WO2021174299A1 - Module, système et procédé de chiffrement de données - Google Patents

Module, système et procédé de chiffrement de données Download PDF

Info

Publication number
WO2021174299A1
WO2021174299A1 PCT/AU2021/050180 AU2021050180W WO2021174299A1 WO 2021174299 A1 WO2021174299 A1 WO 2021174299A1 AU 2021050180 W AU2021050180 W AU 2021050180W WO 2021174299 A1 WO2021174299 A1 WO 2021174299A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic
module
electronic device
data
electronic module
Prior art date
Application number
PCT/AU2021/050180
Other languages
English (en)
Inventor
David Ball
Tycho Luyben
Original Assignee
Simsec Hong Kong Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2020900658A external-priority patent/AU2020900658A0/en
Application filed by Simsec Hong Kong Limited filed Critical Simsec Hong Kong Limited
Publication of WO2021174299A1 publication Critical patent/WO2021174299A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16YINFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
    • G16Y30/00IoT infrastructure
    • G16Y30/10Security thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • HELECTRICITY
    • H05ELECTRIC TECHNIQUES NOT OTHERWISE PROVIDED FOR
    • H05KPRINTED CIRCUITS; CASINGS OR CONSTRUCTIONAL DETAILS OF ELECTRIC APPARATUS; MANUFACTURE OF ASSEMBLAGES OF ELECTRICAL COMPONENTS
    • H05K1/00Printed circuits
    • H05K1/02Details
    • H05K1/0277Bendability or stretchability details
    • H05K1/028Bending or folding regions of flexible printed circuits

Definitions

  • the present invention relates to systems, devices, and methods for enabling electronic devices to digitally sign data, verify digitally signed data, and/or encrypt/decrypt data.
  • the present invention has particular but not exclusive application in enabling electronic devices that are otherwise unable (or in which it is inadvisable) to digitally sign, verify, encrypt, and/or decrypt data, to be able to do so; and also application in providing an alternate means to digitally sign, verify, encrypt, and/or decrypt data in electronic devices which may otherwise already be able to do so.
  • the present invention broadly resides in a digital encryption module comprising therein and/or on a surface thereof one or more sets of electronic circuitry.
  • the one or more sets of electronic circuitry provides the electronic module with a short-range communication means, an encryption processor for encrypting/decrypting data, and a general purpose processor for controlling the digital encryption module.
  • the digital encryption module has a flexible substrate adapted to attach to a surface of an electronic device that is within the communication range of a short-range communications means.
  • the digital encryption module is operable to pair with the electronic device and perform signing, verification, encryption, and/or decryption of data provided thereto by the electronic device. ln a preferred form the digital encryption module is a sticker attachable to an electronic device.
  • the digital encryption module preferably has one or more sets of electronic circuitry to provide short-range communication means and optionally long-range communication means, an encryption processor to encrypt/decrypt data, and a general purpose processor to control the digital encryption module.
  • the present invention broadly resides in a digital encryption system comprising an electronic device pairable with a digital encryption module via a short-range communication means.
  • the digital encryption module has a flexible substrate having formed therein, or on a surface thereof, one or more sets of electronic circuitry.
  • the one or more sets of electronic circuitry provides the electronic module with a short-range communication means, an encryption processor for encrypting/decrypting data, and a general purpose processor for controlling the digital encryption module.
  • the electronic device is operable to provide data that is to be digitally signed, verified, encrypted, and/or decrypted to the digital encryption module.
  • the digital encryption module is attachable to a surface of the electronic device that is within the communication range of the short-range communications means.
  • the present invention broadly resides in an electronic module for processing data, the electronic module including therein and/or on a surface thereof one or more sets of electronic circuitry, wherein the one or more sets of electronic circuitry at least including: a power module to provide power to the one or more sets of circuitry; a memory to store data, and a communication module to communicate with an electronic device; wherein the electronic module further includes a first processor operable to control the electronic module, and a second processor operable to digitally sign, verify, encrypt and/or decrypt data; and wherein the electronic module is attachable to the electronic device.
  • the electronic module is a flexible, patch-like sticker or seal.
  • the electronic module is paired with the electronic device via the communication module.
  • the communication module is a short-range communication module.
  • the short-range communication module is a Bluetooth communication module.
  • the short-range communication module is a near-field communication (NFC) module.
  • the digital encryption module has relatively long range communication means with a communication module that includes a Wi-Fi circuit, a SIM card or a radio transmitter.
  • the digital encryption module has a short range communication means to collect and encrypt the data and then transmits the encrypted data via long range communication means or short range communication means.
  • the digital encryption module in a sticker format and attached to a remote diesel power generator can transmit it's encrypted diagnostic data via a radio transmission to a receiver located many miles away.
  • the communication module is operable to receive data transmitted from the electronic device.
  • the communication module is operable to transmit processed data from the electronic module to the electronic device, wherein the processed data includes digitally singed, verified, encrypted and/or decrypted data by the second processor.
  • the first processor is a microcontroller configured to execute at least one of operating systems, hardware, software, device drivers, and/or applications to control the operation of the electronic module.
  • the second processor is a dedicated microcontroller configured to digitally sign, verify, encrypt and /or decrypt data using dedicated algorithms.
  • first processor and the second processor are physically separated. In another embodiment, the first processor and the second processor are integrated into one processor.
  • the power module is a rechargeable battery. In another embodiment, the power module is a non-rechargeable battery. In a further embodiment, the power module is a radiation harvesting battery.
  • the electronic device includes at least one of mobile phones, tablets, smart watches, smart speakers, desktops, laptops, televisions, fridges and/or automobiles.
  • the present invention broadly resides in an electronic data processing system, including an electronic module; an electronic device paired with the electronic module via short-range communication, and a software application executing on the electronic device, wherein the software application is operable to cause the electronic device to generate and transmit data to the electronic module, and wherein the software application is operable to cause the electronic module to process data transmitted from the electronic device, and transmit processed data by the electronic module back to the electronic device.
  • the electronic module is operable to digitally sign data transmitted from the electronic device. In another embodiment, the electronic module is operable to verify signed data transmitted from the electronic device. In a further embodiment, the electronic module is operable to encrypt and/or decrypt data transmitted from the electronic device.
  • the present invention broadly resides in an electronic data processing method, including: pairing an electronic module with an electronic device; the pairing includes connecting the electronic module and the electronic device via short-range communication and exchanging public keys between the electronic module and the electronic device; binding the electronic module with the electronic device to avoid the electronic module paring with any other electronic device; executing a software application on the electronic device to re-establish connection between the electronic module and the electronic device; and transmitting data between the electronic module and the electronic device via the short-range communication, wherein the electronic module is operable to receive data transmitted from the electronic device, and wherein the electronic module is operable to transmit processed data from the electronic module to the electronic device, the processed data includes digitally singed, verified, encrypted and/or decrypted data by the electronic module.
  • the invention has application with mobile communication devices such as mobile phones and tablets.
  • the invention also has application with loT devices where encrypted data can be sent to mobile devices and processors.
  • the loT devices can include processor- limited appliances, low-end smart devices and logic controller devices such as televisions, refrigerators, washing machines, dryers and dish washers, lights and lighting systems, air conditioning units, heaters, water pumps and internet access via modems and the like.
  • the data can be encrypted and transmitted using the digital encryption module as described in the abovementioned aspects.
  • the digital encryption module as described in any one of the abovementioned aspects is a sticker attachable to an electronic device or an loT device and has one or more sets of electronic circuitry to provide short-range communication means and optionally long-range communication means, an encryption processor to encrypt/decrypt data, and a general purpose processor to control the digital encryption module.
  • the digital encryption module as described in any one of the abovementioned aspects can also include VPN means to securely transmit and receive encrypted data.
  • the digital encryption module as described in any one of the abovementioned aspects can preferably be retrofitted to any suitable device.
  • the digital encryption module as described in any one of the abovementioned aspects can preferably be used to increase the security of data and their transmission between a mobile phone or tablet or an loT device and a receiver.
  • Figure 1 illustrates a digital encryption module according to the present invention
  • Figure 2 illustrates a digital encryption system according to the present invention
  • Figure 3 illustrates an operation for pairing a digital encryption module with an electronic device to form a digital encryption system
  • Figure 4 illustrates a digital signing operation using the digital encryption system of the present invention
  • Figure 5 illustrates a digital verification operation using the digital encryption system of the present invention.
  • Figure 6 illustrates an encryption operation and a decryption operation using the digital encryption system of the present invention
  • the DEM 10 is a flexible, patch-like sticker or seal (or otherwise having a flexible substrate) comprising therein or having formed thereon a number of circuits/circuitry, for example (though not necessarily) in the form of one or more flexible circuit boards.
  • One side of the DEM 10 preferably has an adhesive characteristic suitable to adhere the DEM 10 to a surface of an electronic device 1000.
  • the adhesive characteristic may be provided by way of, for example, an adhesive (e.g. glue), physical mechanism (e.g. VelcroTM, male-female connector, mechanical catch), magnetic mechanism, and the like.
  • the circuits/circuitry comprised on or in the DEM 10 according to one embodiment include an encryption processor 10-1 , a general purpose processor 10-6, a short-range communications chip 10-2 (e.g. BluetoothTM), a short-range communications antenna 10-3, and a power source 10-7.
  • Other supporting hardware such as a memory 10-8, a data bus 10-9, and a power bus 10-10 are also provided as required within the DEM 10.
  • the encryption processor 10-1 is a microprocessor or microcontroller (hereinafter referred to as a microprocessor) operable to digitally sign, verify, encrypt, and/or decrypt data provided thereto.
  • the encryption processor 10-1 is a dedicated microprocessor specifically adapted and/or configured to perform the calculations/processes necessary to sign, verify, encrypt, and/or decrypt data.
  • the encryption processor 10-1 may be adapted/configured to have a large number (compared to a general purpose processor) of arithmetic logic units (ALU), be optimised for one or more particular types/methods of computing (e.g.
  • the encryption processor 10-1 may be a microprocessor that is not specifically adapted/configured to perform the calculations/processes necessary to sign, verify, encrypt, and/or decrypt data.
  • the encryption processor 10-1 need not be separate to the general purpose processor 10-6 and may be the same physical device as the general purpose processor 10-6.
  • the short-range communications chip 10-2 provides a short-range communication means for the DEM 10 and is, for example, a BluetoothTM communications chip.
  • the short- range communications chip 10-2 is coupled with an appropriate antenna 10-3 to facilitate the physical transmission and reception of communications signals.
  • the short-range communications chip 10-2 allows the DEM 10 to be paired with the electronic device 1000, and to thereby allow the DEM 10 and the electronic device 1000 to interact.
  • the general purpose processor 10-6 is, for example, a microcontroller unit (MCU), a microprocessor unit (MPU) or other combination of one or more processing units and supporting hardware/chips.
  • the general purpose processor 10-6 is an ARM or other RISC architecture chip.
  • the general purpose processor 10-6 controls and coordinates the circuits making up the DEM 10 and thereby the overall operation of the DEM 10.
  • the general purpose processor 10-6 executes any operating system, firmware, software, device drivers, and/or other applications and routines required for the proper functioning of the DEM 10.
  • the general purpose processor 10-6 executes an application that facilitates user control of and interaction with the DEM 10, by way of instructions received from a corresponding application (hereinafter referred to as a DEM controlling application) executing on a paired device operated by a user of the paired device (e.g. the electronic device 1000).
  • a DEM controlling application executing on a paired device operated by a user of the paired device (e.g. the electronic device 1000).
  • the power source 10-7 may be, for example, a rechargeable or non-rechargeable battery, radiation harvesting battery, and the like.
  • the DEM 10 is provided with a hard coded and unique private-public key pair.
  • the DEM 10 when paired with an electronic device (such as the electronic device 1000) running the aforementioned DEM controlling application, is controllable by the electronic device 1000 and DEM controlling application to, amongst other things, activate/deactivate the encryption processor 10-1 , set up the DEM 10 (for example, to establish pairing), set various preferences (for example, lighting and/or visual preferences to indicate various operating modes of the DEM), direct data from/to applications running on the electronic device 1000 to/from the DEM 10, and the like.
  • the DEM 10 and electronic device 1000 together form a data encryption system 20 (Fig. 2) according to a second aspect of the present invention described in greater detail below.
  • the DEM 10 provides to the electronic device 1000 the capability of securely signing, verifying, encrypting, and/or decrypting data, which the electronic device 1000 may not otherwise have or in which it is inadvisable or undesirable (e.g. for security of performance reasons) to do so.
  • the DEM controlling application executing on the electronic device 1000 a user of the electronic device 1000 is able to, amongst other things, decide what data to send from the electronic device 1000 to the DEM 10 for signing, verification, encryption, and decryption, and to otherwise interact with the DEM 10.
  • the DEM 10 allows the electronic device 1000 to have data encrypted/decrypted without significantly affecting the performance of the electronic device 1000 (e.g. by not having to consume a large amount of the finite processing power of the electronic device 1000).
  • the data encryption system 20 includes the DEM 10 paired with the electronic device 1000.
  • the electronic device 1000 is any electronic device operable to run the DEM controlling application and communicate with the DEM 10 via its short-range communication means 10-2.
  • the electronic device 1000 may, for example, be a smart phone, tablet, smartwatch, smart-speaker, smart-assistant, laptop, desktop, television, fridge, automobile, other loT device, and the like.
  • the electronic device 1000 may be a device that is incapable of performing encryption/decryption in a practical sense (e.g. within reasonable time limits, without significantly affecting the performance of the device, within reasonable security expectations, etc.), or a device that is fully capable of performing encryption/decryption of data but for any number of reasons it is not desired to use the electronic device 1000 to do so.
  • the electronic device 1000 has installed therein, and is operable to execute, the DEM controlling application to control and otherwise facilitate communication between the electronic device 1000 and the DEM 10, and to facilitate user interaction with the DEM 10.
  • the DEM 10 is, in one embodiment, physically attached to the electronic device 1000 and may for example be adhered to a side of the electronic device 1000. It should be understood, however, that the DEM 10 need not necessarily be physically attached to the electronic device 1000, and may be located off of the electronic device 1000 so long as it is within communication range with the electronic device 1000 via the short-range communications chip 10-2 and corresponding antenna 10-3 when it is desired to use the data encryption system 20.
  • the DEM 10 may be adhered to the phone itself or to a protective case that holds/covers the phone.
  • the DEM 10 may be located (e.g. adhered) to a keychain of an operator of the automobile.
  • the data encryption system 20 is formed by pairing the DEM 10 with the electronic device 1000.
  • the pairing of the electronic device 1000 with the DEM 10 is facilitated by way of the DEM controlling application.
  • Pairing of the electronic device 1000 with the DEM 10 involves a first physical pairing at the “bearer” level to connect the electronic device 1000 to the DEM 10 via the short-range communications means (e.g. BluetoothTM), and a logical pairing at the “software” level to bind the physically paired DEM 10 with the electronic device 1000.
  • the data encryption system 20 is formed and may be operated to perform encryption and decryption of data.
  • the data encryption system 20 may be operated in a number of modes:
  • Data Signing In this mode, the DEM 10 of the data encryption system 20 is operated to sign data provided to it by the electronic device 1000.
  • Data Verification In this mode, the DEM 10 of the data encryption system 20 is operated to verify signed data provided to it by the electronic device.
  • Data Encryption and/or Decryption In this mode, the DEM 10 of the data encryption system 20 is operated to, as needed, encrypt, and/or decrypt data provided to it by the electronic device 1000.
  • data encryption system 20 may be operated in multiple modes seamlessly. That is, the data encryption system 20 may be operated so as to verify a piece of data, sign a piece of data, and encrypt/decrypt a piece of data, in any sequence any number of times, in one seamless operation.
  • the DEM 10 may be configured or locked to provide only certain ones or combinations of operation modes. In this manner, the various operating modes of the data encryption system 20 may be tailored to suit different applications, environments, and device configurations.
  • the data encryption system 20, comprised of the DEM 10 and electronic device 1000, may itself form part of a wider encrypted communication system that includes at least one or more other data encryption systems.
  • the one or more other data encryption system at least includes another device (e.g. another DEM paired with another electronic device) configured to communicate with the present data encryption system 20 for example over the Internet.
  • the data encryption system 20, comprised of the DEM 10 and electronic device 1000, can also communicate any other kind of IT devices that is capable to receive data and decrypt data transmitted from the data encryption system 20.
  • step 310 the physical pairing of the DEM 10 with the electronic device 1000 via the short-range communications means is performed.
  • the short-range communications chip 10-2 is a BluetoothTM communications chip and the short-range communications means is therefore BluetoothTM
  • step 310 connects the DEM 10 and the electronic device 1000 via BluetoothTM.
  • Such physical pairing is known, and the specific steps for doing so are specified by the protocols of the short-range communications means being used. As such, such further specific steps will not be described in detailed here.
  • the software pairing step 320 comprises a binding step 320, in which the DEM 10 is permanently bound to the electronic device 1000 such that once bound in this manner, the DEM is unable to pair with any other electronic device 1000.
  • the binding step 320 involves the provision of an identifier unique to the electronic device 1000 (e.g. IMEI, serial number, etc.) to the DEM 10, which is then stored within the DEM 10. This binding step 320 is performed only during the first time the electronic device 1000 is paired with the DEM 110.
  • exemplary operation 400 of the data encryption system 20 operating in Data Signing mode is described.
  • the exemplary operation 400 assumes that a DEM 10 has already been paired (physical and software) with the electronic device 1000, in accordance with operation 300.
  • the EM control application is executed on the electronic device 1000.
  • the EM control application preferably prompts the user to authenticate himself. Authentication may be effected, for example, by entering a PIN, biometrics (e.g. fingerprint), and the like. If necessary, the EM control application then proceeds to re-establish a physical pairing/connection between the DEM 10 and the electronic device 1000.
  • the EM control application prompts the user to identify/select a piece of data (e.g. a document) for digital signing.
  • the identified piece of data is transmitted to the DEM 10 via the short- range communication means 10-2.
  • the identified piece of data may be unencrypted, already encrypted by the electronic device 1000, or already encrypted but by some other device that is not the electronic device 1000.
  • the DEM 10 receives the piece of data and digitally signs it using its private key.
  • the process of digitally signing data using a private key is known, and not described in detail here.
  • the signed piece of data is transmitted back to the electronic device 1000 via the short-range communication means 10-2.
  • the electronic device 1000 receives the digitally signed piece of data.
  • the electronic device 1000 may then process the digitally signed piece of data as desired.
  • the electronic device 1000 may transmit the signed piece of data over a network (e.g. the Internet) to another party, store it, and so forth.
  • a network e.g. the Internet
  • an exemplary operation 500 of the data encryption system 20 operating in Data Verification mode is described.
  • the exemplary operation 500 assumes that the DEM 10 has already been paired (physical and software) with the electronic device 1000, in accordance with operation 300.
  • the DEM 10 In Data Verification mode, the DEM 10 is able verify signed pieces of data that have been signed by any party.
  • the operation for verifying data commences at step 510.
  • the EM control application is executed on the electronic device 1000.
  • the EM control application preferably prompts the user to authenticate himself. Authentication may be effected, for example, by entering a PIN, biometrics (e.g. fingerprint), and the like. If necessary, the EM control application then proceeds to re-establish a physical pairing/connection between the DEM 10 and the electronic device 1000.
  • the EM control application prompts the user to identify/select a piece of signed data (e.g. a signed document) for digital verification.
  • the user controls the electronic device 1000 using the EM control application to transmit the selected piece of data to the DEM 10, via the short range communications mean. Additionally, the user controls the electronic device 1000 using the EM control application to transmit the public key of the person/entity who is purported to have signed the signed piece of data, to the DEM 10.
  • the DEM 10 receives the signed piece of data and the public key.
  • the DEM 10 uses the received public key (that is, the public key of the person/entity who is purported to have signed the signed piece of data which was sent to the DEM 10 in step 530) to decrypt the signature portion of the signed piece of data (which may be a part of an entirety of the piece of data). If the signed piece of data has indeed been signed by the person/entity who is purported to have signed it, the public key provided by the person/entity to the user should be from the same public-private key pair as the private key used by the person/entity to sign the signed piece of data. Accordingly, the DEM 10 should be able to use the received public key to decrypt the signature portion of the signed data, and verify that the person who originally signed the data was the person/entity who owns the private key.
  • the received public key that is, the public key of the person/entity who is purported to have signed the signed piece of data which was sent to the DEM 10 in step 530
  • the public key provided by the person/entity to the user should be from the
  • the DEM 10 transmits a notification back to the electronic device 1000 verifying (or otherwise) the authenticity of the signed piece of data.
  • exemplary operations 600A and 600B of the data encryption system 20 operating in Data Encryption and Decryption mode is described.
  • the exemplary operations 600A and 600B assume that the DEM 10 has already been paired (physically and software) with the electronic device 1000, in accordance with operation 300.
  • the DEM 10 In Data Encryption and Decryption mode, the DEM 10 is able to encrypt data and decrypt data provided to it.
  • the operation for encrypting data is described here with reference to operation 600A (Fig. 6) and the operation for decrypting data is described here with reference to operation 600B (Fig. 6).
  • the operation 600A for encrypting data commences at step 610A.
  • the EM control application is executed on the electronic device 1000.
  • the EM control application preferably prompts the user to authenticate himself. Authentication may be effected, for example, by entering a PIN, biometrics (e.g. fingerprint), and the like. If necessary, the EM control application then proceeds to re-establish a physical pairing/connection between the DEM 10 and the electronic device 1000.
  • the EM control application prompts the user to identify/select a piece of data (e.g. a document) for encryption.
  • the identified piece of data is transmitted to the DEM 10 via the short-range communication means 10-2. Additionally, the electronic device 1000 prompts the user to select a key to be used by the DEM 10 to encrypt the identified piece of data. The selected key is then also transmitted to the DEM 10 via the short-range communication means 10-2.
  • the key selected by the user may be the public key belonging to the external 3 rd party.
  • the key selected by the user may be any public or private key belonging to the user and assigned to this purpose.
  • no key may be transmitted to the DEM 10 and the user instead instructs the DEM 10 to use the public or private key that was hard coded to the DEM 10.
  • the DEM 10 receives the identified piece of data from the electronic device 1000. If transmitted, the DEM 10 also receives the aforementioned public key.
  • the DEM 10 encrypts the received piece of data and encrypts the received piece of data using the public key transmitted to it in step 630A (if one was transmitted). If no public key was transmitted to the DEM 10 in step 630A, the DEM 10 encrypts the piece of data using its own private or public key.
  • the DEM 10 transmits the encrypted piece of data back to the electronic device 1000.
  • the electronic device 1000 processes the encrypted piece of data as desired, for example to transmit it to a third party, store it, and the like.
  • the operation 600B for decrypting data commences at step 610B.
  • the EM control application is executed on the electronic device 1000.
  • the EM control application preferably prompts the user to authenticate himself. Authentication may be effected, for example, by entering a PIN, biometrics (e.g. fingerprint), and the like. If necessary, the EM control application then proceeds to re-establish a physical pairing/connection between the DEM 10 and the electronic device 1000.
  • the EM control application prompts the user to identify/select a piece of data (e.g. a document) for decryption. It is assumed that the identified piece of data was previously encrypted (e.g. by a external 3 rd party device/system, or by the DEM 10 itself) using a private of public key of the DEM 10.
  • the identified piece of data is transmitted to the DEM 10.
  • the DEM 10 decrypts the piece of data using its private key.
  • the DEM 10 transmits the decrypted piece of data to the electronic device
  • the electronic device 1000 receives the piece of data and processes it as desired.
  • any electronic device 1000 capable of executing the DEM controlling application and connecting with the DEM 10 via its short-range communications means 10-2 is able to perform data signing, verification, encryption, and/or decryption, regardless of whether the mobile electronic device 1000 itself is capable (or advisable) to do so.
  • An electronic device 1000 which lacks the organic capability to perform data signing, verification, encryption, and decryption is able to do so.
  • An electronic device 1000 which may have the organic capability to perform data signing, verification, encryption, and decryption, is able free up computing resources to do other things by have the DEM 10 instead perform such data signing, verification, encryption, and decryption processes.
  • Data can be stored on the electronic device 1000 more securely by having such data encrypted by the DEM 10. In this manner, in the event the electronic device 1000 is lost or stolen, such encrypted data cannot be decrypted by the electronic device 1000 without also having access to the DEM 10.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un module de chiffrement numérique comprenant à l'intérieur et/ou sur une surface de celui-ci un ou plusieurs ensembles de circuits électroniques. Le ou les ensembles de circuits électroniques fournissent le module électronique à un moyen de communication à courte portée, un processeur de chiffrement pour chiffrer/déchiffrer des données, et un processeur universel pour commander le module de chiffrement numérique. Le module de chiffrement numérique possède un substrat flexible adapté pour se fixer à une surface qui se trouve dans la portée de communication d'un moyen de communication à courte portée d'un dispositif électronique auquel le module de chiffrement numérique doit être associé. Le module de chiffrement numérique est utilisable pour être apparié au dispositif électronique et effectuer la signature, la vérification, le chiffrement et/ou le déchiffrement de données fournies à celui-ci par le dispositif électronique.
PCT/AU2021/050180 2020-03-04 2021-03-02 Module, système et procédé de chiffrement de données WO2021174299A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2020900658A AU2020900658A0 (en) 2020-03-04 Data encryption module, system and method
AU2020900658 2020-03-04

Publications (1)

Publication Number Publication Date
WO2021174299A1 true WO2021174299A1 (fr) 2021-09-10

Family

ID=77612531

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2021/050180 WO2021174299A1 (fr) 2020-03-04 2021-03-02 Module, système et procédé de chiffrement de données

Country Status (1)

Country Link
WO (1) WO2021174299A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013183010A1 (fr) * 2012-06-05 2013-12-12 Fundamo (Pty) Ltd Dispositif d'entrée auxiliaire pour entrée de données chiffrées
CN103780387A (zh) * 2012-10-25 2014-05-07 联芯科技有限公司 硬件保密模块与保密终端及其实现方法
US20150254677A1 (en) * 2012-09-21 2015-09-10 Visa International Service Association Dynamic object tag and systems and methods relating thereto
US20160005031A1 (en) * 2013-03-04 2016-01-07 Visa International Service Association Cryptographic label for attachment to a communication card
US20180091312A1 (en) * 2016-09-23 2018-03-29 Microsoft Technology Licensing, Llc Techniques for authenticating devices using a trusted platform module device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013183010A1 (fr) * 2012-06-05 2013-12-12 Fundamo (Pty) Ltd Dispositif d'entrée auxiliaire pour entrée de données chiffrées
US20150254677A1 (en) * 2012-09-21 2015-09-10 Visa International Service Association Dynamic object tag and systems and methods relating thereto
CN103780387A (zh) * 2012-10-25 2014-05-07 联芯科技有限公司 硬件保密模块与保密终端及其实现方法
US20160005031A1 (en) * 2013-03-04 2016-01-07 Visa International Service Association Cryptographic label for attachment to a communication card
US20180091312A1 (en) * 2016-09-23 2018-03-29 Microsoft Technology Licensing, Llc Techniques for authenticating devices using a trusted platform module device

Similar Documents

Publication Publication Date Title
CN112987581B (zh) 用于智能家居设备的控制方法及其介质和终端
US20210336780A1 (en) Key updating method, apparatus, and system
CN109600223B (zh) 验证方法、激活方法、装置、设备及存储介质
CN106255984B (zh) 用于操作便携式电子设备以进行移动支付交易的装置和方法
US9276753B2 (en) System and method for data authentication among processors
CN111542822B (zh) 用于共享屏幕数据的电子装置和方法
US8467770B1 (en) System for securing a mobile terminal
US8190129B2 (en) Systems for three factor authentication
US8260262B2 (en) Systems for three factor authentication challenge
US7751380B2 (en) Controlling visibility of a wireless device in discoverable mode
EP1958427B1 (fr) Procede et appareil permettant d'authentifier un accessoire de telephone mobile
CN107070909A (zh) 信息发送方法、信息接收方法、装置及系统
WO2019007252A1 (fr) Procédé et appareil de commande
WO2021135593A1 (fr) Procédé de partage de dispositif et dispositif électronique
US20080248835A1 (en) Accessory communication method and system for mobile services
US10938254B2 (en) Secure wireless charging
CN106465044B (zh) 用于无线电力传输的方法、装置和系统
CA2654657A1 (fr) Methode d'ouverture d'une session au clavier a partir d'un dispositif mobile a l'aide de la machine virtuelle java
CN115918031A (zh) 执行边缘计算服务的电子装置和电子装置的操作方法
US7796979B2 (en) Controlling visibility of a wireless device
CN117240475A (zh) 一种智能门锁的通信方法、系统、设备及介质
WO2021174299A1 (fr) Module, système et procédé de chiffrement de données
CN116049839B (zh) 一种数据传输方法和电子设备
EP2923427A1 (fr) Chargeur par induction
CN115001667B (zh) 密钥协商方法、系统、电子设备和计算机可读存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21765423

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21765423

Country of ref document: EP

Kind code of ref document: A1