• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method for sharing a secret data, comprising the steps of: generating in a graphics processor of a terminal (MT) secret data, encrypting the secret data, and transmitting the encrypted secret data to a processor secure (SRV, SE) generation and encryption of the secret data being performed by a scrambled circuit executed by the graphics processor and comprising logic gates distributed in several ordered ranks, the execution of the circuit scrambled by the graphics processor comprising steps of executing the logical gate ranks, the execution of each of the logical gate ranks consisting of simultaneously executing all logic gates of the rank, and transferring the obtained fuzzy output values, which are applied to an input of a gate higher order logic, from an output memory to an input memory of the graphics processor, from to be taken into account when executing the higher rank.
    公开号:FR3039948A1
    申请号:FR1557534
    申请日:2015-08-04
    公开日:2017-02-10
    发明作者:Jean-Luc Leleu
    申请人:Skeyecode SAS;
    IPC主号:
    专利说明:

    METHOD FOR SECURING A TRANSACTION FROM A
    TERMINAL NOT SECURED
    The present invention relates to a method of authentication between a terminal and a remote server.
    More and more services are available through a terminal connected to the Internet, including banking services. In particular, e-commerce has grown strongly. The terminals used in this context can be personal computer type, digital tablet, smart mobile phone ("smartphone"). Generally, these terminals comprise a main processor, a graphics processing unit GPU (Graphics Processing Unit) connected or likely to connect to a display screen, connection circuits to a data transmission network such as the Internet, and control members such as a keyboard, a mouse, or a touch surface associated with the display screen. Access to so-called "online" services using such terminals raises security issues. Indeed, it is possible to install in the terminal, and to execute by the main processor of the terminal, a so-called "malicious" program having access to all the memory accessible by the main processor, as well as data displayed and entered using a keyboard or designated positions on an image displayed on the screen. Such a malicious program can be configured to spy on any transactions conducted from the terminal and to retrieve any secret data introduced or manipulated during these transactions for transmission over the network.
    To ensure the security of such transactions, it has already been proposed to use as a security element and cryptographic calculation a secure processor such as the processor of a SIM card (Subscriber Identification Module) usually equipping mobile phones. In order to run one or more payment applications, the secure processor must be able to store as many secret cryptographic keys as payment applications. However, loading an application into the memory of a secure processor is a complex operation that must be highly secure. For this purpose, it requires external stakeholders such as a Trusted Service Manager. As SIM cards are issued by a mobile operator, the mobile operator may refuse to install such applications in the card. In addition, in case of theft or during a maintenance operation of the phone, the processor of the SIM card may be subject to attacks by a fraudster to discover the secret keys he memorizes. Access to secure functions installed in the processor of a SIM card generally requires the input of a secret code (PIN code) by means of the controller connected to the main processor of the terminal. As a result, a secret code entered by the user necessarily passes through the main processor. Malware executed by the main processor may therefore have access to this secret code.
    For entering a secret code, it has also been proposed to display the image of a keyboard whose keys have positions defined randomly. This solution does not prevent a malicious program from obtaining the key combination introduced by the user by making a screenshot to obtain the image of the keyboard and by intercepting the position of each of the designations made by the user. using a mouse or a touch screen.
    It has also been proposed to send the user a single-use code by another communication link (for example by SMS), this code to be entered by the user to validate a transaction in progress. This solution involves additional manipulations for the user, and an additional cost for sending the single-use code. This solution is also not very suitable for transactions conducted from a smart mobile phone or a digital tablet.
    Moreover, it has already been proposed to use the computing power of graphics processors installed in computers to perform cryptographic calculations. Indeed, such a processor has a parallel computing architecture that is suitable for performing certain cryptographic calculations such as symmetric or asymmetric encryption and decryption calculations. However, a graphics processor usually does not have nonvolatile memory. It is therefore not possible to store an application or a secret key, without these disappear every time the computer turns off. This results in a problem of keeping secret data necessary for the conduct of secure transactions.
    In addition, the graphics processor can not communicate directly with an external server. All the data of a transaction must therefore be relayed by the main processor of the computer managing the communication circuits of the computer. As a result, a malicious program installed in the computer can retrieve and store all the transaction data exchanged between the graphics processor and the server. Even if the transaction data is encrypted before being transmitted, the malicious program can reuse the encrypted transaction data to conduct a transaction identical to that corresponding to the stored data.
    Patent application WO 2012/107698 (US 2014/0040633) describes a transaction method involving the graphics processor to establish a secure link with a remote server or a secure processor. The graphics processor is configured to display an image of a keyboard whose keys are at random positions. This image is broken down into unintelligible frames generated by a visual cryptographic process, which are displayed successively by the graphics processor. The display frequency of the frames is adjusted to exploit the retinal remanence of the user so that the latter can reconstruct the image from several frames displayed successively. Thus, a malicious program executed by the main processor of the terminal can not recover the image reconstructed by retinal remanence, by making a screenshot, since the frame display frequency is much higher than the rate at which the main processor can make screenshots.
    However, this solution does not guarantee that an attacker can not reconstruct the displayed image or the part presenting sensitive data, from successive partial screen shots.
    It is therefore desirable to protect secret data, and more generally, sensitive data such as transaction data, during their transit in a terminal with a graphics processor, or when they are transmitted between such a terminal and a server.
    Embodiments include a method of sharing secret data, comprising: generating in a graphics processor of a terminal secret data, encrypting the secret data, and transmitting the encrypted secret data to a secure processor, the steps of generation and encryption of the secret data being performed by a scrambled circuit executed by the graphics processor and comprising logic gates distributed in several ordered rows, comprising a first rank grouping logic gates exclusively receiving input values of the circuit scrambled, logic gates of a certain rank receiving exclusively values from logical gates belonging to lower ranks or input values of the scrambled circuit, each logic gate being associated with scrambled values representing each possible binary value of each bit input and every bit for outputting the logic gate, each logic gate being associated with a truth table comprising for each possible combination of logic gate entry binary values a value obtained by encryption of the scrambled value representing the output value of the logic gate corresponding to the combination of the input binary values of the logic gate, the execution of the circuit scrambled by the graphics processor comprising the steps of: successively executing the ranks of logic gates in the order of the ranks, the execution of each of the logical gate ranks of simultaneously executing all logic gates of the rank, the execution of a logic gate comprising steps of selecting a line of the truth table associated with the logic gate, according to the scrambled values input of the logic gate, and decryption of the selected line to obtain a scrambled value output of the logic gate, and transfer the resulting scrambled output values, which are applied to an input of a logic gate belonging to a higher rank, from an output memory of the graphics processor to an input memory of the graphics processor, so as to be taken into account when executing the higher rank.
    According to one embodiment, the secret data is generated randomly or pseudo-randomly, the scrambled circuit comprising a random number generation circuit or pseudo-random.
    According to one embodiment, the secret data is generated randomly by simultaneously launching the execution of several identical operations running in parallel, the secret data depending on the order in which the operations end.
    According to one embodiment, the secret data is generated using a scrambled circuit configured to generate random or pseudorandom numbers, the scrambled circuit comprising a first rank of doors associated with truth tables having identical lines. but ordered differently, so as to provide different output data for the same input data, the output data of the row of doors being provided at a next row of doors according to an order in which they are provided by the first row of doors.
    According to one embodiment, the execution of the scrambled circuit is performed by an interpreter itself made at least partly in the form of a scrambled circuit.
    According to one embodiment, the method comprises a step of establishing a link between the graphics processor and the secure processor, the link being secured by means of the secret data shared only between the graphics processor and the secure processor.
    Embodiments also relate to a method of authenticating a user by a server, from a terminal connected to the server, the terminal comprising a main processor, a graphics processor controlling a display screen, and a control device. control, the method comprising the steps of: loading into the graphics processor a program configuring the graphics processor to execute the sharing method as defined above, in order to generate shared secret data only between the graphics processor and the server, and for displaying on the display screen an image of a keyboard having a defined and determinable key distribution using the shared secret data, executing the program by the graphics processor to generate the shared secret data and displaying the image from the keyboard to the display screen, the keyboard image being displayed in the form of complementary frames not intelligible individually for a user, generated by a visual cryptographic algorithm and displayed successively at a rate adapted to exploit the persistence of the user's visual system so that an image combining the complementary frames appears in an intelligible manner for the user, collect by the main processor positions of the display screen designated by the user by means of the control member, in relation to the displayed virtual keyboard, transmit by the main processor to the server the designated positions by the user, and check a consistency between the designated positions, and a user authentication secret code known to the server, the user being authenticated if the consistency is verified.
    According to one embodiment, the shared secret data defines the distribution of the keys of the keyboard image.
    According to one embodiment, the display of the keyboard image comprises: successive steps of selecting a decomposition in complementary pixel patterns for each pixel or group of pixels of the keyboard image, representing key labels of the keyboard, successive steps of generation of complementary pixel patterns for each selected decomposition, so that the key labels are visible on the display screen only if the complementary pixel patterns are superimposed, and steps successive display of the pixel patterns generated at randomly selected times, spaced by a variable duration such that the human visual system can combine them although they are displayed successively, the times of display of the pixel patterns forming an image displayed on the keyboard being distinct and independent of each other.
    According to one embodiment, the display of the keyboard image is performed by a scrambled circuit executed by the graphics processor.
    Embodiments also relate to a terminal configured to implement one or the other of the previously defined methods.
    Embodiments also relate to a computer program which, when loaded and executed by a terminal comprising a main processor and a graphics processor, configures the terminal to implement one or the other of the previously defined methods. . FIG. 1 schematically represents a conventional terminal in communication with a transaction server, FIG. 2 schematically represents a conventional graphics processor, FIG. 3 schematically represents a functional architecture of a program loaded into the graphics processor, according to one embodiment, FIG. 4 diagrammatically represents a module of the program loaded into the graphics processor, according to one embodiment, FIG. 5 schematically represents a cryptographic display module of the program loaded into the graphics processor, according to one embodiment, FIG. an exemplary image produced by the cryptographic display module, such as can be viewed by a user, Figure 6B shows an example of an image produced and displayed by the cryptographic display module, at a given time, the figure 7 schematically represents patterns of pixels of i mage displayed successively on a display screen by the cryptographic display module, according to one embodiment, Figure 8 schematically shows on a time scale times of display and refresh pixel patterns generated by the module of cryptographic display, Figure 9 schematically shows a program encryption module loaded into the graphics processor, according to one embodiment, Figure 10 shows steps performed by the terminal and the transaction server, according to one embodiment.
    FIG. 1 represents a conventional MT terminal capable of communicating with an SRV server via a data transmission network such as the Internet network. The SRV server can be configured to conduct transactions with terminals to which it can be connected.
    The MT terminal is equipped with connection circuits with a network such as the Internet. The MT terminal is for example of the mobile phone type including smart type or PDA (personal assistant) or any other type of device, such as a personal computer equipped with connection circuits to a network such as the Internet. The terminal MT also comprises an HP main processor, NT connection circuits to an NT network, connected to the HP processor, a DSP display screen, a graphics processor GP managing the DSP screen, connected to the HP processor, and a controller CM connected to the HP processor. The control member may comprise a keyboard or a touch surface, for example a transparent touch surface disposed on the DSP screen, and possibly a pointing device such as a mouse. The HP processor can be the main processor of the terminal ("Base band processor").
    The terminal may also include a secure processor SE which can be implemented in a UICC ("Universal Integrated Circuit Card") integrated circuit card. The processor SE may be for example SIM card type ("Subscriber Identity Module"), or mini-SIM or micro-SIM, allowing access to a mobile phone network. The secure processor may include a Near Field Communication (NFC) circuit to communicate with a contactless terminal. The NFC circuit can be implanted in a SIM card (SIM-NFC) or UICC, or in a SoC circuit ("System on Chip") or in an external memory card, for example of the "SD card" type. The NIT circuits may comprise radio telephone circuits giving access to a mobile telephone network, and to the Internet network via the mobile telephone network, and / or a connection circuit to a wireless network (WiFi, Bluetooth), and / or any other wired or wireless connection means to a data transmission network such as the Internet.
    The SRV server is configured to provide transaction services to users. It may include a security device, a transaction service management program, and a memory area dedicated to program storage and transaction data. The security device protects the server and in particular access to the memory area dedicated to the transaction data and the transaction service management program.
    In what follows, the term "transaction" generally refers to the access by a user to a service or data, via a link, this access requiring authentication of the user.
    Figure 2 shows an example of GP graphics processor. In FIG. 2, the processor GP has a parallel architecture comprising several MPU multiple processing units. Each MPU processing unit consists of several thread processor TP processors and SFU special function unit. SFUs are configured to perform infrequent and expensive computing resource operations such as division, square root, and so on. The processors TP of the same unit MPU can communicate with each other via a local memory LMEM specific to the unit MPU. On the other hand, TP processors belonging to different MPUs can not communicate with each other or synchronize. The TP processors of an MPU therefore do not have access to the local LMEM memories of the other GPU MPUs.
    MPUs are managed by a Thread Execution Control Unit (TPU). The GP processor also includes a VMEM video memory and a GMEM main memory that is not accessible directly from outside the GP processor. Conversely, the HMEM memory of the HP processor is not directly accessible by the GP processor. However, the data transfers between the memories GMEM and FIMEM are possible via an input / output port of the processor GP and a procedure of the type DMA (Direct Memory Access).
    FIG. 3 represents the functional architecture of an AUTP program loaded into the processing unit PU of the graphics processor GP and executed by the latter, when executing an application of transaction AP (FIG. 1) by the main processor HP MT terminal. According to one embodiment, this program comprises a multiplicity of FCC display modules executed in parallel, each FCC display module being responsible for writing and refreshing in the video memory a VCP pixel pattern to be displayed at the same time. the DSP display screen. The program loaded in the graphics processor GP also includes ENC encryption modules and RNG1 random number generation modules providing random numbers to the FCC display modules and the ENC encryption modules. The enciphering modules ENC provide, outside the processor GP, encrypted numbers corresponding to the random numbers provided by the modules RNG1. FIG. 4 represents one of the FCC display modules of the AUTP program loaded into the graphics processor GP, according to one embodiment. The FCC module comprises a module for generating pixels of an image of a KGN keyboard, and a visual cryptography module KD. One of the random number generation modules RNG1 receives as input a number D1 used as a seed. The RNG1 module provides a random or pseudo-random number RN1 to m x p FCC modules. The random number RN1 that is provided at the input of module KGN specifies a character such as a numeric or alphanumeric character, or an icon of an image, of a keyboard to display. The module KGN supplies the value of a pixel PX, black or white, of a picture forming the character corresponding to the number RN1. The random number RN2 is provided at the input of the module KD. The module KD successively supplies pixel patterns PT to be displayed as a function of the pixel PX supplied by the module KGN.
    All the KGN modules loaded in the processor GP thus make it possible to generate together in the VMEM video memory a complete image of a keyboard formed of d images of keyboard keys juxtaposed, each key image having the image of a different character associated to the touch. Thus, the set of modules KGN loaded in the processor GP comprises a group of mxp modules KGN per key of the keyboard to be displayed, each of these groups of modules KGN producing an image of mxp pixels representing a key with the character associated with the key . Each of these groups of m x p modules KGN receives from the module RNG1 a distinct number corresponding to the image of the character to be displayed on the key.
    According to one embodiment, a first of the KGN module groups responsible for displaying the image of a key receives from the corresponding RNG1 module a number RN11 randomly selected between 1 and the number of keys of the keyboard to be displayed. A second of the groups responsible for displaying the image of a key receives as input a random number RN12 randomly selected between 1 and the number of keys of the keyboard to be displayed, decreased by 1, d-1, the number RN12 then corresponding to a character rank among the remaining characters to be assigned to the remaining keys. The numbers RN1i are thus randomly chosen according to the number of characters remaining to be assigned to a key, until the penultimate character to be assigned to a key on the keyboard. The last character to assign to a key is assigned to the remaining key.
    The module KGN can also receive the position of the pixel generated by the module KGN in the image displayed by the screen DSP. However, the position PXPi may not be necessary, the position of the FCCi module in the PU processing unit being able to define this position.
    The module KD applies a visual cryptography type transformation to the pixel PXi, as a function of a random or pseudo-random number RN2. Such a transformation is for example described in the documents "Visual Cryptography", Moni Naor, Adi Shamir, Eurocrypt 94, and "Construction and Bounds for Visual Cryptography", G. Ateniese, C. Blundo, A. De Santis, G. G. Stinson. This transformation consists of decomposing an original image, for example human intelligible, into a set of several complementary frames, in such a way that the original image can be restored only by superimposing all the frames of the set of frames. complementary frames, and that it is very difficult to reconstruct the original image in the absence of any of the complementary frames. Thus, the module KD generates for each frame to be displayed on the screen DSP a pattern of one or more pixels EPi corresponding to an encrypted form of the pixel PXi. Thus, the value of the pixel PXi can appear on the DSP screen by successively displaying the complementary patterns EPi of the pixel PXi, with a frame display frequency suitable for exploiting the retinal remanence of the user's visual system.
    According to one embodiment, the complementary pixel patterns EPi are displayed separately at randomly defined times within a limit compatible with the human visual system. Figure 5 shows the module KD according to one embodiment. The module KD comprises a PSL module for generating pixel patterns, and a counting circuit comprising a register RG, a modulo module MOD, a comparator CMP and an incrementation module INC. The register RG receives a portion RN21 of the random number RN2, which defines an initial value of the counting circuit. The MOD module calculates the modulo of the number in the RG register. The INC increments the output value of the MOD module by one and feeds the incremented value into the RG register. The output value of the MOD module is also provided at the output of the KD module and at the input of the comparator CMP. The comparator CMP compares the output value of the module MOD with a part RN22 of the random number RN2. The comparator CMP provides the PSL module a display enable signal DS which is active when the two input values of the comparator CMP are equal. The PSL module selects a pixel pattern from among a plurality of pixel patterns based on a RN23 portion of the RN2 random number. Upon a first activation of the DS signal, the PSL module outputs the KD module as the first pixel EP1 of a set of complementary pixels the selected pixel pattern. During a second activation of the DS signal, the PSL module outputs the KD module as the second pixel EP2 of the set of complementary pixels, either the selected pixel pattern or the complementary pixel pattern of the pixel pattern. selected, depending on the value of the pixel PX supplied at the input of the module KD. For example, the second pixel pattern EP2 is the selected pixel pattern if the value of the pixel PX supplied at the input of the module KD is zero, or the pixel pattern complementary to the selected pixel pattern, if the value of the pixel PX is has a. Of course, an inverse choice can be made depending on the value of the pixel PX. Thus, thanks to the counting circuit, the instant of output of the KD module of a first pixel pattern is chosen randomly by the random number RN21. The instant of supply of the following pixel patterns are also randomly chosen according to the random number RN22 which can change each time a pixel pattern EP1, EP2 is outputted from the module KD. The value of the modulo used by the module MOD is chosen so that the display instants of the pixel patterns EP1, EP2 are spaced by a duration compatible with the human visual system, that is to say a duration such that the human visual system can combine the complementary pixel patterns. For this purpose, this duration can vary between 50 to 80 ms. The first pixel pattern EP1 is also randomly chosen each time two pixel patterns have been outputted from the KD module.
    In the example of Figure 5, the pixel patterns include four pixels including two black pixels and two white pixels. The selection of the first pixel pattern EP1 is carried out among six patterns, namely two horizontal patterns, two vertical patterns and two diagonal patterns. Of course, other patterns and other combinations of complementary patterns can be envisioned to form a black or white (gray) pixel in the user's vision system. The set of FCC modules makes it possible to generate and display an image such as that presented in FIG. 6A, comprising zones displayed in visual cryptography and zones displayed in the clear. Thus, in the example of FIG. 6A, the IM image that is perceptible to a user is that of a keyboard comprising twelve keys, comprising keys bearing a number from "0" to "9", a touch of cancellation "C" and a validation key "V". Thus, in the example of the image of FIG. 6A, the AUTP program comprises ten RNG1 modules and 10 x m × p FCC modules (d = 10). The displayed image also includes a display area RS transaction data and / or a wildcard such as each key operated by the user. The keys bearing a number from "0" to "9" are presented in any order and are displayed in visual cryptography, successively displaying pixel patterns EP1, EP2 at randomly selected times. Figure 6B shows an IM1 image actually produced and displayed by the PSL. The image IM1 comprises only one of the two pixel patterns EP1, EP2 of one of the sets of complementary pixel patterns generated for each pixel PX of the areas displayed in visual cryptography of the image produced by the module KGN. The labels of the keys bearing a number from "0" to "9" are therefore not visible in the image IM1.
    According to one embodiment, the KGN modules are executed once to generate the image of a keyboard with a defined key distribution, and the RNG2 and KD modules are executed several times, at a rate of the order of one time. by period T, T being of the order of two to ten milliseconds to be able to trigger the supply of a pattern of VCP pixels in the VMEM memory every 50 to 80 ms, for example until the user activates the cancel key "C" or validation "V". The modulo value applied by the MOD module depends on the value of the period T and the maximum duration between the successive display times of a pattern
    pixels. According to one embodiment, the display of the content of the VMEM memory is performed at each of the periods T
    According to one embodiment, the KGN modules are executed at a certain rate, to generate different images, but without changing the distribution of the keys from 0 to 9 in the keyboard image, so as to make the determination by an attacker of the distribution of the keys from 0 to 9. The different images thus generated can for example change the position of the label (from "0" to "9") of each key in each zone delimited for a key, and / or the size of this label, and / or the font used to present this label.
    Figure 7 shows the IM image displayed by the user on the DSP screen of the terminal. According to one embodiment, at least a part of the image IM results from the refreshing of pixel patterns at different frequencies, the pixel patterns of a first image being displayed at different times. FIG. 7 represents pixel patterns P1 <n>, P1 <n + 1>, P1 <n + 2>, P1 <n + 3> displayed successively at a position P1 of the display screen DSP, patterns of pixels P2 <n>, P2 <n + 1>, P2 <n + 2>, P2 <n + 3> successively displayed in a position P2 of the display screen, and pixel patterns P3 <n> , P3 <n + 1>, P3 <n + 2>, P3 <n + 3> successively displayed in a position P3 of the display screen. The pixel patterns Pi <j> (j = n, n + 1, n + 2, n + 3, ...) result from different successive decompositions, by visual cryptography, of a pixel or group of pixels into one position Pi of an original image, in sets of complementary pixel patterns. This decomposition is performed by the KD modules of the FCC modules, so that the original image can be restored only by superimposing all the pixel patterns of a set of complementary pixel patterns, and that it is very difficult to determine the value of a pixel in the original image in the absence of any of the pixel patterns of the set of complementary pixel patterns or in the presence of a pixel pattern belonging to another set of complementary pixel patterns.
    According to one embodiment, each pixel pattern Pi <j> is displayed for a respective respective duration TPi <j> (i = 1, 2, 3, ... and j = n, n + 1, n + 2, n + 3, ...) determined so that the retinal or visual remanence of the user recombines the pixel patterns of each set of complementary pixel patterns and thus, so that the user perceives the IM original image constituted by the superposition of all the complementary pixel patterns forming this image.
    For example, the pixel patterns Pi <n> and Pi <n + 1> (i = 1, 2, 3, ...) form a first set of complementary pixel patterns, resulting from a first decomposition by visual cryptography. , and Pi <n + 2> and Pi <n + 3> (i = 1, 2, 3, ...) form a second set of complementary pixel patterns, resulting from a second decomposition by visual cryptography, distinct from the first decomposition. Of course, a pixel or group of pixels of an original image can be decomposed by visual cryptography in addition to two complementary pixel patterns.
    Pixels or groups of pixels of the original image displayed in the form of complementary pixel patterns are distributed in the image so as to make all or part of the image unintelligible if one does not superimpose patterns of complementary pixels. Thus, the IM image of Figure 6 (as it appears to the user) has a keypad whose keys are arranged in any order, for example determined randomly. According to one embodiment, the pixels delimited by the shape of the keys and representing the labels of the keys are broken down into complementary pixel patterns obtained by visual cryptography. Of course, it may be provided to decompose by visual cryptography all the pixels of the IM image.
    According to one embodiment, the display duration TPi <j> (i = 1, 2, 3, ... and j = n, n + 1, n + 2, n + 3, ...) of each Pixel pattern is set to a value that varies in time and from one pixel pattern to another, between 50 and 80 ms. According to one embodiment, first pixel patterns displayed at the beginning of the presentation of an image on the DSP display screen are displayed at different times. Thus, FIG. 8 represents, along a time axis, times of display t1, t2, t3 of first pixel patterns P1 <0>, P2 <0>, P3 <0> displayed at positions P1, P2, P3. from the original IM image. The instants t1, t2, t3 are separated by a start time t0 of the display of the image, by less than a duration tM which can be chosen less than or equal to 50 ms, given that certain pixel patterns of the image can be displayed from the instant tO. Second pixel patterns P1 <1>, P2 <1>, P3 <1> are displayed after the first pixel patterns P1 <0>, P2 <0>, P3 <0> at variable times of a pattern of pixels at the other, separated from the display instants of the first pixel patterns of respective durations TP1 <0>, TP2 <0>, TP3 <0> between 50 and 80 ms.
    Thus, if each pixel or group of pixels of the original image is decomposed into two successive complementary pixel patterns, and assuming that two successive screen copies can be made and stored by the HP processor in 50 ms or less , the second screenshot can not contain all the complementary pixel patterns of the pixel patterns in the first screenshot. Indeed, since the pixel patterns are displayed from distinct times and are refreshed with different variable refresh periods, the first screen copy necessarily contains pixel patterns complementary to previously displayed pixel patterns, and therefore the second screenshot necessarily contains pixel patterns complementary to pixel patterns that will be displayed after the second screenshot. A third screenshot can be made to obtain these complementary pixel patterns. However, it is not possible to determine whether a pixel of the original image, for example P1, is reconstituted from the corresponding pixel pattern of the first and second screen shots (P1 <n>, P1 < n + 1>) or that of the second and third screenshots (P1 <n + 1>, P1 <n + 2>). If all the pixels of the original image are thus decomposed into two complementary pixel patterns, the reconstruction of the original image requires the selection, for each pixel pattern of the image transformed by visual cryptography, of the correct image. a pair of complementary pixel patterns from the pair comprising the corresponding pixel patterns in the first and second screen shots and the pair comprising the corresponding pixel patterns in the second and third screen shots. In this case, the HP processor must be capable of making and storing at least three successive screen copies within 50 ms of each screen copy requiring the VMEM video memory to be read and stored. write the read data to an HMEM memory accessible to the HP processor.
    If each pixel of the original image is transformed by visual cryptography into a set of three or more complementary pixel patterns, the problem of reconstructing the original image from successive screen prints is even more complex .
    FIG. 9 represents one of the encryption modules ENCj installed in the processor GP, according to one embodiment. The module ENCj receives a random number RN1 transmitted by one of the RNG1 modules and encrypts it by applying an encryption algorithm to calculate an ERN1 signature. All ERN1 signatures thus calculated by the ENCj modules are transmitted outside the GP processor, for example to the SRV server.
    In the example of FIG. 9, the module ENCj implements the algorithm AES (Advanced Encryption Standard). Thus, the ENC module executes several (r + 1) rounds of encryption. In the first round, the module ENCj combines by an LC1 function performing a bitwise exclusive OR operation (XOR), an initial key part KOj with the random number RN1 that it has received from the module RNG1. The result of this combination is transmitted to a non-linear substitution function BSUB replacing each byte of the combination with another according to a correspondence table. The result of the substitution is transmitted to a SHR transposition function of cyclically shifting a number of times the last three rows of the substitution result arranged as a block of several rows and columns. The result of the transposition is transmitted to an MXCL mixing function. The MXCL function is applied by column to the block resulting from the transposition and combines the last four bytes of each column of the block. The result of the mixing is combined with a new key K1j derived from the initial key by a function LC2 also performing an operation OR Exclusive (XOR), bit by bit. These functions BSUB, SHR, MXCL are executed at each round i with a new key Kij derived from the key used in the previous round by a key derivation function KDN. At the last round r, when a maximum number of MXR rounds is reached, the function MXCL is not executed, the result of the transposition function SHR being combined with a last key Krj derived from the key used in the previous round. .
    It can be observed that if the encryption function implemented by each module ENCj is reversible, as is the case of the AES algorithm, the ENCj modules can be used to establish a transmission channel between the server SRV and the server. GP processor, which is secured by symmetric encryption using a secret key known only to the SRV server. Here and in the following, the term "secure" means protected against fraudulent access by hardware and / or software.
    According to one embodiment, the RNG1, ENC and FCC modules are made in the form of circuits or impenetrable executable code ("obfuscated"), so that their operation is completely masked and can not be modified. The RNG1, ENC and FCC modules can be generated by the SRV server so as to integrate into their internal structure a respective secret key specific to an identifier of the user.
    According to one embodiment, the RNG1, ENC and FCC modules are made in the form of logic circuits consisting of logic gates such as AND, NAND, OR, NOR, XOR, and then transformed by the technique of scrambled circuits ("garbled circuits"). ). The transformation of the RNG1 and FCC modules into logic circuits can be carried out using program conversion tools written for example in C or C ++ language, in languages such as VHDL or Verilog. This scrambled circuit transformation technique randomly generates scrambled values representing each binary value 0 and 1 of each input bit of the circuit and each logic gate output bit of the circuit, some logic gate outputs corresponding to outputs. of the circuit, to represent each gate by its truth table, and to encrypt each truth table, by encrypting the scrambled value representing the output binary value of each line of the truth table, using as keys, the scrambled values of the logic gate entry corresponding to the line of the truth table. A bit of determined rank of each scrambled value, for example the least significant bit (LSB), may be used to determine the match between a scrambled value and its corresponding binary value 0 or 1. Thus, this determined bit can be used to select in the truth table of a logic gate the scrambled output value corresponding to the input scrambled values of the logic gate. The scrambled output value of each gate can therefore be obtained by applying a decryption algorithm corresponding to the encryption algorithm used, to the scrambled output value thus selected, using as keys the scrambled values applied at the input of the logic gate. . The circuit topology (connections between circuit inputs, logic gate outputs, and logic gate inputs) can be defined in a table.
    In this way, it is not possible to determine the operation of the RNG1, ENC and FCC modules when transformed into scrambled circuits, and the circuits operate only with certain input values among a large number of possible values. For more details on the scrambled circuit technique, one can refer for example to the document "Foundations of Garbled Circuits", Mihir Bellare, Viet Tung Floang, Phillip Rogaway.
    These techniques for generating and executing scrambled circuits can be easily adapted to implementation by a processor having a SIMD (Simple Instruction Multiple Data) architecture, such as graphics processors. For this purpose, the logic gates of the scrambled circuit are divided into ranks, the first-order logic gates being those receiving exclusively input values of the scrambled circuit, and the logic gates of a certain rank n, receiving exclusively values from low-order logic gates or input values of the scrambled circuit.
    According to one embodiment, the scrambled values are defined on 4 pixels of 4 bytes, ie 16 bytes. The truth tables of the logic gates are thus defined by four scrambled values, ie 64 bytes corresponding to each combination (0, 0), (0, 1), (1, 0), (1, 1) of the binary values of Entrance. The topology of the scrambled circuit can be defined from a numbering of each circuit connection, comprising the inputs of the circuit, from 1 to n, then each logic gate output of the circuit, from n + 1 to n + q, the circuit outputs being associated with the highest numbers, from n + q-m + 1 to n + q, and the logic gates being referenced by the number of their output connection, from n + 1 to n + q. The topology of the scrambled circuit can thus be stored in the form of a table gathering for each logic gate of the circuit the numbers of the input connections of the logic gate. The execution of the scrambled circuit by the processor GP can be performed by a scrambled circuit interpreter module GCI configured to operate by iteration, by executing at each iteration the logical gates of a row, starting with the first logical gates. Prior to execution of the first rank logical gates, topology tables, logical gate truth tables, and input scrambled values are loaded into an input memory of the GP processor, i.e. GMEM memory. At each execution of the logic gates belonging to a rank, the module GCI is configured to transfer the scrambled values obtained as a result of the execution of the logical gates of the rank of an output memory of the processor GP, that is to say say VMEM memory, in the GMEM input memory, to provide them to the inputs of logic gates of the next rank to be executed. During this transfer, only the scrambled output values used as input values of the logic gates of the next row are transferred. At the end of the scrambled circuit execution, the scrambled output values are in the VMEM memory, and can be transferred to the HP processor.
    In this way, the enciphering circuit ENC which contains the encryption key remains known only to the entity that generated it, in this case the SRV server. It should be noted that the HP processor can obtain the contents of the VMEM and GMEM memories by means of read commands transmitted to the GP processor.
    The RNG1 module can be realized in a scrambled circuit for example by a circuit comprising a first rank of logic gates obtained by duplicating a scrambled logic gate a large number of times and by switching for each logic gate table of the first rank, the lines of the truth table of this logical door, containing the scrambled values of the door. The RNG1 module may comprise a second or more logical gate ranks each comprising logical gates also obtained by duplicating another scrambled logic gate or the scrambled logic gate used to generate the logic gates of the preceding level, and by swapping for each gating table. logical gate of the first rank, the lines of the truth table of this logical gate. Each logic gate of the second rank and any higher ranks combines logic gate outputs of the lower rank. According to one embodiment, the entropy source of the RNG1 module is obtained by exploiting the parallel architecture of the GP processor which executes the scrambled logic gates of the same rank in parallel. In such an architecture, it is not possible to determine in advance in which order the scrambled output values of the scrambled logic gates of the row being executed will be provided. The scrambled output values of the logic gates being executed are injected at the input of the scrambled logic gates of the next rank, in the order in which they are obtained. Thus, the scrambled values obtained at the output of the last row of logic gates have a certain randomness.
    It is also possible to make the RNG1 module comprising several ranks formed from the same duplicate logic gate, each duplicate logic gate having a truth table whose lines can be ordered differently from the table of another logic gate. Thus, the inputs of the RNG1 module can be used at the input of several of the rows of logic gates of the RNG1 module.
    The RNG1 module can also be realized in the form of a scrambled circuit implementing counters, some counters controlling the stopping of other counters. The values of the counters thus stopped constituting a basis for defining a random value.
    The RNG1 module may also comprise logical gate ranks implementing an encryption algorithm such as AES applied to the logic gate output values belonging to lower ranks.
    The RNG2 module can be made in a form similar to that of the RNG1 module, by duplicating a logic gate and reordering the rows of the truth tables of the duplicate logic gates. The RNG2 module can also be embodied as a scrambled circuit configured to derive scrambled values from the scrambled values RN1. In this case, the values RN1 are also applied at the input of the module RNG2 instead of the values S2, in FIG.
    All or part of the GCI module can also be realized in the form of a scrambled circuit. For example, the function of the GCI module responsible for decrypting a line of the truth table of each logic gate of the row being executed to obtain the scrambled output value of the logic gate, can be realized in the form of a circuit scrambled as previously described.
    Figure 10 shows steps performed to authenticate the user of the terminal, according to one embodiment. Steps S1 to S4 are provided for installing an AP application having a user authentication function. In step S1, the HP processor of the terminal MT transmits a request Rq for downloading the application AP associated with a UID of the user. In step S2, the server SRV receives this request Rq and generates an APG program to be loaded in the graphics processor GP of the terminal MT. The APG program is generated at least partly in the form of impenetrable code from secret data generated specifically for the UID of the user. In step S3, the server SRV transmits to the terminal MT, in response to the request Rq, the application AP and the program APG to be installed in the processor HP and in the processor GP. In step S4, the HP processor receives the AP application and the APG program and stores them in nonvolatile memory, and then installs the AP application.
    Steps S11 to S29 are executed during a transaction or access to a service requiring user authentication. In step S11, preliminary processing at the conclusion of a transaction is performed by the HP processor and the SRV server or another server. In step S12, the terminal MT receives an authentication request from the user Rqauth. In step S13, the HP processor of the MT terminal initiates the execution of the AP application in response to the receipt of the request RqAuth. Note that the conduct of the transaction or access to a service can be performed by the AP application. In this case, the AP application was started before step S11. In step S14, the AP application executed by the processor HP transmits to the server an APG1 program request for the graphics processor, this request containing the UID identifier of the user, and possibly information relating to the transaction, before be presented to the user on the DSP screen of the MT terminal. In step S15, the server SRV receives this request and generates an APG1 program to be loaded into the graphics processor GP of the terminal MT, in addition to or in replacement of all or part of the APG program. Here again, the program APG1 is generated at least partly in the form of impenetrable code or scrambled circuits from secret data generated specifically for the UID of the user. The APG1 program includes programs forming FCC modules that can be designed to display transaction data such as a price to be paid and the recipient of the payment. Some FCC modules in the APG1 program may also replace keypad display modules in the APG program, such as to display key labels differently (positions, sizes, and typeface of labels). In step S16, the server SRV transmits the program APG1 that it generated for the user ID UID. In step S17, the terminal MT receives the program APG1 and loads it into the volatile memory of the terminal MT in addition to or instead of all or part of the program APG already stored in this non-volatile memory to form an APG-APG1 program. In step S18, the processor HP transmits the program APG-APG1 of the non-volatile memory to the memory GMEM GP processor. In step S19, the GP processor loads and starts the APG-APG1 program. During steps S20 and S24, the GP processor is controlled by the APG-APG1 program. In step S20, the GP processor triggers the display on the DSP screen of a keyboard whose keys are located at randomly selected positions, by executing the previously described RNG1 and FCC modules. Thus, the display of the keyboard by the GP processor is achieved by applying a visual cryptography algorithm so that a screen copy does not allow to obtain the configuration of the keys of the keyboard, as explained above.
    During the execution of step S20 by the GP processor, the HP processor executes steps S21 and S22. In step S21, the HP processor acquires POS (i) positions on the screen DSP, activated by the user by means of a mouse or the touch surface CM. In step S22, if one of the activated positions corresponds to the position of the validation key "V" or cancellation "C", the processor HP sends in step S23 to the processor GP a validation message or canceling, telling the GP processor that it can remove the keyboard image from the image displayed on the DSP screen. The reception of this message by the processor GP terminates the step S20 of display of the keyboard, and if the received message is a validation message, the processor GP executes the step S24 where the modules ENC of the program APG-APG1 encrypt the scrambled random values RN1 generated by the RNG1 modules, to generate the image of the keyboard to be displayed. At step S26, the processor GP supplies the encrypted values ERN1 which it calculated in step S24, to the processor HP. In step S27, the processor HP transmits to the server SRV the scrambled values ERN1, the positions POS (i) introduced by the user, as well as the UID of the user. In step S28, the server SRV receives and checks this information, then processes it to check it by decrypting the encrypted values ERN1. The decryption of the encrypted values ERN1 is performed by the server SRV by executing a scrambled circuit corresponding to the module ENC, and by using keys Krj stored in association with the UID of the user. This decryption operation makes it possible to obtain the scrambled random values RN1. Decoding the scrambled values RN1 to determine the original binary values of these values makes it possible to determine the order of the keys of the displayed keyboard. The secret code SC entered by the user is determined from the entered positions POS (i) and the order of the keys of the displayed keyboard. In step S29, the server SRV verifies that the secret code SC thus introduced by the user and obtained corresponds to a secret code SC 'stored in association with the UID of the user. If this is the case, the SRV server considers that the user has been authenticated. The server SRV can then validate a transaction or inform a possible server party to the transaction. In step S30, the server SRV informs the terminal MT of the success or failure of the authentication of the user. The HP processor can then display a notification informing the user of the success or failure of the transaction.
    According to one embodiment, the APG-APG1 program is configured to occupy at least 80% of the computing resources of the GP processor. In this way, the operation of the GP processor will be disturbed if another program is loaded to be executed by one or more TP or SFU units of the GP processor. Thus, it is ensured that the image displayed on the DSP screen is not displayed by another program executed by the GP processor.
    According to one embodiment, the character of each key can be displayed in the image of the key with a position, a size and a variable font defined in the program APG1 downloaded with each transaction. Thus, the program APG1 can contain the definition of one or more of the keys of the keyboard to be displayed.
    Steps S11 to S30 can be implemented for different applications, such as access to a service, validation of an online payment transaction, or an electronic voting service. In the case of an electronic voting service, the APG1 program provided by the SRV server during the execution of the AP application may include FCC modules for displaying the names of the candidates to vote for, each associated with a key a keyboard whose keys are distributed randomly in the image displayed by the terminal MT. The user must for example select a candidate by activating a key of the keyboard corresponding to the candidate for which he wishes to vote and enter a secret code by activating a set of keys, allowing the SRV server to authenticate.
    Moreover, the RNG1 module coupled to the encipherment module ENC, made in a scrambled circuit, can also be implemented in an application for establishing a secure communication channel between the processor GP and a secure processor or the server SRV, on the basis of secret data (scrambled random values RN1) shared only by the GP processor and the server, and which is not accessible outside the GP processor and the server. The secure communication channel may be implemented using an encryption algorithm implemented by the GP processor and the SRV server, by using the secret data as an encryption key or by deriving the same encryption key by the GP processor and the encryption key. SRV server. The APG program, APG1 then comprises a decryption module for decrypting data transmitted and encrypted by the server SRV, using the secret data. A procedure analogous to that of FIG. 10 can be implemented, this procedure comprising steps S11 to S30, but having no step S20 for displaying an image, nor steps for determining the secret code SC and comparing this secret code with an expected value.
    The RNG1, ENC and FCC modules can also be implemented to generate and display a one-time code on the DSP screen of the terminal.
    It should be noted that the random numbers at the input of the module KGN for generating the image of the keyboard to be displayed or for generating a single-use code to be displayed can be transmitted by the server SRV to the processor GP by using the secure communication channel such as as previously described.
    It will be apparent to those skilled in the art that the present invention is capable of various alternative embodiments and various applications. In particular, the invention is not limited to an embodiment in the form of scrambled circuits of the RNG1, ENC and FCC modules. Other methods such as program obfuscation methods can be used to mask the operation of programs loaded in the graphics processor, and / or prevent these programs from being modified by an unauthorized person. Such methods are, for example, described in the document "Obfuscating Circuits via Composite-Order Graded Encoding" Benny Applebaumy, Zvika Brakerskiz, IACR-TCC 12/01/2015, or in the document "How to Obfuscate Programs Directly", Joe Zimmerman , IACR, 30/09/2014.
    Furthermore, the display of an image comprising portions consisting of individually refreshed pixel patterns at random times and combining to form an intelligible image by exploiting the persistence of the human visual system constitutes a fully-fledged invention that can be implemented. separately from the method of sharing a secret data.
    权利要求:
    Claims (12)
    [1" id="c-fr-0001]
    A method of sharing a secret data, comprising the steps of: generating in a graphics processor of a terminal (MT) secret data (RN1), encrypting the secret data, and transmitting the encrypted secret data to a processor secure (SRV, SE), characterized in that the steps of generation and encryption of the secret data (RN1) are performed by a scrambled circuit (RNG1, ENC) executed by the graphics processor (GP) and comprising logic gates distributed in several ordered ranks, comprising a first rank gathering logic gates exclusively receiving input values of the scrambled circuit, the logic gates of a certain rank receiving exclusively values from logic gates belonging to lower ranks or values of input to the scrambled circuit, each logic gate being associated with scrambled values representing each possible binary value of each b input and each output bit of the logic gate, each logic gate being associated with a truth table comprising for each possible combination of logic gate entry binary values a value obtained by encrypting the scrambled value representing the output value of the logic gate corresponding to the combination of the input bit values of the logic gate, the execution of the circuit scrambled by the graphics processor comprising the steps of: successively executing the rows of logic gates respecting the order of ranks, the execution of each of the ranks of logic gates consisting in executing all the logic gates of the rank simultaneously, the execution of a logic gate comprising steps of selecting a line of the truth table associated with the logic gate, depending on the scrambled input values of the logic gate, and decryption of the selected line e to obtain a scrambled output value of the logic gate, and transfer the resulting scrambled output values, which are applied to an input of a logic gate of a higher rank, an output memory (VMEM) of the processor graph to an input memory (GMEM) of the graphics processor, so as to be taken into account when executing the higher rank.
    [2" id="c-fr-0002]
    2. The method of claim 1, wherein the secret data (RN1) is generated randomly or pseudo-randomly, the scrambled circuit (RNG1, ENC) comprising a circuit (RNG1) for generating random numbers or pseudo-random.
    [3" id="c-fr-0003]
    3. Method according to one of claims 1 and 2, wherein the secret data (RN1) is generated randomly by simultaneously launching the execution of several identical operations running in parallel, the secret data depending on the order in which end the operations.
    [4" id="c-fr-0004]
    4. Method according to one of claims 1 to 3, wherein the secret data (RN1) is generated using a scrambled circuit (RNG1) configured to generate random or pseudo-random numbers, the scrambled circuit comprising a first row of doors associated with truth tables having identical but differently ordered rows, so as to provide different output data for the same input data, the output data of the row of doors being provided at a rank of doors according to an order in which they are provided by the first row of doors.
    [5" id="c-fr-0005]
    5. Method according to one of claims 1 to 4, wherein the execution of the scrambled circuit is performed by an interpreter itself made at least partly in the form of a scrambled circuit.
    [6" id="c-fr-0006]
    6. Method according to one of claims 1 to 5, comprising a step of establishing a link between the graphics processor (GP) and the secure processor (SRV), the link being secured by means of the secret data (RN1 ) shared only between the graphics processor and the secure processor.
    [7" id="c-fr-0007]
    7. A method for authenticating a user by a server (SRV), from a terminal connected to the server, the terminal (MT) comprising a main processor (HP), a graphics processor (GP) controlling a display screen. display (DSP), and a controller (CM), the method comprising the steps of: loading into the graphics processor a program (RN1, ENC, FCC) configuring the graphics processor to execute the method according to one of the Claims 1 to 6, for generating secret data (RN1) shared only between the graphics processor and the server, and for displaying on the display screen an image (IM) of a keyboard having a defined key distribution and determinable using the shared secret data, executing the program by the graphics processor to generate the shared secret data and display the keyboard image on the display screen, the keyboard image being displayed under the form complementary frames (IM1) not intelligible individually for a user, generated by a visual cryptographic algorithm and displayed successively at a rate adapted to exploit the persistence of the visual system of the user so that an image combining the complementary frames appears d in a manner intelligible to the user, collect by the main processor positions of the display screen (Pos <i>) designated by the user by means of the control member, in relation to the displayed virtual keyboard , transmit by the main processor to the server the positions designated by the user, and check a consistency between the designated positions, and a secret authentication code of the user, known to the server, the user being authenticated if the consistency is verified.
    [8" id="c-fr-0008]
    8. The method of claim 7, wherein the shared secret data (RN1) defines the distribution of the keys of the keyboard image (IM1).
    [9" id="c-fr-0009]
    9. The method of claim 7 or 8, wherein the display of the keyboard image (IM1) comprises: successive steps of selecting a decomposition in complementary pixel patterns for each pixel or group of pixels of the keyboard image, representing key labels of the keyboard, successive steps of generating complementary pixel patterns (EP1, EP2) for each selected decomposition, so that the key labels are visible on the screen; display only if the complementary pixel patterns are superimposed, and successive steps of displaying pixel patterns generated at randomly selected times, spaced by a variable duration such that the human visual system can combine them although they are displayed successively, the instants of displaying the pixel patterns forming a displayed image of the keyboard being distinct and independent of each other. s others.
    [10" id="c-fr-0010]
    The method of claim 9, wherein the display of the keyboard image (IM1) is performed by a scrambled circuit (FCC) executed by the graphics processor (GP).
    [11" id="c-fr-0011]
    Terminal configured to implement the method according to one of claims 1 to 10.
    [12" id="c-fr-0012]
    12. Computer program which, when loaded and executed by a terminal comprising a main processor (HP) and a graphics processor (GP), configures the terminal to implement the method according to one of claims 1 to 10.
    类似技术:
    公开号 | 公开日 | 专利标题
    US10380361B2|2019-08-13|Secure transaction method from a non-secure terminal
    EP3332504B1|2019-10-30|Method for securing a transaction from a non-secure terminal
    US10592651B2|2020-03-17|Visual image authentication
    US20050044395A1|2005-02-24|Secure data input dialogue using visual cryptography
    US10565357B2|2020-02-18|Method for securely transmitting a secret data to a user of a terminal
    CN106575334A|2017-04-19|Accessing a secured software application
    FR3076423A1|2019-07-05|METHOD AND SYSTEM FOR CRYPTOGRAPHIC ACTIVATION OF A PLURALITY OF EQUIPMENT
    US20190050554A1|2019-02-14|Logo image and advertising authentication
    Incze2010|Pixel Sieve method for secret sharing & visual cryptography
    US20190258829A1|2019-08-22|Securely performing a sensitive operation using a non-secure terminal
    US9947009B1|2018-04-17|Method and system for graphic and sonic encryption for securing data and electronic devices
    CN108009418A|2018-05-08|For the method by non-security terminal authentication user
    EP2807793B1|2016-03-30|Method for authenticating a device including a processor and a smart card by pattern generation
    KR101734146B1|2017-05-24|A method for authenticating and a server appratus for processing it
    CN111262852B|2022-02-25|Business card signing and issuing method and system based on block chain
    EP3319002B1|2019-05-22|Method for securely performing a sensitive operation using a non-secure terminal
    JP2011097192A|2011-05-12|Encrypted message transmission device, program, encrypted message transmission method, and authentication system
    WO2021249854A1|2021-12-16|Method for securely acquiring and processing a piece of acquired secret information
    KR20110129068A|2011-12-01|Internet banking transaction system and the method that use maintenance of public security card to be mobile
    EP3319269A1|2018-05-09|Method for securely performing a sensitive operation using a non-secure terminal
    CN112715018A|2021-04-27|Information processing apparatus, information processing method, and program
    GB2526315A|2015-11-25|Security and verification device, method and system
    FR2767240A1|1999-02-12|Electronic signature system for use with computer transmitter documents
    同族专利:
    公开号 | 公开日
    EP3332504B1|2019-10-30|
    WO2017021657A1|2017-02-09|
    FR3039948B1|2017-08-11|
    US20180240100A1|2018-08-23|
    KR20180037254A|2018-04-11|
    EP3332504A1|2018-06-13|
    CN108141350A|2018-06-08|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    WO2012107698A1|2011-02-11|2012-08-16|Jean-Luc Leleu|Secure transaction method from a non-secure terminal|
    WO2014108835A2|2013-01-08|2014-07-17|Bar-Ilan University|A method for providing security using secure computation|EP3528161A1|2018-02-19|2019-08-21|Skeyecode|Method for signing a transaction|US7505604B2|2002-05-20|2009-03-17|Simmonds Precision Prodcuts, Inc.|Method for detection and recognition of fog presence within an aircraft compartment using video images|
    EP2372945A1|2010-03-31|2011-10-05|France Telecom|Secure data transmission method between a set-top box and an interactive service platform|
    FR2959896B1|2010-05-06|2014-03-21|4G Secure|METHOD FOR AUTHENTICATING A USER REQUIRING A TRANSACTION WITH A SERVICE PROVIDER|
    FR2995433B1|2012-09-11|2016-09-02|Arjowiggins Security|METHOD OF AUTHENTICATING A SECURITY ELEMENT BY OVERLAYING COLOR SHARED IMAGES AND SECURITY ELEMENT IMPLEMENTING SAID METHOD|
    US9264899B2|2013-12-19|2016-02-16|Nxp, B.V.|Binding mobile device secure software components to the SIM|TWI634776B|2017-08-04|2018-09-01|飛捷科技股份有限公司|Image display system and image display method of the same|
    US11245680B2|2019-03-01|2022-02-08|Analog Devices, Inc.|Garbled circuit for device authentication|
    US10797866B1|2020-03-30|2020-10-06|Bar-Ilan University|System and method for enforcement of correctness of inputs of multi-party computations|
    法律状态:
    2016-08-18| PLFP| Fee payment|Year of fee payment: 2 |
    2017-02-10| PLSC| Search report ready|Effective date: 20170210 |
    2017-08-17| PLFP| Fee payment|Year of fee payment: 3 |
    2018-08-24| PLFP| Fee payment|Year of fee payment: 4 |
    2019-08-20| PLFP| Fee payment|Year of fee payment: 5 |
    2021-05-07| ST| Notification of lapse|Effective date: 20210405 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1557534A|FR3039948B1|2015-08-04|2015-08-04|METHOD OF SECURING A TRANSACTION FROM AN UNSECURED TERMINAL|FR1557534A| FR3039948B1|2015-08-04|2015-08-04|METHOD OF SECURING A TRANSACTION FROM AN UNSECURED TERMINAL|
    EP16757324.5A| EP3332504B1|2015-08-04|2016-08-03|Method for securing a transaction from a non-secure terminal|
    KR1020187006366A| KR20180037254A|2015-08-04|2016-08-03|How to secure transactions from non-secure terminals|
    CN201680057607.0A| CN108141350A|2015-08-04|2016-08-03|The method of transaction is ensured from non-security terminal|
    PCT/FR2016/052023| WO2017021657A1|2015-08-04|2016-08-03|Method for securing a transaction from a non-secure terminal|
    US15/887,427| US20180240100A1|2015-08-04|2018-02-02|Method for securing a transaction from a non-secure terminal|
    [返回顶部]