[go: up one dir, main page]

WO1999034547A1 - Procede de communication secrete entre trois participants - Google Patents

Procede de communication secrete entre trois participants Download PDF

Info

Publication number
WO1999034547A1
WO1999034547A1 PCT/GB1998/003899 GB9803899W WO9934547A1 WO 1999034547 A1 WO1999034547 A1 WO 1999034547A1 GB 9803899 W GB9803899 W GB 9803899W WO 9934547 A1 WO9934547 A1 WO 9934547A1
Authority
WO
WIPO (PCT)
Prior art keywords
party
message
sending
encryption device
algorithm
Prior art date
Application number
PCT/GB1998/003899
Other languages
English (en)
Inventor
Robert Simon Hichens
Original Assignee
Interactive Magazines Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Interactive Magazines Ltd. filed Critical Interactive Magazines Ltd.
Priority to AU17750/99A priority Critical patent/AU1775099A/en
Publication of WO1999034547A1 publication Critical patent/WO1999034547A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04KSECRET COMMUNICATION; JAMMING OF COMMUNICATION
    • H04K1/00Secret communication
    • H04K1/10Secret communication by using two signals transmitted simultaneously or successively

Definitions

  • This invention relates to a method of communicating a message and in particular to improvements in security such as in an electronic network.
  • PGP public key/private key method.
  • the receiver For transmitting data between a sender and a receiver, the receiver first randomly generates a public enciphering key and a secret deciphering key.
  • the enciphering key and transformation algorithm or software can be publicly disseminated.
  • the transformation uses operations that are easily performed, but difficult to invert.
  • the sender wishes to transmit a message to the receiver, the message is encrypted using the public key and transformation before it is transmitted.
  • the receiver can use his secret deciphering key to recover the original message .
  • Such a system is disclosed in US 4,218,582.
  • the present invention provides a method of communicating a message from a first party comprising the steps of: splitting into first and second parts the message to be communicated by the first party; sending the first part of the split message from the first party to a second party; sending the second part of the split message from the first party to a third party; processing at the second party the data which comprises the first part of the message and sending that part of the message on to the third party; receiving both parts of the message at the third party and uniting them to obtain the full message.
  • Splitting the data into two parts has the advantage that even if one part is intercepted the security of the whole message is not necessarily compromised. Sending the parts via different routes increases the security.
  • the use of three parties encourages confidence in the method of communication since it is possible for each party to know at least one of the other parties in advance.
  • the method also has the advantage that it enables a transaction to be performed with one of the parties never receiving the full transmitted data and permits a trusted third party to be involved for independent control and security. Further optionally preferred features of the invention are included in the dependent claims. Advantages include increased security and the ability of a sender to transmit a secure message without itself previously holding a sophisticated encryption program.
  • Fig. 1 shows an example of a communication involving three parties according to the invention
  • Fig.- ' 2 shows stages of a method according to the invention.
  • a party C wants to perform a transaction with a party B which involves C sending sensitive information.
  • C might be a customer and B might be offering goods or services for sale via the Internet.
  • C wants to make a payment to B, however it is not desirable for C to send e.g. a credit card number to B for two reasons.
  • an electronic message containing the credit card number might be intercepted by third parties and is not secure even if encrypted, which might result in misuse of the credit card number, and secondly, C may not have established a relationship with B and might fear misuse of or insufficient security over its credit card number by B.
  • both parties might be wary of a transaction with an unknown party purely via e-mail with no authentification of the other party.
  • B obtains software which will be used to implement the method.
  • the software includes encrypting algorithm ⁇ 1>.
  • Another party referred to as A holds a reference that software with unique algorithm ⁇ 1> is used by B.
  • party A might be a credit card company.
  • B may obtain the software from a network site, e.g. an Internet; web or FTP site, or off-line e.g. by means of a CD ROM.
  • the software may be distributed directly by A or by another party, provided B is registered at A as user of that software and algorithm. Stage 2.
  • C enters into correspondence with B. This could be by C visiting a World Wide Web site or other information source displaying opportunities available from B, and C then contacts B with the intent of exploring these opportunities.
  • the correspondence may be partially automated for example by the web site sending an application to C which might be in the form of a Java (trademark) applet.
  • the Java applet being platform independent, could command C's web browser to execute automatically a preformatted e-mail.
  • C could enter information such as name, quantity of items it is interested in purchasing.
  • the applet ensures that the e-mail is correctly addressed to B and addressed as emanating from C. This avoids errors and falsifications of the address given by C.
  • B may make direct contact with C.
  • Stage 3 is an alternative to C approaching B via a web site or similar.
  • B activates the software received at stage 1 and processes the correspondence from C indicating C's interest.
  • the software randomly generates an encrypting algorithm ⁇ 2> which might for example be expressed as a code comprising a sequence of numbers which represents operations to be performed on data to be encrypted.
  • B retains the code for algorithm ⁇ 2> and also registers a reference to the transaction with C.
  • the software then sends an application, such as a Java applet from B to C.
  • the application includes means for encoding according to the algorithm ⁇ 2> and also the reference for the transaction.
  • the references may be encrypted but identifiable as coming from B.
  • the transmission from B to C may represent an offer in contractual terms.
  • Stage 4
  • the application sent from B to C now runs on C's computer and may display the terms of the offer. There may be more than one offer available and there may be a time constraint such as a period for acceptance of the offer after which the offer expires.
  • To accept the offer in one version party C enters information into the application such as his name and credit card number and then activates an acceptance "button" provided by the application.
  • the application then encrypts the entered information using a randomly generated algorithm ⁇ 3>.
  • the code defining algorithm ⁇ 3> is appended to the encrypted message and the whole is then re-encrypted and split according to algorithm ⁇ 2>.
  • One part of the split message is sent to A and one part is sent to B, as indicated by arrows 10 and 20 in Fig. 1.
  • the application transmits an encrypted acceptance to B and credit card details excluding name to A.
  • a further enhancement is staggering the sending of data to A and B. For instance C might break off his dial-up connection to the internet having sent the part of the message to B and then establish a direct connection to A to send the other part of the message. Similarly, one part of the message could be sent via a different medium to the other.
  • B receives the part of the message from C, appends the code for algorithm ⁇ 2> and then re-encrypts the message using algorithm ⁇ 1> and sends the results to A, as indicated by arrow 30 in Fig. 1.
  • B may then await confirmation from A concerning the credit card transaction before supplying the goods or services to C. For security, B could also destroy the message from C and the reference to algorithm ⁇ 2>.
  • Stage 6. A receives the messages from B and C which include reference to each other, e.g. by the transaction reference number B has already registered with A as user of algorithm ⁇ 1>, so A can decrypt the highest level of encryption of the message from B which will reveal the appended code for algorithm ⁇ 2>.
  • A can then decrypt the algorithm ⁇ 2> coding of the resulting message from B and the message from C.
  • the reverse of algorithm ⁇ 2> also unites the two parts of the split message and yields the appended decrypted code for algorithm ⁇ 3>.
  • the united message can finally be decrypted by the reverse of algorithm ⁇ 3>.
  • A should have a high level of so-called "fire wall" security to protect the decrypted information and other sensitive data in its records.
  • A acts on the instructions in the deciphered message for example by debiting C's credit card account and/or crediting B's account.
  • A might be an intermediary who instructs a financial institution over a secure means regarding the transfer of funds in relation to the transaction between B and C.
  • C might send B part of the message (e.g. name) at an earlier time in the correspondence such as at stage 2 rather than stage 4.
  • B sends this onto A, preferably with encryption.
  • C and A then communicate to complete the transaction.
  • the operations performed by B may be automated to some extent .
  • the software associated with algorithm ⁇ 1> could do one or more of the following: recognise interest from C and send out the appropriate offer application and algorithm ⁇ 2>; securely reference the transaction to algorithm ⁇ 2>; recognise returned acceptances, process them and update appropriate records; send out encrypted messages to A; and destroy the message received from C and references to algorithm ⁇ 2>.
  • a password or personal identification number may be used.
  • A could send C a password or PIN off line by any safe medium other than that used for the transaction.
  • C could receive a PIN by post from a bank A.
  • C would then include the PIN in the message that is encrypted and transmitted to A.
  • A would verify the PIN before effecting the transaction.
  • the PIN can be changed off-line as often as required.
  • Some simple illustrative examples of the encrypting algorithms are as follows: firstly the information entered by C, such as credit card number and name, is converted into a sequence of numbers, for example using those corresponding to a standard character set e.g. ASCII. Algorithm ⁇ 3>, which is randomly generated by the application at C, is then applied to the sequence of numbers . An example might be : to each number add 9 and the previous result. (In these examples all arithmetic is done in modulo 256 or whatever the total number of character codes being used is) .
  • the operations of algorithm ⁇ 3> can be represented compactly as a short sequence of digits which can be interpreted by deciphering software to reverse the algorithm.
  • Algorithm ⁇ 2> is randomly generated at B in the embodiment described above, and is also representable by a code series of numbers, which are registered at B.
  • Algorithm ⁇ 2> can include both encrypting and splitting operations, for example : Step 1:
  • Step 2 Take the message encrypted according to algorithm ⁇ 3>; place the algorithm ⁇ 3> code at the beginning; add 1 to the 1st number, 3 to the 2nd number and 7 to the 3rd and repeat for the 4th, 5th and 6th numbers and so on. Step 2:
  • algorithm ⁇ 1> On message 1.
  • Examples of the operations of algorithm ⁇ 1> are: place the code for algorithm ⁇ 2 > in reverse order starting from position 6 in message 1 received from C. Add 12 to the first number 25 to the second number and repeat for every pair of numbers, place numbers representing the amount of money to be transferred at the end and include a code number indicating currency; add 26 to all values plus 6 for each place from the beginning; include a reference to the transaction and party B; finally send to A (A already knows algorithm ⁇ 1>, for example by its algorithm code, and that B is registered as user of that algorithm) .

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Un procédé de communication d'un message d'une première partie à une deuxième, avec une sécurité et une fiabilité accrue, consiste à diviser le message en une première et une deuxième partie. La première partie dudit message est envoyée de la première partie à la deuxième. La deuxième partie du message divisé est envoyée de la première partie à une troisième partie, laquelle traite les données comprenant la deuxième partie du message et envoie cette partie du message à la deuxième partie. La deuxième partie reçoit les deux parties du message et les unit pour obtenir le message intégral.
PCT/GB1998/003899 1997-12-24 1998-12-23 Procede de communication secrete entre trois participants WO1999034547A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU17750/99A AU1775099A (en) 1997-12-24 1998-12-23 Secret communication method between three participants

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9727369A GB2332833A (en) 1997-12-24 1997-12-24 Secure credit card transactions over the internet
GB9727369.2 1997-12-24

Publications (1)

Publication Number Publication Date
WO1999034547A1 true WO1999034547A1 (fr) 1999-07-08

Family

ID=10824248

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1998/003899 WO1999034547A1 (fr) 1997-12-24 1998-12-23 Procede de communication secrete entre trois participants

Country Status (3)

Country Link
AU (1) AU1775099A (fr)
GB (1) GB2332833A (fr)
WO (1) WO1999034547A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001028154A1 (fr) * 1999-10-13 2001-04-19 Helsingin Puhelin Oyj Transmission d'informations confidentielles
US6745231B1 (en) * 2000-08-08 2004-06-01 International Business Machines Corporation System for securing electronic mail
WO2004102867A1 (fr) * 2003-05-16 2004-11-25 Jarmo Talvitie Methode et systeme de codage et de stockage d'informations

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6363365B1 (en) * 1998-05-12 2002-03-26 International Business Machines Corp. Mechanism for secure tendering in an open electronic network
WO2000018078A1 (fr) * 1998-09-17 2000-03-30 Sopuch David J Procede d'echange de messages securises utilisant des intermediaires
US7249093B1 (en) * 1999-09-07 2007-07-24 Rysix Holdings, Llc Method of and system for making purchases over a computer network
NL1013370C2 (nl) * 1999-10-21 2000-10-03 Ewout Timo Schuringa Werkwijze voor betalen via een netwerk.
DE10003180A1 (de) * 2000-01-25 2001-07-26 Eduard Seleny Verfahren zur Absicherung der wirtschaftlichen Risiken von e-Commerce-Geschäften
WO2001099379A1 (fr) * 2000-06-19 2001-12-27 Martin Gilbert Procede pour obtenir des telecommunications securisees
EP1172776A3 (fr) * 2000-07-15 2002-10-16 ED Vision (Holdings) Limited Procédé d'authentification certifiée
JP2002032692A (ja) * 2000-07-17 2002-01-31 Pioneer Electronic Corp 情報サービス提供方法
WO2002021469A2 (fr) * 2000-09-05 2002-03-14 Ed Vision (Holdings) Limited Procede d'authentification interactive
GB2370475A (en) * 2000-12-22 2002-06-26 Hewlett Packard Co Secure online transaction where a buyer sends some information direct to a bank and some via a vendor
GB2372616A (en) * 2001-02-23 2002-08-28 Hewlett Packard Co Transaction method and apparatus using two part tokens
FR2828966A1 (fr) * 2001-08-23 2003-02-28 Schlumberger Systems & Service Procede pour communiquer de facon securisee des donnees d'identification d'une carte de paiement
AUPS169002A0 (en) * 2002-04-11 2002-05-16 Tune, Andrew Dominic An information storage system
FR2843664B1 (fr) * 2002-08-16 2004-11-26 Alain Deblock Procede et systeme de securisation de transmission d'informations sur des reseaux de telecommunication
ITRM20020656A1 (it) * 2002-12-30 2004-06-30 Luigi Cicione Metodo per l'autorizzazione di delegazioni di pagamento, in particolare per pagamenti effettuati su internet con carte di credito, e relativo sistema.
SE0501014L (sv) * 2005-05-04 2006-11-05 Lars Waldenstroem Med Lawal Ek Förfarande och anordning för överföring av digital information
WO2011141062A1 (fr) * 2010-05-12 2011-11-17 Novelty Group Limited Système de paiement, procédé de production d'au moins une paire de codes pour l'autorisation d'une opération de débit et procédé d'exécution d'une opération de paiement
EP2991014A1 (fr) * 2014-08-25 2016-03-02 Oberthur Technologies Distribuer des jetons de transactions par jeton

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2222057A (en) * 1988-04-19 1990-02-21 Carridice Ltd Electro-magnetic broadcast access control method
DE4420970A1 (de) * 1994-06-16 1995-12-21 Esd Vermoegensverwaltungsgesel Entschlüsselungseinrichtung von Entschlüsselungsalgorithmen und Verfahren zur Durchführung der Ver- und Entschlüsselung derselben
WO1997011443A1 (fr) * 1995-09-18 1997-03-27 Telefonaktiebolaget Lm Ericsson (Publ) Procede et dispositif pour l'authentification d'utilisateur

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4802220A (en) * 1985-03-20 1989-01-31 American Telephone And Telegraph Company, At&T Bell Laboratories Method and apparatus for multi-channel communication security
US5826245A (en) * 1995-03-20 1998-10-20 Sandberg-Diment; Erik Providing verification information for a transaction
US5590197A (en) * 1995-04-04 1996-12-31 V-One Corporation Electronic payment system and method
GB9509582D0 (en) * 1995-05-11 1995-07-05 Jonhig Ltd Value transfer system
CN1211330A (zh) * 1996-02-21 1999-03-17 卡式通讯系统股份有限公司 电子商务处理系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2222057A (en) * 1988-04-19 1990-02-21 Carridice Ltd Electro-magnetic broadcast access control method
DE4420970A1 (de) * 1994-06-16 1995-12-21 Esd Vermoegensverwaltungsgesel Entschlüsselungseinrichtung von Entschlüsselungsalgorithmen und Verfahren zur Durchführung der Ver- und Entschlüsselung derselben
WO1997011443A1 (fr) * 1995-09-18 1997-03-27 Telefonaktiebolaget Lm Ericsson (Publ) Procede et dispositif pour l'authentification d'utilisateur

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TYGAR J D: "ATOMICITY IN ELECTRONIC COMMERCE", PROCEEDINGS OF THE 15TH ANNUAL SYMPOSIUM ON PRINCIPLES OF DISTRIBUTED COMPUTING, PHILADELPHIA, MAY 23 - 26, 1996, no. SYMP. 15, 23 May 1996 (1996-05-23), ASSOCIATION FOR COMPUTING MACHINERY, pages 8 - 26, XP000681001 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001028154A1 (fr) * 1999-10-13 2001-04-19 Helsingin Puhelin Oyj Transmission d'informations confidentielles
US6745231B1 (en) * 2000-08-08 2004-06-01 International Business Machines Corporation System for securing electronic mail
WO2004102867A1 (fr) * 2003-05-16 2004-11-25 Jarmo Talvitie Methode et systeme de codage et de stockage d'informations

Also Published As

Publication number Publication date
GB9727369D0 (en) 1998-02-25
GB2332833A (en) 1999-06-30
AU1775099A (en) 1999-07-19

Similar Documents

Publication Publication Date Title
WO1999034547A1 (fr) Procede de communication secrete entre trois participants
JP2746352B2 (ja) 遠隔位置に設置したコンピュータによる通信のための機密防護通信システム及び方法
US5784463A (en) Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method
EP1873960B1 (fr) Procédé de dérivation d'une clé de séance sur une carte à circuit imprimé
US7387240B2 (en) System and method of secure information transfer
US6269445B1 (en) Electronic shopping method, electronic shopping system and document authenticating method relating thereto
US4912762A (en) Management of cryptographic keys
US8190893B2 (en) Portable security transaction protocol
EP1710980B1 (fr) Services d'authentification avec un appareil mobile
US10089627B2 (en) Cryptographic authentication and identification method using real-time encryption
US20100153273A1 (en) Systems for performing transactions at a point-of-sale terminal using mutating identifiers
US7147157B2 (en) Secure remote-control unit
EP1000481A1 (fr) Etablissement d'un code secret initial comprenant des dispositifs de verification d'identite
EP0225010B1 (fr) Terminal pour système à accès protégé
JPH09233068A (ja) 電子認証システム
JP3348753B2 (ja) 暗号鍵配送システムおよび方法
KR101110777B1 (ko) 파라미터 위변조 방지 방법 및 그 방법을 수행하기 위한 단말기
KR19980048462A (ko) 신용카드 기반 전자 지불방법
JPH09153014A (ja) 電子ネットワークの端末装置
EP3428865A1 (fr) Procédé d'authentification et procédé associé pour effectuer un paiement
Ortiz-Yepes Enhancing Authentication in eBanking with NFC-enabled mobile phones
JPH07297819A (ja) ネットワーク伝送のために個人の照合とメッセージ認証の暗号化とを組み合わせ処理する方法および手段
Djuric IPS-secure Internet payment system
JP2003309552A (ja) 携帯端末による電子証明書の管理システム
JPH02291740A (ja) 署名機能を持つ鍵配送方式

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA