Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
  • H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
  • H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
  • H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
  • H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
  • H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
  • H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

• the invention relates to the security governance of the processing of a digital request and relates to a method for validating a digital request by a requesting entity, a method for processing a digital request implementing this method of validation of a digital request, applications of this method of validating a digital request and a system for implementing this method of validating a digital request, including at least two security processors.
• security governance for the processing of a digital request must be considered in its broadest and generic sense, so as to include, in particular but not exclusively, a method of governance of an electronic signature, a method of governance of encryption or decryption of data, an electronic voting process, a governance process for banking or electronic payment transactions.
• This security governance must be understood as representative of the processes making it possible to verify the compliance of the digital request of a requesting entity with the corpus of rules defined jointly by cooperating entities implementing security processors responsible for an application.
• the expression "cooperating entity” must therefore be understood as being a person or a computer robot capable of using an application carried by a security processor.
• the term "requesting entity” should be understood to mean the entity making the digital request.
• the expression "digital request” must be understood to mean a message addressed to an electronic and computer means cooperating for a service and including a system for the implementation of this method of validation of a digital request.
• Such a service can be, in particular but not exclusively, encryption or decryption of data, electronic voting, a bank or electronic payment transaction.
• security processor must be understood as an electronic support device for applications implementing confidential data, and comprising a persistent memory, a volatile memory, a computer capable of performing cryptographic functions and in particular of authenticating all or part of the content of his memoirs by providing what is called here a "digital certificate".
• the processor is qualified as security insofar as the content of the memories can only be modified with authentication with the device.
• Document US 5,815,573 describes a method for generating a cryptographic key to be used by the pair of communicating parties while providing for the recovery of said key using the plurality of cooperating key recovery agents, comprising the steps of: : generate the plurality of shared key parts which are shared with the respective key recovery agents; generate the unshared key part which is not shared with any key recovery agent; generating said key based on said shared key portions and said unshared key portion; and making available the respective parts of said shared key parts to said key recovery agents to facilitate said recovery of said key by using said key recovery agents.
• WO 2017/064124, W003077470 and WO9505712 describe methods for generating a common secret.
• the document WO 2017/145016 describes a method and a system for determining the common secret for two nodes.
• Each node has my respective asymmetric cryptographic pair, each pair comprising my master private key and my master public key.
• Respective second private and public keys can be determined based on the master private key, the master public key and a deterministic key.
• a common secret can be determined at the level of each of the nodes according to the second private and public keys.
• m node can determine the common secret according to: a second private key based on the node's own master private key and the deterministic key; d'me second public key based on the master public key of the other node and the deterministic key.
• the method and system can be adapted to digital wallets, blockchain technologies and the security of personal devices. With this process and this system, there is no sharing of a common secret.
• the document W0 2017/145010 describes a process implemented by computer to control access to an IT resource such as, for example, a digital wallet.
• the portfolio can be implemented using a block chain.
• the implementation of the method during the initial configuration of the wallet may allow subsequent operations, such as wallet transactions, to be managed in a secure manner over an insecure channel, such as Internet.
• a method may include the steps of dividing a verification element (such as a private key in an asymmetric cryptography pair) into a plurality of shares; determining a shared secret at at least two nodes in a network; and using the shared secret to transmit at least part of the verification element between said two nodes.
• the shares can be divided in such a way that no single share is sufficient to obtain the verification element. This means that no party stores the entire private key, which provides improved key security. At least two parts are needed to restore the key. The units are stored in separate locations, one of which is an independent backup or secure storage location. If one of the other parts becomes unavailable, the part can be extracted from the backup to guarantee that the key (and thus the ordered resource) is always accessible.
• the shared secret is generated at two different nodes independently of each other, then used to generate an encryption key.
• the encryption key can be used to encrypt at least a part of the verification element, or a message comprising it, to ensure that said parts are transmitted securely. With this process, we do not make and share a common secret.
• the processor is not secure, as previously defined.
• WO 2016/130030 describes a method of protecting data using threshold cryptography, in which data is encrypted using cryptographic algorithms and a cryptographic key is divided into parts.
• the method of data protection using threshold cryptography is characterized in that a unique identifier is assigned to encrypted data.
• a unique identifier is assigned to encrypted data.
• the encrypted data merged with some of the parts of the key is divided into fragments and a unique identifier previously assigned to the encrypted data is added to each fragment.
• the same unique identifier is added to the share of each key that has not been merged with encrypted data.
• the obtained fragments of data are deployed on physically separate devices comprising at least one processor and a non-volatile memory, and, for each fragment, information concerning the device on which it is deployed is saved.
• the parts of the key which have not been merged with encrypted data are placed on physically separate devices comprising at least one processor and non-volatile memory, and, for each part of the key, information concerning the device on which it is stored are saved.
• threshold cryptography secret sharing
• a secret is divided by calculation into N parts using a threshold encryption scheme such that any M of the shares (M less than or equal to N) can be used to reconstruct the secret.
• the N shares are distributed over a certain number of transmitted messages, assuming that a certain number of messages comprising a total of at least M actions will be received by the client.
• the client uses at least M shares to reconstruct the secret using the threshold encryption scheme.
• Security governance is known in which a requesting entity makes a request to a system including a security processor, the execution of which is conditional on the consent in fine from said security processor, of persons or computer robots, who have been previously authorized by an external authority playing the role of trusted third party.
• the problem underlying the invention is to validate a digital request from a requesting entity and ultimately to be able to process this digital request, by submitting it to the prior consent of several entities, without having to resort to a trusted third party.
• the invention relates to a method for validating a digital request
• each entity from the plurality of cooperating entities ensures that each of the other entities from the plurality of entities implements an application identical to its own by cryptographically verifying the corresponding digital certificate
• a said security processor is able to be implemented either by a cooperating entity in which case said security processor is specific to this cooperating entity or by several cooperating entities in which case said security processor is common to these cooperating entities , the method involving the implementation of at least two security processors.
• each security processor to deliver a digital certificate of integrity on request:
• security processors are chosen so that they each have their own first pair of asymmetric cryptographic keys
• each security processor uses the private key of said first pair of keys to produce an electronic signature of all or part of the content of its memories
• said electronic signature being a digital certificate of integrity of the corresponding signed content, and its authenticity can be verified using the public part of said first pair of keys.
• the private part of said second pair of keys is used to produce the electronic signature of the public part of said first pairs of keys of each security processor
• the cooperating entities in order to agree on said second pair of asymmetric cryptographic keys, use a pair of asymmetric cryptographic keys drawn randomly and shared between them or else said second pair of asymmetric cryptographic keys is that of a certification authority. external.
• said own confidential data are drawn randomly by each of the cooperating entities, and / or introduced by the cooperating entities into the memory of the associated security processors, and / or extracted from the memory of the associated security processors.
• the common secret is able to be cut, into cut parts so as to be reconstituted subsequently and / or in which at least some, or all, of the cut parts are suitable and sufficient. to reconstitute said common secret subsequently.
• said common secret can be reconstituted with at least some of, or all, the so-called creative cut parts.
• said common secret can only be used for the validation of one and only one digital request and cannot be stored persistently in any of the memories of the associated security processors.
• each entity of the plurality of cooperating entities directly ensures that each of the other entities in the plurality of entities implements an application identical to its own by cryptographically verifying the corresponding digital certificate.
• each entity of the plurality of cooperating entities ensures that each of the other entities in the plurality of entities implements an application identical to its own by cryptographically verifying the corresponding digital certificate, indirectly and through transitivity, by ensuring that '' a certain entity from the plurality of entities implements an application identical to its own by cryptographically verifying the corresponding digital certificate, this certain entity having itself ensured that the other entities from the plurality of entities are implementing the same application.
• said own confidential data are transmitted confidentially, by means of an encryption and decryption algorithm, between the cooperating creative entities using at least one session key, said at least one session key being rendered unusable after the creation of 'a common secret.
• the creative cooperating entities include a first pilot creative entity and the other creative cooperating entities
• each creative cooperating entity implements its own key to communicate confidentially, by means of an encryption and decryption algorithm, with said first pilot creative entity,
• said application includes an algorithm for exchanging session keys
• each cooperating creative entity being said first pilot creative entity
• the creative cooperating entities include a second pilot creative entity and the other creative cooperating entities
• each signatory cooperating entity implements its own key to communicate confidentially, by means of an encryption and decryption algorithm, with said second pilot creative entity,
• a plurality of session keys is used, so that each creative cooperating entity implements its own key to communicate confidentially, by means of an encryption and decryption algorithm, with said second pilot creative entity, said second pilot creative entity implements a process for verifying the integrity of said application carried by the security processor of each signatory cooperating entity, so that said second pilot creative entity ensures that each of the cooperating entities signatories implements an application identical to its own by cryptographically verifying the corresponding digital certificate,
• said application includes an algorithm for exchanging session keys
• said algorithm for exchanging session keys is initiated between, on the one hand, each of said other creative cooperating entities and each of the signatory cooperating entities and, on the other hand, said second pilot creative entity,
• said other creative cooperating entities transmit, confidentially using their own session key, by means of an encryption and decryption algorithm, and not replayable , their so-called creative cut parts resulting from the same cut of the secret common to said second pilot creative entity, o said second pilot creative entity reconstitutes the common secret,
• said second pilot creative entity divides the common secret into a number of signatory divided parts equal to the number of signatory cooperating entities, o said second pilot creative entity transmits, confidentially using session keys, using an encryption algorithm and deciphering, and not replayable, their said cut parts signatories of the secret common to said signatory cooperating entities.
• cut parts originating from the same cut of the common secret are transmitted confidentially, by means of an encryption and decryption algorithm, between the cooperating entities using at least one session key, said at least one session key. being rendered unusable after the reconstitution of said common secret.
• the cooperating entities include a pilot entity and the other cooperating entities,
• each cooperating entity uses its own key to communicate confidentially, by means of an encryption and decryption algorithm, with said pilot entity,
• said application includes an algorithm for exchanging session keys
• the subject of the invention is a method for processing a digital request from a requesting entity, with a plurality of cooperating entities which are each capable of implementing a security processor loaded with the same application. necessary for processing said request, application for which each security processor delivers a digital certificate of integrity on request, which implements the method for validating a digital request which has just been described, so that said request is processed if and only if cooperating entities of the college of signatory cooperating entities implement said application by means of common secrecy.
• the requesting entity transmits said digital request on the one hand to the college of cooperating entities, on the other hand to an electronic means capable of executing said request,
• said electronic means executes said digital request as a function of said validation.
• the subject of the invention is the application of the method for validating a digital request which has just been described, to a method for processing a digital request from a requesting entity as previously described or else , in particular, in particular an electronic signature governance process, an encryption and data encryption governance process, an electronic voting process, a governance process for bank or electronic money transactions.
• the invention relates to a system for implementing the method of validating a digital request which has just been described, which comprises:
• At least two security processors supporting an application necessary for processing said request, using confidential data, and comprising a persistent memory, a volatile memory, a computer capable of performing cryptographic functions and in particular of authenticating all or part of the content of its memories by providing a digital certificate of integrity on request, so that a plurality of cooperating entities are capable of each implementing a said security processor, and the content of the memories cannot be modified that with authentication,
• FIG. 1 is a simplified diagram illustrating an example of a possible embodiment of a method for processing a digital request implementing a method for validating the request.
• a requesting entity three cooperating entities, three security processors, and an electronic and computer means capable and intended to execute the request.
• the arrows symbolize the operations carried out.
• FIG. 2 is a simplified diagram which illustrates two possible embodiments with regard to the security processors and the cooperating entities, namely an embodiment in which the security processor is specific to a cooperating entity and an embodiment in which the processor security is common to several cooperating entities.
• FIG. 3 is a simplified diagram illustrating an exemplary embodiment of a process for verifying the integrity of the application implemented, using a cryptographic process with asymmetric cryptographic keys.
• Figure 4 is a simplified diagram corresponding to an exemplary embodiment with a second pair of asymmetric cryptographic keys.
• Figures 5 [Fig. 5] and 6 [Fig. 6] are two simplified diagrams illustrating two exemplary embodiments so that the cooperating entities agree on a second pair of asymmetric cryptographic graphical keys, namely an embodiment with random draw and an embodiment involving an external certification authority.
• Figure 7 is a simplified diagram illustrating that cooperating entities share their own confidential data and that digital processing is applied to all of them in order to create a common secret.
• Figure 8a is a simplified diagram illustrating an embodiment in which the own confidential data are drawn randomly by each of the cooperating entities.
• FIG. 8b is a diagram illustrating another embodiment in which the own confidential data are introduced by the cooperating entities into the memory of the associated security processors.
• FIG. 9 is a simplified diagram illustrating that, by means of a cutting / reconstitution algorithm, the common secret is cut into cut parts and then reconstituted subsequently.
• FIG. 10 is a simplified diagram illustrating the pooling of own confidential data and their digital processing in order to create a common secret, then its cutting by means of a cutting algorithm and its distribution between cooperating entities, then its reconstruction by means a reconstruction algorithm.
• Figures 11 [Fig. 11] and 12 [Fig. 12] are two simplified diagrams illustrating two possible embodiments with regard to the application integrity verification process, namely a direct verification (FIG. 11 [FIG. 11]) and an indirect verification by transitivity (FIG. 12 [Fig. 12]).
• a method for validating a digital request RN is applied to a method for processing a digital request RN from a requesting entity ED.
• the security governance of the processing of a digital RN request must be considered in its broadest and generic sense, so as to include, in particular but not exclusively, a method of governance of an electronic signature, a method governance of encryption or decryption of data, an electronic voting process, a governance process for banking or electronic payment transactions.
• the requesting entity ED is a person or a computer robot which is able to make or carry out the digital request RN and which, concretely makes or proceeds to this digital request RN.
• the digital request RN is a message addressed to an appropriate electronic and computer MEI means.
• a digital request RN and such electronic and computer means MEI are an Internet form carried by a server, filled in by the requesting entity ED.
• the method for validating a digital request RN is sometimes called, by ellipse, method of validation and, by analogy, the method for processing a digital request RN is sometimes called, by ellipse, method of treatment.
• the validation method implements a validation system SV which includes at least two security processors PS, support for an application AP necessary for processing the request RN, consequently suitable for this purpose, and implementing confidential data DC.
• a security processor PS includes a persistent memory, a volatile memory, a computer capable of performing cryptographic functions and in particular to authenticate all or part of the content of its memories by providing a digital certificate of integrity AN on request.
• the application AP is loaded into a memory of such a security processor PS and expresses the set of rules executed with confidential data DC and parameters.
• the AP application includes at least one process for creating a common secret SC.
• a plurality (at least two) of cooperating entities EC are provided, which are able and each intended to implement a security processor PS.
• the contents of the memories of the PS security processors can only be modified with an authentication, which makes it possible to qualify the PS processors as being "security".
• the validation system SV furthermore comprises a means suitable and intended for creating a common secret SC, a digital attestation algorithm, an encryption and decryption algorithm ALCD, a cutting / reconstitution algorithm of common secret SC, ALDE / ALRE, an algorithm for exchanging session keys ALEC, means of communication between the security processors PS and the entities EC, ED.
• a security processor PS is for example a smart card.
• a suitable means intended to create a common secret SC is based on an exclusive OR function (often called XOR); a digital attestation algorithm is an ECDSA algorithm (for Elliptic Curve Digital Signature Algorithm); an encryption and decryption algorithm is an AES (for Advanced Encryption Stamdard) algorithm; a common secret cutting / reconstruction algorithm SC is an SSS (for Shamir's Secret Sharing) algorithm; a session key exchange algorithm is a SCDH algorithm (for Elliptic Curve Diffie-Hellman), means of communication between the security processors PS and the entities EC, ED are telematic links.
• ECDSA for Elliptic Curve Digital Signature Algorithm
• AES for Advanced Encryption Stamdard
• SC for Shamir's Secret Sharing
• SCDH for Elliptic Curve Diffie-Hellman
• the processing method implements the validation method mentioned above, so that the request RN is processed if and only if the cooperating entities EC of a college of cooperating entities signatories COECS referred to by the subsequently, implement the application AP by means of a common secret SC which is also discussed below.
• the requesting entity ED transmits the request RN on the one hand to the college of cooperating entities COEC, on the other hand to an electronic and computer means MEI, designed and chosen so as to be able and intended to execute the RN request.
• the COEC college of cooperating entities implements the validation process, using the common secret SC, with a view to validating the RN request.
• the electronic and computerized means MEI then executes the request RN as a function of the validation.
• the electronic and IT means MEI can be the subject of different embodiments, known or within the reach of those skilled in the art, depending on the RN request, the corresponding service and the environment in which the processing process takes place. of the RN request.
• an electronic and computer-based MEI means is a computer, whatever its form.
• the validation process makes it possible to ensure security governance, insofar as this leads to verifying the conformity of the digital request RN with the corpus of rules defined in common by the cooperating entities EC, and this by implementing the processors of PS security responsible for the AP application,
• the cooperating entities EC are each a person or a computer robot capable of using the AP application.
• FIG. 1 schematically representing the requesting entity ED, a plurality of cooperating entities EC comprising here three entities, three security processors PS, one per cooperating entity EC, the three cooperating entities EC and the three security processors PS forming a sort of "block" comprising a college of cooperating signatory entities COECS and their associated security processors PS, and the electronic and computer means MEI capable and intended to execute the request RN.
• the reference arrow a symbolizes the request for validation of the RN request by the requesting entity ED in the "block".
• the reference arrows b symbolize the validation process of the request RN of the requesting entity ED within the "block", by means of a process of reconstitution of common secret SC.
• the reference arrow ç symbolizes the result of the validation transmitted by the "block” to the requesting entity ED and the reference d symbolizes the validated request transmitted to the electronic and IT MEI means.
• the validation method is such that a plurality (at least two) of cooperating entities EC are capable of each implementing a security processor PS loaded with the same application AP, for which each security processor PS delivers a digital AN certificate of integrity on request.
• the RN digital request is validated and ultimately processed by submitting it to the prior consent of several entities, without having to resort to a trusted third party.
• the cooperating entities EC agree to the execution of the digital request RN, by means of the implementation of threshold cryptography technologies, while these cooperating entities EC will authenticate each other using the digital certificates AN issued by PS security processors.
• FIG. 2 which takes up part of Figure 1 [Fig. 1] and illustrates two possible embodiments with regard to the security processors PS and the cooperating entities EC.
• the security processor PS is specific to a cooperating entity EC.
• the security processor PS is common to several cooperating entities. In all cases, the validation process involves the implementation of at least two PS security processors.
• the validation method includes a process for verifying the integrity of the application AP such that, from the digital certificates AN issued by each security processor PS, each entity EC of the plurality of cooperating entities EC ensures that each of the other entities EC of the plurality of entities EC implements an application AP identical to its own by cryptographically verifying the corresponding digital certificate AN.
• security processors PS are chosen so that they have each, in its own right, of a first pair of asymmetric cryptographic keys CC1.
• each security processor PS uses the private key CPR1 of the first pair of keys CCI to produce (which is symbolized by the reference arrow a in FIG. 3 [Fig. 3 ]) an electronic signature of all or part of the content of its COMEM memories.
• This electronic signature is worth digital certificate AN of integrity of the corresponding signed content, and its authenticity can be verified by using the public key CPU1 of the first pair of keys CCI.
• the cooperating entities EC agree together on a second pair of asymmetric cryptographic keys CC2. Then, the private key CPR2 of the second pair of keys CC2 is implemented to produce the electronic signature of the public key CPU1 of the first pairs of keys CC1 of each security processor PS, previously mentioned. Thus, the cooperating entities EC are able to authenticate, by implementing the public key CPU2 of the second pair of keys CC2, the digital certificates AN of integrity delivered by each of the security processors PS.
• Figure 4 Figure 4 [Fig.
• the reference arrow a symbolizes the extraction of the public key CPU1 from the first pair of keys CCI and the reference arrow b symbolizes the signature, by the private key CPR2 of the second pair of keys CC2, of the key public CPU1 of the first pair of CCI keys.
• the cooperating entities EC agree on a second pair of asymmetric cryptographic keys CC2.
• the cooperating entities EC use a pair of asymmetric cryptographic keys randomly drawn and shared between them.
• the second pair of asymmetric cryptographic keys CC2 is that of an external certification authority.
• the reference arrow a symbolizes the supply of the public key CPU1 of the first pair of keys CCI to the external certification authority ACE
• the reference arrow b symbolizes the implementation of the private key CPR2 of the second pair of key CC2 of the external certification authority ACE to sign the public key CPU1 of the first pair of keys CC1 (creation of digital certificate AN)
• the reference arrow ç symbolizes the return of the signature electronic of the public key CPU1 of the first pair of keys CCI by the private key CPR2 of the second pair of keys CC2, with a view to its storage in the security processor PS.
• the validation method also includes a process by which cooperating entities EC create a common secret SC and thus constitute a college of cooperating creative entities COECC.
• cooperating entities EC pool their own confidential data DC and digital processing TN is applied to all of their own confidential data DC in order to create the common secret SC.
• the reference arrow b in this figure symbolizes the own confidential data DC which are drawn randomly by each of the cooperating entities EC.
• the reference arrow a in this figure symbolizes the own confidential data DC which are introduced by the cooperating entities EC into the memory of the associated security processors PS.
• the own confidential data DC are extracted from the memory of the associated security processors PS.
• the reconstruction of the common secret SC can be carried out from not all of the cut parts PDE, but only from some of them, which are then suitable and sufficient to reconstitute later said common secret SC.
• all the cut parts PDE are necessary in order to subsequently reconstitute the common secret SC.
• the common secret SC can then be reconstituted only from the PDE cut parts from the same cut and not from PDE cut parts from more than one cut.
• cooperating entities EC pool their own confidential data DC (which is symbolized by the reference arrow a in FIG. 10 [Fig. 10]), the digital processing TN applied to all of this confidential data own DC in order to create the common secret SC, as it was previously exposed. Then, the common secret SC thus created is divided into a number of creative divided parts PDEC which is equal to the number of creative cooperating entities ECC constituting a college COECC, by means of an ALDE division algorithm (which is symbolized by the reference arrow b in figure 10 [Fig. 10]).
• the PDEC creative cut parts are then distributed among the creative cooperating entities ECC, each of them retaining one of the PDEC creative cut parts (which is symbolized by the reference arrow ç in FIG. 10 [Fig. 10]).
• the common secret SC is reconstituted with at least some of (two out of three in the case of FIG. 10 [Fig. 10]) creative cut parts PDEC. Or else, in one embodiment, the common secret SC is reconstituted with all of the creative cut parts PDEC.
• the common secret SC can only be used for the validation of one and only one digital request RN and it cannot be stored persistently in any of the memories of the associated security processors PS.
• each EC cooperating entity directly ensures this.
• Figure 11 [Fig. 11] are represented three cooperating entities EC, three security processors PS with the applications AP.
• the two reference arrows a in Figure 11 [Fig. 11] symbolize the issue by two cooperating entities EC to the third cooperating entity EC of the AN certificates of their own AP application.
• the reference arrow b in FIG. 11 [Fig. 11] symbolizes the verification by the third cooperating entity EC that the applications of the first two cooperating entities EC are identical to its own. The verification is therefore direct.
• each EC cooperating entity ensures that each of the other EC cooperating entities implements an AP application identical to its own by cryptographically verifying the digital certificate AN corresponding, not directly as in the first embodiment, but indirectly and through transitivity, by ensuring that a certain cooperating entity ECT implements an AP application identical to its own by verifying the certificate in a cryptographic manner corresponding digital AN, this certain ECT cooperating entity having itself ensured that the other EC cooperating entities implement the same AP application.
• FIG. 12 are represented four cooperating entities EC, including the certain entity ECT, four security processors PS with the applications AP.
• FIG. 12 symbolizes the issuance by two cooperating entities EC to the certain cooperating entity ECT, of AN certificates of their own AP application.
• the reference arrow b in Figure 12 [Fig. 12] symbolizes the verification by this the certain cooperating entity ECT that the applications AP of the first two cooperating entities EC are identical to its own.
• the reference arrow ç in Figure 12 [Fig. 12] symbolizes the issuance by the certain cooperating entity ECT to the fourth cooperating entity EC of a certificate AN of its own application AP, which is identical to that of the first two cooperating entities EC.
• the reference arrow d in FIG. 12 [FIG. 12] symbolizes the verification by this fourth cooperating entity EC that the application AP of the certain cooperating entity ECT and therefore also in a transitive manner the application AP of the first two cooperating entities EC are identical to its own.
• the verification is therefore here indirect.
• the confidential own data DC are transmitted confidentially, by means of an encryption and decryption algorithm, between the cooperating creative entities ECC, using at least one session key, which session key is returned unusable after the creation of a common secret SC.
• cut parts PDE originating from the same cut of the common secret SC are transmitted confidentially, by means of an encryption and decryption algorithm, between the cooperating entities EC using at least one session key, the session key being made unusable after the reconstitution of said common secret SC.
• the cooperating creative entities ECC comprise a first pilot creative entity ECCP1 and the other cooperating creative entities ECCA1.
• a plurality of session keys is used, so that each cooperating creative entity ECC implements its own key to communicate confidentially, by means of an encryption and decryption algorithm ALCD, with the first pilot creative entity ECCP1.
• the AP application integrates a session key exchange algorithm, ALEC.
• the first pilot creative entity ECCP1 initiates the algorithm for exchanging session keys ALEC with each of the other cooperating creative entities ECCA1.
• the other cooperating creative entities ECCA1 transmit, confidentially using their own session key, using an encryption and decryption algorithm ALCD, and not replayable, their own confidential data DC to the first pilot creative entity ECCP1.
• the cooperating creative entities ECC are able to apply digital processing to all of DC's own confidential data, thus creating the common secret SC.
• the cooperating creative entities ECC comprise a second pilot creative entity ECCP2 and the other cooperating creative entities ECCA2.
• a plurality of session keys is used, so that each cooperating signatory entity ECS implements its own key to communicate confidentially, by means of an encryption and decryption algorithm ALCD, with the second pilot creative entity ECCP2.
• a plurality of session keys is also used, so that each cooperating creative entity ECC implements its own key to communicate confidentially, by means of an encryption and decryption algorithm ALCD, with the second pilot creative entity ECCP2.
• the second pilot creative entity ECCP2 implements a process for verifying the integrity of the application AP carried by the security processor PS of each cooperating entity signing ECS, so that the second pilot creative entity ECCP2 ensures that each of the Cooperating signatory entities ECS implements an AP application identical to its own by cryptographically verifying the corresponding digital certificate AN.
• the AP application includes an algorithm for exchanging ALEC session keys. Then, the algorithm for exchanging ALEC session keys is initiated between, on the one hand, each of the other cooperating creative entities ECCA2 and each of the signatory cooperating entities ECS and, on the other hand, the second pilot creative entity ECCP2.
• the second pilot creative entity ECCP2 reconstructs the common secret SC.
• the second pilot creative entity ECCP2 divides the common secret SC into a number of parts divided into signatory PDES equal to the number of cooperating entities signatory ES.
• the second pilot creative entity ECCP2 transmits, confidentially using the session keys, by means of an encryption and decryption algorithm ALCD, and not replayable, their cut parts PDES signatories of the common secret SC to the cooperating entities signatories ECS.
• the cooperating entities EC comprise a pilot entity ECP and the other cooperating entities ECA.
• a plurality of session keys is used, so that each cooperating entity EC uses its own key to communicate confidentially, using an encryption and decryption algorithm ALCD, with the pilot entity ECP.
• the AP application includes an algorithm for exchanging ALEC session keys.
• the ECP pilot entity initiates the algorithm for exchanging ALEC session keys with each of the other EC cooperating entities.
• the validation method includes, by means of the implementation of the integrity verification process of the AP application, a process by which ECC entities of the college of cooperating creative entities COECC designate the signatory cooperating entities ES, thus constituting a college of cooperating signatory entities COECS.
• This college of COES signatory cooperating entities, taken as such, has access to the common secret SC.
• the RN request is validated if and only if the ECS cooperating entities of the college of COECS signatory cooperating entities implement the AP application by means of the common secret SC. Depending on the case, it is all the signatory cooperating entities or only a quorum of the college of COECS signatory cooperating entities.
• the college of COECC creative cooperating entities and the college of COECS signatory cooperating entities are separate, or the college of COECC creative cooperating entities and the college of COECS signatory cooperating entities are at least partly common.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Computer Hardware Design (AREA)
• Computing Systems (AREA)
• General Engineering & Computer Science (AREA)
• Storage Device Security (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=65031569

Family Applications (1)

Country Status (10)

Families Citing this family (1)

Family Cites Families (33)

• 2018
  • 2018-07-11 FR FR1870826A patent/FR3085815B1/fr active Active
• 2019
  • 2019-07-11 KR KR1020217004291A patent/KR20210028719A/ko unknown
  • 2019-07-11 EP EP19745659.3A patent/EP3821564A1/de active Pending
  • 2019-07-11 JP JP2021500594A patent/JP2021525993A/ja active Pending
  • 2019-07-11 US US17/259,113 patent/US11757660B2/en active Active
  • 2019-07-11 CA CA3105894A patent/CA3105894A1/fr active Pending
  • 2019-07-11 WO PCT/FR2019/000113 patent/WO2020012079A1/fr unknown
  • 2019-07-11 AU AU2019300287A patent/AU2019300287A1/en not_active Abandoned
  • 2019-07-11 SG SG11202100263PA patent/SG11202100263PA/en unknown
  • 2019-07-11 CN CN201980053226.9A patent/CN112970226A/zh active Pending

Also Published As

Similar Documents

Legal Events