Segmented key authentication by Jacques gascuel
This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
Segmented key authentication: an innovation by Jacques Gascuel to secure sensitive data
What is segmented key authentication?
Segmented key authentication is a technology that allows to protect sensitive data by using encryption keys that are stored on different supports. This technology was invented by Jacques Gascuel, a French inventor living in Andorra, and patented under the number FR3063365 in 05.04.2019.
The principle of segmented key authentication is to divide an encryption key into several segments that are distributed on physical or virtual supports. These supports can be smart cards, USB keys, smartphones, computers or cloud services. To access the encrypted data, it is necessary to gather all the segments of the key and combine them according to a specific algorithm.
The advantage of this technology is that it makes it very difficult to steal or compromise sensitive data, because it would require accessing all the supports that contain the segments of the key. Moreover, this technology allows to control the access to data according to the context, the location. For example, it is possible to define that some segments of the key are only available in a certain geographical area.
How does segmented key authentication work?
Segmented key authentication relies on a system composed of three main elements: a contactless device, an NFC device and a software.
The contactless device is a physical support that contains one or more segments of the encryption key. It can be a smart card, a USB key or another object with an electronic chip. This device is designed to work without battery, without maintenance and without cloud. It can be reset for the second-hand market.
The NFC device is a device that allows to communicate with the contactless device by radiofrequency. It can be a smartphone, a tablet or a computer equipped with an NFC antenna. This device provides the energy necessary for the operation of the contactless device and retrieves the segments of the key that it contains.
The software is an application that runs on the NFC device and that manages the segmented key authentication process. It allows to configure the parameters of the encryption key, such as the number and size of the segments, the combination algorithm, the access conditions or the actions to perform in case of failure. It also allows to encrypt and decrypt data using the key reconstituted from the segments.
What are the possible applications of segmented key authentication?
Segmented key authentication can be used to secure any type of sensitive data, whether personal, professional or confidential. It can also be used to protect access to systems or services that require strong authentication.
Among the possible applications, we can mention:
- Electronic safes: these are systems that allow to store sensitive data in a secure and encrypted space. Segmented key authentication can enhance the security of these systems by making it impossible to access data without having all the segments of the key.
- Alarm systems: these are systems that allow to detect and report an intrusion or an anomaly in a protected place. Segmented key authentication can improve the reliability of these systems by preventing disarming or hacking without having all the segments of the key.
- Financial transactions: these are operations that involve the transfer of money or goods between parties. Segmented key authentication can ensure security and traceability of these operations by requiring physical and simultaneous presence of parties to validate transaction.
The patents of segmented key authentication
The invention of segmented key authentication has been subject to several patent applications in different countries. The first patent granted is FR patent FR3063365, published in 2018. This patent describes segmented key authentication system, its elements, its functioning and its applications.
Other patent applications are pending or awaiting in other countries, including:
- French patent FR3063365, granted in 2019,
- European patent EP3586258 A1, published in 2020, which repeats same claims as US patent. It is under examination.
- Korean patent KR1020190120317 , published in 2019, which repeats same claims as US patent. It was granted in 2021.
- Chinese patent CN110402440, published in 2019, which repeats same claims as US patent. It is awaiting examination.
- Japanese patent JP2020508533 , published in 2019, which repeats same claims as US patent. It was granted in 2020.
- Algerian application 190460 , filed in 2019 with National Algerian Institute for Industrial Property (INAPI). It is not yet published or granted.
These patent applications are derived from international patent WO2018153274 A1, published in 2018, which is priority application for invention. This international patent was filed by Jacques Gascuel with World Intellectual Property Organization (WIPO) according to Patent Cooperation Treaty (PCT). It allows protecting invention in more than 150 countries members of PCT.
The differentiation of invention from prior art
The invention of segmented key authentication differs from other inventions in field of computer security by several aspects.
Firstly, it relies on original concept of segmenting an encryption key into several segments that are stored on different supports. This concept allows increasing security level of sensitive data by making it more difficult to steal or compromise complete key. Indeed, it would require accessing all supports that contain segments of key, which implies more material and software effort than with single key. For example, if key is segmented into four parts, one on smart card, one on USB key, one on smartphone and one on computer, it would require stealing or hacking these four supports to reconstitute key and access data. This scenario is much more complex and unlikely than with single key stored on single support.
Secondly, it allows controlling access to data according to context, location. Indeed, it is possible to define access conditions for each segment of key, such as geographical location, number of attempts etc. Thus, one can limit access to data certain situations or circumstances, which strengthens protection of data. For example, one can define that segment of key stored on smartphone is only available in radius of 10 km around owner’s home, or that segment of key stored on computer is only available between 9 am and 5 pm from Monday to Friday. These access conditions allow reducing risks of unauthorized access to data.
Thirdly, it uses a contactless device and an NFC device to communicate with main token that contains authentication datum. This contactless device is designed to work without battery, without maintenance and without cloud. It can be reset for second-hand market. The NFC device provides energy necessary for operation of contactless device and retrieves segments of key that it contains. The software that runs on NFC device manages segmented key authentication process. This configuration allows avoiding problems related to wear or loss of contactless device, as well as risks related to connection to cloud or wireless network.
The invention of segmented key authentication therefore presents several advantages over prior art, especially in terms of security, flexibility and ecology. These advantages have justified granting US patent US20210136579 B2 and derived patents in other countries.
To illustrate these advantages, one can compare invention of segmented key authentication with other similar inventions in field of computer security.
For example, US patent US8112066 B2 describes system for providing encrypted authentication datum from first device to second device. This system uses NFC device for transmitting encrypted authentication datum from first device to second device. However, this system does not segment encrypted authentication datum into several segments stored on different supports. Thus, if first device is stolen or hacked, encrypted authentication datum can be compromised.
For example, US patent US9942750B2 describes system for performing security operations on wireless devices based on proximity with another device. This system uses NFC device for establishing secure communication between two devices and for performing operations such as locking or unlocking first device. However, this system does not control access to data according to context, location. Thus, if two devices are close each other but in insecure environment, security operations may be ineffective or undesirable.
For example, CN patent CN110838917B describes system for authenticating user from QR code generated by server and displayed on screen. This system uses smartphone for scanning QR code and sending request to server for verifying user’s identity. However, this system uses connection to cloud or wireless network for communicating with server. Thus, if connection is interrupted or compromised, system may not work properly or be vulnerable attacks.
One can see that invention of segmented key authentication brings innovative and efficient solutions problems encountered by other inventions in field computer security.
A implementation of segmented key authentication based on trust criteria
Segmented key authentication can be implemented using trust criteria as segments encryption key. These trust criteria are data that characterize context location access sensitive data They can be stored on NFC device or external supports
For example one can use following trust criteria:
- Geolocation: this GPS coordinates NFC device main token One can define geographical area 50 cm 1110 km² which segment available
- BSSID: this identifier wireless network which NFC device main token connected One can define one more wireless networks authorized access segment
- Phone ID: this identification number mobile phone serves NFC device One can define one more mobile phones authorized access segment
- Password: this secret code user must enter access segment Password can be stored external support such smart card USB
- Barcode QR code: this graphic symbol contains coded information User must scan barcode QR code with camera phone access segment Barcode QR code can be printed external support such paper sticker
User can freely choose trust criteria he wants use constitute encryption key He can combine up nine trust criteria which can be cumulative horizontally or vertically
For example he can choose use:
- Part or whole segments first line (geolocation) and/or second line (BSSID) and all lines 3 4 5 (phone ID password barcode QR code) In this case segments are cumulative horizontally
- Part or whole segments first column (geolocation) and/or second column (BSSID) and all columns 3 4 5 (phone ID password barcode QR code) In this case segments are cumulative vertically
In both cases it necessary gather all chosen segments reconstitute encryption key access sensitive data If segment missing decryption not possible
According another implementation trust criteria are integrated encryption secret non modifiable Secret can be shared with other people who must respect same trust criteria access it
This implementation allows using segmented key authentication effective customizable way secure sensitive data according context location