The present invention concerns the field of computer security and more precisely the field of the protection of confidential personal information allowing encrypted access to a remote service.
At the present time, because of the extensive development of the internet, a user can access an increasing number of so-called “online” services. The majority of these services require authentication of the user to allow him access to data that concern him. As an example of such services, access to bank account data, monitoring reimbursement transactions for medical services or on-line tax returns can be cited.
FIG. 1 illustrates the architecture of the network. The user typically uses a terminal 1.1 such as a personal computer or any similar device such as a personal assistant or a smartphone. This terminal is connected to an information exchange network 1.2, typically the internet. Servers 1.3 hosting the remote services are also connected to this network. The user can therefore access, from his terminal, the services hosted on the servers 1.3 by means of the information exchange network 1.2.
A number of these services process confidential information and it is important to protect access to such services. This protection generally depends on making available to the user secret connection information that he must produce in order to establish connection to the service. Typically it is the user name and an associated password. At the time of connection, the user is requested to enter this name and password, which serve for authentication and for establishing an encrypted connection ensuring confidentiality of the exchanges of information between the user and the remote service. It is usual to protect these connection information exchanges in order to prevent their being stolen while they are being conveyed between the terminal and the server. This protection is typically effected by creating an encrypted connection or an encrypted tunnel between the terminal and the server. This encrypted connection or tunnel may for example be created using the SSL (Secure Socket Layer) protocol, or its successor TLS (Transport Layer Security). FIG. 2 illustrates the use of these techniques. The terminal sends a connection request 2.1, generally by means of its internet browser, to the server hosting the service. This request is not encrypted. It is interpreted by the server during a step 2.2, which responds by means of the message 2.3 comprising a public key corresponding to the certificate identifying the server or service. The terminal determines a pseudorandom symmetrical key during a step 2.4. It enciphers it by means of the public key of the server received in the message 2.3 and sends it to the server in the message 2.5. Only the server is in a position to decipher this symmetrical key by means of its private key associated with its public key. It carries out this deciphering during step 2.6. At this moment, the terminal and server share the same secret key, the symmetrical key, and are therefore in a position to establish an encrypted connection 2.7 by means of this shared key. This encrypted connection then makes it possible to exchange information between the terminal and the server in a secure manner. All the data exchanged are encrypted by means of the shared secret key and are therefore decipherable only by the two ends of the encrypted connection, the terminal and the server, which share the same secret.
It can be seen that this method makes it possible to protect exchanges between the terminal and the server. On the other hand, the data exchanged are manipulated in clear by the server and the terminal. It is assumed a priori that the server is secure because of management by professionals. On the other hand, the security of the terminal poses a problem.
This is because users are rarely conversant with techniques ensuring security of a data processing station. In addition, it is extremely difficult to obtain on their part strict compliance with security rules. It is not rare for the terminal of the user to be infected by viruses, spyware or any type of malicious software (malware). Such malicious software is capable of discovering confidential information manipulated by the terminal and sending it to third parties who can make malevolent use of it. And this even when security techniques such as those described above protect the link between the server and the terminal. It turns out that the weak point of the system, with regard to security, is the terminal of the user. The user can also be seen as a weak security point because for example of a choice of a simple password that is not very robust, or communication thereof.
These security problems pose a real problem in the development of on-line services. They cause significant losses for the economic players in this sector.