[go: up one dir, main page]

RU2015121364A - System and method for user authentication using electronic digital signature of the user - Google Patents

System and method for user authentication using electronic digital signature of the user Download PDF

Info

Publication number
RU2015121364A
RU2015121364A RU2015121364A RU2015121364A RU2015121364A RU 2015121364 A RU2015121364 A RU 2015121364A RU 2015121364 A RU2015121364 A RU 2015121364A RU 2015121364 A RU2015121364 A RU 2015121364A RU 2015121364 A RU2015121364 A RU 2015121364A
Authority
RU
Russia
Prior art keywords
user
data
confidential
digital signature
biometric
Prior art date
Application number
RU2015121364A
Other languages
Russian (ru)
Other versions
RU2610696C2 (en
Inventor
Константин Евгеньевич Лепешенков
Original Assignee
Закрытое акционерное общество "Лаборатория Касперского"
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Закрытое акционерное общество "Лаборатория Касперского" filed Critical Закрытое акционерное общество "Лаборатория Касперского"
Priority to RU2015121364A priority Critical patent/RU2610696C2/en
Publication of RU2015121364A publication Critical patent/RU2015121364A/en
Application granted granted Critical
Publication of RU2610696C2 publication Critical patent/RU2610696C2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

1. Система аутентификации пользователя при помощи электронной цифровой подписи пользователя, которая содержит:а) средство управления конфиденциальными данными, предназначенное для:- поиска по запросу зашифрованных конфиденциальных данных пользователя в базе конфиденциальных данных;- передачи найденных зашифрованных конфиденциальных данных средству расшифрования;б) базу конфиденциальных данных, предназначенную для хранения зашифрованных конфиденциальных данных пользователя;в) средство расшифрования, предназначенное для:- расшифрования биометрическим ключом, вычисленным средством управления биометрическими данными, полученных зашифрованных конфиденциальных данных;- вычисления криптографического ключа на основе расшифрованных конфиденциальных данных;- передачи вычисленного криптографического ключа средству шифрования;г) средство управления биометрическими данными, предназначенное для:- сбора биометрических данных у пользователя;- вычисления биометрического ключа на основе собранных биометрических данных;- передачи вычисленного биометрического ключа средству расшифрования;д) средство шифрования, предназначенное для:- создания электронной цифровой подписи пользователя с помощью полученного криптографического ключа;- передачи электронной цифровой подписи пользователя средству проверки;е) средство проверки, предназначенное для:- выполнения проверки полученной электронной цифровой подписи пользователя с помощью расшифрованных конфиденциальных данных пользователя из базы конфиденциальных данных;- аутентификации пользователя при получении положительных результатов выполненной1. A user authentication system using an electronic digital signature of a user, which contains: a) a confidential data management tool designed to: - search for encrypted confidential user data at the request of the confidential data database; - transfer the encrypted confidential data found to the decryption tool; b) the database confidential data, intended for storing encrypted confidential user data; c) decryption tool designed to: - decrypt using a biometric key calculated by the biometric data management tool, received encrypted confidential data; - calculating a cryptographic key based on decrypted confidential data; - transmitting the calculated cryptographic key to an encryption tool; d) biometric data management tool designed to: - collect biometric data from the user; - calculating the biometric key based on the collected biometric data; - transmitting the calculated biometric key to the media decryption tool; e) an encryption tool designed to: - create an electronic digital signature of the user using the received cryptographic key; - transmit the electronic digital signature of the user to the verification tool; e) a verification tool designed to: - verify the received electronic digital signature of the user using decrypted user confidential data from the database of confidential data; - user authentication when receiving positive results performed

Claims (4)

1. Система аутентификации пользователя при помощи электронной цифровой подписи пользователя, которая содержит:1. The user authentication system using electronic digital signature of the user, which contains: а) средство управления конфиденциальными данными, предназначенное для:a) confidential data management tool designed to: - поиска по запросу зашифрованных конфиденциальных данных пользователя в базе конфиденциальных данных;- search for encrypted confidential user data on request in the confidential data base; - передачи найденных зашифрованных конфиденциальных данных средству расшифрования;- transferring the found encrypted confidential data to the decryption tool; б) базу конфиденциальных данных, предназначенную для хранения зашифрованных конфиденциальных данных пользователя;b) a database of confidential data designed to store encrypted confidential user data; в) средство расшифрования, предназначенное для:c) means of decryption intended for: - расшифрования биометрическим ключом, вычисленным средством управления биометрическими данными, полученных зашифрованных конфиденциальных данных;- decryption with a biometric key calculated by the biometric data management tool, received encrypted confidential data; - вычисления криптографического ключа на основе расшифрованных конфиденциальных данных;- computing a cryptographic key based on decrypted confidential data; - передачи вычисленного криптографического ключа средству шифрования;- transferring the calculated cryptographic key to the encryption tool; г) средство управления биометрическими данными, предназначенное для:d) a biometric data management tool intended for: - сбора биометрических данных у пользователя;- collection of biometric data from the user; - вычисления биометрического ключа на основе собранных биометрических данных;- calculating a biometric key based on the collected biometric data; - передачи вычисленного биометрического ключа средству расшифрования;- transmitting the calculated biometric key to the decryption tool; д) средство шифрования, предназначенное для:e) an encryption tool intended for: - создания электронной цифровой подписи пользователя с помощью полученного криптографического ключа;- creating an electronic digital signature of the user using the received cryptographic key; - передачи электронной цифровой подписи пользователя средству проверки;- transfer of electronic digital signature of the user to the verification tool; е) средство проверки, предназначенное для:e) a means of verification intended for: - выполнения проверки полученной электронной цифровой подписи пользователя с помощью расшифрованных конфиденциальных данных пользователя из базы конфиденциальных данных;- verification of the received electronic digital signature of the user using decrypted confidential user data from the database of confidential data; - аутентификации пользователя при получении положительных результатов выполненной проверки.- user authentication upon receipt of positive results of the verification performed. 2. Система по п. 1, в которой в качестве расшифрованных конфиденциальных данных пользователя, используемых для проверки полученной электронной цифровой подписи, выступает по меньшей мере открытый криптографический ключ, переданный ранее пользователем.2. The system of claim 1, wherein at least the public cryptographic key transmitted earlier by the user acts as decrypted confidential user data used to verify the received electronic digital signature. 3. Способ аутентификации пользователя при помощи электронной цифровой подписи пользователя, в котором:3. A method of authenticating a user using an electronic digital signature of a user, in which: а) запрашивают зашифрованные конфиденциальные данные пользователя;a) request encrypted confidential user data; б) осуществляют поиск запрошенных зашифрованных конфиденциальных данных пользователя в базе конфиденциальных данных;b) search for the requested encrypted confidential user data in the confidential data base; в) собирают у пользователя биометрические данные;c) collect biometric data from the user; г) вычисляют биометрический ключ на основе собранных биометрических данных;d) calculate the biometric key based on the collected biometric data; д) расшифровывают вычисленным на этапе г) биометрическим ключом зашифрованные конфиденциальные данные пользователя;d) decrypt the encrypted confidential user data calculated in step d) with a biometric key; е) вычисляют криптографический ключ на основе расшифрованных конфиденциальных данных пользователя;e) calculate the cryptographic key based on the decrypted confidential user data; ж) создают электронную цифровую подпись пользователя с помощью вычисленного на этапе д) криптографического ключа;g) create an electronic digital signature of the user using the cryptographic key calculated in step d); з) выполняют проверку электронную цифровую подпись с помощью расшифрованных данных пользователя из базы конфиденциальных данных;h) perform verification of electronic digital signature using decrypted user data from the database of confidential data; и) аутентифицируют пользователя при получении положительных результатов проверки электронной цифровой подписи пользователя.i) authenticate the user upon receipt of positive results of verification of the electronic digital signature of the user. 4. Способ по п. 3, в котором в качестве расшифрованных конфиденциальных данных пользователя, используемых для проверки полученной электронной цифровой подписи выступает по меньшей мере открытый криптографический ключ, переданный ранее пользователем. 4. The method according to claim 3, in which at least the public cryptographic key transmitted earlier by the user acts as decrypted confidential user data used to verify the received electronic digital signature.
RU2015121364A 2015-06-05 2015-06-05 System and method for user authentication using electronic digital signature of user RU2610696C2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
RU2015121364A RU2610696C2 (en) 2015-06-05 2015-06-05 System and method for user authentication using electronic digital signature of user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
RU2015121364A RU2610696C2 (en) 2015-06-05 2015-06-05 System and method for user authentication using electronic digital signature of user

Publications (2)

Publication Number Publication Date
RU2015121364A true RU2015121364A (en) 2016-12-20
RU2610696C2 RU2610696C2 (en) 2017-02-14

Family

ID=57759209

Family Applications (1)

Application Number Title Priority Date Filing Date
RU2015121364A RU2610696C2 (en) 2015-06-05 2015-06-05 System and method for user authentication using electronic digital signature of user

Country Status (1)

Country Link
RU (1) RU2610696C2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2697646C1 (en) * 2018-10-26 2019-08-15 Самсунг Электроникс Ко., Лтд. Method of biometric authentication of a user and a computing device implementing said method

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5680460A (en) * 1994-09-07 1997-10-21 Mytec Technologies, Inc. Biometric controlled key generation
KR100486062B1 (en) * 1997-05-09 2005-04-29 지티이 서비스 코포레이션 Biometric certificates
EP1535127A2 (en) * 2002-07-03 2005-06-01 Aurora Wireless Technologies, Inc. Biometric private key infrastructure
US7623659B2 (en) * 2005-11-04 2009-11-24 Cisco Technology, Inc. Biometric non-repudiation network security systems and methods
JPWO2007094165A1 (en) * 2006-02-15 2009-07-02 日本電気株式会社 Identification system and program, and identification method
US20070239994A1 (en) * 2006-04-05 2007-10-11 Kulkarni Vinod K Bio-metric encryption key generator
US20100242102A1 (en) * 2006-06-27 2010-09-23 Microsoft Corporation Biometric credential verification framework
CN101542971B (en) * 2006-11-21 2014-07-23 皇家飞利浦电子股份有限公司 Fuzzy biometrics based signatures
RU110850U1 (en) * 2011-04-11 2011-11-27 Фёдор Владимирович Феоктистов DEVICE OF UNIVERSAL DIGITAL KEY WITH REMOTE AUTHORIZATION BY BIOMETRIC PARAMETERS
JP5907830B2 (en) * 2012-07-11 2016-04-26 株式会社日立製作所 Signature generation verification system and signature verification apparatus
WO2014182957A1 (en) * 2013-05-08 2014-11-13 Acuity Systems, Inc. Authentication system

Also Published As

Publication number Publication date
RU2610696C2 (en) 2017-02-14

Similar Documents

Publication Publication Date Title
RU2018103181A (en) CONFIDENTIAL AUTHENTICATION AND SECURITY
GB2573666A (en) Verifying authenticity of computer readable information using the blockchain
GB2496354B (en) A method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
RU2017106105A (en) METHODS FOR SAFE Cryptogram Generation
CA2530944A1 (en) Challenge response system and method
PE20170656A1 (en) AUTHENTICATION OF THE SERVICE NETWORK
EP2544400A3 (en) PUF based Cryptographic communication system and cryptographic communication method
RU2016104765A (en) PROCESSING PROTECTED REMOTE PAYMENT TRANSACTIONS
GB2498039B (en) Password recovery service
RU2019117050A (en) ENCRYPTED DATA CONTROL THROUGH MULTIPLE CONTROLS
RU2018137847A (en) SYSTEM AND METHOD FOR DISTRIBUTION OF KEY MATERIAL AND CERTIFICATE BASED ON IDENTIFICATION INFORMATION
BR112017003018A2 (en) secure provision of an authentication credential
WO2016144257A3 (en) Method and system for facilitating authentication
PH12019550119A1 (en) Addressing a trusted execution environment using signing key
IN2014KN02750A (en)
WO2007115982A3 (en) Identity protection method, devices and corresponding computer programme product
NZ613485A (en) Method for authenticating first communication equipment by means of second communication equipment
RU2010145465A (en) METHODS AND DEVICE FOR AUTHENTICATION AND IDENTIFICATION USING OPEN KEY INFRASTRUCTURE IN IP-TELEPHONY ENVIRONMENT
CN105162599A (en) Data transmission system and data transmission method
CN103701787A (en) User name password authentication method implemented on basis of public key algorithm
JP2017017686A5 (en)
JP2012519995A5 (en)
MX376552B (en) CABLE MODEM ANTI-CLONING.
DE60317498D1 (en) Method and system for key distribution with an authentication step and a key distribution step using KEK (key encryption key)
MY151312A (en) A method and system for file encryption and decryption in a server