Patent Application
20100293376
This application claims the benefit and priority of French Application 09/01849, filed on Apr. 16, 2009, which is incorporated by reference herein.
This invention describes a method and a device for the authentication of a mobile terminal with a remote server of said terminal in a secure manner. It also describes a mobile terminal for the implementation of the method and/or intended to be used in the device. The invention relates to the general technical field of protocols for protecting the authentication of a client mobile terminal with a server, which is part of a communication network. It especially concerns methodes and devices for checking the identity of a client using said so-called challenge/response technique. The invention is preferably applied, but not limited, to the authentication of a client for: opening an instant messaging session on a mobile telephone, activating the functions on a mobile terminal, sending data on a secure communication network (requiring the use of chip cards), etc.
Mobile terminals (like mobile telephones, laptops, PDAs, BlackBerry®) are generally equipped with some functions, which make it possible, for instance, to check mails, open an instant messaging session, communicate on a Blog, transfer secure data, etc. Each of these functions is implemented by a specific computer application (or software) integrated in the mobile terminal. If a user wishes to activate one of these functions, the associated computer application issues an authentication request to the server in advance, which provides the services corresponding to said function. The server will activate the function only once it has identified the user.
The so-called challenge/response authentication technique is well-known to those skilled in the art. Before activating the function, the server sends a challenge to the mobile terminal. The latter must then transmit a response to this/her challenge, which is only known to the client and the server. It is only if the response is correct, that the server authenticates the client and activates the function. A basic example of this so-called challenge/response technique is the identification with a password: the server asks the client for a password associated with an identifier (this is the challenge); the client sends his/her password associated with his/her identifier (this is the response). Each password and each identifier must be stored on the server side. If the password and the identifier match, the server activates the function. The main problem of this trivial identification technique is that a fraudor can easily intercept the password and the identifier and can illegally pretend to be the client.
There is a more complex so-called challenge/response technique called CRAM (“Challenge Response Authentication Mechanism”). The purpose of this CRAM method is to prove one's identity to the server without ever having one's password or identifier transit. Referring to
This CRAM method is especially advantageous, as even if a fraudor intercepts the response R and knows the encoding algorithm, he/she will not be able to find the secret key K, as he will not know the value of the random number n. Similarly, if a fraudor intercepts the challenge Def and thus knows the random number n, he:she will not be able to establish a response, as he/she will not know the value of the secret key K.
However, the efficiency of this CRAM method is limited if the client mobile terminal is stolen. Indeed, in this case, it becomes easy to find the secret key in the application resources. Besides, all the secret keys associated with the clients are to be stored on the server side. Thus, if the server is hacked, all the secret keys can be discovered. In any case, knowing the secret keys is obviously highly prejudicial, as a fraudor can then easily pretend he/she is a client. Other so-called challenge/response techniques have also been described in the patent documents WO 2006/084183 (QUALCOMM), U.S. Pat. No. 6,377,691 (MICROSOFT) or even EP 0.915.590 (PHONE.COM).
Given this situation, the main technical problem that the invention aims at solving is offering a new authentication protocol based on the so-called challenge/response technique using a secret key, since this new authentication protocol is more secure than the previously known protocols, especially the CRAM type ones. Another objective of the invention is to make hacking of a mobile terminal for finding the secret keys more difficult. Yet another objective of the invention is to make hacking of a server for finding the secret keys more difficult.
The invention aims at remedying the problems associated with the technical problems encountered in the securing of communication protocols. More precisely, the invention aims at a method for authenticating a client mobile terminal with a remote server of said terminal, with said server sending a challenge to said mobile terminal in advance, and said mobile terminal having to respond to a challenge by transmitting a response consisting of encoding said challenge combined with a secret key known to both said terminal and server. This method is remarkable in that the secret key is hidden in a media file recorded on the mobile terminal using steganography. This technical solution is especially advantageous, as even if a third person succeeds in hacking the mobile terminal, he/she will find it very difficult to detect the hidden secret key. Indeed, steganography makes it possible to hide the secret key in the media file in such a manner that the presence thereof is imperceptible and thus cannot be detected by a fraudor.
Specifically, the method, which is object of the invention consists in:
One can provide for an initialisation phase consisting in:
In addition to the secret key, the challenge preferably consists of a random number and a time marker, with the generation of the response at the mobile terminal and the standard response at the server consisting in encoding: the secret key, said random number and said time marker using an algorithm known to said server and terminal. There are multiple secret keys for the same user for reinforcing the security of the authentication protocol. To do so:
If there are multiple secret keys, the method advantageously consists in:
One can also provide for an initialisation phase consisting in:
In addition to the index, the challenge advantageously consists of a random number and a time marker, with the generation of the response at the mobile terminal and the standard response at the server consisting in encoding: the secret key associated with the index, said random number and said time marker using an algorithm known to said server and terminal. The media file is preferably an image, audio or video file, which is part of the resources of the computer application downloaded on the mobile terminal.
The media file including the secret key or the table is preferably recorded in the memory of the server in such a manner that if a third person succeeds in hacking said server, it will be very difficult, or even impossible for him/her to detect the hidden secret key(s). If there is only one secret key, before generating the standard response, the server extracts the secret key from the media file recorded in its memory by executing a reverse steganography algorithm. If there is a secret keys table, before generating the standard response, the server extracts the table from the media file recorded in its memory by executing a reverse steganography algorithm, and then extracts the secret key associated with the index from said table. Preferably, the encoding algorithm, which makes it possible to generate the response at the mobile terminal and the standard response at the server, is a coding and encryption algorithm, which integrates a hashing function.
Another aspect of the invention is a device for authenticating a client mobile terminal with a remote server of said terminal, with said server sending a challenge to said mobile terminal in advance, with said mobile terminal being configured to respond to the challenge by transmitting a response consisting in encoding said challenge combined with a secret key known to both said terminal and server. This device is remarkable in that the secret key is hidden in a media file recorded on the mobile terminal using steganography.
There are several secret keys for the same user for reinforcing the security of the authentication device.
In the latter case, it is advantageous if the mobile terminal comprises a processor configured to:
The server preferably comprises of a processor configured to:
Other characteristics and advantages of the invention will be revealed upon reading the description given below, with reference to the appended figures, which illustrate:
The aforementioned
For more clarity, identical or similar elements are marked by identical reference signs on all the figures.
The authentication method which is object of the invention calls upon at least one client mobile terminal TM and one remote server S of said terminal. The client mobile terminal TM can be a mobile telephone, a laptop, a personal digital assistant (PDA) type of device or any other mobile communication terminal (BlackBerry®, . . . ). The mobile terminal TM is configured to connect with a communication network, preferably MSM®, Jabber®, Yahoo!®, etc. type of mobile telephone networks.
In a manner that is well known to those who are skilled in the art, it is equipped with a processor, configured to execute one or more programmes, sub-programmes, microprogrammes or all other types of equivalent software, so as to manage the different steps of the challenge/response type of authentication protocol, which will be described in detail later. The mobile terminal TM also has a certain number of built-in computer applications (programmes, sub-programmes, microprogrammes, . . . ), for implementing the various functions integrated therein: mails, blog, instant messaging, secure data transfer, etc.
The server S is, preferably but not exclusively, a virtual server (or “gateway”) comprising a computer or a computer programme configured to provide certain functions (mails, blog, . . . ) and instant messaging services, in particular, to client mobile terminals TM connected thereto. The server S is preferably associated with different instant messaging communities. It is connected to a communication network (MSM®, Jabber®, Yahoo!®, or other) usually used to implement the various aforementioned functions.
In a well-known manner, this server S is equipped with a processor configured to execute one or more programmes, sub-programmes, microprogrammes or all other types of equivalent software, so as to manage the different steps of the challenge/response type of authentication protocol, which will be described in detail later. The authentication protocol implemented in this invention is based on the challenge/response principle: the server S and the mobile terminal TM share the knowledge of at least one secret key Ki and a computation algorithm Enc of a response R, R′ to a challenge Def. The computation algorithm Enc can be public, i.e. known to everyone. The secret key Ki and the computational function Enc are integrated in the resources of the mobile terminal TM and the server S.
Referring to
Before activating the function(s), the server S must authenticate the mobile terminal TM. To do so, it sends a challenge signal Def to the mobile terminal TM. The latter is issued on the transmission channel (or another channel) linking the mobile terminal TM to the server S. The challenge Def mainly includes a random number n.
In practice, this number n is a hexadecimal integer in several bits generated by a pseudo-random number generator (PNRG) integrated in the server S. The challenge can also include a time marker t. For example, it is possible to implement the marker t as a hexadecimal number incremented each time a request Req is accepted (thus changing with time).
However, other techniques are known to the persons skilled in the art for implementing the marker t. In practice the time marker t corresponds to the date of creation of the random number n. The number n and the marker t are used to increase the entropy (difficulty of falsification) of the challenge Def.
In order to be authenticated, the mobile terminal TM must respond to the challenge Def by transmitting a response R consisting in encoding the challenge Def combined with a secret key Ki known to said terminal as well as to the server S. According to a first embodiment of the invention shown in
In this invention, the secret key Ki is advantageously presented in the form of a hexadecimal number in multiple bits. The media file MS is generally a binary file, which is part of the resources of the computer application, associated with a function loaded in the mobile terminal TM. In practice, it involves an image file (JPEG, MPEG, etc.), an audio file (MP3, etc.) or a video file (MPEG2, MPEG 4, etc.). for example it can be a wallpaper, an audio or video welcome message. The case where the secret key Ki is hidden in a JPEG or MPEG image is illustrated in
The steganography algorithm AS used preferentially is of the type using the LSB (Least Significant Bit) technique. This algorithm consists in replacing the low order bits of the bytes coding the light intensity of the image pixels by the bits of the secret key. By modifying a low order bit, it is possible to slightly modify the light intensity or the shade of a pixel of the image.
This slight modification is imperceptible to the human eye and not detected when all the bytes coding the light intensity of the image pixels are analysed. For example, if the light intensity of the image pixels is coded by the following bytes: 001-000-100-110-101 and the secret key Ki matches number: 11111, then the modified image will be coded by the following bytes: 001-001-101-111-101.
The same steganography algorithm can be used for hiding the secret key Ki in a video file. In an audio file, the information can be hidden in imperceptible variations of the sound coded with least significant bits. Naturally, any other steganography algorithm suitable to the person skilled in the art can be used.
The media file MS in which the secret key Ki is hidden, is stored in a memory area of the mobile terminal TM. This media file MS can be recorded as soon as the mobile terminal TM is designed but has preferably been downloaded during an initialisation phase shown in
When the server S receives this initial request Reqinit, it authenticates the password and generates the secret key Ki. Then the server S applies a steganography algorithm ASPWD bootstrapped by the password PWD, to hide the secret key Ki in a media file MS, which is preferably part of the resources of the computer application. The steganography algorithm ASPWD is specific to each password and thus to each client. Then the server S transfers the resources of the computer application, including the media file MS containing the secret key Ki to the mobile terminal TM. Even if the media file MS is intercepted by a fraudor during the transmission thereof to the mobile terminal TM, the fraudor will practically have no chance to detect the secret key Ki. Only the secret key Ki can be stored on the server S side. However, in order to optimise the security of the method which is subject of the invention, the media file MS containing the secret key Ki is preferably recorded in the memory of the server S.
Referring to
According to a second embodiment of the invention shown in
The media file MS can be recorded as soon as the mobile terminal TM is designed but has preferably been downloaded during an initialisation phase shown in
Referring to
This reverse steganography algorithm ASPWD can be installed in the mobile terminal TM soon after its conception or, preferably, is part of the resources downloaded during the initialisation phase. After analysing the index i received with the challenge Def, the secret key Ki associated with said index is then extracted from the table TKi. A response R to the challenge Def is then generated, with said response consisting in encoding the secret key Ki thus extracted and possibly the random number n and the time marker t using an encoding algorithm Enc known to the server S and the mobile terminal TM. At the same time, the server S generates a standard response R′ consisting in encoding the challenge Def combined with the secret key Ki, and possibly the random number n and the time marker t using the same encoding algorithm Enc.
If the media file MS including the table TKi is recorded in the memory of the server S, the latter pre-extracts said table from the file by executing the reverse steganography algorithm ASPWD matching the password PWD, then extracts the secret key Ki associated with the index i from the table. After having generated its response R, the mobile terminal TM transmits it to the server S. The latter compares the response R received with the standard response R′. If the response R matches the standard response R′, the mobile terminal TM is authenticated and the server S can activate the functions desired by the client. If not so, an error message can be sent by the server S to the mobile terminal TM.
The encoding algorithm Enc, which makes it possible to generate the response R at the mobile terminal TM and the standard response R′ at the server S, is a coding or encryption algorithm, preferably a coding algorithm (used for the transfer) combined with an encryption (encyphering) and including a hashing function. The hashing function makes it possible to increase the entropy of the responses R, R′ to the challenge Def. In practice, the algorithm used is the combination of an encryption/hashing algorithm (for example of MD5, MD6, SHA-1, SHA-2 type) or changes in the latter, with an encoding algorithm (for example in Base64). The Response R or R′ can, for example, be calculated using the following formula: R or R′=Base64[SHA-256(n+t+Ki)]
| Number | Date | Country | Kind |
|---|---|---|---|
| 0901849 | Apr 2009 | FR | national |
