1. Field of the Invention
The present invention relates to a method for establishing a connection between electronic devices enabling the safe transmission of digital data.
2. Description of the Related Art
Nowadays, a great amount of digital data is transmitted, for example, through mobile radio communication networks. Particularly, portable electronic communication devices such as palm-held computers (small pocket-sized computers) and last generation cellular telephones allow to download suitable software directly from the Internet to be used in multi-medial applications. Thus, each user can access, at any moment, a growing number of digital services by connecting by means of such portable devices to suitable remote Internet servers using mobile radio communication networks of the GSM, GPRS or UMTS type. Some of the services that can be accessed by the user relate to, for example, multi-medial commerce (m-commerce), banking operations (mobile banking) or simply access to websites.
Since this information that is transmitted between the portable devices and remote servers is often sensitive and confidential, it is necessary to ensure its secrecy by resorting to procedures and methods of encryption that make them inaccessible to unauthorized persons.
As known, in the more versatile encryption methods the information, or messages, to be transmitted are encoded by the use of two basic elements: a set of fixed rules that constitute the encryption algorithm and one or more variable encryption keys. The algorithm is formed by enciphering and deciphering procedures that, normally, are identical to one another or are obtained by applying the same rules in an inverse order, but that can also be different. The keys are either numbers, generally of a binary type, or characters. Such keys are used to encipher/decipher a non-enciphered/enciphered text obtaining an enciphered/non-enciphered text. In the encryption methods currently in use, the encryption algorithm is known and the security of the transmission of encrypted data lies in the secrecy of the keys.
For example, in a symmetrical type encryption method, a single private or secret key is used both to encrypt and decrypt the message to be transmitted. This presupposes that the devices that want to communicate in an encrypted way must first exchange this private key. Generally, the private key, which is generated in a random way, is exchanged through a side channel. The advantage of the private key method lies in the computational simplicity required to encrypt and decrypt the messages.
The asymmetric or public key encryption methods envisage the use of two separate keys: an encryption key for encrypting the data to be transmitted and a decryption key for decrypting it. For these methods the encryption key is public, that is it is known or can be easily discovered through a public directory. Vice versa, the decryption key is private, therefore secret. For example, in order to transmit an encrypted message in public key to a receiver device, a sender device must encrypt this message with the receiver's known public key. The confidentiality of the message transmitted is guaranteed as only the receiver device is capable to decrypt the message using its own private key.
Conventional public key encryption methods have lead to the creation of a standard safety architecture known as public key infrastructure (PKI) that ensures a good level of security in communication between devices, for example via the Internet. In order to encrypt the messages, the current PKI methods adopt a hybrid approach, that is they simultaneously use the public key encrypting method and the symmetrical type method. Particularly, in the hybrid approach, a transmitting device uses the public key of a receiver device (which is known) to encrypt a random number known as the session key. This session key, sent in an encrypted way to the receiver device, represents a current secret key used by the same transmitter device to encrypt in a symmetrical way the entire message to send to the receiver device. In accordance with the symmetrical type encrypting method, the receiving device can decipher the message received only using the same session key with which the message was enciphered. In the case under discussion, the receiving device knows this correct deciphering key, i.e., the session key obtained by decrypting with its private key the encrypted session key obtained by the transmitting device.
Conveniently, the term user will also be hereafter used to indicate the generic device that transmits and receives data in an encrypted way.
The fundamental problem of public key encryption methods is that of ensuring the correct and unambiguous correspondence between any device or user that communicates with such a method and its own public key. For this purpose, the PKI infrastructure introduces the figure of a Certification Authority CA. The Certification Authority for a method of transmission of encrypted data is a supervising body, external to each user, having its own processing means, databases and means of transmission data. The function of this body is to register the public key and the identity of each user in digital certificates thus ensuring the authenticity of the keys and the identities registered in the above-mentioned certificates. Moreover, the certificates subscribed by the Authority CA are published in suitable directories made freely available. In this way, each user can freely access the public key of any other user.
It is useful to observe that in the PKI, encrypted communication using keys is preceded by a step in which the devices that communicate must, initially, mutually identify and authenticate one another. Particularly, each device declares its own identity by establishing with the other a communication based on the reliability and impartiality of the Certification Authority CA. As an example, prior to true encrypted communication, an initialization step is foreseen in which each device generates in an autonomous way its own public key and its own private key. The public keys of both devices are registered with the Certification Authority CA, which transfers to both devices the corresponding certificates of authentication. These certificates are stored, together with the corresponding private key, in suitable memories internal to these devices. During a subsequent authentication step, each device in question provides the other with its own certificate, verifies the validity of the certificate obtained and extracts from it the public key of the other device with which it wants to establish encrypted communication.
For the PKI infrastructure, encrypted communication can only be established if all system users recognize the guarantee and supervision authority carried out by the Certification Authority CA.
A more recent alternative to the PKI is the method based on the IBE (Identity Based Encryption) identity. The IBE method also foresees the use of a public key and a private key for encrypting and decrypting the messages, respectively. In particular, the public key is obtained from a string that indicates, in an unequivocal manner, the identity of the user that transmits through IBE (for example the user's tax code), whereas the corresponding private key is supplied to each user by a central authority denominated Trusted Authority (TA). The Authority TA defines and makes public its rules, that is, for example, the mathematical functions or parameters, with which the same Authority TA generates the encryption and decryption keys. On the basis of such rules and through a secret master key, the Trusted Authority TA generates the private key of each user starting from the corresponding identity of the user. Subsequently, this private key is transmitted to the corresponding user in order to be stored in a memory internal to the latter that, usually, is an electronic device.
The Trusted Authority TA structurally comprises processing means and databases in which are stored the private keys assigned and transmitted to the users who communicate in an encrypted way.
It is useful to observe that the Trusted Authority TA does not certify the public keys that are directly obtainable from the user identities. Thus, each device that communicates by means of the IBE method only has to store its own private key with a considerable saving of memory occupation.
Moreover, with the IBE method, the authentication between devices step is implicit: if a device can decrypt the message sent to it, it is automatically authenticated.
In addition, with the IBE method it is simpler, in relation to PKI, to create a public key having a finite temporal duration, that is linked to an expiry date. In other words, after a predetermined date all the messages encrypted with that key cannot be decrypted unless through a new private key corresponding to a new expiry date.
Finally, the database of the Trusted Authority TA could always be accessible to the police authorities. It is thus possible to know, in any moment, the private key of each system user and in case of necessity, to decrypt his messages.
The transmission of data encrypted using keys has become an essential need in various ambits, such as, for example, in the case of mobile telephone networks.
It is important to observe that the current cellular telephones are authentic electronic platforms comprising various subsystems such as, for example, a mobile equipment, a smart card or a removable memory device.
In definitive, it is hoped that each of these subsystems can establish an encrypted communication, both with another subsystem of the same cellular telephone and with another generic device such as, for example, a remote Internet server.
Currently, encrypted communication between mobile equipment and a smart card is not made.
In actual fact, such devices are produced and sold by companies that are independent of one another (for example, the producing company of the mobile equipment and the mobile telephone provider) that have market interests that are different and in some cases conflicting.
As a consequence, each of such companies accepts only within certain limits to exchange with others the information contained in its own databases, such as for example, the identity codes of the devices it produces. Therefore, the mutual identification and authentication steps of the devices in communication, indispensable for making correct encrypted communication, are compromised.
In addition, these companies do not accept that an external supervision authority, such as the PKI architecture Certification Authority CA, manages the encrypted communication protocol or the acquisition of sensitive and confidential data such as the public and private keys.
Finally, the method for transmitting encrypted data between subsystems that communicate must be transparent to the user of the cellular telephone, that is, it must not oblige such user to perform complex operations.