WO2001030044A2 - Method and apparatus for creation of secure communications channel, identification and payment - Google Patents

Method and apparatus for creation of secure communications channel, identification and payment Download PDF

Info

Publication number
WO2001030044A2
WO2001030044A2 PCT/BG2000/000026 BG0000026W WO0130044A2 WO 2001030044 A2 WO2001030044 A2 WO 2001030044A2 BG 0000026 W BG0000026 W BG 0000026W WO 0130044 A2 WO0130044 A2 WO 0130044A2
Authority
WO
WIPO (PCT)
Prior art keywords
password
information
secure
channel
block
Prior art date
Application number
PCT/BG2000/000026
Other languages
French (fr)
Other versions
WO2001030044A3 (en
Inventor
Ivaylo Nicolaev Popov
Original Assignee
Ivaylo Nicolaev Popov
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ivaylo Nicolaev Popov filed Critical Ivaylo Nicolaev Popov
Priority to AU76345/00A priority Critical patent/AU7634500A/en
Publication of WO2001030044A2 publication Critical patent/WO2001030044A2/en
Publication of WO2001030044A3 publication Critical patent/WO2001030044A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0485Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • This invention is relative to information ciphering, user identification, certi ication o-f documents, e—banking, electronic apparatuses for payment, transmitting of confidential information through public channels and access control systems.
  • the secure communication channels are generaly used in the corporative networks. They are built on base of various secure protocols. Each secure protocol uses some kind of information ciphering for sender and deciphering for the recipient. It is possible on condition that in the two end points of the channel is available a list of previously specified passwords for communication.
  • An example for communication through a secure channel is the connection between a bank automate and the bank.
  • This example shows in addition an important application of the secure channels, namely the remote client identification.
  • the client in this case identifies thyself using a card for payment and its own personal identification code. If it is excluded the possibility to use illegaly the specified password list, the secure channel identifies the associated persons.
  • the realization of secure channel is made using the app scheme — sender ciphering and recipient deciphering.
  • the difference is that the list of communication passwords together with the ciphering/deciphering mechanism are in an undisassemble device. In this device can be added password lists, but never can be read internal password. In this way at communication time the device identifies itself and the user identifies thyself using a personal password.
  • the info ation packadge is consecutively ciphered with internal communication password and a personal password. It is provided to be there a possibility for an ⁇ nimous communications through a secure channel, ciphering the information only by an internal password. There is in addition a possibility for secure communication through a separate channel. In this case is used ciphering by an internal password for the separate channel , an internal password of a center that certifies the identity and a personal password. The center for identity certification identifies the user using his personal password and the internal password for communica ions with the center, if the packadge deciphering is successfull. After this the center ciphers the packadge using the communication password for the other user and his personal password and sends it to him. The packadge itself is ciphered through all time with the password for separate channel. At the end it is deciphered by the recipient. In this way the information security is guaranteed and the center certifies the identity of corresponding persons.
  • Each session through the secure channel is made unical by transmitting a random marker in the ciphered part of the packadge and expecting to return the same marker to the sender in the ciphered message of the recipient.
  • the internal password identifies the device if there is not any way to access it and it only gives the after—efect on the ciphered result. Because of this the ciphering/deciphering method must be appropiated to multiusing of one and the same password, as well as to the fact that allways is ciphered known information. Must be made impossible the attempts to discover the internal password using statistics and inputting test information for ciphering, as a block filled in by one and the same symbol, for example.
  • the method for ciphering can cope with statistics risk including delution of information with random noise. It can cope with the risk of the test information for ciphering using a method for diversification of ciphered block contents. This method is applied when the block contains minor than defined number of different symbols. In this way the internal passwords are logically protected.
  • the physical device that proceeds the method is undisassemble, but regardless of this all passwords are kept ciphered by the personal password.
  • the personal password is kept marked by a label in a random place of a noise file, ciphered by the same personal password. Even so there is a possibility for physical access to internal memory, nobody can use contained there information without the personal password.
  • the special computer has nonvolative memory, main memory, procesor, bus menagement unit, clock pulse generator, noise generator (for random numbers), buffered input/output, lock-up system in case of physical destruction.
  • the lock—up system in case of physical destruction is of the base importance for the method. It guarantees that the device is undisassemble.
  • the computer is managed by a previously installed software that executes the commands for input/output, for ciphering/deciphering and block forming according to the established protocol.
  • the software is installed at device producing time and can not be changed nor yet can be read outside when the device is in use.
  • Nonvolative memory can only be deleted.
  • the files can be deleted when a valid password for the respective file is inputted. For some files it is the personal password, for other files the user does not know the password for deleting. Of this kind for example is the file for device and user identification.
  • a file of such kind can be deleted from that, who was created it, he knows the respective password.
  • the password file was deleted is impossible direct connection through secure channel with the respective person.
  • the computer has some modes that are managed from the user:
  • Undelible record prohibited mode prohibits undelible record in the internal nonvolative memory. Ordinary the undelible record is prohibited.
  • the computer is powered by the device with that is connected through a special coupling.
  • the undisassemble device has not independent value. It allways is used together with another computer, playing the role of user server.
  • the user server can be of any kind computer, portable or in ovable with communication possibilities. It is possible to create a special portable user server with built in possibilities for mobile connections or for pseudomobile connection through infrared or radio connection with a fixed device, that establishes a connection with a communication center.
  • the cash machines, public telephones and so on can be provided for infrared connection modems. It is possible to plug in fixed telephones a multiplex communication server, that supports a local radio communication with goal to give a rent connection for creation of secure channels.
  • These devices can be ordinary home radio telephones with attachment for multiplexing secure channels.
  • These telephones can be private and can be putted on as communication servers, when their owners are absent. In this way the owners receive an additional profit and pseudomobile service that is given from them will be sufficiently unexpensive to be possible wide using of it.
  • the undisassemble computer is installed in a special corpus, integrated with coupling, so it makes possible the facile pluging in different devices.
  • the undisassemble computer plugs directly in the outputing machine .
  • Each computer with plugged in a device of described kind can establish a secure channel for its owner.
  • the method for creation of secure channel, described to this site can be used for user identification. In this way each bank should be able to identify the identity of its clients and to receive orders through the secure channel.
  • the payment method by anonimous accounts would minorize the information amount in the system, because the information about made payments keeps in a short guarantee period, in that the transaction can be protested. After this period the information is deleted. It is not necessitated identity control nor it is made an archive of the account. There is only actual sum of account and to operate it is sufficiently to establish secure channel, associated with the account. When are used accounts of such kind, by an analogy with the cash money there can not be any interest for the person, from where the banks would finance this service.
  • one of the disbursing sides establishes a secure channel to the payment serving center. It connects with the other side and makes its payment offer. If the user of the other device confirms the payment it is established a secure subchannel to his payment serving center through the connected device and the communication server of payment center of the first side.
  • the paying person orders through his secure channel to his payment center to make the respective transfer to the recipient account.
  • the payment center directly or by a payment agent transfers the wanted sum to the indicated account.
  • the recipient waits for a payment notice through own secure channel. When he receives it, the transaction is ended. If there is a problem, in the guarantee period the transaction can be protested. In this case the whole information about the transaction must be kept and automaticaly must be locked the possibility to change the anonimous accounts to that moment when the case is solved, including by legal proceedings.
  • Figure 1 Sheme of secure channels organization.
  • Protocol server that is physically undi assemble.
  • Figure 2 Section of undisassemble one— hip computer.
  • Electrodes for meansuring the electric parameters of the interspace are Electrodes for meansuring the electric parameters of the interspace.
  • Figure 3 Block diagram of the one chip computer.
  • Noise generator random numbers generator
  • Nonvolative memory 34. Volat ive memory with random access.
  • the ciphering method is very important for the described method. It must resist statistics proceedings when there is multitime ciphering of known information by one and the same password. As a 03 it is solved putting in the ciphered file random information in formation of each ciphering process, it makes different the ciphered file every time.
  • noise block filling in one block of size 256 byte with random permutation of numbers from 0 to 255. It is named noise block.
  • the deciphering can be made using the same method excluding that, it is not added to the password the k-byte from the ciphered consecuence but the result from the operation XOR between the k—byte from the ciphered consecuence and the first byte from the password. Using this method is ciphered all internal data. So, even there is physical destruction of the undisassemble device to can not be established a secure channel using the received information without knowing the personal password.
  • the method is used for secure channel with identification of the identity.
  • the personal password do not figure in nonciphered form in the internal memory. It is disposed in a file, mixed by noise, that is ciphered using the economic method by the same personal password.
  • the file is deciphered and in it is looking for a defined label, followed by the same password. If it is found the password is correct.
  • the password is putted in an volative temporaly buffer and serves for deciphering of every one internal information before it using.
  • the device is locked. It become to be unusiful, because there is not any password that can activate it. It is very important, because in the opposite case by an outside generator it is easy to discover the personal password, that is comparatively short. In the same way can be locked a channel.
  • the internal memory is formed as a file system.
  • the file names are the names of secure channels, for that is kept the information. For each file is kept information about its type.
  • the file type determines the type of secure channel, that is built using it.
  • the information is ciphered by the kept password (44) using the ciphering method. It is applied the procedure for passing a random marker (41,42) for making unique session.
  • a secure channel When a secure channel must be established, first it waits for outside input of a personal password (46).
  • the information (41,42,43) is ciphered by the kept internal password (44) according to the ciphering method and with the inputted personal password (46) according to the method for economic ciphering.
  • Action Expects a name of a secure channel with identification. It cipheres the information as anonimous channel by the kept internal password (44) .
  • each secure channel has a nonciphered part. These are, for example, the connection addresses and other information. This information is kept in an outside device.
  • Generaly the method and the device according the method are forming a protocol server (11) of the secure channel. All the rest actions are processed by the user server (12), that establishes the secure channel (15,17).
  • the device according to the method is made compact and undisassemble, integrated by a coupling for pluging in different devices.
  • the device is one—chip computer preferable on the base of onocrystal. If it is impossible, then it can be made using a hybride technology as on a pad (21) are directly glued the crystals (22) of the necessary integrated circuits. In the two cases are taken all necessary means to be very hard disassembling and accessing information in the integrated circuit.
  • the integrated circuit is putted in a metal courpus (26).
  • the basic guarantee to not be there a physical intervention is the locking system (37) in case of physical destroying. It can be reached by a sensor box (24) , in which is disposed the one-chip computer.
  • the sensor box (24) has production guaranteed unique structure.
  • electrodes (25) in the box walls volume are meansured the electric parameters of the walls.
  • the reseived results from electrodes (25) are normalized by a numeric method, to be eliminated the possible fluctuat ons.
  • the received values are used for creation of a password for additional ciphering of the information.
  • the sensor box is produced by pouring over the basic box (23) with installed electrodes (25) with an indurating substance using a technology that guarantees wide parameters tolerance.
  • the password defending the system is formed automaticaly when the device is put on by digital meansuring of the electric parameters between the electrodes through a program managed multiplexed channel. In this way, even the producer do not know the password.
  • nonvolative memory In the integrated circuit must be an nonvolative memory (33) , RAM for buffering means (34) , input/output buffered interface (36) , physical generator of random numbers (32) , powering voltage stabilizer with protection (38), data bus (39) , procesor (35) .
  • the managing software is installed in the nonvolative memory.
  • the software of the integrated circuit executes all functions for ciphering/deciphering and supporting the data ormat, executing outside commands or internal procedures.
  • the software characteristics are defined in accordance with secure channels types , that are supported and the possible outside commands.
  • the example channel types were yet examined, but here is the example command set:
  • Input file name, number of bytes, type, [password], description
  • Input Channel name, additional information depending of the channel type, information for sending.
  • Input number of bytes, information block.
  • the hardware switches may have only additional role — for conveniently use of the device and can indicate a contrary mode only if it is stronger than the mode indicated by the respective option.
  • the secure channels as they are described are apropriate for transmition of confidential information and for user identification, that makes them applicable in many fields.
  • patent application No 103505, dated 18 June 1999 before Patent Office of Republic of Bulgaria and in PCT/BGOO/00010 it is told, that to receive a ciphered certificate for a document in electronic form, it is used a secure channel for connection with the certificate center.
  • the mentioned secure channel can be made according to the described method. In this way it receives a whole system for e—documents proceeding, including secure data transfer to the certificate center, document authenticity guaranteeing using ciphered document certificates issued by the certificate center and document recognition and proceeding, using a global document descriptor, may be through the secure channels.
  • the secure anonimous channel is apropriate for pseudo cash e—pays, using an anonimous account.
  • the secure channel can serve for notary certified remote delegation of a person. It includes property transfer, concluding agreements and so on, without the necessity of physical presense. An obvious application of the secure channel with identification is to serve as a access key.
  • the described device can be used for other goals, for example as a card for shop reduction in price or as electronic voting-paper. To be used as a voting—paper the device receives the opportunity to create an anonimous secure channel to the central election commi ion. Through the secure channel can be received the voting paper, it may be filled in and may be returned through the channel, the channel becomes locked.
  • the described system for data protection by the locking system for a case of physical intervention can be used separately for electronic data protection.
  • the method and the device can guarantee the personal inviolability in the conditions of the global information spreading.

Abstract

It is disclosed a method for creation of a secure channel with information ciphering at the sender and deciphering at the recipient. All functions for ciphering/deciphering and information forming are executed in physical undisassemble device. In the undisassemble device are kept the passwords for establishing different kinds of secure channels for connection. The device has locking system for case of physical intervention. Built in this way secure channels can be used for remote delegation, e-payment through the Internet, transmitting of confidential information through the public channels and so on.

Description

METHOD AND APPARATUS FOR CREATION OF SECURE COMMUNICATIONS CHANNEL, IDENTIFICATION AND PAYMENT
Field o-f technics
This invention is relative to information ciphering, user identification, certi ication o-f documents, e—banking, electronic apparatuses for payment, transmitting of confidential information through public channels and access control systems.
Background of the invention
This text is interpretation of a national application before the Patent office of the Republic of Bulgaria, No 103821 / 18 October 1999.
In the present time the secure communication channels are generaly used in the corporative networks. They are built on base of various secure protocols. Each secure protocol uses some kind of information ciphering for sender and deciphering for the recipient. It is possible on condition that in the two end points of the channel is available a list of previously specified passwords for communication.
An example for communication through a secure channel is the connection between a bank automate and the bank. This example shows in addition an important application of the secure channels, namely the remote client identification. The client in this case identifies thyself using a card for payment and its own personal identification code. If it is excluded the possibility to use illegaly the specified password list, the secure channel identifies the associated persons.
Because of that the secure channels are generaly corporative, there are strong conditions for pluging a device in the secure channel. The security of similar secure channels is asecured by access limitations. The access is allowed only for confidential persons, often these persons are binded by a contract for responsabi lity in case of eventual system damages, caused by their devices. This is so because if a hacker has the physical access to a device, pluged in a secure channel, he can cause serious system damages.
The question about creation of a secure channel in every time and in every site, between all kind of people is not solved. It limits the potentials of e-commerce and the use of the world network.
Summary of the invention
The realization of secure channel is made using the clasic scheme — sender ciphering and recipient deciphering. The difference is that the list of communication passwords together with the ciphering/deciphering mechanism are in an undisassemble device. In this device can be added password lists, but never can be read internal password. In this way at communication time the device identifies itself and the user identifies thyself using a personal password.
The info ation packadge is consecutively ciphered with internal communication password and a personal password. It is provided to be there a possibility for anσnimous communications through a secure channel, ciphering the information only by an internal password. There is in addition a possibility for secure communication through a separate channel. In this case is used ciphering by an internal password for the separate channel , an internal password of a center that certifies the identity and a personal password. The center for identity certification identifies the user using his personal password and the internal password for communica ions with the center, if the packadge deciphering is successfull. After this the center ciphers the packadge using the communication password for the other user and his personal password and sends it to him. The packadge itself is ciphered through all time with the password for separate channel. At the end it is deciphered by the recipient. In this way the information security is guaranteed and the center certifies the identity of corresponding persons.
It is possible to keep no only one, but a password list for creation of a given secure channel. At the ciphering the passwords are changed in arbitrary way, that is shown by the communication protocol.
Each session through the secure channel is made unical by transmitting a random marker in the ciphered part of the packadge and expecting to return the same marker to the sender in the ciphered message of the recipient.
The internal password identifies the device if there is not any way to access it and it only gives the after—efect on the ciphered result. Because of this the ciphering/deciphering method must be appropiated to multiusing of one and the same password, as well as to the fact that allways is ciphered known information. Must be made impossible the attempts to discover the internal password using statistics and inputting test information for ciphering, as a block filled in by one and the same symbol, for example. The method for ciphering can cope with statistics risk including delution of information with random noise. It can cope with the risk of the test information for ciphering using a method for diversification of ciphered block contents. This method is applied when the block contains minor than defined number of different symbols. In this way the internal passwords are logically protected.
As a presumption the physical device, that proceeds the method is undisassemble, but regardless of this all passwords are kept ciphered by the personal password. The personal password is kept marked by a label in a random place of a noise file, ciphered by the same personal password. Even so there is a possibility for physical access to internal memory, nobody can use contained there information without the personal password.
For security meanings can exist a set of pseudo sinonimous of personal password, which role is to notice the police, that the person established a secure connection contrary of his will. All described to this site is proceeded by an undisassemble electronic device, which represents a special computer. The special computer has nonvolative memory, main memory, procesor, bus menagement unit, clock pulse generator, noise generator (for random numbers), buffered input/output, lock-up system in case of physical destruction. The lock—up system in case of physical destruction is of the base importance for the method. It guarantees that the device is undisassemble.
The computer is managed by a previously installed software that executes the commands for input/output, for ciphering/deciphering and block forming according to the established protocol. The software is installed at device producing time and can not be changed nor yet can be read outside when the device is in use.
As a rule there is not any external command for extracting the contents of nonvolative memory. Nonvolative memory can only be deleted. The files can be deleted when a valid password for the respective file is inputted. For some files it is the personal password, for other files the user does not know the password for deleting. Of this kind for example is the file for device and user identification.
A file of such kind can be deleted from that, who was created it, he knows the respective password. When the password file was deleted is impossible direct connection through secure channel with the respective person.
The computer has some modes that are managed from the user:
Anonymity mode - the computer do not establish its - ό -
identity, nor gives any information about its holder. It makes the connection using previously inputted internal password. The recipient can refuse the connection when the sender is anonimous.
Record prohibited mode — it prohibits record in the internal nonvolative memory.
Undelible record prohibited mode - prohibits undelible record in the internal nonvolative memory. Ordinary the undelible record is prohibited.
The computer is powered by the device with that is connected through a special coupling. As a principe the undisassemble device has not independent value. It allways is used together with another computer, playing the role of user server. The user server can be of any kind computer, portable or in ovable with communication possibilities. It is possible to create a special portable user server with built in possibilities for mobile connections or for pseudomobile connection through infrared or radio connection with a fixed device, that establishes a connection with a communication center. The cash machines, public telephones and so on can be provided for infrared connection modems. It is possible to plug in fixed telephones a multiplex communication server, that supports a local radio communication with goal to give a rent connection for creation of secure channels. These devices can be ordinary home radio telephones with attachment for multiplexing secure channels. These telephones can be private and can be putted on as communication servers, when their owners are absent. In this way the owners receive an additional profit and pseudomobile service that is given from them will be sufficiently unexpensive to be possible wide using of it.
The undisassemble computer is installed in a special corpus, integrated with coupling, so it makes possible the facile pluging in different devices. To 1 imitate access to internal passwords when an password is about to be inputted, the undisassemble computer plugs directly in the outputing machine . Each computer with plugged in a device of described kind can establish a secure channel for its owner.
There is a probality to access the information when it is not ciphered in its creation process. This is not a problem for secure channel. It gives security only between two points and not in the points. If it is needed strong confidelity, there must be applied other method for safe the user server .
For many cases, there is not meaning, that the information transmitted through the secure channel is known, but has meaning the identifying function of the channel. For example an invoice is valid document not when is filled in only the sum, but when there is a signature and a seal. Transmitting through a secure channel a document without anoni ous mode gives the same officiality of the document as notary certified signature. When the corresponding persons are not registered in one and the same identifying center it is seeking a consecution of identifying centers, that are confiable one to other to can certify the identity one towards other and ultimately the identities of the both corresponding persons to be fixed from their centers. It resembles to recertification of notary certification of signature before another state.
The method for creation of secure channel, described to this site can be used for user identification. In this way each bank should be able to identify the identity of its clients and to receive orders through the secure channel.
In this way can be ordered all kind of bank operations, that gives the opportunity to make non-cash payments when the bank services are online. This manner of payment is reliable, it is proceeded through a serving bank after identification procedures and can be certified the payment. Together with the yet told this payment method is inconvenient for all kinds of payments, because of that it can violate the right of person inviolability. Having the information about all purchases of a given person can be evaluated his material status, his habits and so on. Sometimes this information may be used even for descredition. When it thinks about e—commerce which base are the e-money, must not forget the human rights. Because of this can be introduced anonimous accounts, that are managed through secure channels, associated with the accounts.
These accounts can be with limitted volume and do not connect to the identity of their owner but only to secure channel that can be made using the described method. If there is unlimitted possibility a person to open and to close accounts of such kind, the anonymity is guaranteed. It would not change the economic rules because in this moment the cash money in private persons are anonimous, too.
Beside that the human rights are kept, the payment method by anonimous accounts would minorize the information amount in the system, because the information about made payments keeps in a short guarantee period, in that the transaction can be protested. After this period the information is deleted. It is not necessitated identity control nor it is made an archive of the account. There is only actual sum of account and to operate it is sufficiently to establish secure channel, associated with the account. When are used accounts of such kind, by an analogy with the cash money there can not be any interest for the person, from where the banks would finance this service.
To make a payment, independently of used anonimous or normal account, one of the disbursing sides establishes a secure channel to the payment serving center. It connects with the other side and makes its payment offer. If the user of the other device confirms the payment it is established a secure subchannel to his payment serving center through the connected device and the communication server of payment center of the first side.
The paying person orders through his secure channel to his payment center to make the respective transfer to the recipient account. The payment center directly or by a payment agent transfers the wanted sum to the indicated account. The recipient waits for a payment notice through own secure channel. When he receives it, the transaction is ended. If there is a problem, in the guarantee period the transaction can be protested. In this case the whole information about the transaction must be kept and automaticaly must be locked the possibility to change the anonimous accounts to that moment when the case is solved, including by legal proceedings. Brief descriptions of figures
Figure 1 — Sheme of secure channels organization.
11. Protocol server, that is physically undi assemble.
12. Communication and user server.
13. Confiable center of the connected person.
14. Mediator confiable center.
15. Secure channel, that may be with identi ication between the connected person and his confiable center.
16. Secure channel between the confiable centers.
17. Direct secure channel between two connected persons. 18. Communications channel between the undisassemble computer and the user and communication server.
Figure 2 — Section of undisassemble one— hip computer.
21. Pad.
22. Integrated circuits without corpus, glued on the pad.
23. Internal box of the integrated circuit.
24. Interspace filled in by a no homogeneos stable substance, that is diathermic.
25. Electrodes for meansuring the electric parameters of the interspace.
26. Outside metal box, serving in addition as a radiator.
27. Insulator.
28. One of the leads of the integrated circuit. 29. Interspace filled in by a diathermic dielectric substance.
Figure 3 - Block diagram of the one chip computer.
31. Pulse generator.
32. Noise generator (random numbers generator) .
33. Nonvolative memory. 34. Volat ive memory with random access.
35. Procesor.
36. Buffered input/output interface.
37. System for computer lock—up when there is a physical damage.
38. Power voltage stabilizer with protection.
39. Bus.
Figure 4a—4c — Demonstration of creation of
I. Anonimous channel (Fig. 4a).
II. Secure channel with identification (Fig. 4b).
III. Separated channel (Fig. 4c).
41. Return of random marker.
42. Sending a request for random marker return.
43. Information block.
44. Ciphering by internal password.
45. Status byte.
46. Ciphering by a personal password.
Detailed description of the preffered embodiment
The ciphering method is very important for the described method. It must resist statistics proceedings when there is multitime ciphering of known information by one and the same password. As a principe it is solved putting in the ciphered file random information in formation of each ciphering process, it makes different the ciphered file every time.
One example method for similar ciphering is the next. Preliminary processing
1. Previously mixing the file with noise. Making it allways if it is short or it is requiered maximal security. Generating a file with random information (using the built in noise generator (32)), writing in random places of it the parts of the file for ciphering, accompanied by a label for recognition.
2. Deviding in this way prepared file on blocks. For example let their size be 248 bytes.
3. Ciphering each block separately.
Method for ciphering
1. Variegating the block contents.
2. Filling in one block of size 256 byte with random permutation of numbers from 0 to 255. It is named noise block.
3. Copying the block of size 248 bytes for ciphering in another block of size 256 bytes. In the rest space writing the passed random marker in previous received mesage from the other side through the secure channel, if it is not received, writing random value. After this writing a random value that is expected to be return in the next mesage through the channel.
4. Transposing the bytes of the block for ciphering according to the number in the respective place in the random permutation.
5. Making byte—by-byte operation XOR between the bytes of noise block and transposed sorce block.
6. Making byte-by—byte operation XOR between an internal password and noise block. The internal password ordinary is noise too. By this manner receiving a ciphered block with length 512 bytes. Adding to it a nonciphered status byte
(45), that determines the type of the channel, if the information is variegated, if it was complemented and so on.
Method for deciphering
1. Making byte-by-byte operation XOR between the internal password with length 256 bytes and the noise block.
2. Making byte—by—byte operation XOR between the noise block and the ciphered information block.
3. Ordering the bytes of the information block according to order of their numbers in the noise block.
4. Normalizing the information, if the status byte (45) shows that the information was variegated.
5. Cutting to the original size the information block, if the status byte shows that the block is complemented.
Subsequent processing
1. Joining all deciphered blocks to receive noise file with information.
2. Searching all blocks from the sorce file using their special labels in the noise file.
3. Forming the deciphered file from all found blocks. Method for variegating the block contents
1. Scanning the block and finding the symbol set, that it contains.
2. If symbols are minor than defined number, go to point 3, else go to point 20.
3. Searching repeat pair of equal symbols.
4. If is found pair go to point 5 else go to point 10.
5. Choosing a symbol from unused symbols in the respective block.
6. Writing in a table, that the generated symbol substitutes the pair. For example, (S,a) — shows that the symbol "S" substitutes the pair "aa".
7. Substituting the pair where it is found by the choosed symbo1.
8. Adding the choosed symbol in the set of used symbols.
9. Go to point 2.
10. Finding repeated pair of different symbols.
11. Choosing a random symbol from unused symbols.
12. Writing in the table with substitutions of the pairs of different symbols, that the choosed symbol substitutes the pair. For example, (S,a,b) - the choosed symbol "S" substitutes the pair "a,b".
13. Where it is found the pair is substituted by the hoosed symbo1.
14. Go to point 2.
15. Checking up if the generated tables plus three bytes can be written in the freed block space.
16. If they can be written - go to point 17, else go to point 20.
17. At the end of the block writing the length of the compressed block, length of each one of the tables . In this way the end three bytes of the block are filled in. 18. Before the three end bytes disposing the two tables.
19. Filling in the rest space between the tables and the compressed block with noise.
20. End.
Method for creation of the original block from a block with variegated contents (normalization method)
1. Copying the two tables from the block.
2. Cutting the block to the size of compressed in ormation .
3. Scanning the block and substituting each symbol that can be found in one of the two tables with the respective pair.
4. If there is not found any symbol for substitution go to 5. Else point 3.
5. End.
Economic method for block ciphering by a personal password.
In this case it is ciphered noise. Because of it the simplicity of the method do not make low the security. 1. K:=0.
2. Incrementing k. Adding to the password the k-th byte of the consecuence for ciphering.
3. Applying operation XOR between first byte of the password and k—byte of the consecuence for ciphering. Writing the result in the k—place of the ciphered consecuence. 4. Deleting the first byte of the password.
5. If k=N, where N is the length of the consecuence for ciphering go to point 6, else go to point 2.
6. End.
The deciphering can be made using the same method excluding that, it is not added to the password the k-byte from the ciphered consecuence but the result from the operation XOR between the k—byte from the ciphered consecuence and the first byte from the password. Using this method is ciphered all internal data. So, even there is physical destruction of the undisassemble device to can not be established a secure channel using the received information without knowing the personal password.
The method is used for secure channel with identification of the identity.
The personal password do not figure in nonciphered form in the internal memory. It is disposed in a file, mixed by noise, that is ciphered using the economic method by the same personal password. When the user inputs a personal password, the file is deciphered and in it is looking for a defined label, followed by the same password. If it is found the password is correct. The password is putted in an volative temporaly buffer and serves for deciphering of every one internal information before it using.
If the user inputs an incorrect password, it is incremented a value that is kept in the nonvolative memory.
When there are a defined number incorrect attempts, the file with the personal password is filled in by noise generator
(32). E.g. the device is locked. It become to be unusiful, because there is not any password that can activate it. It is very important, because in the opposite case by an outside generator it is easy to discover the personal password, that is comparatively short. In the same way can be locked a channel.
The internal memory is formed as a file system. The file names are the names of secure channels, for that is kept the information. For each file is kept information about its type. The file type determines the type of secure channel, that is built using it.
I. File type — anonimous secure channel
It keeps a password or passwords for information ciphering.
Act ion:
Internaly the information is ciphered by the kept password (44) using the ciphering method. It is applied the procedure for passing a random marker (41,42) for making unique session.
II. File type - secure channel with identification
It keeps the internal password for establishing of anonimous channel. Action:
When a secure channel must be established, first it waits for outside input of a personal password (46). The information (41,42,43) is ciphered by the kept internal password (44) according to the ciphering method and with the inputted personal password (46) according to the method for economic ciphering. Essentialy it represents an anonimous channel with additional ciphering.
III. File type - separated channel.
It keeps the internal password/passwords for establishing an anonimous channel.
Action: Expects a name of a secure channel with identification. It cipheres the information as anonimous channel by the kept internal password (44) .
After this it applies the procedures for secure channel with identification.
It is known that each secure channel has a nonciphered part. These are, for example, the connection adresses and other information. This information is kept in an outside device. Generaly the method and the device according the method are forming a protocol server (11) of the secure channel. All the rest actions are processed by the user server (12), that establishes the secure channel (15,17).
The device according to the method is made compact and undisassemble, integrated by a coupling for pluging in different devices. The device is one—chip computer preferable on the base of onocrystal. If it is impossible, then it can be made using a hybride technology as on a pad (21) are directly glued the crystals (22) of the necessary integrated circuits. In the two cases are taken all necessary means to be very hard disassembling and accessing information in the integrated circuit. For example , the integrated circuit is putted in a metal courpus (26). The basic guarantee to not be there a physical intervention is the locking system (37) in case of physical destroying. It can be reached by a sensor box (24) , in which is disposed the one-chip computer. The sensor box (24) has production guaranteed unique structure. By electrodes (25) in the box walls volume are meansured the electric parameters of the walls. The reseived results from electrodes (25) are normalized by a numeric method, to be eliminated the possible fluctuat ons. The received values are used for creation of a password for additional ciphering of the information. When there is an attempt for physical access the electric parameters of the box (24) will be changed and the password will become unaccessible. Prefferibely the sensor box is produced by pouring over the basic box (23) with installed electrodes (25) with an indurating substance using a technology that guarantees wide parameters tolerance. The password defending the system is formed automaticaly when the device is put on by digital meansuring of the electric parameters between the electrodes through a program managed multiplexed channel. In this way, even the producer do not know the password.
In the integrated circuit must be an nonvolative memory (33) , RAM for buffering means (34) , input/output buffered interface (36) , physical generator of random numbers (32) , powering voltage stabilizer with protection (38), data bus (39) , procesor (35) .
At the producing of the integrated circuit the managing software is installed in the nonvolative memory.
The software of the integrated circuit executes all functions for ciphering/deciphering and supporting the data ormat, executing outside commands or internal procedures.
The software characteristics are defined in accordance with secure channels types , that are supported and the possible outside commands. The example channel types were yet examined, but here is the example command set:
Command: Delete ile
Input: file name, password
It deletes an internal file.
Command: Write file
Input: file name, number of bytes, type, [password], description
Writes a file in the internal nonvolative memory. If the password is omitted, the file can be deleted using the personal password. The description is text information about the file - for example, for what is it?
Command: Send through the channel
Subtypes:
- Send through the anonimous channel
- Send through the channel with identification
- Send through the separated channel
Input: Channel name, additional information depending of the channel type, information for sending.
It makes the necessary proceedings and prepare a block for sending through a communications channel depending of the secure channel type.
Command: receive through a channel
Subtypes:
- Receive through an anonimous channel
- Receive through a channel with identi ication
- Receive through a separate channel Input: Channel name, information block
Deciphers the information. Data input and results output are made through a buffer. Because of it there are the next two commands:
Command: Input in the buffer
Input: number of bytes, information block.
It inputs through the input/output interface the respective number of bytes in the buffer.
Command: Output the buffer
Input: No
It outputs the number of bytes in the buffer, followed by the contents of the same buffer.
Command: Activate the computer
Input: personal password
It activates the computer.
Command: Change the personal password
Input: file name, old password, new password
It changes the personal password in the secure channel with identi ication. It makes this in two stages. Immediately the new password becomes a synonym of the old password. The old password is locked for outside use. When a connection establishes through the channel it is waiting the new password. The connection establishes using the old password and it is transmitted a command through the channel for password change.
Command: List the names of the supported channels
Input: No
Lists the names of the supported channels and their text description.
Command: Stop
Input: No
Ends immediately the execution of a command and deletes the buf fer .
Command: Change record option
Input: True or false, password;
Sets the inputted value in the nonvolative memory, if the password is correct and in this way indicates the respective work mode.
Command: Change undelible record option
Input: True or false, password.
It is as the above command. Command: Change anonymity mode option
Input: True or false, password.
It is as the above command.
Beside of this options can be provided hardware switches o control this options. The hardware switches may have only additional role — for conveniently use of the device and can indicate a contrary mode only if it is stronger than the mode indicated by the respective option.
Examples for use of the method and the device.
The secure channels as they are described are apropriate for transmition of confidential information and for user identification, that makes them applicable in many fields. In patent application No 103505, dated 18 June 1999 before Patent Office of Republic of Bulgaria and in PCT/BGOO/00010 it is told, that to receive a ciphered certificate for a document in electronic form, it is used a secure channel for connection with the certificate center. The mentioned secure channel can be made according to the described method. In this way it receives a whole system for e—documents proceeding, including secure data transfer to the certificate center, document authenticity guaranteeing using ciphered document certificates issued by the certificate center and document recognition and proceeding, using a global document descriptor, may be through the secure channels.
The secure anonimous channel is apropriate for pseudo cash e—pays, using an anonimous account.
The secure channel can serve for notary certified remote delegation of a person. It includes property transfer, concluding agreements and so on, without the necessity of physical presense. An obvious application of the secure channel with identification is to serve as a access key. The described device can be used for other goals, for example as a card for shop reduction in price or as electronic voting-paper. To be used as a voting—paper the device receives the opportunity to create an anonimous secure channel to the central election commi ion. Through the secure channel can be received the voting paper, it may be filled in and may be returned through the channel, the channel becomes locked.
The described system for data protection by the locking system for a case of physical intervention can be used separately for electronic data protection.
Not for the last place the method and the device can guarantee the personal inviolability in the conditions of the global information spreading.

Claims

What is claimed is:
1. The method for creation of a secure channel for connection, identification and payment through a secure connection protocol, including digital ciphering and deciphering of information comprising: using a protocol server with undisassemble device and user communication server in the two end points for creation of a secure channel independently from information transmitting media.
2. The protocol server comprising the undisassemble device for information proceeding using a determined internal software and necessary data keeping for creation of a set of different kinds secure protocols.
3. The device management software according to the claim , comprising: method for ciphering/deciphering using random generated in ormation; method for secure information keeping; personal password identification method; personal password change method for channel with identi ication; method for creation of an anonimous secure channel; method for creation of a secure channel with identification; method for creation of a separate secure channel.
4. The device according to the claim 2, comprising: physical undesassembil ity using one— hip computer built using monocrystal or hybride technology, with included locking system in case of physical destroying; protector corpus, integrated with an universal coupling for connection with different devices, that serve as user and communication servers; external powering by the integrated coupling; internal nonvolative memory for built in management software; internal reprogramable nonvolative memory for keeping of data for creation of different secure channels; volative memory for cashing, buffering input/output and working use; special procesor; input/output buffered interface; built in powering voltage stabilizer with protection; built in hardware generator for random numbers; preinstalled special software for executing a determined external commands set; built in hardware possibility for ordering a defined set of device working modes.
5. The external commands set according to the claim 4, comprising that it is not included any command or sequence of commands for read directly the internal memory contents, excluding input/output buffer.
6. The device working modes according to the claim 4, comprising functions for: prohibition/allowing record in the internal nonvolative memory; prohibition/allowing undelible record; prohibition/allowing device and user identification.
7. The user ~ and communication server according to the claim 1, comprising: being compact produced; having unctionality for payment, remote delegation and secure connection; having integrated mobile telephone connection and/or a standard infrared connection interface with stationary devices and possibility to establish a pseudomobile connection and/or a standard coupling for connection with a computer and/or pseudomobile connection opportunity through a temporaly rented channel using a private stationary telephone by a local radio communication.
8. The pseudomobile connection according to claim 7, comprising: establishing a secure connection with a stationary device; establishing stationary device connection through the fixed telephone network with an indicated telephone number for connection with the serving communication center; establishing a secure channel between the stationary device and the communication center; transmitting to the communica ion center the device request for connection; establishing the communication center connection with the searched site through a secure channel using the fixed telephone network or Internet; establishing a- secure channel between the two end points.
9. The stationary device according to the claim 8, comprising that: it is computer with communication interface; public telephone with built in interface for secure channel ; cash register with secure channel interface; private telephone with radio connection and an attachment for multiplexing secure channels according to a price agreement with the serving communication center.
10. The locking system , comprising: a sensor box from material with heterogeneous consistence; with built in its volume electrodes; using the electrodes for eansuring the electric parameters between every two electrodes; digitally correcting the received values for drift elimination and using these values as a password for an additional ciphering of information that is kept in the nonvolative memory of the device installed in the box.
11. The crypto method using the random generated information, comprising: information ciphering comprising the steps of: mixing information with noise; disposing labeled blocks in random places in a noise ile; separating information on blocks; suplementing the blocks with noise; variegating the block contents; generation of a block, containing a random permutation of byte numbers from- the block, that is about to be ciphered; transposition of the bytes in the block for ciphering, as the byte in the respective position is putted in the place, indicated from the value in the same position in the random permutation; applying a reversive function to mix byte—by-byte the information from the random permutation block and the block with information for ciphering; applying a reversive function for byte—by-byte mixing of the internal password and the random permutation block; and information deciphering comprising the steps of: applying the reversed function for byte—by—byte separation of internal password and the random permutation block; applying the reversed function for separation of the ciphered information block and random permutation block; transposition of bytes in the ciphered block, as in the consecutive position is putted the byte, that is in the position, indicated from the value in the respective position in the random permutation; normalizing the block contents if it was variegated; appending all labeled bloks and receiving the file.
12. The method for information variegating and normalizing according to claim 11, comprising: variegating method comprising the steps of: substituting repeated pairs of equal symbols with a random symbol from the unused symbols in the block and writing the substitution in a table for pairs of equal symbols; substituting repeated pairs of different symbols with random symbol from the unused symbols in the block and writing the substitution in a table for pairs of different symbols; repeating the described above actions to the receiving of the requiered variety; writing the two substitution tables in the same block and writing the sizes of the compressed block and of the two tables; filling in the rest space with random information; and the normalizing method, comprising the steps of: coping the compressed block, using the information for its size, that is disposed in the block; examining the block and making substitutions of all symbols, that figure in one of the two tables with respective pairs of symbols, to the removing of all appearances of such symbols.
13. The economic crypto method, comprising: information ciphering, comprising the steps of: adding to the password the symbol for ciphering; mixing the symbol for ciphering with the first password symbol using a reversive function; deleting the first symbol of the password; repeating the above described actions to the end of symbols for ciphering; and information deciphering comprising the steps of: separating the symbol for deciphering from the first symbol of the password using the reversed function; adding the deciphered symbol to the password; deleting the first symbol of the password; repeating the described above actions to the end of the symbols for deciphering.
14. The reversive function according to the claims 11 and - SO -
13, comprising the byte-by-byte operation XOR.
15. The method for secure information keeping, comprising the steps of: ciphering the whole internal information with the personal password; keeping the personal password mixed with noise in a file, that is ciphered using the economic method according to claim 13 with the same personal password; file deciphering using the economic method according to the claim 13 and comparing the found in the file by a label password with the password used for deciphering; if the comparation is true, deciphering with the personal password the whole internal information before its using.
16. The method for making unique sessions, comprising the steps of: writing in the ciphered part of the message the passed random marker when the first message was received, writing a random marker, that is expected to be returned when the next message would be received; if the expecting values are returned it is considered that the secure channel works properly and there is not any intervention.
17. The secure channels comprising: anonimous secure channel — in this case applying the method for unique sessions according to the claim 16, the crypto method according to the claim 11 for ciphering the information block with the internal password; adding a status byte, that is nonciphered and gives information about the deciphering,- of what kind is the channel, whether the information is variegated, whether is it complemented; transmitting through the communications channel; deciphering the information using the status byte and the password; or secure channel with identi ication — in this case creating an anonimous channel using an internal password; ciphering the informatiom with a personal password using the economic crypto method according to the claim 13; transmitting the information through a communications channel; deciphering the information using the economic crypto method and the personal password; if it is insuccesiful a defined number times, then locking the channel, else proceeding the information using the procedures for anonimous channel; or separated secure channel — in this case creating an anonimous secure subchannel with the internal password for the separate channel; creating a secure channel with identification, that contains the anonimous subchannel.
18. The method for postponed personal password change comprising the steps of: immediately locking the old password identification by the new password; establishing the next connection through the secure channel using the old password and transmitting through the channel a command for password change; deleting the old password and establishing the connection using the new password.
19. The method for establishing a secure connection and remote delegation through mediator centers, comprising the steps of: establishing a secure channel between the device and a confiable center; connecting the confiable center with another confiable center through a secure channel; connecting in this way the necessary number of centers, while a path to the second device confiable center is found; guaranteeing every one mediator center its identity before the next.
20. The method for payment using anonimous accounts, comprising the steps of: linking the account with the anonimous secure channel; when a payment is about to be made, establishing a secure connection one of the sides with their payment center; establishing a connection between the devices of two sides; creating a secure subchannel between the device of the other side and its payment center through the communication server of the first side payment center; creating a secure channel between the two payment centers, there may be a mediator side; transfer ing the necessary money from the account of the first side to the account of the second side; checking the receiving side its account through its secure channel; if it is all right , concluding the transaction, else protesting the transaction in a determined guarantee period before the payment center.
21. The confiable center, comprising means of: keeping securelly the confidential information as communication passwords, personal passwords and personal data; deciphering of recived information using passwords of the sender's side and ciphering information for output using the passwords of the recipient's side; establishing secure channels between persons or between other centers, guaranteeing their identities.
PCT/BG2000/000026 1999-10-18 2000-10-12 Method and apparatus for creation of secure communications channel, identification and payment WO2001030044A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU76345/00A AU7634500A (en) 1999-10-18 2000-10-12 Method and apparatus for creation of secure communications channel, identification and payment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BG103821A BG63887B1 (en) 1999-10-18 1999-10-18 Method and device for forming a safe connection channel, identification and making of payments
BG103821 1999-10-18

Publications (2)

Publication Number Publication Date
WO2001030044A2 true WO2001030044A2 (en) 2001-04-26
WO2001030044A3 WO2001030044A3 (en) 2002-01-10

Family

ID=3927918

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BG2000/000026 WO2001030044A2 (en) 1999-10-18 2000-10-12 Method and apparatus for creation of secure communications channel, identification and payment

Country Status (3)

Country Link
AU (1) AU7634500A (en)
BG (1) BG63887B1 (en)
WO (1) WO2001030044A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8782414B2 (en) 2007-05-07 2014-07-15 Microsoft Corporation Mutually authenticated secure channel
WO2020197729A1 (en) * 2019-03-25 2020-10-01 Micron Technology, Inc. Remotely managing devices using blockchain and dice-riot

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5500897A (en) * 1993-07-22 1996-03-19 International Business Machines Corporation Client/server based secure timekeeping system
US5812764A (en) * 1997-01-30 1998-09-22 International Business Machines Password management system over a communications network
EP0869651A1 (en) * 1997-04-01 1998-10-07 Telefonaktiebolaget Lm Ericsson A method and apparatus for secure data communication
WO1999006928A1 (en) * 1997-07-31 1999-02-11 Spring Technologies, Inc. System and method utilizing biometric identification for controlling access to events and transportation systems
WO1999034551A1 (en) * 1997-12-29 1999-07-08 Mordhai Barkan Method for safe communications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5500897A (en) * 1993-07-22 1996-03-19 International Business Machines Corporation Client/server based secure timekeeping system
US5812764A (en) * 1997-01-30 1998-09-22 International Business Machines Password management system over a communications network
EP0869651A1 (en) * 1997-04-01 1998-10-07 Telefonaktiebolaget Lm Ericsson A method and apparatus for secure data communication
WO1999006928A1 (en) * 1997-07-31 1999-02-11 Spring Technologies, Inc. System and method utilizing biometric identification for controlling access to events and transportation systems
WO1999034551A1 (en) * 1997-12-29 1999-07-08 Mordhai Barkan Method for safe communications

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8782414B2 (en) 2007-05-07 2014-07-15 Microsoft Corporation Mutually authenticated secure channel
WO2020197729A1 (en) * 2019-03-25 2020-10-01 Micron Technology, Inc. Remotely managing devices using blockchain and dice-riot
US11128451B2 (en) 2019-03-25 2021-09-21 Micron Technology, Inc. Remotely managing devices using blockchain and DICE-RIoT

Also Published As

Publication number Publication date
AU7634500A (en) 2001-04-30
BG103821A (en) 2001-04-30
BG63887B1 (en) 2003-04-30
WO2001030044A3 (en) 2002-01-10

Similar Documents

Publication Publication Date Title
US5602918A (en) Application level security system and method
US7293176B2 (en) Strong mutual authentication of devices
US7475250B2 (en) Assignment of user certificates/private keys in token enabled public key infrastructure system
US7100048B1 (en) Encrypted internet and intranet communication device
US20050044377A1 (en) Method of authenticating user access to network stations
US20060072745A1 (en) Encryption system using device authentication keys
EP1734686A2 (en) Cipher communication system using device authentication keys
US20070277013A1 (en) Method for transmitting protected information to a plurality of recipients
TW486902B (en) Method capable of preventing electronic documents from being illegally copied and its system
JP2008529044A (en) Secure encryption system, apparatus and method
US20110126010A1 (en) Server, system and method for managing identity
CN101897166A (en) Systems and methods for establishing a secure communication channel using a browser component
JP2000222362A (en) Method and device for realizing multiple security check point
CN103168307A (en) Method to control and limit readability of electronic documents
JP2003234736A (en) Public key infrastructure token issuance and binding
JP2002057660A (en) System and method for using role certificate as signature, digital seal, and digital signature in coding
JP2006215795A (en) Server device, control method, and program
JP2007058455A (en) Access management system and access management method
CN114244508A (en) Data encryption method, device, equipment and storage medium
JPH1032568A (en) Ciphered transmission method
RU2374779C2 (en) Method for downloading of multimedia information into portable data carrier and portable data carrier
EP1091276A1 (en) Authentication of hypertext kind of resources through signature handling protocol
WO2011058629A1 (en) Information management system
WO2001030044A2 (en) Method and apparatus for creation of secure communications channel, identification and payment
JP2000078128A (en) Communication system, ic card and recording medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWW Wipo information: withdrawn in national office

Ref document number: 2000965663

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2000965663

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP