Search

EP-4736035-A1 - METHOD FOR SECURELY VERIFYING A PASSWORD DEDICATED TO A CLIENT APPLICATION ON A CLIENT DEVICE

EP4736035A1EP 4736035 A1EP4736035 A1EP 4736035A1EP-4736035-A1

Abstract

The present invention relates to a method for securely verifying a candidate password value derived from user credentials against a reference password value dedicated to a client application on a client device storing a try counter, said method being performed by the client application of the client device, said client device comprising : a secure hardware component storing a current cryptographic key pair comprising a current public cryptographic key and a current private cryptographic key specific to the client device, a first application memory storing a current try counter value of said try counter, and a second application memory storing a current signature of a try counter value with a private cryptographic key of a cryptographic key pair, and said method comprising : - a) verifying (S1) the current try counter value stored in the first application memory and, - b) verifying (S2) that the current signature stored in the second application memory of the client device is a valid signature of the current try counter value stored in the first application memory using the current public cryptographic key of the current cryptographic key pair stored in said secure hardware component, - c) when the verifications of the current signature and of the value of the try counter are successful: • generating (S31) a new current cryptographic key pair, • updating (S32) said current try counter value, • generating (S33) a new current signature of the updated current try counter value with the generated new current private cryptographic key of the generated new current cryptographic key pair, - d) verifying (S4) the candidate password value against said reference password value.

Inventors

  • FOESSER, CHRISTOPHE

Assignees

  • THALES DIS FRANCE SAS

Dates

Publication Date
20260506
Application Date
20240613

Claims (9)

  1. 1 . A method for securely verifying a candidate password value derived from a user credentials against a reference password value dedicated to a client application on a client device (100) storing a try counter expressing a remaining number of authorized password verification attempts, said method being performed by the client application of the client device, said client device comprising : ■ a secure hardware component (110) storing a current cryptographic key pair comprising a current public cryptographic key and a current private cryptographic key specific to the client device, ■ a first application memory (108) storing a current try counter value of said try counter, ■ a second application memory (109) storing a current signature of a try counter value with a private cryptographic key of a cryptographic key pair, and said method comprising : - a) verifying (S1) the current try counter value stored in the first application memory (108) and, - b) verifying (S2) that the current signature stored in the second application memory of the client device (109) is a valid signature of the current try counter value stored in the first application memory (108) using the current public cryptographic key of the current cryptographic key pair stored in said secure hardware component (110), - c) when the verifications of the current signature and of the value of the try counter are successful: • generating (S31 ) a new current cryptographic key pair comprising a new current public cryptographic key and a new current private cryptographic key associated to the client device and replacing the current cryptographic key pair by the generated new current cryptographic key pair in the secure hardware component (110), • updating (S32) said current try counter value in the first application memory (108), • generating (S33) a new current signature of the updated current try counter value with the generated new current private cryptographic key of the generated new current cryptographic key pair and replacing the current signature by the generated new current signature in the second application memory (109), - d) verifying (S4) the candidate password value against said reference password value.
  2. 2. The method of claim 1 , comprising: when the verification of the candidate password value is successful: resetting the try counter value in the first application memory (108) to a default try counter value and updating the signature in the second application memory (109) to a signature of the default try counter value with the current private cryptographic key stored in the secure hardware component (S5).
  3. 3. The method of claim 1 or 2, wherein the cryptographic key pairs are Elliptic-curve cryptographic key pairs.
  4. 4. The method of any one of claims 1 to 3, comprising an authentication step using biometric credentials and comprising when said authentication step fails, performing the steps a), b), c), d) as a secure backup solution.
  5. 5. The method of any one of claims 1 to 4, wherein generating a new current cryptographic key pair (S31 ) for storing in the secure hardware component (110) of a client device (100) owned by a user comprises previously an authentication of the user with biometric credentials.
  6. 6. The method of any one of claims 1 to 5, wherein the generated new current cryptographic key pair is stored in the secure hardware component of the client device of a user after having been encrypted using a biometric encryption algorithm and the current private or public cryptographic key is decrypted using a biometric decryption algorithm prior to any subsequent use.
  7. 7. A computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps of any one of claims 1 to 6, when said product is run on the computer.
  8. 8. A client device (100) comprising : ■ a secure hardware component (110) storing a current cryptographic key pair comprising a current public cryptographic key and a current private cryptographic key specific to the client device, ■ a first application memory (108) storing a current try counter value, ■ a second application memory (109) storing a current signature of a try counter value with a private cryptographic key of a cryptographic key pair, and configured for performing the steps of any one of claims 1 to 6.
  9. 9. The client device of claim 8, wherein said secure hardware component (110) is among a Secure Enclave, a Trusted Execution Environment, a Secure Element, an embedded Secure Element, an integrated Secure Element or a Hardware Security Module.

Description

METHOD FOR SECURELY VERIFYING A PASSWORD DEDICATED TO A CLIENT APPLICATION ON A CLIENT DEVICE FIELD OF THE INVENTION The present invention relates to the field of user authentication, and of associated cryptographic devices, and more particularly to a method for verifying a password which is protected against tampering of the try counter. BACKGROUND OF THE INVENTION Users of digital devices or resources are commonly required to authenticate in order to unlock the device or service they wish to use. A widespread way of performing such an authentication is to input a password, which is supposed to be known only to the user trying to authenticate. Passwords such as PIN codes are for example still often used on mobile phones for unlocking the device itself or the SIM card of the device. Another way may be to provide biometric credentials from which a password may be derived. Some applications running on a device such as a smartphone may also require the user to enter a dedicated password, called applicative password, to enable the user to run the application. The verification process of such applicative passwords may be subject to various attacks, especially when the password inputted by the user is checked locally on the mobile device. Indeed, the verification process is purely software, and all the important assets of the password verification process (the password, the try counter... ) are stored on the mobile device and managed by the application itself. Therefore, the verification process does not benefit from any security feature brought by hardware components or by the operating system. The verification processed may be bypassed by an attacker if he manages to alter the application code or to get access to the assets managed by the application. As an example, an attacker may analyze the application code to understand the verification process and locate in memory the location of the password, the try counter or of the verification process result. The attacker may then either modify the code itself or the verification process result to directly bypass the verification process. He may also directly gain knowledge of the password. He may modify the try counter to be entitled an unlimited number of tries. After each try, the attacker may for example restore a previous value of the application memory storing the try counter, such that it never goes down to zero, which opens the way for a brute force attack on the password by repeatedly trying password values until the correct one is entered. Some existing protections may be put in place in order to reduce the likelihood of such attacks, such as obfuscation of the verification process code in the application code, or detection of dynamic analysis tools used by the attacker. But such protections do not prevent attacks on the verification process such as the brute force attack described above. They only slow down the attacker. Consequently, there is a need for a secure verification method of a password which is truly protected against tampering of the try counter and therefore prevents an attacker from performing a brute force attack against the password. SUMMARY OF THE INVENTION For this purpose and according to a first aspect, this invention therefore relates to a method for securely verifying a candidate password value derived from user credentials against a reference password value dedicated to a client application on a client device storing a try counter expressing a remaining number of authorized password verification attempts, said method being performed by the client application of the client device, said client device comprising : ■ a secure hardware component storing a current cryptographic key pair comprising a current public cryptographic key and a current private cryptographic key specific to the client device, ■ a first application memory storing a current try counter value of said try counter, ■ a second application memory storing a current signature of a try counter value with a private cryptographic key of a cryptographic key pair, and said method comprising : - a) verifying the current try counter value stored in the first application memory and, - b) verifying that the current signature stored in the second application memory of the client device is a valid signature of the current try counter value stored in the first application memory using the current public cryptographic key of the current cryptographic key pair stored in said secure hardware component, - c) when the verifications of the current signature and of the value of the try counter are successful: • generating a new current cryptographic key pair comprising a new current public cryptographic key and a new current private cryptographic key associated to the client device and replacing the current cryptographic key pair by the generated new current cryptographic key pair in the secure hardware component, • updating said current try counter value in the first application memory,