EP1293061A1 - Method and device for secure wireless transmission of information - Google Patents
Method and device for secure wireless transmission of informationInfo
- Publication number
- EP1293061A1 EP1293061A1 EP01938909A EP01938909A EP1293061A1 EP 1293061 A1 EP1293061 A1 EP 1293061A1 EP 01938909 A EP01938909 A EP 01938909A EP 01938909 A EP01938909 A EP 01938909A EP 1293061 A1 EP1293061 A1 EP 1293061A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- message
- sender
- receiver
- pen
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Definitions
- the present invention relates to a method and a device for secure wireless transmission of information from a sending device to a receiving device.
- the sending device may be a computer device, such as a personal digital assistant, PDA, a mobile telephone device, or an Anoto -pen, described in more detail below, or any other similar device.
- the receiving device may be a personal computer, a server or a service provider or similar.
- the transmission of information from the sender to the receiver takes place over a transmission channel comprising ' one or several media, such as internet, radio transmission, such as a mobile telephone network GSM or
- a first and general object of the invention is to provide a method and device for secure wireless transmission of information from a sender to a receiver in which the authenticity, integrity, confidentiality and non- repudiation of the information can be fulfilled.
- a more detailed object of the invention is to provide a method and device for secure wireless transmission of information in which the sender identity can be obtained by a secure note.
- Another object of the invention is to provide a method and device for secure wireless transmission of information in which an encryption key is generated each time a message is transmitted or obtained.
- a further object of the invention is to provide a method and device for secure wireless transmission of information in which the sender and/or the receiver can identify themselves to a sending device and a receiving device for increased security.
- Still a further object of the invention is to provide a method and device for secure wireless transmission of information in which a random seed is generated each time a message is generated and/or each time a sender identifies himself to the sending device.
- the invention is particularly adapted to the use with a handheld device of the type Anoto pen.
- the Anoto pen is described in more detail in Swedish Patent Applications Nos. 9903541-2, 9904745-8 and 9904746-6.
- the Anoto pen normally has no dedicated display device. However, the Anoto pen may be provided with a normal pen or pencil, which may draw a line on the sur- face as the pen moves over the surface.
- the Anoto pen may have transmission capabilities for connection to a personal computer or a mobile telephone, normally via infrared communication or Bluetooth communication.
- a personal computer or a mobile telephone can be used as display device.
- the Anoto pen may be arranged to sense and emit sound, vibrations, light, heat etc to give feedback to the user.
- the Anoto pen may read absolute coordinates of an Anoto surface in order to determine its own position on the Anoto surface. These absolute coordinates can be used for different purposes, such as defining a bitmap image, such as a hand-drawn text or picture. Thus, a message can be written by the pen and be stored in the pen as coordinates of the movement of the pen.
- the Anoto pen can store information about angle and pressure towards the surface. Finally, it is possible to store information about the time when a certain coordinate was read, thus giving information about pen speed and acceleration. All these information can be used for example for recognition of a handwritten signature, etc.
- Anoto pen as a sending device and a service provider as the receiving device (and receiver) .
- the invention is not limited to the embodiment shown but may be combined in different manners. Short description of the drawings
- Fig. 1.1 is a diagram of a model of the Anoto system.
- Fig. 2.1 is a diagram showing the message transmission in the model of Fig. 1.1.
- Fig. 2.2 is a diagram showing the basic communication flow.
- Fig. 3.1 is a diagram showing a model of conventional encryption.
- Fig. 3.2 is a diagram showing encryption using a public-key algorithm.
- Fig. 3.3 is a diagram showing authentication using public-key algorithm.
- Fig. 4.1 is a diagram showing recipient authentication.
- Fig. 4.2 is a diagram showing an example of secure notes .
- Fig. 4.3 is a diagram showing sender authentication.
- Fig. 4.4 is a diagram showing an overview of a system for communication and key distribution.
- Fig. 5.1 is a diagram showing cryptographic programs used for the Anoto implementation. Description of embodiments of the invention
- the Anoto technology is a way to make handwritten messages become digital.
- Writing on special Anoto paper with the special Anoto pen the pen reads in the message written.
- the pen has a transmitter and can send the message on to a computer that gets a digital copy of what was written.
- This technique it is possible, for example, to send notes taken in lectures to the computer at home, to write a message by hand and send it as email or order flowers by filling in a flowers advertisement in a magazine while sitting in a restaurant.
- a simple public-key implementation is performed for the Anoto system. For this purpose, a short study of public-key cryptography is done, and different algorithms are compared in terms of speed, security and patent restrictions.
- the program developed is a blend of programs from the cryptographic company iD2 , as well as RC4 and RSA codes, all linked together to form Anoto ' s base for public-key .cryptography.
- RC4 and RSA are chosen as the so called symmetric and asymmetric ciphers, based on the fact that they are both assumed to be strong ciphers and that RC4 is one of the fastest ciphers that exists.
- the general communication system is scrutinised.
- the communication is ultimately between the Anoto server and the Anoto pen.
- the system consists of much more than only these two components.
- the model must be refined, and all components between the pen and the server and their impact on the security must be analysed. To begin with, the system is studied and the ways of communication are analysed.
- the Anoto system contains the Anoto pen, the Anoto paper and the Anoto server.
- the Anoto paper (from here on referred to as the paper) is regular paper with the unique Anoto pattern printed on it . This pattern shows uniqueness in every 2x2 mm 2 area and is as large as half the area of the USA. Every 2x2 mm 2 can hence be referred to as "coordinates" giving an absolute positioning on the entire pattern.
- An Anoto pen user uses the Anoto pen (from here on referred to as pen user and pen, respectively) to write on the Anoto paper.
- the pen contains a camera that scans the itinerary of the pen over the pattern coordinates as the message is written.
- the coordinate stream is stored in the pen's memory until a special area, the send-box, of the field is ticked off, thereby activating the transmission from the pen.
- the coordinates stored can then from the absolute positioning tell exactly what had been written and reproduce it digitally.
- This digital copy of the message can then later either be interpreted automatically by OCR (Optical Character Recognition) or left as is and sent on as e.g., a graphical email, or utilised in any other way as explained in the introduction.
- OCR Optical Character Recognition
- Fig. 2.1 describes the communication system on a large scale.
- the pen user writes a message on the paper.
- the pen then transmits the message via Bluetooth to a mobile phone, a computer or any other Bluetooth device.
- a mobile phone not connected to a network
- some kind of network e.g. an Anoto server (see Fig. 2.1) . Only the latter case will be considered here.
- the message Via mobile phone or computer, acting as modem, the message is the passed on with GSM/GPRS or equivalent to a mobile .network operator. The operator reroutes the message on to the Anoto server.
- the Anoto server parses the message address that was specified by the pen user when writing the message, and establishes a direct connection between the sender and the Service Provider Server. Finally, the Service Provider Server takes care of the message and passes it on as e.g. fax, SMS or email, or performs e.g. the purchase order requested.
- Fig. 2.2 shows the simplest kind of communication possible.
- the pen initiates communication with the Anoto server by sending the entire message and a pen identification number.
- the message passes on via Bluetooth to a mobile phone, or any other Bluetooth device, which passes the message on via e.g. GSM or GPRS to a mobile network operator.
- the operator routes the message on via Internet to the Anoto server.
- Anoto ' s server sends it on, again via Internet, to a Service Provider Server that takes care of the message and performs the message instruction or sends it on to someone else. After the message has been taken care of, an answer might be sent back, con- firming reception of the message to the pen.
- Fig. 2.2 it is not hard to see that there are many ways to tamper with the message. Messages can be altered, deleted, forged or copied in or between any of the steps above. According to Fig. 2.2, the pen can, for instance, be used to send fake or false messages. Furthermore, the mobile phone can incorrectly send messages and the mobile network operator illegitimately read secret messages. Hackers on the Internet could even read messages or destroy the Anoto server functionality. Communication according to Fig. 2.2 is hence completely insecure and gives no guarantee of transmission success or message consistency from pen to recipient . Therefore, it is essential to determine exactly what a system like ours requires in order to avoid the different kinds of security flaws. Which rules must be satisfied, and what are these rules? How can security be guaranteed, and how can it be proven? These answers are found within cryptography and the classification of security services.
- Cryptography has extended its domain from originally a military area of interest to today's consumer products. The reason lies in the electronic revolution in the last few years. Introduction of secure payments via Internet and demand for integrity has helped to introduce the topic to most company's desks. Individuals and companies strive to prevent unauthorised people to get in touch with their sensitive information. For example, when a payment is performed electronically, one wants to be convinced that no one unauthorised can read, for example, a credit card number and misuse it . It is a common requirement today that messages in transit cannot be read by any unauthorised person or machine.
- a public-key algorithm (also called asymmetric algorithm) uses key-pairs, with one key used for encryption and the other for decryption.
- the decryption key cannot be calculated from the encryption key within reasonable time.
- the algorithms are called public since the encryption key can be made public.
- a complete stranger can use the encryption (public) key to encrypt a message, but only a specific person with the corresponding decryption (private) key can decrypt the message. This is how Alice can send Bob a message using public-key cryptography:
- Encryption with many users connected over a network is similar to the process above, but Bob is not sending his public key to Alice. Alice instead fetches it from a Trusted Public Directory, see Fig. 3.2. Rivest, Shamir and Adleman refined Diffie-Hellman' s idea into what later became the dominant asymmetric algorithm of today, namely RSA. A more thorough description of the algorithm is presented below. Now we have the theoretical toolkit for establishing a secure connection. We can make our own symmetric key and encrypt the message using this. Distribution of symmetric keys is taken care of by public-key cryptography. The symmetric key used for encrypting the message is encrypted by the public key and then sent. In this way, Alice and Bob can communicate securely without having to meet even once. Although we have now solved the key distribution problem, we need to solve the problem of knowing who has sent a specific message. This is the issue in the following section.
- Asymmetric cryptography enables adding a signature to the message.
- the protocol for signing messages works as follows :
- Hash-functions take variable-length input strings and convert them to fixed-length output strings, so called hash values.
- the hash value can then be used to indicate whether a candidate input is likely to be the same as the real input.
- One-way hash functions are functions that easily compute hash values from the input strings, but with which it is computationally hard to generate another input value that hashes to the same value. This way one can use hash-functions when sending messages to ensure the receiver the consistency of the message. One simply. makes the hash-value of the message and sends it along with the message. The receiver can then simply make a hash value of the received message and compare this to the hash value sent. If these match, the recipient is also guaranteed a match between the message received and the message sent .
- non-repudiation is a legal problem as well as a technical.
- Signer authentication and document authentication are tools used to exclude impersonators and forgers and are essential ingredients of what is called a "non-repudiation service" .
- a non-repudiation service provides assurance of the origin or delivery of data in order to protect the sender against denial by the recipient that the data has been received, or to protect the recipient against denial of the data being sent from the sender.
- a non-repudiation service provides evidence to prevent a person from unilaterally modifying or terminating legal obligations arising out of a . transaction effected by computer-based means.
- a physical agreement is likely to be produced on a paper document of some sort; most likely the date will be written on it prior to signing the document, and the procedure will be monitored by the other party, which will then also sign the document. This procedure is then repeated, setting up two identical agreements, or one party will get a copy, allowing it to claim verification in case of a dispute.
- the virtual world it is equally necessary to create statements that, firstly, state an origin and secondly, can be verified at a later stage.
- a secure channel is an end-to- end cryptosystem where cryptographic performances take place in both ends.
- a hybrid cryptosystem is needed. Both ends, i.e. pen and Anoto server, must support symmetric encryption to encrypt the messages to be sent. They must also manage asymmetric algorithms for encryption of the symmetric keys.
- a Trusted Public Directory (TPD) must be set up for the distribution of public keys. Both pen and server will support the cryptographic functions mentioned above. The Anoto server will fetch and transmit the public keys requested from the pen. Hence, the TPD should be connected to the Anoto server with a secure connection, e.g. SSL (Secure Socket Layer) (see Fig. 4.4).
- SSL Secure Socket Layer
- a secure system requires authenticity verification from both the transmitter and the receiver, see Fig. 4.1 and Fig. 4.3 respectively.
- Recipient authentication can be performed in a limited number of efficient ways. The two most likely to be implemented are discussed here in detail. If authenticity of the recipient's public key can be guaranteed, then the problem of recipient authentication is solved.
- the pen user gets a message back from the Anoto server revealing the true identity of the owner of the pattern. Now the user has the possibility of confirming or rejec- ting the transmission of the message. Because of the limited interface on the pen this is a matter that needs some attention.
- the communication scenario can be described as the following (see Fig. 4.4).
- the user writes a message and ends the message by ticking the "send-box". This makes the pen initiate a transmission. It sends some coordinates and its own ID to Anoto ' s server, waiting for a response from the server.
- the server replies with a message of who the pattern belongs to.
- the message is sent to the pen and from the pen sent over to the phone or computer display.
- the user uses the display to confirm or reject the destination of the message by pressing yes or no. This way the receiver has been authenticated by the Anoto server, and the pen user has had a chance of verifying that the receiver is actually the intended receiver, cancelling the trans- mission if it is not.
- Anoto server can be trusted, this is a secure way of solving the recipient authentication problem.
- the channel between the phone and the pen must be safe for a completely secure system, but it is highly unlikely anyone would manage to tamper with the phone-to-pen connection ' and at the same time falsely authenticate him- or herself on the recipient side.
- Other aspects of limited security would be if the name of the firm sent back is confusingly similar to the legitimate firm. There would then be a clear risk that the message will go astray.
- Another mean of recipient authentication would be through "secure notes”.
- a secure note is a piece of paper that the pen user carries with him or her. The note consists of fields with the Anoto pattern. The pen user does initially activate these fields by logging on to the Anoto web site.
- the address field can be said to contain both the correct recipient address and the send instruction.
- Fig. 4.2 explains the secure notes - how to initialise and later use them.
- the secure note system for solving the receiver authentication problem has the advantage of not having to use a display. It is also a perfectly secure means of authentication since loss of the paper note is only loss of public information easily accessed by anyone. The paper contains no secret information whatsoever.
- the disadvantages are the impractical aspects of connecting recipient addresses to the pattern-strips initially, and the fact that the secure note must be brought along when one wants to send a message securely. This does however not exclude displays as means of authenticity, it just adds complementary functionality to the system. Secure notes can be said to be a rather new way of thinking in terms of local TTP (Trusted Third Party) or local CA (Certificate Authority) .
- the receiver of the message say a flower company
- the pen user might be interested in knowing who the transmitter of the message is before debiting money for the flower purchase from the customer, i.e., the pen user (see Fig. 4.3) . It is therefore necessary to make the pen user identify him- or herself in some way.
- the actual problem is to make the pen user activate the private key within the pen. This can be done by any of the following means: PIN code; PIN code and SIM card; Biometric solutions such as fingerprint verification (with PIN code), written signature, and other biometric options. All of the examples mentioned are present on the market today. Assuming that the keys are stored within the pen, a high level of security can be obtained regarding who is sending the message.
- PIN code as the only means of identifying oneself is a very practical way for identification.
- the interface is understandable to most people. It only requires a keyboard on either a mobile phone or a computer in order to tap in the code. With a 4-digit PIN code there is only one chance in 10 4 that a non-authorised person manages to activate the key. If this is considered not secure enough then a longer PIN code could be chosen. PIN codes of 4 digit lengths are today often accepted in terms of security.
- Bluetooth has its own security protocol, which could be used for secure transaction of e.g. PIN codes from the phone to the pen. If Bluetooth is later found to be a weak connection the security has to be guaranteed from the small distances over which Bluetooth is operating. This would then be a very weak link in the entire system.
- the key pair is then stored on the Smart card instead of in the pen.
- the user would then tap in the PIN on the keyboard and thereby activating the private key on the SIM card in the mobile phone. This does however induce a problem.
- the private key on the SIM card cannot be sent over to the pen, so encryption must be performed on the SIM card in the phone. This once again implies a need for a secure connection between the mobile phone and the pen.
- the SIM card's key pair could be used • for a secure transaction of the -PIN-code to activate the private key in the pen. This would however be rather impractical since first the SIM card needs to be acti- vated by its PIN code, and then the PIN code for the pen would have to be entered to activate the pen's key.
- the public key needs to be transmitted regardless if it is the pen's or the SIM card's, and the procedures are equally (in) secure.
- Another disadvantage of using the phone's SIM card is the key connection to the Anoto server.
- the server must be able to be sure of the public key's origin and connection to a specific pen. The legitimacy is easier to guarantee when the key has been generated within the pen and nowhere else.
- An attack where an intruder sends a public key. claiming it belongs to a specific pen is hard to discover and would seriously endanger a pen's security level in the future.
- a fingerprint solution has typically a false acceptance rate of 1:10 5 , which equals a 5-digit PIN code.
- the false rejecting rate is however a new problem originating by the case that the system doesn't recognise the fingerprint, although its template is stored in the database. In PIN terms, this could be compared to forgetting the PIN.
- Fingerprint recognition for authentication is safer and more practical than PIN codes since there is no need for communication between an external unit and the pen for authentication.
- the fingerprint technique is the ideal way to achieve authentication in the Anoto pen case.
- Handwritten signature verification is most likely the cheapest and most "elegant" solution to the problem.
- This biometric solution is already claimed to be working on the market. It is principally similar to all other biometric solutions in ⁇ that it makes a template of a person's signature and uses this to search a match in a database of fingerprints .
- the unique components in a written signature are pressure, pen-angle, pen-speed and time. These parameters form the uniqueness of each signature and minimise the risk of forgery.
- Written hand signatures as means of identification is today a fully legal way for authentication. The negative aspect to it is that people might not want to write their signatures every time they are about to order something and have papers with their own signatures lying everywhere.
- Any biometric solution could be of interest for identification if only secure enough, as e.g. iris scanning or retina scanning.
- the camera sensor could theoretically be used for this. It is however questionable whether the pen user would like to point the pen at the eye. Eye scanning could however sit on other devices just as well as on the Anoto pen. The problem once more then is how a secure connection between the pen and the phone can be established.
- Timestamping is a technique similar to writing the date prior to signing documents in the physical world. Before sending a message, the current time and date is added to the message. The timestamp is then encrypted along with the message.
- non-repudiation services can be achieved since asymmetric cryptography is already a part of the system, and it is possible to add a clock to the pen, or current time could be fetched from the Anoto server.
- the pen user writes a message on Anoto paper and by the end initiates a transmission session by ticking the "send" box.
- the pen searches for a unit to send the session initiation command through. This includes the pen ID and a coordinate of the message that was written prior to ticking the send box.
- the message is sent via Bluetooth to e.g. a mobile. phone and then via GSM, GPRS or equivalent to a mobile network operator that retransmits the message via Internet to the Anoto server.
- the Anoto server parses the pen ID and the coordinate.
- the application's address and public key connected to the coordinate is returned to the pen as well as format status such as information about cryptographic algorithms etc.
- the pen's public key is transmitted to the Service Provider Server for signature verification later.
- the pen sends the message text on to a display nearby asking the pen user to accept the message destination to deliver to. 4) The pen user presses either yes or no and the answer is sent back to the pen.
- the encrypted message is received at the SPS (Service Provider Server) straight from the network operator. Decrypting the message is then performed by using the pen's public key received from the Anoto server and the SPS ' s own private key. The pen's public key is now verifying the identity of the sender. Together with the SPS's private key the message is recovered. Hence only the SPS can decrypt the message.
- SPS Service Provider Server
- a confirmation of the message is sent back to the pen confirming the successful decryption of the message.
- the message is then sent from the pen to the phone to be displayed to the pen user.
- the service provider either parses the message and the service is performed or the message is sent on by the service provider to e.g. the pen user's personal computer.
- the Personal Device receives the message and a confirmation is sent back via the Service Provider Server to the pen.
- the system consists essentially of the pen, the pen user, the paper, the Anoto server and the third party. Any one of these constitutes a security risk to ' the system and needs to be analysed in detail in order to detect possible security traps.
- the generation of keys can either be performed within the pen or external of the pen. If the keys are generated externally, the owner of the pen must be sure that no one listens . to the transmission as the keys are transmitted to the pen for storage and secretly keeps a copy of the keys. Bluetooth 's security could be used here. If the keys on the other hand are produced within the pen the private key never has to leave the pen and ideally can never be read but only used for encryption.
- the key generation must be designed in such a way that the pen only makes new keys when getting the correct instruction from the Anoto server. Key generation is performed by algorithms using computer random seeds in combination with some physical parameters. These parameters could be any of the input values from the pen's sensors, such as pen pressure, coordinates, time or similar.
- the pen needs to be able to store its own private key as well as the Anoto server's public key.
- the storage of the keys is a sensitive security issue.
- the private key must not be able to read out from the chip by listening to the communication between the processor and the flash memory. Key storage can be done in such a way that reading out the key requires very experienced expertise and expensive equipment. This is possible by either integrating the two components into one piece or making sure the communication threads between them are physically very hard to tap.
- Another key generation aspect, although not essential for security, is to produce the key pair as the pen is in its idle mode and then store it for future requests to avoid waiting times for the pen user or limitations in the pens operability when there is a request for new keys .
- the Anoto server Possibly the most vulnerable security spot in the whole system is the Anoto server. All traffic is directed through the Anoto server, which acts as a DNS (domain name system) . This means that the server must be able to guarantee 100% security regarding who the message is sent on to. The server must also deliver the right address back to the pen user who then confirms or denies the transaction. If the system is tampered with, such that a message is sent back falsely claiming belonging to someone else, then the pen user is likely to send his or her message to someone unauthorised - encrypted with the forger's public key - and therefore not secure anymore. The Anoto server must also make sure that it identifies the coordinates correctly. If a coordinate is falsely interpreted an incorrect recipient address is resent to the pen user.
- DNS domain name system
- the following scenario is possible in order to fool the pen user: Assume a paper with Anoto pattern and a name indicating the recipient of the message, is used by the pen user. The paper has however been forged and the pattern belongs to the forger instead of to whom it is claimed on the paper. The written message is therefore sent to another destination than the pen user intended and without the sender's knowledge.
- This scenario is however avoidable by using some sort of display that authenticates the recipient's identity before transmission, as in the system security design already described. The pen user would then have a fair chance of approving or denying the message transmission.
- the Anoto server must make sure similar names are avoided. An example would be if a third party e.g.
- the way to solve this is to make sure that names are different enough in order to avoid confusion. Additional safety is achieved if more information is returned from the Anoto server than only the name of the recipient . This could be information such as what kind of company it is, where it is located, if the person has already been shopping there or any other specific information that can make the pen user make a correct decision whether to transmit the message or not when asked for transmission confirmation.
- Authenticity requires that the system can guarantee the identity of the pen user. There is hence a need for user authentication of some kind. This has been discussed explicitly above. A person using someone else's pen for secure transmission must for this purpose have their own private key stored in the friend's pen. This is a quite unlikely scenario due to the problem of administrating the connection between the key and the user.
- RSA is the fastest algorithm for encryption and one of the fastest for decryption.
- RSA is slightly slower than the other algorithms for signing but among the fastest for verification.
- RSA, Rabin and LUC are the only algorithms that can be used for encryption/decryption as well as for signature/verification.
- RSA is an asymmetric algorithm developed by Rivest, Shamir and Adleman in 1977. This was the second public- key algorithm developed and is still the most popular public-key algorithm. It can be used for both encryption and digital signatures.
- RSA is faster than the other algorithms for encryption and about as fast for decryption. Signing takes slightly longer with RSA, but verification only a fraction of the time it takes for the others .
- RSA has been on the market for over 20 years and has been subject to extensive cryptanalysis. It was in 1994 broken for a key length of 428 bits by 1600 computers after 8 months work. A key size of 1024 bits is by some considered secure for most applications today, but other claim more than 1024 bit key length for good security for the next 20 years .
- RSA Laboratories currently recommends key sizes of 1024 bits for corporate use and 2048 bits for extremely valuable keys like the root key pair used by a certifying authority.
- Several recent standards specify a 1024 -bit minimum for corporate use. Less valuable information may well be encrypted using a 768-bit key, as such a key is still beyond the reach of all known key-breaking algorithms. Key size should however always be chosen according to the expected lifetime of the data.
- RC4 (or Arcfour) is a variable-key-size stream cipher developed in 1987 by Ron Rivest. It is claimed as a proprietary system by RSADSI and is proprietary in that RC4 is considered to be a trade secret of RSADSI. It was first published in 1994 as someone anonymously posted source code in a newsgroup. People with legal copies of RC4 could confirm compatibility and the algorithm was no longer a secret.
- RC4 is a very simple code and possible to implement in two lines of code in Perl.
- the cipher has a key size of up to 2048 bits (256 bytes) and is a relatively fast and strong cipher. Using the same key on two different messages makes it very weak. It is thus useful in situations in which a new key can be chosen for each message.
- the key stream is independent of the plaintext .
- the algorithm has been broken for 40 bit keylengths . It has however not yet been broken for longer keylengths and is presumably secure enough for keylengths of 128 bits and longer. Cryptanalysis has shown some vulnerable features of the algorithm, but is claimed to cause no threat to alleged RC4 in practical applications.
- the code is used in a number of commercial systems like Lotus Notes and secure Netscape.
- RSA is patented under U.S. Patent but the patent expires on September 20, 2000.
- the cryptographic program written to establish the secure connection between the pen and server is based on iD2 ' s commercial SDK. This gives a platform to work on for future enlargements of the security and identification demands.
- the SDK doesn't reveal the source code used for the algorithms. Since the pen has limited memory, computing power and energy supply, the code must be 100% known before transferring into the pen, and therefore iD2 ' s program has only been used as an interface for the program which consists of source code taken from well- known resources .
- Cryptoki pronounced "crypto-key" and short for cryptographic token interface, follows a simple object-based approach, addressing the goals of technology independence (any kind of device) and resource sharing (multiple applications accessing multiple devices) , presenting to applications a common, logical view of the device called a cryptographic token.
- the Anoto cryptographic program works like the following (see Fig. 5.1): Encryption (in the pen)
- a symmetric session RC4 key is generated with help from a random seed on every occasion there is a transmission. 3) The session key encrypts the message that is to be transmitted.
- the session key is then "wrapped" (encrypted) by the asymmetric private key for signature and by the Anoto Server's public key for SPS for encryption.
- the message is then transmitted.
- SPS Service Provider Server
- the Anoto implementation is based on iD2 ' s program iD2cryptolib. The reason for choosing this system is the scalability and very high level of security.
- RSA has a program called redemo . This is a demo application implemented by J.S.A. Kapp using RSAeuro cryptographic toolkit. It has complete functionality in asymmetric and symmetric encryption and decryption, hashing, key generation and random number generation. The only parts taken from this program are key generation algorithm and the asymmetric key algorithm for encryption and decryption.
- Key generation is taken from the RSAeuro program as well as the public-key encryption and decryption algorithms.
- the RC4 algorithm and symmetric session key generation is taken from the RC4 program.
- Pen user key activation was studied and solutions presented, such as biometric solutions or PIN codes.
- Biometric solutions for signatures were found to be most practical, PIN codes for key activation can be considered as safe as biometric solutions, but need a keyboard to type the PIN in.
- a system security flowchart was made, showing the administration of keys in Anoto ' s communication system.
- the security system is an end-to-end public-key com- munication system and is not considering all communication ways between pen and server. Due to all the different transmissions from pen to server over Blutooth, GSM/GPRS, TCP/IP, Mobile Network Operators and so on, achieving high security requires an end-to-end security system.
Abstract
Description
Claims
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE0002158 | 2000-06-07 | ||
SE0002158A SE516567C2 (en) | 2000-06-07 | 2000-06-07 | Procedure and apparatus for secure wireless transmission of information |
PCT/SE2001/001267 WO2001095559A1 (en) | 2000-06-07 | 2001-06-07 | Method and device for secure wireless transmission of information |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1293061A1 true EP1293061A1 (en) | 2003-03-19 |
Family
ID=20280029
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP01938930A Expired - Lifetime EP1292882B1 (en) | 2000-06-07 | 2001-06-07 | Method and device for encrypting a message |
EP01938909A Withdrawn EP1293061A1 (en) | 2000-06-07 | 2001-06-07 | Method and device for secure wireless transmission of information |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP01938930A Expired - Lifetime EP1292882B1 (en) | 2000-06-07 | 2001-06-07 | Method and device for encrypting a message |
Country Status (8)
Country | Link |
---|---|
EP (2) | EP1292882B1 (en) |
JP (1) | JP4815094B2 (en) |
AT (1) | ATE334443T1 (en) |
AU (2) | AU2001264501A1 (en) |
DE (1) | DE60121764T2 (en) |
ES (1) | ES2269415T3 (en) |
SE (1) | SE516567C2 (en) |
WO (2) | WO2001095559A1 (en) |
Families Citing this family (46)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8054971B2 (en) | 2001-04-27 | 2011-11-08 | Comverse Ltd | Free-hand mobile messaging-method and device |
US7916124B1 (en) | 2001-06-20 | 2011-03-29 | Leapfrog Enterprises, Inc. | Interactive apparatus using print media |
SE520504C2 (en) * | 2001-11-30 | 2003-07-15 | Anoto Ab | Electronic pen and method for recording handwritten information |
US7385595B2 (en) | 2001-11-30 | 2008-06-10 | Anoto Ab | Electronic pen and method for recording of handwritten information |
SE0104395L (en) * | 2001-12-27 | 2003-06-28 | Anoto Ab | Ways of transferring information between a digital user device and a computer resource using position coding |
GB2384392A (en) * | 2002-01-16 | 2003-07-23 | Sure On Sight Ltd | Secure messaging via a mobile telecommunications network |
US7245902B2 (en) | 2002-01-16 | 2007-07-17 | 2 Ergo Limited | Secure messaging via a mobile communications network |
JP2005525672A (en) | 2002-05-14 | 2005-08-25 | スクリーンライフ、エルエルシー | DVD random shuffle method |
US7417773B2 (en) | 2002-09-30 | 2008-08-26 | Pitney Bowes Inc. | Method and system for creating and sending a facsimile using a digital pen |
US20050060644A1 (en) * | 2003-09-15 | 2005-03-17 | Patterson John Douglas | Real time variable digital paper |
US7853193B2 (en) | 2004-03-17 | 2010-12-14 | Leapfrog Enterprises, Inc. | Method and device for audibly instructing a user to interact with a function |
US20060067576A1 (en) | 2004-03-17 | 2006-03-30 | James Marggraff | Providing a user interface having interactive elements on a writable surface |
US7831933B2 (en) | 2004-03-17 | 2010-11-09 | Leapfrog Enterprises, Inc. | Method and system for implementing a user interface for a device employing written graphical elements |
US7453447B2 (en) | 2004-03-17 | 2008-11-18 | Leapfrog Enterprises, Inc. | Interactive apparatus with recording and playback capability usable with encoded writing medium |
US7698640B2 (en) | 2004-08-04 | 2010-04-13 | Leapfrog Enterprises, Inc. | User interactive journal |
US7428990B1 (en) | 2004-12-22 | 2008-09-30 | Leapfrog Enterprises, Inc. | Capacitive sensing of media information in an interactive media device |
US7621441B1 (en) | 2004-12-22 | 2009-11-24 | Leapfrog Enterprises | Interactive device using capacitive sensor array for joint page identification and page location determination |
US8094139B2 (en) | 2005-02-23 | 2012-01-10 | Anoto Ab | Method in electronic pen, computer program product, and electronic pen |
US7643633B2 (en) | 2005-05-06 | 2010-01-05 | Research In Motion Limited | Adding randomness internally to a wireless mobile communication device |
ATE365346T1 (en) * | 2005-05-06 | 2007-07-15 | Research In Motion Ltd | GENERATION OF RANDOM NUMBERS IN A WIRELESS COMMUNICATIONS DEVICE |
US7661592B1 (en) | 2005-06-08 | 2010-02-16 | Leapfrog Enterprises, Inc. | Interactive system including interactive apparatus and game |
US7922099B1 (en) | 2005-07-29 | 2011-04-12 | Leapfrog Enterprises, Inc. | System and method for associating content with an image bearing surface |
US7374087B1 (en) | 2005-07-29 | 2008-05-20 | Leapfrog Enterprises, Inc. | Method, apparatus and system for conveying cartridge notification |
US7549596B1 (en) | 2005-07-29 | 2009-06-23 | Nvidia Corporation | Image bearing surface |
GB2428952B (en) | 2005-07-30 | 2010-10-06 | Hewlett Packard Development Co | Digital pen and paper system |
US8183980B2 (en) | 2005-08-31 | 2012-05-22 | Assa Abloy Ab | Device authentication using a unidirectional protocol |
US7281664B1 (en) | 2005-10-05 | 2007-10-16 | Leapfrog Enterprises, Inc. | Method and system for hierarchical management of a plurality of regions of an encoded surface used by a pen computer |
US7936339B2 (en) | 2005-11-01 | 2011-05-03 | Leapfrog Enterprises, Inc. | Method and system for invoking computer functionality by interaction with dynamically generated interface regions of a writing surface |
US7562822B1 (en) | 2005-12-30 | 2009-07-21 | Leapfrog Enterprises, Inc. | Methods and devices for creating and processing content |
EP1821196B1 (en) * | 2006-02-15 | 2008-08-13 | Jaycrypto Limited | Method and apparatus for seeding a cryptographic random number generator |
US7847942B1 (en) | 2006-12-28 | 2010-12-07 | Leapfrog Enterprises, Inc. | Peripheral interface device for color recognition |
US7892095B2 (en) | 2007-02-13 | 2011-02-22 | Screenlife, Llc | Displaying information to a selected player in a multi-player game on a commonly viewed display device |
WO2008132382A1 (en) * | 2007-03-20 | 2008-11-06 | France Telecom | Method for generating a variable from a biometric datum |
US8275123B2 (en) | 2007-08-17 | 2012-09-25 | Infineon Technologies, Ag | Integrated data transceiver and sensor for the generation of a symmetrical cryptographic key |
WO2010019593A1 (en) | 2008-08-11 | 2010-02-18 | Assa Abloy Ab | Secure wiegand communications |
US10620754B2 (en) | 2010-11-22 | 2020-04-14 | 3M Innovative Properties Company | Touch-sensitive device with electrodes having location pattern included therein |
EP2940923B1 (en) | 2014-04-28 | 2018-09-05 | Université de Genève | Method and device for optics based quantum random number generator |
US9898100B2 (en) * | 2015-06-04 | 2018-02-20 | Microsoft Technology Licensing, Llc | Authenticating stylus device |
EP3306464B1 (en) | 2016-10-09 | 2021-09-29 | Université de Genève | Method and device for quantum random number generation |
US10452877B2 (en) | 2016-12-16 | 2019-10-22 | Assa Abloy Ab | Methods to combine and auto-configure wiegand and RS485 |
US10713385B2 (en) | 2018-07-03 | 2020-07-14 | International Business Machines Corporation | Position data pseudonymization |
JP6616868B1 (en) * | 2018-07-30 | 2019-12-04 | 株式会社Artrigger | Information processing system and information processing method |
JP6673994B2 (en) | 2018-08-24 | 2020-04-01 | 本田技研工業株式会社 | engine |
DE102018126763B4 (en) * | 2018-10-26 | 2020-12-10 | Michael Artmann | CRYPTOGRAPHY METHOD |
CN113596042A (en) * | 2021-08-03 | 2021-11-02 | 拉卡拉汇积天下技术服务(北京)有限公司 | Information delivery method, device, system, electronic equipment and storage medium |
EP4170480A1 (en) | 2021-10-20 | 2023-04-26 | Université de Genève | Method and device for quantum random number generation |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5661506A (en) | 1994-11-10 | 1997-08-26 | Sia Technology Corporation | Pen and paper information recording system using an imaging pen |
US5852434A (en) | 1992-04-03 | 1998-12-22 | Sekendur; Oral F. | Absolute optical position determination |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IL78541A (en) * | 1986-04-18 | 1989-09-28 | Rotlex Optics Ltd | Method and apparatus for encryption of optical images |
JP2824943B2 (en) * | 1991-08-21 | 1998-11-18 | 松下電器産業株式会社 | Light pen |
US5721788A (en) * | 1992-07-31 | 1998-02-24 | Corbis Corporation | Method and system for digital image signatures |
US5371794A (en) * | 1993-11-02 | 1994-12-06 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in wireless networks |
JPH07262372A (en) * | 1994-03-23 | 1995-10-13 | Toshiba Corp | Information processor |
JPH07287632A (en) * | 1994-04-19 | 1995-10-31 | Alps Electric Co Ltd | Coordinate detector |
JPH0983512A (en) * | 1995-09-19 | 1997-03-28 | Olympus Optical Co Ltd | Ciphering system and optical exclusive or arithmetic unit used for the same |
JP3382451B2 (en) * | 1996-03-11 | 2003-03-04 | キヤノン株式会社 | Information input device and display device |
US6026165A (en) * | 1996-06-20 | 2000-02-15 | Pittway Corporation | Secure communications in a wireless system |
US5850443A (en) * | 1996-08-15 | 1998-12-15 | Entrust Technologies, Ltd. | Key management system for mixed-trust environments |
SE509327C2 (en) * | 1996-11-01 | 1999-01-11 | C Technologies Ab | Method and device for registering characters using a pen |
US6327395B1 (en) * | 1996-12-20 | 2001-12-04 | Xerox Parc | Glyph address carpet methods and apparatus for providing location information in a multidimensional address space |
US6247129B1 (en) * | 1997-03-12 | 2001-06-12 | Visa International Service Association | Secure electronic commerce employing integrated circuit cards |
DE19907600A1 (en) * | 1999-02-22 | 2000-08-24 | Rene Baltus | Biometric random value generator uses pressure and writing time values for optically scanned signature or writing sample for addressing coordinate network intersection points providing corresponding numbers |
-
2000
- 2000-06-07 SE SE0002158A patent/SE516567C2/en not_active IP Right Cessation
-
2001
- 2001-06-07 AU AU2001264501A patent/AU2001264501A1/en not_active Abandoned
- 2001-06-07 EP EP01938930A patent/EP1292882B1/en not_active Expired - Lifetime
- 2001-06-07 WO PCT/SE2001/001267 patent/WO2001095559A1/en active Application Filing
- 2001-06-07 ES ES01938930T patent/ES2269415T3/en not_active Expired - Lifetime
- 2001-06-07 JP JP2002502577A patent/JP4815094B2/en not_active Expired - Fee Related
- 2001-06-07 AT AT01938930T patent/ATE334443T1/en not_active IP Right Cessation
- 2001-06-07 EP EP01938909A patent/EP1293061A1/en not_active Withdrawn
- 2001-06-07 WO PCT/SE2001/001296 patent/WO2001095091A1/en active IP Right Grant
- 2001-06-07 AU AU2001264480A patent/AU2001264480A1/en not_active Abandoned
- 2001-06-07 DE DE60121764T patent/DE60121764T2/en not_active Expired - Lifetime
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5852434A (en) | 1992-04-03 | 1998-12-22 | Sekendur; Oral F. | Absolute optical position determination |
US5661506A (en) | 1994-11-10 | 1997-08-26 | Sia Technology Corporation | Pen and paper information recording system using an imaging pen |
Non-Patent Citations (1)
Title |
---|
DYMETMAN M; COPPERMAN M: "Intelligent paper", LECTURE NOTES IN COMPUTER SCIENCE, vol. 1375, March 1998 (1998-03-01), pages 392 - 406, XP002328425 |
Also Published As
Publication number | Publication date |
---|---|
EP1292882B1 (en) | 2006-07-26 |
WO2001095091A1 (en) | 2001-12-13 |
ES2269415T3 (en) | 2007-04-01 |
ATE334443T1 (en) | 2006-08-15 |
SE516567C2 (en) | 2002-01-29 |
EP1292882A1 (en) | 2003-03-19 |
JP2003536299A (en) | 2003-12-02 |
SE0002158L (en) | 2001-12-08 |
JP4815094B2 (en) | 2011-11-16 |
DE60121764T2 (en) | 2006-12-28 |
SE0002158D0 (en) | 2000-06-07 |
AU2001264501A1 (en) | 2001-12-17 |
DE60121764D1 (en) | 2006-09-07 |
WO2001095559A1 (en) | 2001-12-13 |
AU2001264480A1 (en) | 2001-12-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7278017B2 (en) | Method and device for secure wireless transmission of information | |
EP1293061A1 (en) | Method and device for secure wireless transmission of information | |
EP1583319B1 (en) | Authenticated exchange of public information using electronic mail | |
JP3982848B2 (en) | Security level control device and network communication system | |
US7366905B2 (en) | Method and system for user generated keys and certificates | |
US6925182B1 (en) | Administration and utilization of private keys in a networked environment | |
US7188362B2 (en) | System and method of user and data verification | |
JP4659749B2 (en) | Identity-based cryptographic messaging system | |
US20070174636A1 (en) | Methods, systems, and apparatus for encrypting e-mail | |
US7308574B2 (en) | Method and system for key certification | |
US20020038420A1 (en) | Method for efficient public key based certification for mobile and desktop environments | |
JPH09219701A (en) | Method and device for retrieving identity recognizing identification | |
WO1997012460A1 (en) | Document authentication system and method | |
JP2008529326A (en) | Method and system for electronic message management and filtering using cryptographic techniques | |
Subramanya et al. | Digital signatures | |
US6904524B1 (en) | Method and apparatus for providing human readable signature with digital signature | |
JPH0962596A (en) | Electronic mail system | |
JP2001243196A (en) | Personal authentification system using mobile telephone and ic card | |
US7447904B1 (en) | Systems and methods for obtaining digital signatures on a single authoritative copy of an original electronic record | |
KR100654933B1 (en) | System and its method for authenticating dynamically created certificate by user's password input | |
KR100432611B1 (en) | System for providing service to transmit and receive document based on e-mail system and method thereof | |
RU2659730C1 (en) | Method of sharing the protected data | |
EP1300980A1 (en) | Process for providing non repudiation of receipt (NRR) in an electronic transaction environment | |
JP2005236403A (en) | Method and system for electronic authentication | |
Piper | Digital signatures for non-repudiation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20030107 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR |
|
AX | Request for extension of the european patent |
Extension state: AL LT LV MK RO SI |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ANOTO IP LIC HB |
|
111L | Licence recorded |
Free format text: 0100 LEAPFROG ENTERPRISES INC. Effective date: 20050530 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ANOTO AB |
|
17Q | First examination report despatched |
Effective date: 20071018 |
|
TPAC | Observations filed by third parties |
Free format text: ORIGINAL CODE: EPIDOSNTIPA |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20080429 |