of the encrypted password,
- of the public key,
- of the encrypted private key of "A". [0074] In a second step, user A can log in.
[0075] In a fourth step E4, user A enters his username and password in his web browser (A's web browser) to log in.
[0076] In a fifth step E5, A's web browser encodes the password entered in SHA256.
[0077] In a sixth step E6, there is a secure transmission via the Internet to the web server of the encrypted entered password.
[0078] In a seventh step E7, if user "A" is registered, the web server returns via secure Internet transmission to the web browser of "A".
- the encrypted private key of "A
- the public key to "A
[0079] In an eighth step E8, "A's" browser decrypts "A's" private key with "A's" password.
[0080] In a third step, user A can send a particular message to user B.
[0081] In a ninth step E9, user A enters his message and attaches documents to his message.
[0082] In a tenth step E10, the browser of "A" enters his message and attaches documents to it.
- randomly creates a message key ;
- symmetrically encrypts the message and attached documents with the message key;
- asymmetrically encrypts the message key with the public key of "A" and then "B".
[0083] In an eleventh step Ell, there is a secure transmission via the Internet of the encrypted message and the encrypted message key.
[0084] Preferably, in a twelfth step E12, there is a secure transmission via the Internet from the web server of the encrypted message and the encrypted message key to the browser of B.
[0085] In a fourth step, user B can receive a message from user A in particular.
[0086] Preferably, in a thirteenth step E13, there is a secure transmission via the Internet of information to the server.
[0087] The eleventh and thirteenth steps Ell, E13 can be one and the same step.
[0088] In a fourteenth step E14, there is a secure transmission via the Internet from the web server of an encrypted message or the encrypted message and the encrypted message key, to the browser of B. The twelfth and fourteenth steps E12, E14 can be one and the same step.
[0089] In a fifteenth step E15, "B's" browser - decrypts the message key with the password of "B",
- decrypts the message and the attached documents with the message key.
[0090] In a sixteenth step E16, user "B" reads the message and the attached documents in his browser.
[0091] In a fifth step, user "A" can change his password.
[0092] In a seventeenth step E17, user "A" enters his old password and his new password.
[0093] In an eighteenth step E18, user "A'"s browser encodes the old password in SHA256.
[0094] In a nineteenth step E19, there is a secure Internet transmission of the identifier to the web server of "A's" old encrypted password.
[0095] In a twentieth step E20, if user "A" is registered, the server returns to "A's" web browser via secure Internet transmission:
- A's encrypted private key,
- the public key to "A".
[0096] In a twenty-first step E21, the navigator of "A" is
- decrypts the private key of "A" with the old password of "A",
- symmetrically encrypts the private key of "A" with the new password,
- encodes the new password in SHA256.
[0097] In a twenty-second step E22, there is a secure transmission via the Internet to the web server:
- of the new encrypted private key with the new password replacing the old encrypted private key;
- the new encrypted password of "A" replacing the old password.
[0098] The invention further relates to a computer program product comprising portions of program code recorded on a medium usable in a control unit, for implementing the modules of a process as previously described or the steps of a process as previously described, when executed by the control unit.
[0099] The corresponding medium is also part of the invention.
[00100] The invention also relates to a server as described above and/or a web application such as that of a browser as described above.

Claims

Claim 1: Information exchange system, in particular remote messaging system, comprising
- at least one web application (2) for exchanging information to be transmitted, in particular messages, associated with an application server (1)
- at least one module (3, 3a, 3b) of the web application to encrypt/decrypt the information to be transmitted ; said module (3, 3a, 3b) being configured to decrypt said information according to user data, in particular a user password, characterized by:
- at least one module (4, 4a, 4b, 4c) for encrypting/decrypting user data, configured to
- generate a private key and a public user key ;
- encoding the user password, in particular in SHA256 ;
- preferably encrypt the user private key with the user password, the system being configured to transmit the encrypted password and preferably the encrypted private key to the server.
Claim 2. A system according to the preceding claim, wherein said module for encrypting said information is configured to
- generate a transmission key for the information to be transmitted;
- symmetrically encrypt the information according to the transmission key;
- asymmetrically encrypting the transmission key according to a public key of the sending and/or receiving user. so as to transmit the encrypted information and the encrypted transmission key.
Claim 3. A system according to the preceding claim, wherein said module for decrypting said information is configured to
- receive encrypted information and encrypted transmission key;
- decrypt the encrypted transmission key using the user's private key;
- decrypt the encrypted information using the decrypted transmission key.
Claim 4. A system according to the preceding claim, wherein the user's private key is encrypted with the user's password and said module for decrypting said information is configured to decrypt the user's private key with the user's password.
Claim 5. A method for remote information exchange, in particular remote messaging, comprising steps (El, E2,..., E22) for implementing modules (3, 3a, 3b, 4, 4a, 4b, 4c) of a system according to one of the preceding claims.
Claim 6. A computer program product comprising portions of program code recorded on a medium usable in a control unit, for implementing the modules (3, 3a, 3b, 4, 4a, 4b, 4c) of a system according to one of claims 1 to 6 or the steps (El, E2, ..., E22) of a process according to the preceding claim, when executed by the control unit.
Claim 7. A server (1) configured for a system according to one of claims 1 to 5 or to implement a process according to claim 6.
Claim 8. An application (2), such as a browser, configured for a system according to any one of claims 1 to 5 or to implement a process according to claim 6.
PCT/ZA2020/050052 2019-09-24 2020-09-25 End-to-end encrypted information exchange system, without the need of a trusted third party, associated process and program WO2021062453A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FRFR1910541 2019-09-24
FR1910541A FR3101176B1 (en) 2019-09-24 2019-09-24 End-to-end encrypted information exchange system not requiring a trusted third party, associated method and program

Publications (1)

Publication Number Publication Date
WO2021062453A1 true WO2021062453A1 (en) 2021-04-01

Family

ID=69468694

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ZA2020/050052 WO2021062453A1 (en) 2019-09-24 2020-09-25 End-to-end encrypted information exchange system, without the need of a trusted third party, associated process and program

Country Status (2)

Country Link
FR (1) FR3101176B1 (en)
WO (1) WO2021062453A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129238A1 (en) 2000-07-07 2002-09-12 Eng-Whatt Toh Secure and reliable document delivery using routing lists
US20130159699A1 (en) * 2011-12-16 2013-06-20 F-Secure Corporation Password Recovery Service
US20150199528A1 (en) 2013-08-19 2015-07-16 Deutsche Post Ag Supporting the use of a secret key
EP3299990A1 (en) * 2016-09-23 2018-03-28 Synology Incorporated Electronic device server and method for communicating with server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020129238A1 (en) 2000-07-07 2002-09-12 Eng-Whatt Toh Secure and reliable document delivery using routing lists
US20130159699A1 (en) * 2011-12-16 2013-06-20 F-Secure Corporation Password Recovery Service
US20150199528A1 (en) 2013-08-19 2015-07-16 Deutsche Post Ag Supporting the use of a secret key
EP3299990A1 (en) * 2016-09-23 2018-03-28 Synology Incorporated Electronic device server and method for communicating with server

Also Published As

Publication number Publication date
FR3101176A1 (en) 2021-03-26
FR3101176B1 (en) 2022-01-21

Similar Documents

Publication Publication Date Title
CN104796265B (en) A kind of Internet of Things identity identifying method based on Bluetooth communication access
US5956407A (en) Public key cryptographic system having nested security levels
Hickman et al. The SSL protocol
US7325127B2 (en) Security server system
US7142676B1 (en) Method and apparatus for secure communications using third-party key provider
US20090307490A1 (en) Electronic data communication system
US20090271627A1 (en) Secure Data Transmission
US20080044023A1 (en) Secure Data Transmission
JP2000165373A (en) Enciphering device, cryptographic communication system, key restoration system and storage medium
CN103036684B (en) Identity-based encryption (IBE) data encryption system and method capable of lowering damages of master key crack and disclosure
US7660987B2 (en) Method of establishing a secure e-mail transmission link
US20160065366A1 (en) Password-Based Generation and Management of Secret Cryptographic Keys
Blumenthal et al. The advanced encryption standard (AES) cipher algorithm in the SNMP user-based security model
US9558362B2 (en) Data encryption using an external arguments encryption algorithm
US20130198513A1 (en) Encryption method and system for network communication
US20050141718A1 (en) Method of transmitting and receiving message using encryption/decryption key
CN106549858A (en) A kind of instant messaging encryption method based on id password
JPH11298470A (en) Key distribution method and system
CN104009841B (en) A kind of message encryption method under instant messaging situation
Sujithra et al. ID based adaptive-key signcryption for data security in cloud environment
JPH0969831A (en) Cipher communication system
KR20060078768A (en) System and method for key recovery using distributed registration of private key
JP3690237B2 (en) Authentication method, recording medium, authentication system, terminal device, and authentication recording medium creation device
WO2021062453A1 (en) End-to-end encrypted information exchange system, without the need of a trusted third party, associated process and program
CN112035820B (en) Data analysis method used in Kerberos encryption environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20786424

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20786424

Country of ref document: EP

Kind code of ref document: A1