The present invention relates in general terms to the security of packets transmitted in packet networks such as the Internet.
More particularly it relates to the security of IP packets transmitted from and received by a host platform such as a personal digital assistant, a mobile radiotelephone, a portable computer, etc., as well as the mobility of security information acting on the packet traffic and linked to a user using the host platform.
At present, the security between two platforms communicating with one another through any telecommunications network whatsoever is implemented in certain protocol layers of the OSI (Open Systems Interconnection) model. As shown in FIGS. 1A and 1B, amongst the seven layers C1 to C7 of the OSI model, one of the layers C2, C3, C4 and C7 in each of the platforms implements security means.
Regarding the application layer C7, for example for applications APPLI1 to APPLI6 linking a smart card and a reception terminal as host platform, such as a credit card and a bank terminal, or such as a SIM (Subscriber Identity Module) card and a radiotelephone terminal, the security means are installed on an application in the reception terminal, such as the application APPLI1. A particular application, for example an Internet browser, by means of which the user easily accesses his personal security information, is thus secured. The security linked to an application is not dependent on the hardware constituting the reception terminal. However, security means must be duplicated on each of the applications APPLI1 to APPLI6 used in the terminal. This solution does not provide portability of the information linked to the security of the user beyond the application in which this solution has been specifically provided.
Regarding the transport layer C4 making it possible to send messages from one application to another application for example by means of the UDP protocol (User Datagram Protocol) or the TCP protocol (Transmission Control Protocol), security means implemented in one (TCP) of the transport protocols advantageously remedies the duplication of security means in each of the applications APPLI1 to APPLI6 which in this case all have the benefit of these security means. In this solution, the security means are firmly attached to the platform and not to the user thereof although he must be authenticated as often as possible in order to be able to use it. If another transport protocol, such as the UDP protocol, has to be secured, it is then necessary to duplicate the security means in the other UDP transport protocol in the same way as in the first TCP protocol. This second known solution also does not provide portability of the information linked to the security of the user.
Regarding the network layer C3 occupied for example by the Internet protocol IP, the implementation of security means in this layer has many advantages. As security means are processed at a single “funnel” point of the stack of protocols, management of the security means and the keys associated therewith is optimised. The software programs implementing security means in the higher layers C4 to C7 can thus advantageously not implement security means by relying on the single security of the layer C3. All the applications as well as the various transport protocols have the benefit of the security means almost transparently. However, just as in the case of the layer C4, the security means are firmly attached to the platform and not a user. In the present case, these security means “become remote” from the user even more. Like the other solutions, this third solution also does not provide portability of the information linked to the security of the user.
Regarding the data link layer C2 in which three protocols P1, P2 and P3 for example are implemented, this fourth solution has the disadvantage of being highly linked to the hardware infrastructure and provides security means which are much poorer and less flexible than those provided in the layer C3.
The implementations of security means in the aforementioned layers C2, C3, C4 and C7 show that, the lower the layer of the OSI model in which the implementation is carried out, the greater the extent to which the overall security is transparent and provided for all the applications in the platform. On the other hand, the security means are profoundly linked to the platform and therefore become more remote from the user with regard to the personalised services with which he can be provided and to the certainty on the identity of the user who is using the platform.
At present, applications using two main types of smart card, referred to as microcontroller cards, as an electronic portable device, provide a portability of security parameters linked to a given user, the security means being implemented in at least one application in the application layer C7 of the OSI model.
In a first type of smart card relating to a SIM (Subscriber Identity Module) identity card removable from a radiotelephone terminal acting as host platform, cryptographic keys are stored in the smart card. The smart card authenticates the user without the cryptographic keys being known outside the card. Thus, advantageously, the smart card is intimately linked to its owner/user and the personal security data of the user are easily portable from one platform to another. This also facilitates the deployment of the application.
However, the commands are issued by the application which is implemented outside the card. A key referred to as a session key is generated inside the card. The session key is transmitted by the smart card to the outside thereof, to the reception terminal which subsequently uses this session key for encrypting the communication. Once this session key has been supplied outside the card, the card no longer has control of the use of the key in particular as regards duration. The smart card is therefore not in a position to provide the user with total security of the data exchanged with regard to the use which will subsequently be made of his own keys.
Moreover, the reception terminal external to the card must take on board software which contains the major part of the application, the card being principally used here only for storing keys and providing cryptographic calculations. The decision-making aspects of the application are localised and reserved for the terminal outside the smart card, which gives it a relatively limited responsibility.
For a smart card of the second type connected to the host platform such as a personal computer PC, the smart card is used in particular in secure electronic mail applications using an electronic signature and electronic mail message encryption. For this second type, the smart card stores public cryptographic keys as well as a private key and certificate intimately linked to the user owning the card and is used for his cryptographic calculations producing message signatures. The personal security data of the user in the card are again easily portable from one platform to another. The deployment of the public key infrastructure is thus facilitated.
As each encryption session key is decrypted by the smart card and supplied to the host platform, trust on the subsequent use of the encryption/decryption keys supplied by the card rests essentially on the host platform to which the card is connected in particular during decision-making and data encryption phases. The computer external to the card must also take on board the software containing the major part of the application, the card being used only for containing keys and providing cryptographic calculations. The decision-making aspects of the application are again localised and reserved for the outside world, that is to say for the computer external to the smart card.
For the previous two types of smart card, a smart card is comparable to a portable safe which can be opened through the knowledge of a combination, such as authentication of its holder/user by PIN identification code for example, which allows generation of a new session key by the card which is then supplied to the host platform. The trust then rests partly on the platform receiving the smart card.
Moreover, within the context of a large number of terminals providing connections to the global network, the previous two types of smart card are not satisfactory in terms of interoperability because of the security in particular implemented at application level and because of the applications which are most often proprietary.
The IPSec Internet security domain organised by the IETF authority defines an implementation of security means at the level of the network layer C3 of the OSI model. The RFC2401 comments “IPSec architecture” of the IETF authority recommend in particular a host implementation which can be an “OS Integration” implementation which is integrated with the operating system of the host platform, or a “Bump-In-The-Stack” (BITS) implementation which is inserted between the network layer C3 and the link layer C2.
One of the major drawbacks of the IPSec security means implementation lies in the deployment and management of the public key infrastructure which is relatively complex. By implementing the security at the level of the network layer C3, the notion of the user who is using the platform is lost, the network layer securing a network node but not the particular user. The security parameters are attached to a platform and are not portable to another platform.