FR2948839A1 - METHOD FOR SECURELY AUTHENTICATING ACCESS TO FIGURE DATA - Google Patents

Abstract

The invention relates to a secure authentication method for authorizing access to the encrypted data contained on a medium (3), in which, during an initialization, an initial seed (5) of encryption is created at least starting from a code (6) and an identifier (7) specific to said medium (3); transmitting said initial seed to a server that processes and returns it; the data (2) contained on said support (3) are encrypted according to the seed treated; then, during an authentication: a user (1) enters a code (10); at least the identifier (7) of said medium (3) is sent to said server (12) and accompanied by a seed (11) created from said entered code (10) and said identifier (7); after verification, said server (12) processes said seed (11) and returns it; the decryption (18) of the data (9) is attempted from the received processed seed (13).

Description

The present invention is in the field of user authentication and secure access to data via a communication network. The invention more particularly relates to the secure authentication of a user from a terminal via a remote server to enable him to access data in a secure manner. The invention will find a preferential application, but in no way limiting, in the secure authentication of a user to access the encrypted content of a medium, through the connection to a remote server via said communication network, particularly of the computer type. . In addition, the invention is part of the authentication of a user by password, especially a short password, such as a PIN for Personal Identification Number. Password authentication, including a PIN code, requires the entry of said code for verification from a remote server. The most used case of this type of authentication is the bank payment by smart card. The major disadvantage of this authentication lies in the size of the password, namely four characters for a PIN. Therefore, the limited number of combinations, namely 10000 in the case of a numeric character code, raises a major security problem. Indeed, a search of the password by brute force, namely the search and the systematic test of all the possible combinations, makes its discovery easy with the current computing capacities of the computers.

Therefore, a counting mechanism has been introduced to limit the number of attempts to discover the code. In fact, the remote server responsible for verifying said code increments the erroneous trial number. In a known manner, this count limits the number of possibilities to three erroneous attempts. If a test is verified, then the possible number of trials returns to zero and access is allowed, otherwise the server blocks access, increments the number of attempts and requests a retry, and after three unsuccessful attempts , the server blocks access and no further attempts can be made.

However, this type of protocol has disadvantages. In the case of a remote server which is transmitted the user's personal code, this code is compared with a code registered with the server. It is then possible for a third party to falsify the server and retrieve said code. This is why this code is encrypted and generally transmitted through a secure connection. However, there is a security vulnerability if said third party retrieves the encrypted code and attempts to decrypt it. Moreover, if a third party can have access to this server, he can recover the code.

The invention aims to overcome the disadvantages of the state of the art by proposing an alternative solution for secure authentication of a user, via a remote server, by entering a password, in order to access data contained on a medium.

In particular, the invention makes it possible to verify a password without the latter being known or transmitted as such, namely in a form that can be intercepted and decrypted by a third party. To do this, the present invention provides, in a first step, during an initialization step, to create an encryption seed from additionally a password and an identifier specific to a support, said seed being processed by a remote server. The encryption of the data contained on said support is then encrypted according to the seed obtained. Then, during an authentication step, is sent to said remote server at least the identifier of said medium accompanied by a seed to be processed, the seed containing a password entered by a user. After verification, said server then processes this seed and returns it to allow the decryption of the data. If decryption is possible, then the password entered was valid. In particular, the verification consists in comparing the number of tests remaining for said support.

Thus, the invention eliminates the knowledge of the password at said server, limiting the security risks relating thereto. In addition, since the processing performed is required to obtain the data decryption seed, it is therefore not possible to dispense with the remote server. Other features and advantages of the invention will emerge from the following detailed description of non-limiting embodiments of the invention, with reference to the appended figures in which: FIG. 1 schematically represents the initialization step; ; and - Figure 2 shows schematically the authentication step. The present invention relates to the secure authentication of a user 1 wishing to access encrypted data. In particular, said data 2 is contained on a medium 3, in particular recorded on a portable computer medium equipped with a memory space suitable for storing said data 2. Such a medium 3 may advantageously be in the form of a CD-ROM. ROM or DVD-ROM, or a portable terminal, such as a storage device or a cell phone. The authentication of said user 1 is done by connecting said support 3 to a remote server 4. In concrete terms, said support 3 can be combined with a terminal connected to said remote server. This combination depends on the type of medium and can be, depending on the case, its insertion within a reader or the connection to said terminal, in particular through a suitable and standardized connection, for example USB type for Universal Serial Bus.

Note that this connection can also be made directly through a communication network, wired or not, such as a wireless communication network. Such a network is preferably computer, such as the Internet.

In a first step, as shown in FIG. 1, the method according to the invention consists in initializing said support 3. To do this, during an initialization step, an initial seed of encryption is created. This initial seed 5 is created at least from a password 6 and an identifier 7 specific to said support 3. Other data can be taken into account to create such an initial seed 5. According to the preferred embodiment of FIG. realization, said password 6 may be short and consists of four numeric characters, such as a PIN code. In addition, said identifier 7 makes it possible to characterize said support 3 in a unique manner, such as a serial number. Furthermore, said initial seed 5 is transmitted to server 4 which is responsible for processing it and then sending it back. Upon receipt, 17 the data 2 contained on said support 3 is encrypted according to the seed treated 8. This initialization step is implemented to ensure the security of communications and data transfers. In addition, additional encryption of the transmitted data may be effected via a public key cryptosystem, using a symmetric key shared between said medium 3 and said server 4. Such a symmetric key may be of the type AES for Advanced Encryption Standard (or advanced encryption standard) with a length of 256 bits. In a second step, once the initialization of the support 3 has been performed, the user 1 wishing to access the encrypted data 9 and contained on the medium 3 must authenticate. This operation is shown in Figure 2.

Therefore, during an authentication step, the user 1 enters a password 10. The latter is used to create a seed 11, including said identifier 7 of the support 3. This creation is made of the same way during the initialization step. This seed 11 is then sent to said server 12 accompanied by at least the identifier 7 of said medium 3. It will be noted that with said identifier 7 can be transmitted a session number, such as an identifier or a session key. According to a preferred embodiment, at the time of transmission, the session number serves to encrypt said identifier of the medium 7, while said session number is encrypted by the public key of the certificate of said server 12. server 12 in possession of its certificate can decrypt the session number and the identifier 7 of the support 3. By means of this electronic signature, the server 12 can thus check the validity of the identifier 7 of the support 3. Then, after verification, said server 12 processes said seed 11 and returns it. The processing is identical to the processing performed in the initialization step. Finally, from the received processed seed 13 the decryption of the data 9 is attempted. If successful, the password entered by the user 1 was valid. Otherwise, the decryption has failed and user 1 must re-enter a password. It should be noted that the decryption 18 is allowed by obtaining a valid processed seed 11 which makes it possible to derive the encryption key from the data 9 contained on the support 3. Another seed serving for the derivative can be the password 10, namely the PIN code. More particularly, said verification may consist in comparing the number of tests remaining with respect to the identifier 7 of said medium 3. Indeed, the server 12 can keep in backup all the erroneous attempts for a given support 3, classified in particular by via said identifier 7 of the medium 3. Therefore, said server 12 can validate the existence of an input for the identifier 7 of a medium 3.

According to the preferred embodiment, the maximum number of erroneous attempts can be three. With each new attempt, a counter can be incremented or the seed sent can be saved. After exceeding, the server 12 may return a treated seed false 13, an action to the terminal invalidating the support 3 or simply not send anything at all. A verified attempt will clear the seed lines or reset the counter. In particular, a validation response is returned to the server 12 in the event of successful decryption 18. This response may contain the key and / or the certificate of the initialization server 4. In fact, these data have been encrypted at the time of writing. initialization and their transmission proves that decryption 18 succeeded, preventing a direct attack in the program by making leaps in the code. As such, it will be noted that the initialization 4 and authentication 12 servers can be distinct and therefore have two separate certificates. However, said servers 4.12 share a single symmetric key encryption, especially the same symmetric key encryption AES-256. Advantageously, each creation, at the time of initialization or authentication, may consist in performing a cryptographic hash function 14 on at least said password 6 or 10 and said identifier 7, in particular the concatenation of said password 6 or with said identifier 7, or vice versa. In particular, said hash function can be a SHA function for 256-bit Secure Hash Algorithm whose seed is the condensate.

In return, the processed seed 13 and the other data transmitted by the server 12 can be encrypted with said session key, guaranteeing the integrity and non-repudiation of the information and therefore the certainty of exchanging with the right server. In addition, the encryption 17 and the decryption 18 can be performed from a key generated from the processed seed 8 or 13. In particular, the generated key 15 can be a key AES-256. According to an optional embodiment, during authentication, this generation can be a brute force self-attack of said password 10, in particular of the four-character PIN code. Indeed, one of the seeds, making it possible to derive the encryption key 15 from the encrypted data 9, can be generated randomly on the initialization server 4, and is therefore not known to anyone. Its length can be chosen according to the desired number of combinations. For example, if this seed is 8 bits, we get 256 combinations. Since these 8 bits are totally unknown at the level of the medium 3, in order to decrypt the encrypted data 9, it is necessary not only to take into account the password 10, namely the PIN code entered by the user 1, the seed processed. received 13, but in addition it is appropriate to attempt all combinations on 8 bits until the encryption key 15, which is thus derived with all these elements, is valid.

According to a particular embodiment, said remote server 12 is a web server connected to the Internet. Therefore, at the time of authentication, said support 3 must contain the remote address of said server 12, such as its URL for Uniform Resource Locator. In addition, a secure connection can be made with this server, in particular via an HTTPS connection for HyperText Transfer Protocol Secure. All the required data can be introduced within an application contained on said support 3 and executed from it, especially during the combination with a terminal. It will be noted that the processing steps 16 of the initial seed 5 or 11 can only consist of encrypting it using the key shared by each server 4, 12. Therefore, the present invention makes it possible to authenticate a user without clear transmission of his password, to enable him to access encrypted data contained on a medium. Of course, the invention is not limited to the examples illustrated and described above which may have variants and modifications without departing from the scope of the invention.

Claims (4)

REVENDICATIONS1. A secure authentication method for authorizing access to the encrypted data contained on a medium (3), in which, during an initialization step: - an initial seed (5) of encryption is created at least from a password (6) and an identifier (7) specific to said medium (3); said initial seed (5) is transmitted to a server (4) which processes it and sends it back; the data (2) contained on the said support (3) are numbered (17) as a function of the treated seed (8); then, during an authentication step: - a user (1) enters a password (10) 15 - the server (12) is sent at least the identifier (7) of said medium (3) and accompanied a seed (11) created from said password (10) and said identifier (7); after verification, said server (12) processes said seed (11) and returns it; - the decryption (18) of the data (9) is attempted from the received processed seed (13). 2. Authentication method according to claim 1, characterized in that each creation consists in performing a cryptographic hash function (14) at least said password (6 or 10) and said identifier (7). 3. Authentication method according to any one of claims 1 or 2, characterized in that said verification consists in comparing the number of trial remaining with respect to the identifier (7) of said support (3). 30 4. Authentication method according to any one of the preceding claims, characterized in that the encryption and decryption are effected from a key (15) generated from the treated seed (8 or 13). 9