FR3038759A1 - ENCRYPTION WITH EMBARKED GEOLOCATION - Google Patents

Abstract

The present invention relates to a method for dynamic and random encryption and decryption of data providing an infinite combination number which is unique to each user and to each request not involving a Boolean function or a key exchange, the message to encrypting as part of the encryption mechanism and carrying an ID, GPS position data with a correlation function having the value of repudiation and operating under a Client / Server architecture. In the current state of the art, a reverse engineering is impossible because it does not use a mathematical formula, equation, or number to factorize and it removes all these potential weaknesses. Our encryption is suitable for any application running in a client-server environment that carries alphanumeric data whose integrity and confidentiality must be preserved. Example of use: payment management, remote access management, instant messaging ...

Description

Description of the invention

A method for dynamic and random encryption and decryption of data offering an infinite number of combinations that is unique to each user who does not use a Boolean function or a key exchange and carries an ID, GPS position data with a function correlation with repudiation value and operating under a Client / Server architecture.

Technical field: Any application operating in a client-server environment carrying alphanumeric data whose integrity and confidentiality must be preserved.

PRIOR ART: There are several types of encryption such as the Caesar figure, the ROT13 (Encryption used by Unix systems) and the Vigenère figure which have the same characteristic of being based on character movements, each being substituted by another.

Vigenère encryption is a symmetric cryptosystem that uses the same key for encryption and decryption. It is very similar to Caesar's encryption, with the difference that it uses a longer key to overcome the main problem of Caesar's number: The same letter is coded in one way only. This encryption uses a substitution table.

The encryption of ROT13 is used in the Unix world and like the César figure it replaces; a letter by another letter with a shift of 13 letters which presents no security.

The only thing we have in common with these 3 encryptions is the character substitution.

The DES (Data Encryptions Standard) is a secret key algorithm that works with a 64-bit key and uses a Boolean function. It is a 64-bit symmetric block cipher system with 8 bits (one byte) serving as a parity test (to check the integrity of the key). Each parity bit of the key (1 every 8 bits) is used to test one of the bytes of the key, i.e. each of the parity bits is adjusted to have an odd number of '1' in the byte he belongs to. The key therefore has a "useful" length of 56 bits, which means that only 56 bits actually serve in the algorithm. The algorithm consists of making combinations, substitutions and permutations between the text to be encrypted and the key, by ensuring that these operations can be done in both directions (for decryption). The key is 64-bit coded and consists of 16 4-bit blocks, but "only" 56 bits are actually used to encrypt.

The main lines of the algorithm are as follows: • Splitting text into 64-bit blocks (8 bytes) • Initial block switching • Split blocks into two parts: left and right • 16-fold permutation and substitution steps • Replacement of the left and right parts to their original position. • Initial inverse permutation.

The 3DES, is more complex than the DES in that it results from the sequence of three successive DES but it uses for that two different secret keys to reinforce the initial security of DES. All these encryptions DES, 3DES, call block permutations then bit by bit and a Boolean function combined with one or two secret keys with a round.

We have in common with the DES and the 3DES, the random generation of tables allowing the swapping from bit to bit.

As for other known encryptions such as RSA, PGP, AES we do not use any of their techniques.

We searched for a criterion with the keywords "encryption? And (database") and we found 89. Of these 89 results, none have anything in common other than those already mentioned above.

Presentation of the invention

Technical Issue: The shift ciphers offer no security, once guessed the offset between 1 and 26 the message can be decrypted because it is easy to find this shift. There is an encryption belonging to a symmetric cryptosystem that uses the same key for encryption and decryption, it looks a lot like offset encryption except that it uses a longer key and uses a substitution array. There are secret key algorithms that work with a 64-bit key and use a Boolean function. The algorithm consists of making combinations, substitutions and permutations between the text to be encrypted and the key, by ensuring that these operations can be done in both directions (for decryption). Some uses successive sequences with two different secret keys to reinforce the initial security. Cryptanalysis by differential remains possible to find the secret key in the case of these encryptions with delays more or less long. There are some encryptions using some asymmetric algorithm using either a private key and a public created by the user with public key communication for decryption, or a secret key. Others are GPG encryption (Gnu Privacy Guard) encryption. Any of these encryptions mentioned above security lies in the computing power necessary for decryption or in the preservation of the secret of the private key.

Technical Solution: If our encryption uses character substitution and random generation of tables allowing bit-to-bit swapping, it does not use a secret key and the tables and methods used for encryption and decryption are defined in a completely random way without key and without human intervention and unique to each user. The number of combinations is infinite is in the current state of the art it remains impossible to decrypt. Finally, it makes it possible to use the correlation of a GPS position as a repudiation factor.

Description of the drawings:

Figure 1: Example of Using Encryption in an Access Management

Figure 2: Example Extended Ascii Table

Figure 3: Example array with extended Ascii characters

Figure 4: Table used for example of encryption Detailed description of the invention:

Our encryption works under a Client / Server architecture, it is based on an encryption algorithm that does not use a Boolean function or a key exchange. Its encryption combines character substitution and bit-to-bit permutation on 8, 16 and 32-bit blocks in a totally random and unique random way for each user. It allows you to carry an ID and GPS position data with a correlation function that has the value of repudiation.

First, we use a reference table consisting of all upper and lower case alphabets and all symbols and numbers in a pre-defined order.

We then generate other substitution arrays randomly. These will be used to substitute characters with other alphanumeric characters, special characters or symbols. This encryption requires at least 4 substitution tables, 3 permutation tables and 1 correspondence table.

Counters constantly running and stopped at different times make it possible to randomly determine the methods defining the sequence in which these tables will be used as well as the percentage of splitting of the string of characters. This splitting on the one hand, to increase the level of encryption and on the other hand, to integrate at the junction of the two blocks the unique ID with the GPS coordinates and the method used at time t. Each character converted to binary defines the table changes. This is how the choice of substitution tables is made in a totally random way. It follows then a series of permutation bit by bit through three tables: o an 8-bit o a 16-bit o a 32-bit

At the same time, we use both concepts, where the tables used are chosen in a completely random way and where each message that must be encrypted is part of the encryption mechanism, which makes it unique to each user and each request.

This gives us an infinite number of possible combinations for a single character, both by combined character substitution and by bit-to-bit permutation, which is done through several substitution and permutation arrays and knowing that these arrays and the order in which they are used is totally random.

Our encryption has several independent authentication factors that are a unique ID, unique encryption for each ID, geolocation coordinates that provide a repudiation function, and ensure that the only person authorized to decrypt is the person who initiated the request. .

Encryption technique:

encryption:

Loading tables

We chose to use, for interoperability reasons, a table with the characters of an extended ASCII array containing subsets of the ASCII character set whose characters are encoded on 8 bits. It must include the entire alphabet, capital letters and lowercase letters with the most used symbols taking into account the usual languages (Latin, Chinese, etc.).

However, we could have used Unicode or ASCII or other tables. The important thing is to have an identical encoding on the client side and server side as well as tables with the same number of columns and rows (in our example 14X14). By default, the Client application embeds an array with extended ASCII characters (Figure 2). This table will be the reference table. At the first launch of the application a series of 8 tables is loaded (4 substitution tables (Figure 4), 3 permutation tables, 1 table of correspondence).

These tables will have a lease at the end of which an update will be made to load new tables. This lease will be configurable according to the expected level of security. Whatever the origin of the request (Initialization of the application or Update) the method of loading the tables remains the same. The selection of the tables is done on the server side by a counter. This counter will rotate between values from 1 to 99.

Example:

For (i = 1; i <= 99; i ++)

The limit can be increased according to the number of tables generated in base. An adaptation of the meter is to be considered according to the number of tables.

In our example we use 99 arrays for substitution, 0 being the original array up to array 99, 99 permutation arrays and 99 correlation tables. The initialization of the counter will be done at the value 1 in order to avoid that the reference table is selected to perform the substitution. It will stop 8 times thus selecting the number of the 4 substitution tables, 3 permutation tables and the table of correspondence.

Example:

Substitution Tables: 12 37 04 93 Switching Tables: 4168 11 Correlation Table: 28

Once the number of each table is recovered, these numbers are added in base and associated with the unique ID of the application. These tables will then be assigned an index ranging from tsl to ts4 for the substitution tables and from tpi to tp3 for the permutation tables. It is these indexes and not the number of the tables that will then be used by the client-side application and therefore no array number will pass on the Net. Thus we will find the following indexes attributed to each table.

Substitution tables: tsl -12 ts2 - 37 ts3 - 04 ts4 - 93

Switch Tables: tpi-41 tp2 - 68 tp3 -11

The substitution tables (Figure 4) will contain the same characters as the reference table (Figure 2) but in the disorder or other characters not used in the example reference table (Figure 3)

The permutation tables (Detail 1) Detail 1:

Table of permutation 8bits = 54678213

16bits permutation table = 12 9 4 6 16 10 2 8 15 11413 3 5 7 11

Switching table 32bits = 19 7 4 15 31 119 30 2116 14 29 126 8 18 25 5 3 12 17 22 27 23 24 32 2 6 10 13 20 28

The correspondence table (Detail 2) will be used to add, once again, a random additional complexity factor by forcing the substitution and permutation process not to use the different tables in the order established by the counters. The correspondence table will be loaded into the application at initialization and will be linked to this application by its unique ID in server-side database. This table will also be updated at the end of the lease. Detail 2: Correlation table

Tp: Method applied to permutation tables Ts: Method applied to substitution tables

Transforming the string into binary 4 storing the binary string The string is simply transformed into binary. Example for the string "Socryptic" (Detail 3): Detail 3:

01010011011011110110001101110010 0111100101110000 01110100 01101001 01100011

Stopping the Second Counter Determining the Method Storage Methods This counter runs continuously and will be stopped twice giving us the substitution method and permutation method used. The choice of a counter compared to a random function was done to increase the factor "chance". A random function that can be potentially predictable. This counter will rotate between the values of 0 to 5 in this example, knowing that the number of methods is directly related to the number of tables used.

Once these values are stored they will be correlated with the correspondence table (Detail 2). The two digits thus selected will correspond to the substitution method for the first and the permutation method for the second.

Example: Substitution method: 3

Switching method: Ο

Stopping the third counter determining the percentage of position of the "key" + storing the percentage

This meter runs continuously and will not be stopped until this step. This counter will rotate between values from 1 to 99. For each use this percentage will be different with an always different key position. The final string will therefore never have the same form and it will be easy to confuse a character substituted for unfound rotation or even the matching method. Which complicates the reverse engineering maneuvers.

Character String Encryption by Substitution Arrays Once this information has been gathered, the encryption sequence can begin. To make the set of substitution tables corresponding to the unique ID of the application will be loaded. At this moment the first result of the first counter is retrieved and will make it possible to determine in which order the tables will be used using the method and the correspondence table (Detail 2). The first value reported is 3 which corresponds to method 4. Method 4 will use the substitution tables in the following order: tsl.ts3.ts4.ts2

The process of using these tables works as follows:

The reference table will be used to determine the position of the substituted letters on each of the substitution tables by superimposing these tables on the reference table.

The four substitution tables (Figure 4) will be placed in a circle, each position will represent% of turn around this circle. Represented by 1 cardinal points this would give us: NORD: 1st table of the EST method: 2nd table of the SOUTH method: 3rd table of the WEST method: 4th table of the method

Using method 4, associated with the list of tables defined earlier, would give us the example Figure 4.

Once the position of the tables established we recover the rotation sequence previously extracted (Detail 3). It has been defined that a rotation bit equal to 0 will use the table set% of revolution to the right relative to the current position and a rotation bit equal to 1 will use the array positioned% of revolution to the left relative to the current position, j

In initial position we can see that it is table 12 (tsl) which will be superimposed first on the reference table (Figure 4). The "S" of the string "Socryptic" will then be given the character ":" (in Black in Figure 4).

By repeating the detail 3 it will give us the following sequence of rotation: 1 the table does not undergo any rotation (never of rotation on the first character). 1 the board is rotated a quarter of a turn to the left (Table 37) 1 the board is rotated a quarter of a turn to the left (Table 93) _ 0 the board rotates a quarter of a turn turn to the right (Table 37) 1 the table is rotated a quarter of a turn to the left (Table 93) _ 0 the table is rotated a quarter of a turn to the right (Table 37) _ 0 on table is rotated a quarter of a turn to the right (Table 12) 1 the table sulpit rotated a quarter of a turn to the left (Table 37) _ 1 the table sulpit rotated a quarter of a turn to the left (Table 93)

The first bit "linked rotation is considered to be the initial position and will not be rotated.

Once the "S substituted the first bit is consumed, the second is then used (Bit 1: It is the table 37 which is found now superimposed on the reference table) It is the turn of the character" o "to be substituted by the character "-f-". The next rotation bit is again 1, new rotation of 1/4 turn to the left, the table 93 is superimposed on the reference table. The character "c" is then substituted by the character "=". Then bit 0 repositions table 37 on the reference table. The character "f" is positioned above the "r" and so on. The string "Socryptic" is substituted by the following characters:

Socryptic: -f = f n -L | a j =

Integration of the "rotation" sequence

Once the substitution sequence has been carried out, the rotation sequence is added to it.

The rotation sequence is determined with respect to the string of characters, which makes it unpredictable (indeed it is only after the decrypted string that we can know the rotation sequence).

Once the string is transformed into binary each of the bit queries of each character is extracted.

In our example the characters are encoded on 8 bits. Socryptic bits 8,16, 24, 32,40, 48, 56, 64, 72 will therefore be our rotation sequence.

This sequence will be inserted between the substituted characters (all even characters starting at the beginning of the string).

Example:: 1 -f 1 = 1 f 0 h 1 -10 10 a 1 = 1

The number of characters used (9) for this sequence is then recorded to be later integrated into the chain.

Integration of the "key" including method and application ID Once the rotation sequence is integrated the number of characters is counted (in our example 18: 9 letters for "Socryptic" + 9 characters designating the bits of rotation) .

The percentage of positioning of the "key" previously generated by the second counter is then recovered (for example 54). A calculation is then made, determining the 54% of 18: (18x54) / 100 = 9.72

Rounded up to 10. The "key" will therefore be positioned from the tenth character.

The "key" is composed of the number of the method and the application ID.

In our example, the first counter returns 3 which corresponds to method 4 on the correspondence table. The number 3 is then added in eleventh position. This eleventh character will be followed by ten other digits corresponding to the unique ID of the application. Example:: 1 -) - 1 = lf On 13245824755 l ^ OiOâ 1 = 1 Percentage integration

The percentage is then positioned at the beginning of the chain. Example: 54: 1- | -I = lf0nl3245824755 1-J-Oj | 0a 1 = 1 Integration of geolocation data

The geolocation data sent by the customer during his request are then extracted from the database and added to the chain by being separated from the rest of the chain by a special character having no correspondence in the tables according to the encoding used. In our example we will use the character "O".

Example:

Address of the customer geolpcalisation "123 avenue de la somme 33000 bordeaux": • Latitude: 44.9091576 • Longitude: -0.5152832 54: 1- | -I = lf0nl32458247551-L0 | 0 to 1 = 1 ô 44.9091576 ô -0.5152832 Integration of the bit number of the "rotation" sequence

The number of bits used (9) is then added at the end of this string and separated from the rest by a new character "ô".

Example: 54: l + l = lf0nl32458247551J-0 | j 0 a 1 = 1 ô 44.9091576 ô -0.5152832 ô 9 Encryption by permutation tables

Once all the information integrated in the chain, it is transformed into binary. Example: 00110101 00110100 00111010 0011000110111100 001100010011110100110001 01100110 00110000 11110001 00110001 0011001100110010 00110100 00110101 00111000 00110010 00110100 00110111 0011010100110101 0011000110110100 00110000 10010001 00110000 11100100 00110001 00111101 0011000111110000 00110100 00110100 00101110 00111001 00110000 00111001 0011000100110101 0011011100110110 11110000 00101101 00110000 00101110 0011010100110001 00110101 00110010 00111000 00110011 00110010 11110000 00111001

We then calculate if the total number of bits is a multiple of 32. If this number is not multiple of 32, we add a special character that will be reserved only for this operation. This character will be reserved for this use. In our example the different data (including the percentage, the substituted string, its interleaved rotation sequence, the method and unique HD positioned at the junction determined by the percentage, the special character of separation "ô", the latitude, the special character separation of the blocks "ô", the longitude, the special character of separation of the blocks "ô", the number of bits of rotation) gives us 440 bits which is not multiple of 32. This obliges us therefore to add for this example the special character "®", which will serve us as an index to determine all the bits that have been added in order to obtain the next multiple number of 32 bits. In our example the next multiple is 448, which gives us 440 bits + 8 bits (special character "®"). If we had a total of 432 bits we would have been forced to add the '®' character followed by 8 zeros. In the process of decrypting the character "®" will be searched and everything after this character will be deleted including the character. Once the chain is complete, the permutation tables (Detail 1) will intervene. They will allow to reassign a different position to each bit. This operation will be performed successively by block of 8, 16 or 32 bits. The order in which the 8,16, 32-bit sequences will be determined by the permutation method extracted from the correspondence table (Detail 2).

In our example, the number returned by the counter is 0 which indicates that the method 1 of permutation will be used. That is, tpi, tp2 then tp3.

Example: The first 8 bits are 00110101

Tpi gives us the fifth bit in position 1 the fourth bit in position 2 the sixth bit in position 3 is so on which gives us: 00110101 i -_- C> 01101001

After swapping our first 8-bit block we get 01101001

This operation continues until the end of the bit string in 8-bit blocks.

By following method 1, the next array used is tp2, which is a 16-bit permutation table with the same permutation principle, but this time on 16-bit blocks. Ditto for the table tp3 which is a table of 32 bit and thus one will apply permutations on blocks of 32 bit.

Adding the transaction ID The transaction ID is then added to the end of the swapped chain. This ID presents no security risk insofar as it is strictly associated with the unique ID of the application as well as geo-location data already permuted and that it has a single use over a given time. It is composed of 10 characters. Therefore it is impossible to reuse this ID from another application being at the same GPS position, where from a clone of the application at a different GPS position.

Example:

Adding the method

Once the transaction ID is added the number of the method will be positioned at the end of the string. It is also single-use and linked to the transaction ID and by dependence on the other two authentication factors, it presents no risk to be intercepted. Example:

Sending the request

The following request is then sent to the client: Decryption: Recovery of geolocation data Upon receipt of the request the geolocation system is requested. The data then reassembled are stored.

Extraction of the permutation / storage method of the permutation method The retrieved string is then of this form:

The permutation method is at this moment the last digit of the string. It is then extracted and will be correlated with the correspondence table (Detail 2) loaded into the application at initialization. The number 0 corresponding to the method 1, the order of use is then recorded, tpi, tp2, tp3

Extraction of transaction ID 4 storage of transaction ID The transaction ID is then retrieved and compared to the transaction ID issued at the initial request. Two possible solutions:

The two IDs do not match. The request may have been intercepted and the original transaction ID must have been generated. Decryption can not go further The two IDs match. Decryption by permutation tables can begin. Decryption by permutation tables thanks to the method

For decryption to occur, it is imperative to reverse the order of permutation tables. By going from the last swap table used to the first one.

In our example we used tpi, tp2, tp3 which gives us therefore to; decryption tp3, tp2, tpi

This permutation allows us to recover the following string:: H: i-ff = §f | h | f§24582475 5 1-L0 10 to 1 = 1 ô 44.9091576 ô -0.5152832 ô 9® We delete the character ® that served us both to complete the total string in binary to the nearest multiple of 32 and separator character as explained: previously in the encryption sequence.

What now gives us: 54: ï - (- | = lf | ni | 2458247551 - * - 0 | Oal = l0 44.9091576 ô -0.5152832 ô 9 Extract the number of bits used for the "rotation" sequence

The last block of this string from the unrecognized character (ô) is extracted. | In our example, this block only consists of the number 9. This number corresponds to the number of characters used for the rotation sequence. We then obtain the following string: 54: l-fl = lfOnll2458247551-L0 10 to 1 = 1 ô 44.9091576 ô -0.5152832 Verification of the geolocation data

The geolocation data is extracted. These data are identified by the unrecognized character (ô). 2 possible solutions:

The data retrieved in the query does not match the data just retrieved in the first step of this sequence: Potential Attempt of Man in The Middle. Since the receiver of the identifiers is not in the same position as the initiator having initiated the connection, the decryption by the substitution tables is then rejected.

The data retrieved in the request corresponds to the data just recovered in the first step of this sequence. The validation is done. The receiver: identifiers being in the same position as the applicant. Decryption by substitution arrays can begin.

Once the validation is complete, the geolocation data is deleted. We get the following string: 54: l-j-3, = | f | hf | 2458247551 - ^ - 0 | Θ a 1 = 1 Extraction of the percentage of positioning of the "key"

The percentage is then extracted. It will tell us where the substitution method and the unique ID of the application are.

Once this figure is extracted from the string we get the following string:: 1 + | = IfOn 112458 247 5 5 lJ-QlOa 1 = 1

Extract substitution method and transaction ID We count the remaining number of characters (29).

Since the method represents only one character and the application ID is 10 characters, a subtraction is made of 11. 29-11 = 18

A calculation of 54% of 18 is then made: (18X54) / 100 = 9.72

Rounded to the higher value, this gives 10. The "key" will therefore be found from character 11 to 21. This number series is extracted and separated. The first character corresponding to the substitution method and the next ten to the application ID.

We get the following string:: | + l = lf0n l-L0S.0al = -i

Extraction of Ig rotation sequence It is the turn of the rotation sequence to be extracted. The number of rotation bits that were retrieved before (9)

An extraction is then made of the first 9 even bits.

The next chain! appears:: + = f fi i | i a = Decryption by substitution arrays The application will now use its substitution arrays that have been downloaded on initialization on the server. Client side these tables are numbered tsl, ts2, ts3, ts4. The substitution method is then retrieved. This value is then correlated with the correspondence table (Detail 2): 1 Method 4 ^ tsl.ts3.ts4.ts2

The tables then take their initial position: NORD: 1st table of the EST method: 2nd table of the SOUTH method: 3rd table of the WEST method: 4th table of the method

The decryption sequence by the substitution arrays begins.

The first character ":" in Table 1 (12 in Figure 4) corresponds to the character "S" on the reference table.

The rotation sequence is then called. _ 1 the table is not rotated (never rotated on the first character). 1 the board is rotated a quarter of a turn to the left (Table 2) 1 the board rotates a quarter of a turn to the left (Table 4) _ 0 the board rotates a quarter of a turn turn to the right (Table 2) _ 1 the board is rotated a quarter of a turn to the left (Table 4) _ 0 the board is rotated a quarter of a turn to the right (Table 2) _ 0 the board is rotated a quarter of a turn to the right (Table 1) _ 1 the board rotates a quarter of a turn to the left (Table 2) _ 1 the board rotates a quarter of a turn turn to the left (Table 4)

The first bit is extracted without being rotated. The second bit is at 1 the table ts2 is then superimposed on the reference table. The character "- | -" corresponds to "o" on the reference table. The third bit is 1, a rotation is again made to the left. It is then the array ts4 which is used to decrypt the character "=". It is located at the same position as the character "c" which is then recovered. Fourth bit at 0, rotation to the right, it is again the table ts2 which is used to substitute the character "f" by the character "r". And so on. We then get the following character string::: -f = f η -1- § | a =

Socryptic

Authentication on the resource B Upon receipt of the identifiers the user to 5 minutes to log otherwise these identifiers are removed from the LDAP database. They will also be deleted from the server-side database during a next identifier request and replaced by the new generated ones.

Example of use of encryption, we will take the management of a remote access:

Client A (Figure 1) wants to access the DATA server via Resource B (Figure 1). For this he will get login credentials that he will be the only one to read.

It uses smartphone (Figure 1) on which a remote access management application has been previously installed from a platform (google play, Apps store, Blackberry, etc.) This application will be developed to recover: ΓΙΜΕΙ the phone, the mobile phone number used (smartphone, tablet ...), latitude / longitude geolocation coordinates.

But also developed to integrate a personal authentication function (pin code, biometrics, etc ...). This data, with the exception of geolocation, will be used to establish the unique ID of the application that will be generated during the installation. This ID will be sent to the database when initializing the application with the server (first login).

This ID will be concatenated with the substitution method used to give a specific key to each transaction that will be present in each encrypted message and which will also be associated with the geolocation.

The client authenticates to launch the application (pin code, biometrics ...)

Once authenticated the application sends a request to the server (S Figure). This request will contain the phone number, ΓΙΜΕΙ (or serial number of the processor) and the unique ID of the application. At this time two solutions are possible: The ID exists in the database and it is well linked to the content in the request, the sequence of generation of identifiers can then begin. The ID does not exist in the database. In this case where the server does not find a correspondence between these different data, it will create a new entry composed of: Phone number, IMEI, ID of the application

Once the entry made the server requests the identity of the person (Name and Surname), these data have no added value in terms of security but will allow to associate the various data to a person (during a call from the user to the support for example).

Once the identity is registered in the database a series of 8 tables (4 substitution tables (Figure 4) + 3 permutation tables + 1 correspondence table) will be randomly selected in the database and sent to the client in order to to be loaded into the application. The ID of each of these tables will then be associated with the unique ID of the application in the database. They will also be assigned a tsl, ts2, ts3, ts4 index for the substitution tables and tpi to tp3 for the three permutation tables and 1 for the correspondence table. So if the application is attacked and the attacker is in possession of all the tables (substitution, permutation, correspondence), it will be impossible for them to correlate them.

This request initialization exchange will be done via SSL and will be secured by both the SSL connection and a lease giving a random lifetime to the various tables ranging from 1 day, 1 week, 1 month ... At the end from this lease an update of the application will be requested by the Server. This update will use the same steps as initialization for generating tables. The sending to the client will be at the initiative of the server. The application is now ready to work with encryption. The user already logged on his application makes an identifier generation request to access the data server via the resource B (Figure 1)

This request will contain: • The unique ID of the application • The transaction ID • The geolocation data Upon receipt, the server retrieves the transaction ID that is associated with the data base to the unique ID and retrieves the data. geolocation data for exploitation.

The generation of identifiers required to access the data server via resource B Figure 1 (login, password) is then made and associated with the unique ID of the application and the transaction ID. These identifiers are then registered in the LDAP database managing the identities and they will only be valid for a single connection.

If no connection has taken place with these identifiers within 5 minutes (duration: determined according to the security level) after sending the request they will be deleted. ; The identifiers are then encrypted as described above in the technique of: encryption.

Here is the example of a synthetic sequence: • Transformation of the string into binary storage of the binary string • Stopping of the first counter determining the methods - storage of the methods • Stopping of the second counter determining the percentage of position of the " Key »Percentage Storage • Character String Encryption by Substitution Arrays • Integration of" Rotation "Sequence • Integration of" Key "including Substitution Method and Application ID • Percentage Integration positioning of the "key" • Integration of the geolocation data • Integration of the number of bits of the "rotation" sequence • Encryption by the permutation tables • Addition of the transaction ID • Addition of the permutation method • Sending of the request Upon receipt of the request the client will proceed to decryption as described above in the technical Encryption according to the following synthetic sequence: • Retrieval of geolocation data by the customer's integrated system • Retrieval of the permutation storage method of the permutation method • Extraction of transaction ID storage transaction ID • Decryption by permutation tables thanks to the method • Extraction of the number of bits used for the "rotation" sequence • Verification of the geolocation data from which 2 possible solutions:

The data retrieved in the request does not correspond to the data that was just retrieved in the first step of this sequence (potential attempt of Man in The middle). This implies that the receiver of the identifiers is not in the same position as the applicant and decryption by the substitution tables is then rejected.

The data retrieved in the request corresponds to the data just recovered in the first step of this sequence. The validation is done. The receiver of the identifiers being in the same position as the applicant. Decryption by substitution arrays can begin. • Extraction of the percentage of positioning of the "key" • Extraction of the substitution method and the application ID • Extraction of the rotation sequence • Decryption by the substitution tables. The user is now in possession of the identifiers he has requested to access the data server via the resource B (Figure 1). The user then has a delay, time allowed to access the data server via the resource B (Figure 1) using the temporary login and password provided by the server (S). In the authentication of the client A on the resource B (Figure 1) with the provided identifiers (connection SSL, VPN) the server (S) will compare the geolocation of the resource B and the customer user A. According to the tolerance on the distance difference between A and B (determined in the criteria of the initial installation) the connection of the resource B with the remote data server is established or refused.

Each rejection made during the checks of the various authentication factors, will raise an alert and a record will be made of the geolocation coordinates of the requester and the receiver, the transaction ID (es) as well as the application ID (es). . We can then determine the position of the victim and the position of the "pirate". The application IDs will allow us to recover the identities, by the ticket of the registered identity at the initialization of the application related to the verification of the telephone number by SMS and verified vouchers.

Area of Application: Any application running a client-server environment carrying alphanumeric data whose integrity and confidentiality must be preserved.

Example of use: • payment management • remote access management • instant messaging ...

Claims (3)

claims 1. A method for encrypting and decrypting data dynamically and randomly offering a number of infinite combinations operating under a client / server architecture characterized in that it is unique to each user using neither a Boolean function, nor an exchange of key but to the character substitution and random generation of tables allowing bit-to-bit swapping with the tables and methods used for encryption and decryption that are defined completely randomly without human intervention and carrying an ID, GPS position data with a correlation function with repudiation value 2. Encryption and decryption method according to claim 1, in which our encryption method is dynamic and random, offering an infinite number of combinations unique to each user, characterized in that each character converted into binary defines the changes in the table and is thus that the choice of substitution tables is made in a totally random way and in the way we use both concepts at the same time, where the used tables are chosen in a completely random way and where each message that must be encrypted is part of the mechanism of encryption, which makes it unique to every user and every request. 3. Encryption and decryption method according to claim 1, in which we use geolocation established as a repudiation factor, characterized in that the encryption takes into account geolocation coordinates and that decryption is possible only after having performed the correlation. proximity between its two positions, it does not use a secret key and the number of combinations is infinite