• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The present invention relates to the field of connection to a secure remote service from a terminal and in particular the establishment of a connection between the secure remote service and a security device connected to the terminal. According to the invention, a security device comprising a security element is connected to the terminal by a local network, physical or virtual. When attempting to access a secure remote service, a software module is automatically downloaded to the terminal, without requiring any particular user rights, from the secure remote service for discovery and interaction with the security device. In this way, it is not necessary to install drivers or other specific software to allow the use of the secure element when attempting to access a secure remote service.
    公开号:FR3013541A1
    申请号:FR1361361
    申请日:2013-11-19
    公开日:2015-05-22
    发明作者:Florian Vallee;Nicolas Bousquet
    申请人:Oberthur Technologies SA;
    IPC主号:
    专利说明:

    [0001] The present invention relates to the field of connection to a secure remote service from a terminal and in particular the establishment of a connection between the secure remote service and a security device connected to the terminal.
    [0002] Remote secure services accessible from a consultation terminal are multiplying. These secure remote services are typically services available on the Internet communication network but are not limited to this communication network. These secure remote services are generally used from a consultation terminal also connected to this network. This terminal can be a personal computer, a smart mobile phone (smartphone in English), a tablet which is a personal computer comprising a touch screen and typically without a keyboard or any other type of terminal connected to a communication network and allowing a user to interact with the secure remote service. The secure remote service is a set of software hosted on one or more servers. This set of software is programmed to receive requests from the consultation terminal and respond to them in order to provide the secure remote service considered. The protocol allowing exchanges between the consultation terminal and the secure remote service is typically the HTTP protocol (Hyper Text Trans Iron Protocol) and the associated protocols as HTTPS for the secure version. We then speak of service or WEB site. It may also be other communication protocols that may be proprietary.
    [0003] The secure remote service can be authenticated in the sense that it requires the user of the consultation terminal to authenticate itself in order to access the service. In this case, the secure remote service typically includes a registered user base. When using the secure remote service, the user is prompted to provide one or more authentication information to allow access to be linked to one of the registered users. Authentication may be based on the user entering an associated name and password that will be sent to the secure remote service. Authentication is valid if the password matches the one registered for the corresponding name in the secure remote service user database. Stronger authentication systems can be used, such as biometric-based systems such as fingerprint recognition, eye iris recognition, and others. It is also possible to use digital certificates based on a cryptographic system, each certificate comprising a public key and a private key. The authentication is called multi factor if it requires at least two authentication information typically belonging to two different categories. For example, it is possible to associate a password and a fingerprint.
    [0004] Communications between the consultation terminal and the secure remote service may be in clear, that is, the information is transmitted as it is. They can also be encrypted. The encryption can be based on the knowledge of a shared secret, for example DH (Diffie-Hellman) or DES (Data Encryption Standard in English) between the consultation terminal and the secure remote service used for the encryption and decryption of the transmitted information or based on the private and public digital key certificate system. This is called asymmetric encryption, for example RSA (Rivest, Shamir and Adleman).
    [0005] When the encryption is such that it ensures that a third party on the information path is unable to read the exchanged information or modify or insert information in the exchanged flow, it is called encrypted tunnel or virtual private network (VPN). Indeed, in this case, everything happens as if a single physical link was used for communication between the two entities exchanging encrypted information.
    [0006] Cryptographic systems including digital certificates can be implemented by secure elements that can take the form of specialized circuits protected against attacks. These secure elements are generally in the form of a smart card or a dedicated circuit of the same type as the chip of the chip card integrated circuit of a data processing device. It is known to use a smart card containing, for example, a digital certificate to authenticate and / or encrypt the communication between a consultation terminal and a secure remote service. Typically, the smart card is inserted into a card reader connected to the terminal. However, this solution typically involves the installation of specific drivers on the consultation terminal. In addition, the installation and configuration of specific software (middleware in English) is also often necessary. In addition to the fact that the user does not always have the necessary rights to these installations on the user terminal for security reasons, he often sees these operations as complex, problematic and intrusive. The present invention aims to solve the aforementioned drawbacks. According to the invention, a security device comprising a security element is connected to the terminal by a local network, physical or virtual. When attempting to access a secure remote service, a software module is automatically downloaded to the terminal, without requiring any particular user rights, from the secure remote service for discovery and interaction with the security device. In this way, it is not necessary to install drivers or other specific software to allow the use of the secure element when attempting to access a secure remote service.
    [0007] The invention relates to a method for establishing a connection between a security network service hosted by a security device connected to a consultation terminal and a remote service when consulting said remote service by said consultation terminal, characterized in that it comprises the following steps: a step of transmission of a discovery software module by the remote service to the consultation terminal, in response to a request sent by said consultation terminal; a step of discovery, by the received discovery software module executed on said consultation terminal, of at least one security network service available on a local network; a step of establishing a first connection, by the received discovery software module executed on said consultation terminal, between the latter and the security network service; and a step of establishment, of a second connection, by the received discovery software module executed on said consultation terminal, between the latter and the remote service, the discovery software module serving then relay between the first and the second connection. Thus, it is possible to secure access to a remote service with a security device while minimizing the impact on the user experience.
    [0008] According to a particular embodiment of the invention, the method further comprises, by the received discovery software module executed on said consultation terminal: a step of sending a list of discovered security network services to the remote service; and a step of receiving information designating a security network service selected by said remote service from this list, the first connection then being established with the selected security network service. Thus, the service can choose the security device to use if there are more than one.
    [0009] According to a particular embodiment of the invention, the method furthermore comprises, by the received discovery software module executed on said consultation terminal: a step of validation of the network services discovered by an attempt to connect to these security network services . This ensures that the responding network services are working properly. According to a particular embodiment of the invention, the method further comprises, by the received discovery software module executed on said consultation terminal: a step of receiving a set of parameters during said connection attempt to these services security network by the discovery software module; and a step of adding the received parameters to the list of discovered security network services. Thus, it is possible to determine parameters for the connection between the remote service and the security device. According to a particular embodiment of the invention, the list of discovered security network services sent to the remote service is reduced to validated network services only.
    [0010] This way, the remote service can not select an invalid network service. According to a particular embodiment of the invention, the method further comprises, by the received discovery software module executed on said consultation terminal: a step of local storage on the terminal setting parameters of the first and second connections. Thus, it is possible to restore the connection without redoing the discovery steps.
    [0011] According to a particular embodiment of the invention, the first and second connections established by the received discovery software module executed on said consultation terminal are encrypted.
    [0012] Thus, the security of the communication between the remote service is improved. According to a particular embodiment of the invention, the method further comprises: an end-to-end encryption step of the first and second connections by the remote service and the network service. Thus, the security is improved, even if the terminal was to be corrupted by malicious software.
    [0013] According to a particular embodiment of the invention, the step of transmitting the discovery software module comprises: a step of inserting this module into a web page in the form of an interpreted program.
    [0014] Thus the transfer is automatic and transparent for the user. According to a particular embodiment of the invention, the module is inserted in a hidden frame.
    [0015] Thus, the established connection becomes resistant to a page change of the user. According to a particular embodiment of the invention, the step of transmitting the discovery software module comprises: a step of transmitting this module in the form of an extension module of a WEB browser.
    [0016] Thus, any restrictions applied to a module in interpreted language, typically in access to local networks, can be bypassed.
    [0017] According to a particular embodiment of the invention, the security network service is hosted on a mobile phone. The invention also relates to a device for hosting a service characterized in that it comprises: a discovery software module; means for transmitting the discovery software module to a consultation terminal, in response to an access request received from said consultation terminal; the discovery software module comprising, intended to be executed on the terminal: means for discovering at least one security network service available on a local network; means for establishing a first connection with the security network service; and means for establishing a second connection with the hosted service, the discovery software module then serving as a relay between the first and the second connection.
    [0018] According to a particular embodiment of the invention, the device further comprises within the discovery software module: means for sending a list of discovered security network services to the remote service; and means for receiving information designating a security network service selected by said remote service from this list, the first connection then being established with the selected security network service. According to a particular embodiment of the invention, the device further comprises within the discovery software module: means for validating network services discovered by an attempt to connect to these security network services.
    [0019] The invention also relates to a computer program comprising instructions adapted to the implementation of each of the steps of the method according to the invention when said program is executed on a computer.
    [0020] The invention also relates to an information storage means, removable or not, partially or completely readable by a computer or a microprocessor comprising code instructions of a computer program for executing each of the steps of the method according to the invention. the invention. In a particular embodiment, the various steps of the aforementioned method are determined by instructions of computer programs.
    [0021] Consequently, the invention also relates to a computer program on an information medium, this program being capable of being implemented by a microprocessor, this program comprising instructions adapted to the implementation of the steps of the method such as than mentioned above.
    [0022] This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other form desirable shape.
    [0023] The invention is also directed to a microprocessor-readable information medium, and including instructions of a computer program as mentioned above.
    [0024] The information carrier may be any entity or device capable of storing the program. For example, the medium may comprise a storage means, such as a ROM, for example a microcircuit ROM, or a magnetic recording means, for example a hard disk, a flash memory or a recording medium. optical, for example CD, DVD or Blu-ray.
    [0025] On the other hand, the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means. The program according to the invention may in particular be downloaded to a storage platform of an Internet type network.
    [0026] Alternatively, the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
    [0027] The above-mentioned information carrier and computer program have characteristics and advantages similar to the method they implement. Other features and advantages of the invention will become apparent in the description below. In the accompanying drawings, given as non-limiting examples: FIG. 1 schematically represents a data processing device implementing a secure element; FIG. 2 represents a microcircuit card which constitutes an example of a data processing device including a security element as represented in FIG. 1; - Figure 3 illustrates the software architecture of the various elements of the system according to one embodiment of the invention; FIG. 4 illustrates the exchanges between the elements of the system during the establishment of a secure connection between the secure remote service and the secure element according to one embodiment of the invention.
    [0028] Figure 1 schematically shows a data processing device 40 implementing a secure element. This device 40 comprises a microprocessor 10, to which is associated on the one hand a random access memory 60, for example by means of a bus 70, and on the other hand a non-volatile memory 20 (for example of the EEPROM type), for example through a bus 50. The data processing device 40, and precisely the microprocessor 10 that it incorporates, can exchange data with external devices by means of a communication interface 30.
    [0029] 1 shows the transmission of an input data X received from an external device (not shown) and transmitted from the communication interface 30 to the microprocessor 10. Similarly, the transmission is shown in FIG. an output data Y of the microprocessor 10 to the communication interface 30 to an external device. This output data Y is derived from a data processing by the microprocessor 10, generally on the input data X using a secret datum 80 internal to the system, for example a private key.
    [0030] Although, for the illustration, the input data and the output data appear on two different arrows, the physical means which allow the communication between the microprocessor 10 and the interface 30 may be made by unique means, for example a serial communication port or a bus.
    [0031] The microprocessor 10 is capable of executing software (or computer program) which enables the data processing device 40 to execute a method according to the invention, examples of which are given hereinafter. The software is composed of a series of microprocessor control instructions 10 which are for example stored in the memory 20. Alternatively, the microprocessor assembly 10 - non-volatile memory 20 - memory vive 60 may be replaced by a specific application circuit which then comprises means for implementing the various steps of the data processing method. FIG. 2 represents a microcircuit card which constitutes an example of a data processing device including a security element as represented in FIG. 1. The communication interface 30 is in this case realized by means of the contacts of the card. with microcircuit. The microcircuit card incorporates a microprocessor 10, a random access memory 60 and a non-volatile memory 20 as shown in FIG. 1. This microcircuit card is, for example, in accordance with the ISO 7816 standard and provided with a secure microcontroller which includes the microprocessor 15 (or CPU) 20 and the random access memory 60. In a variant, the data processing device can be a USB key, a document or a paper information carrier comprising in one of its sheets an associated microcircuit. to non-contact communication means. This is preferably a portable or pocket electronic entity. It can also be a circuit dedicated to security (secure element in English) can be integrated directly within a device, for example welded in a mobile phone. When a consultation terminal seeks to establish a connection to a secure remote service, in general, one aspect of the invention is to provide a software module to said terminal by said service. This software module is then downloaded automatically by the consultation terminal and executed. This software module is responsible for initiating a discovery on the one or more local networks to which the consultation terminal is connected. This discovery aims to identify the security device or devices connected to these local networks or more specifically the security network services hosted by the security device. A network service is a set of features offered by a network node. This service is typically identifiable by name. It also has the ability to identify itself on the network in response to a discovery request. The list of discovered security network services 5 is then transmitted to the secure remote service which selects one. The communication is then established between the secure remote service and the security network service integrated into the security device via the software module downloaded to the security terminal so as to establish a tunnel. This tunnel may advantageously be encrypted end-to-end by the remote service and the network service of the security device. This tunnel is then used according to the needs of the secure remote service, typically for authentication or encryption of communications between the consultation terminal and the secure remote service. The security device integrates a security element such as that described in Figure 1 which typically implements a cryptographic system and at least one digital certificate associated with the secure remote service user. The security element may also be in the form of a smart card such as that shown in Figure 2. This smart card may be inserted into the security device in a card reader. It can also be connected to this device, for example by a wireless link of the NFC type. It also integrates at least one means of establishing a connection to a local area network to allow communication with the consultation terminal. This local network can be established for example above a wired link directly connecting the device to the terminal. For example, it can be connected by a serial link type USB (Universal Serial Bus in English). It can also be a wired link for connection to a local network to which the terminal is also connected, for example an Ethernet link or an IEEE 1394 link or other. It may also be a radio link, for example of the Bluetooth type, Wifi or a near-field connection type NFC (Near Field Communication in English). Whatever the physical link established, a network communication typically of the IF (Internet Protocol in English) type is established on this physical link to allow communication between the terminal and the security device using the current protocols on this type of network. network. In particular, the Simple Service Discovery Protocol (SSDP) type discovery protocols integrated in the Universal Plug and Play (UPnP) standard or alternatively DNS-SD (Domain Name Service Based Service Discovery) defined by the RFC. 6763 are implemented within the security appliance. Web communication protocols such as HTTP or HTTPS are also typically implemented within the security appliance. These protocols are given as examples and other protocols can be used to perform the same functions. When the security device is connected to the terminal or the local network on which the terminal is also connected, its network connection is automatically configured. This configuration can, for example, be done through an automatic configuration protocol such as the Zeroconf protocol defined by RFC 5889. The configuration can also be obtained from a Dynamic Host Control Protocol (DHCP) configuration server available on the local network or even directly embedded on the security device. The latter therefore appears on the local network as a network node that can communicate with the consultation terminal without any intervention of the user. The security device also implements a security network service to meet the security requirements of the secure remote service. This security network service typically implements the authentication and / or encryption functions necessary for the security requirements of the secure remote service. It is typically based on the cryptographic system integrated into the secure element of the security device.
    [0032] Access to the secure remote service is done from a software client on the consultation terminal. This client is typically a web browser but can also be any type of software for communication with the secure remote service. When this client tries to access the secure remote service or certain service features that require security needs, a software module is then proposed to the client by the secure remote service. This module can take the form of an interpreted program (script in English) typically expressed in integrated Javascript language within a WEB page. In some embodiments, typically to circumvent certain limitations in accessing the network resources of the terminal to downloaded interpreted programs, the software module may also be provided in the form of a browser plug-in (plugin). Generally in this case, downloading the plug-in requires validation by the user. This embodiment is the only one that requires user intervention. This is then limited to this validation and remains much lighter than the installation of pilots. Alternatively, a mixed mode can also be used. In such a mode, an extension module can be used to provide the necessary network access functionality. An interpreted software module being introduced into the content of the service then uses these functionalities of the extension module. In this way, the transfer is automatic and transparent to the user.
    [0033] Advantageously, the interpreted software module can be inserted in a hidden frame (Hidden Frame in English) different from the frame of the WEB content. Thus, the connection remains active during a page change by the user. Once this module is downloaded, it is then executed by the software client of the user terminal. The module is then responsible for launching a security device discovery phase capable of performing the additional security function required by the secure remote service. This discovery phase (discovery in English) typically consists of sending in broadcast mode (broadcast in English) discovery messages including a designation of the desired network service. The latter is typically named by name. These messages are sent on all the active network interfaces of the consultation terminal and thus on all local networks, physical and virtual, based on a USB interface or other, to which the latter is connected. All nodes of the network having the designated security network service in the discovery messages will respond to this message as a response message returned to the module downloaded to the terminal. This response message typically contains the identification of the answering network node, the available network service and possibly additional parameters related to this network service.
    [0034] The module receives all the responses emitted by the different network nodes hosting a network service corresponding to the network service sought by the discovery phase. If no response is received, the secure remote service can not access a required security network service and typically will not allow access to its secure remote service or some of its features or resources. Several attempts can be made to determine an absence of a security network service. Advantageously, the security software module performs a validation step of the discovered security network services. This validation can consist of an access test. In this case, the list of discovered network services is reduced to validated services. Data from all responses, or validated responses, are sent to the secure remote service. It selects one of the nodes that responded to the discovery. This selection is based on the identity of the node that responded and possibly on the additional parameters provided in the responses. The result of this selection is then returned to the downloaded module on the consultation terminal. Two communication links are then established, one between the secure remote service and the downloaded module and a second between the downloaded module and the selected security device, more precisely between the downloaded module and the security element integrated in this module. The module then operates in relay mode between these two links. This operation is typically performed transparently and automatically. Thus, a direct communication link is established through these two links between the secure network service and the security element integrated into the security device. Advantageously, the data is encrypted on these links to provide a secure tunnel between the secure remote service and the security element. Encryption can be performed at each of the connections and / or end-to-end between the secure remote service and the security element. Once communication is established between the secure remote service and the security element, the service can communicate with it for service purposes. These needs can be diverse and they depend on secure remote service. Typically they include user authentication using a built-in digital certificate within the security element. It may also include encryption and decryption services by the security element or others depending on the secure remote service. Thus, a connection is established between the secure remote service and a security element connected to a consultation terminal of said service.
    [0035] This connection is established without requiring the user to install security-specific drivers or additional software on the device. It is established in a completely transparent manner or by requiring only validation by the user for the embodiment based on a browser extension module. It provides a high level of security to a secure remote service based on a security element while preserving the ease of use of the secure remote service. Figure 3 illustrates the software architecture of the various elements of the system according to one embodiment of the invention.
    [0036] In this embodiment of the invention, the secure remote service 1010 is a WEB service hosted on one or more servers (cluster in English) connected to a data network, typically the Internet network. This secure remote service includes a web server 1101 for receiving requests and generating response messages to these requests. The service hosts content 1102 for use by the web server 1101 to generate its responses to requests. This content defines the secure remote service offered. The secure remote service also includes a discovery software module 1103 according to the invention typically written in interpreted language or script to manage remote access. The secure remote service also includes a 1104 service for establishing and managing encrypted communications or tunnels with others over the Internet. The secure remote service is managed by a central service 1105 (backend in English) which is responsible, among other things, for managing the user accounts and their access rights to all or part of the secure remote service. The consultation terminal 1020 comprises a browser 1210. It is typically a WEB browser, such as Opera (registered trademark), Safari (registered trademark), Firefox (registered trademark), Internet Explorer (registered trademark) or other . This browser is used as a client of the secure remote service consultation 1010. It typically includes an interpreter of interpreted language 1211, typically a JavaScript engine (Javascript engine), allowing it to run modules locally on the terminal. software downloaded from a WEB service, for example, the discovery module 1103. It may also include in some embodiments an extension management module 1212. These 25 extensions are software modules that can be downloaded and come to interface with the browser. These add-ons enrich the functionality of the browser. In some embodiments, the discovery module 1103 may be provided as such an extension module. Advantageously, the browser integrates a software interface (API for Application Programming Interface in English) NSD (Network Service Discovery in English) as defined by the consortium W3C (World Wide Web Consortium in English). This software interface allows the management of network service discovery packets on the various active network interfaces of the terminal. Figure 3 illustrates the network stack 1220, typically a virtual network stack implemented on the physical link 1230 connecting the terminal and the security device. The browser communicates with the network stack via link 1240. For example, in the case of a USB connection of the security device, the USB standard incorporates Ethernet emulation which can be leveraged by network stacks embedded in the systems. operating systems such as Linux (registered trademark) or Mac OS (registered trademark). In the case of Windows operating system (registered trademark), a module RNDIS (Remote 10 Network Driver Interface Specification in English) allows to offer the same service. These batteries are supported by default operating systems. This network communication can also be based on a radio link such as Bluetooth with the BT-PAN profile (Personal Area Networking in English) or directly in WiFi. According to the embodiment, this network interface may be common with the network interface, typically Wifi or Ethernet, used by the terminal to access the Internet, or it may be different, typically in the case USB or Bluetooth. The security device 1003 comprises a set of integrated components 1030. This set comprises a security element 1390 which comprises secure memory for the cryptographic keys 1391, a cryptographic calculation module 1392 and an application (Applet type) loaded with the implementation of network service features. These are the security features required by the secure remote service and offered as a detectable network service. The security device also includes a 1394 driver for managing the features of the application 1393. This application can communicate with a management service 1313 of a secure connection or tunnel. Advantageously, the device also comprises an internal WEB server 1310 coupled with a server 1311 typically supporting the CORS (Cross Origin Resource Sharing) method as detailed below. The security device comprises integrated memory 1321 for the operation of these software modules. Advantageously, it can also have a removable memory module 1322 to increase its capacity. It also optionally has a man-machine interface 1323. This interface typically comprises a screen and / or a series of light indicators for indicating information for the user. It can also include a set of buttons allowing the latter to interact with the device. In order to allow additional authentication of the user, the device may be provided with biometric sensors 1324, such as a fingerprint reader, an iris reader or the like. Advantageously, the device also comprises a near field radio communication module NFC 1325 type. For communication with other devices, typically the consultation terminal, the security device has a physical interface 1301 which is generally the pendant the physical interface of the terminal 1230. This physical interface supports a network stack 1302 which is also typically the counterpart of the network interface 1220 of the terminal. The same technologies as those described for the terminal can be used here. Advantageously, the device comprises a dynamic configuration server DHCP 1321 which allows the configuration of the local network created between the consultation terminal and the security device. This is particularly useful when the consultation terminal and the security device communicate by establishing a virtual point-to-point local network which is the case when using Bluetooth or USB technology for example. In the case where the security device and the consultation terminal are connected by a pre-existing local network, typically the case of a Wifi network, the Wifi point can then manage the network configuration of the security device. The security device finally has a discovery service 1320 that allows it to receive and respond to discovery requests. This security device can be implemented in the form of a specific device. In some embodiments, it may also be a smartphone incorporating a security element or connected, for example by an NFC link, to a security element. The security network service is then typically implemented as an application running on the telephone. This phone can connect to the terminal via Wifi or Blutooth, technologies commonly implemented in phones today, or USB technology also commonly implemented in phones. The consultation terminal is connected to the remote service by a communication link 1060, typically an Internet connection. It is also connected to the secure device by a local network link 1050. A secure or tunnel connection 1070 is established by the method according to the invention between the tunnel service 1104 of the remote service and the tunnel service 1313 of the secure device passing through the module. software 1103 downloaded and typically executed by the JavaScript module 1211. FIG. 4 illustrates the exchanges between the elements of the system during the establishment of a secure connection between the secure remote service 15 and the secure element according to an embodiment of the invention. These exchanges occur between the secure remote service, the consultation client executed by the consultation terminal and the security device 1003. Within the security device the exchanges are described between the discovery service, the embedded WEB service and the element. of security. During a consultation of the secure remote service by the consultation client from the consultation terminal, a request (1) is sent by the consultation client to the secure remote service. This request (1) uses within the secure remote service resources or functionality requiring a security operation. This security operation may, for example, be a user authentication, a digital signature operation, or an operation encryption or decryption operation. In order to perform this security operation, the secure remote service requires the service of the secure element integrated within the security device. This request (1) is typically an HTTP or HTTPS request. The injection of the discovery software module can be done on demand when the security functionality is required or at the beginning of the consultation to be available later and thus improve the response time. It may happen that in some cases, the discovery software module is already present, for example it may have been downloaded during a previous access to a resource requiring the security network service.
    [0037] The discovery software module is then downloaded to the consultation terminal within the consultation client during step (2). This downloading is typically implemented by inserting the module into an interpreted language within a page of the WEB content served by the remote service. It can also be the offer of installation of the discovery software module in the form of an extension module or a combination between an interpreted language module and an extension module that complements it. Once downloaded, this discovery software module is run by the consulting client.
    [0038] In order to operate, the software discovery module must be able to access a programming interface for sending discovery packets to the local networks connected to the terminal. This interface can be typically the NSD interface 1213 in FIG. 3. If the module identifies that it does not have this access, it can then propose the download of an extension module offering the same functionalities as the software module. discovery and is not subject to the same limitations as a module interpreted by the consulting client.
    [0039] The discovery module then initiates a discovery phase on all the active network interfaces of the consultation terminal. This discovery phase consists of sending discovery messages (3) in broadcast mode on all of these networks. The discovery message is then received by the security device 1003 and is managed by the discovery service. The discovery service then responds to the discovery request by the message (4) which contains the parameters relating to the security network service implemented by the device and how to connect to it. These parameters typically include the network service name, its IF address, and an associated port number. Advantageously, these parameters include a cryptographic key that can be used to secure the communication with the security device. The response message may, for example, be sent by a CORS AJAX call to the onboard WEB server. Once the consultation client has retrieved all the responses, they are passed to the discovery software module which therefore has a list of the nodes of the network that have the desired security network service and a means of discovery. to access. This means typically consists of an IF address and an associated port number possibly associated with the name of the service. Advantageously, the discovery software module then performs a pre-selection step of the discovered network services. To do this, he tries to access these services, these are the exchanges (5) of Figure 4. Due to the security policy generally integrated in modern browsers that prohibits HTTP requests to leave their domain, it The security network service may not be accessible. This limitation can be circumvented by the use of HTTP request using CORS technology (Cross-Origin Resource Sha ring). This requires that the HTTP server built into the device be compatible with this technology. Otherwise, the queries can not complete and trigger the display of an error message. Security network services not compatible with CORS technology are then removed from the list of available security network services. The same is true for services that did not respond to the access attempt. In general, this access attempt makes it possible to check the accessibility of the security network service. The tests actually carried out may vary according to the embodiments of the invention.
    [0040] This verification procedure may include negotiation to determine a cryptographic key that can be used to encrypt communications between the secure remote service and the security appliance. It is then assumed that the security device includes, typically stored in the security element, this shared secret. The procedure for sharing this secret is not described in this document. The possible results of the verification procedure are then added to the description of the acceptable security network services.
    [0041] This list is then sent back to the secure remote service during step (6). This can be done, for example, in the form of an AJAX POST request sent to the server which returns the information to the central service managing the secure remote service.
    [0042] Advantageously, a verification step of the received network services is then made by the secure remote service. A selection of one of these services is made. This selection is based on the collected parameters accompanying the list of available network services. Optionally, this selection may be based on the verification of a signature contained in these parameters. The selected service is then communicated to the discovery software module during step (7), for example by sending its index in the list of discovered network services. Advantageously, a unique identifier is generated and also communicated, this identifier is also stored by the tunnel service 1104 Figure 3 of the secure remote service. It may be used in conjunction with the negotiated cryptographic key for establishing the secure connection. When it receives the selected secure network service, the discovery software module switches to an operational mode. It then establishes two persistent connections. A first persistent connection is established with the secure remote service tunnel service (8) and a second connection is established with the secure device tunnel service (9). Advantageously, these connections are encrypted using the negotiated cryptographic key so as to form a secure tunnel between the security device and the secure remote service. When these two connections have been established successfully, the discovery software module 5 operates as a simple relay between the two connections. These connections can be implemented, for example, using WebSocket technology, standardized in RFC 6455, integrated into modern browsers. This technology provides asynchronous bidirectional communications compatible with WEB technologies such as HTTP or HTTPS. It can be used to open persistent links between a client and a server where AJAX technologies offer non-persistent and non-persistent chain oriented communications at the customer's initiative. A virtual direct link (10) is thus created between the secure remote service and the security device and more specifically the WEB service embedded in the latter. The embedded WEB service is itself connected by the link (11) with the integrated security element, it communicates with the even application 1393 Figure 3. The communications can now take place at the initiative of the secure remote service for perform the security operation (s) required by this service. The secure remote service may take advantage of the cryptographic functions of the security element embedded in the security appliance to perform operations such as authentication, signature, encryption, or any other desired operation. These exchanges can be based on the standard access protocol to an APDU secure element defined by the IS07816 standard. Some secure remote service requests may not require direct access to the secure element but only, for example, require authentication of the user by the use of a biometric sensor built into the security device. In this case, the request is directly interpreted by the embedded WEB server. In a particular embodiment, the discovery software module is not injected into the normal content of the service. The content is then encapsulated in a full-sized navigation frame while the software module is encapsulated in a hidden frame. This allows the discovery software module and thus the tunnel between the secure remote service and the security device to survive a page change during navigation. In another particular embodiment, the discovery software module is normally inserted into a WEB content. When the connection is established, the discovery software module uses the Document Object Model (DOM) storage facility to store the connection information locally on the consultation terminal. This DOM storage technology offered by HTML 5 allows WEB applications to have local storage space on the consultation terminal. This connection information typically includes a session identifier as well as the IF addresses and associated ports to reestablish the connection. Thus, when the user leaves the current page, the connection is lost. When returned, the discovery software module can re-establish the connection using the stored connection information without having to restart the entire procedure. Advantageously, to avoid malicious use of the connection information, the secure remote service implements a time counter invalidating the session identifier after a given time. It can also invalidate an attempt to establish the connection from another browsing session.
    [0043] Naturally, to meet specific needs, a person skilled in the field of the invention may apply modifications in the foregoing description.
    [0044] Although the present invention has been described above with reference to specific embodiments, the present invention is not limited to specific embodiments, and modifications that are within the scope of the present invention will be obvious to someone skilled in the art.
    权利要求:
    Claims (17)
    [0001]
    REVENDICATIONS1. A method for establishing a connection between a security network service hosted by a security device connected to a consultation terminal and a remote service when consulting said remote service by said consultation terminal, characterized in that it comprises the following steps: a step of transmission of a discovery software module by the remote service to the consultation terminal, in response to a request sent by said consultation terminal; a step of discovery, by the received discovery software module executed on said consultation terminal, of at least one security network service available on a local network; a step of establishing a first connection, by the received discovery software module executed on said consultation terminal, between the latter and the security network service; and a step of establishment, of a second connection, by the received discovery software module executed on said consultation terminal, between this latter and the remote service, the discovery software module then serving as relay between the first and the second connection.
    [0002]
    2. Method according to claim 1, characterized in that it further comprises, by the received discovery software module executed on said consultation terminal: a step of sending a list of discovered security network services to the remote service ; and a step of receiving information designating a security network service selected by said remote service from this list, the first connection then being established with the selected security network service.
    [0003]
    3. Method according to claim 2, characterized in that it further comprises, by the received discovery software module executed on said consultation terminal: a validation step of network services discovered by an attempt to connect to these network services of security.
    [0004]
    4. Method according to claim 3, characterized in that it further comprises, by the received discovery software module executed on said consultation terminal: a step of receiving a set of parameters during said connection attempt to these network security services through the discovery software module; and a step of adding the received parameters to the list of discovered security network services.
    [0005]
    5. Method according to claim 3 or 4, characterized in that the list of discovered security network services sent to the remote service is reduced to only validated network services.
    [0006]
    6. Method according to one of claims 1 to 5, characterized in that it further comprises, by the received discovery software module executed on said consultation terminal: - a step of local storage on the terminal of the parameters of establishing the first and second connections.
    [0007]
    7. Method according to one of claims 1 to 6, characterized in that the first and second connections established by the received discovery software module executed on said consultation terminal are encrypted.
    [0008]
    8. Method according to one of claims 1 to 7, characterized in that it further comprises: - an end-to-end encryption step of the first and second connections by the remote service and the network service.
    [0009]
    9. Method according to one of claims 1 to 7, characterized in that the step of transmitting the discovery software module comprises: a step of insertion of this module within a WEB page in the form of a interpreted program.
    [0010]
    10. Method according to claim 9, characterized in that the module is inserted in a hidden frame.
    [0011]
    11. Method according to one of claims 1 to 7, characterized in that the step of transmitting the discovery software module comprises: - a step of transmitting this module in the form of an extension module of a Web browser.
    [0012]
    12. Method according to one of claims 1 to 11, characterized in that the security network service is hosted on a mobile phone.
    [0013]
    13. Device for hosting a service characterized in that it comprises: - a discovery software module; means for transmitting the discovery software module to a consultation terminal, in response to an access request received from said consultation terminal; - The discovery software module comprising, intended to be executed on the terminal: o means for discovering at least one security network service available on a local network; o means for establishing a first connection with the security network service; and means for establishing a second connection with the hosted service, the discovery software module then serving as a relay between the first and the second connection. 5
    [0014]
    14. Device according to claim 13, characterized in that it further comprises within the discovery software module: means for sending a list of discovered security network services to the remote service; and means for receiving information designating a security network service selected by said remote service from this list, the first connection then being established with the selected security network service. 15
    [0015]
    15. Device according to claim 13 or 14, characterized in that it further comprises within the discovery software module: means for validating network services discovered by an attempt to connect to these security network services. 20
    [0016]
    16. Computer program comprising instructions adapted to the implementation of each of the steps of the method according to any one of claims 1 to 10 when said program is executed on a computer. 25
    [0017]
    17. An information storage medium, removable or not, partially or completely readable by a computer or a microprocessor comprising code instructions of a computer program for the execution of each of the steps of the method according to any one Claims 1-10.
    类似技术:
    公开号 | 公开日 | 专利标题
    FR3013541A1|2015-05-22|METHOD AND DEVICE FOR CONNECTING TO A REMOTE SERVICE
    FR2997525A1|2014-05-02|METHOD FOR PROVIDING SECURE SERVICE
    EP3022867A1|2016-05-25|Strong authentication method
    FR3015078A1|2015-06-19|BINARY CODE AUTHENTICATION
    EP3147794A1|2017-03-29|Method for transferring configuration information of a connected object
    EP3032799B1|2018-08-29|Method for authenticating a user, corresponding server, communication terminal and programs
    EP3238474B1|2019-03-13|Method for securing contactless transactions
    EP2053532A1|2009-04-29|Method of opening a microcircuit card that is secure to third parties
    CA3029154A1|2018-01-04|Method for authenticating payment data, corresponding devices and programs
    EP2793498B1|2017-08-16|Secure element for telecommunication terminal
    EP2290901A1|2011-03-02|Mobile electronic device configured to establish secure wireless communication
    EP3758322A1|2020-12-30|Method and system for generating encryption keys for transaction or connection data
    EP3646215B1|2021-11-24|Method for controlling access to a security module
    EP3673633B1|2021-07-28|Method for authenticating a user with an authentication server
    EP3820112A1|2021-05-12|Method for configuring access to an internet service
    EP3667530A1|2020-06-17|Secure access to encrypted data from a user terminal
    EP3330881A1|2018-06-06|Method and system for securing sensitive operations carried out in a non-secure communication environment
    WO2021123542A1|2021-06-24|Method for obtaining a command relating to a network access profile of an euicc security module
    FR2975518A1|2012-11-23|METHOD FOR SECURING AN AUTHENTICATION ARCHITECTURE, MATERIAL DEVICES AND CORRESPONDING SOFTWARE
    FR3042362A1|2017-04-14|MEANS FOR MANAGING ACCESS TO DATA
    FR3093882A1|2020-09-18|Method of configuring a communicating object in a communication network, user terminal, method of connecting a communicating object to the network, access equipment and corresponding computer programs.
    WO2017162995A1|2017-09-28|Authentication method for authorising access to a website
    FR2888437A1|2007-01-12|Service e.g. marine meteorological consultation service, access controlling method for e.g. mobile telephone, involves downloading marked validation tokens in multimedia terminal before user chooses service to be utilized
    FR3031609A1|2016-07-15|METHOD OF PROCESSING A TRANSACTION FROM A COMMUNICATION TERMINAL
    FR3029723A1|2016-06-10|SECURED LIFE SECRET TRANSMISSION METHOD FOR REALIZING A TRANSACTION BETWEEN A MOBILE TERMINAL AND AN EQUIPMENT
    同族专利:
    公开号 | 公开日
    FR3013541B1|2021-02-19|
    US20150143464A1|2015-05-21|
    US9699190B2|2017-07-04|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    US20020013807A1|2000-06-19|2002-01-31|Hewlett-Packard Compnay|Process for controlling devices of an intranet network through the web|
    EP1578064A1|2004-03-18|2005-09-21|France Telecom|Method to access a service via an intermediate terminal connected to a communication network|
    WO2005104441A1|2004-04-20|2005-11-03|Thomson Licensing|Method for controlling a device in a network of distributed stations, and network station|
    WO2010017828A1|2008-08-14|2010-02-18|Nec Europe Ltd.|Secure browser-based access to web services|
    FR2968494A1|2010-12-03|2012-06-08|Oberthur Technologies|METHOD OF COMMUNICATING BETWEEN AN ONBOARD SERVER AND A REMOTE SERVER|
    US7418486B2|2003-06-06|2008-08-26|Microsoft Corporation|Automatic discovery and configuration of external network devices|
    EP1494394A1|2003-06-30|2005-01-05|Sony International GmbH|Distance-aware service mechanism for determining the availability of remote services in wireless personal area networks|
    US20050097087A1|2003-11-03|2005-05-05|Punaganti Venkata Murali K.|System and method for providing a unified framework for service discovery|
    US7463637B2|2005-04-14|2008-12-09|Alcatel Lucent|Public and private network service management systems and methods|
    US20070039039A1|2005-08-10|2007-02-15|Microsoft Corporation|Authorization of device access to network services|
    US9092635B2|2006-03-31|2015-07-28|Gemalto Sa|Method and system of providing security services using a secure device|
    US20090080453A1|2007-09-21|2009-03-26|Nokia Corporation|Context aware ipv6 connection activation in a upnp remote access environment|
    US8543805B2|2010-04-21|2013-09-24|Citrix Systems, Inc.|Systems and methods for split proxying of SSL via WAN appliances|
    CN102377629B|2010-08-20|2014-08-20|华为技术有限公司|Method and device for communicating with server in IMS core network by using terminal to pass through private network as well as network system|
    US20120182939A1|2011-01-14|2012-07-19|Qualcomm Incorporated|Telehealth wireless communication hub and service platform system|
    US9578114B2|2011-09-27|2017-02-21|Microsoft Technology Licensing, Llc|External service application discovery method|
    WO2013106947A1|2012-01-18|2013-07-25|Metrologic Instruments, Inc.|Web-based scan-task enabled system. and method of and apparatus for developing and deploying the same on a client-server network|JP6512798B2|2014-11-19|2019-05-15|キヤノン株式会社|Communication apparatus, control method, and program|
    US10491685B2|2015-03-31|2019-11-26|Microsoft Technology Licensing, Llc|Session transfer between resources|
    EP3113439B1|2015-06-30|2017-04-26|Skidata Ag|Method for producing azero knowledgeconnection between an electronic device and a computer|
    PL418864A1|2016-09-26|2018-04-09|Comarch Spółka Akcyjna|Method for communication of a cryptographic device with a computer device and the cryptographic device|
    US10581871B1|2017-05-04|2020-03-03|Securus Technologies, Inc.|Controlled-environment facility resident communications employing cross-origin resource sharing|
    US11089635B1|2017-09-08|2021-08-10|Amazon Technologies, Inc.|Wireless network device provisioning|
    法律状态:
    2015-10-23| PLFP| Fee payment|Year of fee payment: 3 |
    2016-10-24| PLFP| Fee payment|Year of fee payment: 4 |
    2017-10-20| PLFP| Fee payment|Year of fee payment: 5 |
    2018-10-12| CD| Change of name or company name|Owner name: IDEMIA FRANCE, FR Effective date: 20180910 |
    2018-10-12| CJ| Change in legal form|Effective date: 20180910 |
    2020-10-16| CA| Change of address|Effective date: 20200909 |
    2020-10-21| PLFP| Fee payment|Year of fee payment: 8 |
    2021-10-20| PLFP| Fee payment|Year of fee payment: 9 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1361361A|FR3013541B1|2013-11-19|2013-11-19|METHOD AND DEVICE FOR CONNECTION TO A REMOTE SERVICE|FR1361361A| FR3013541B1|2013-11-19|2013-11-19|METHOD AND DEVICE FOR CONNECTION TO A REMOTE SERVICE|
    US14/543,003| US9699190B2|2013-11-19|2014-11-17|Method and device for the connection to a remote service|
    [返回顶部]