WO2013164194A1 - Method of securing access to a data server - Google Patents

Description

 "Method of securing access to a data server"

The context of the invention is that of cryptographic methods and devices, in particular those for securing access to a data server.

State of the art

 There are known methods and devices for securing access to a data server, in particular of asymmetric type. The RSA algorithm and an implementation of this algorithm such as PGP are classic examples of such methods and devices.

 The methods according to the prior art have two main disadvantages: an important need for a computing resource and a certain slowness.

 The security of such methods relies in part on the process of registering a client or a guest, generating random numbers, which makes it impossible to replay the enrollment process.

 The invention aims to overcome all or part of the above disadvantages by providing a method and device for securing access to a data server, which are fast and provide a user with authentication and encryption features.

 The invention also aims to propose a method and a system for securing access to a data server, preventing an attacker from replaying a registration session with the data server.

 The invention also aims to provide a method and a system for securing the sending of messages by electronic mail implementing an encryption method according to the invention.

Presentation of the invention

At least one of the above-mentioned objectives is reached with a method of securing a connection to a data server, implementing a symmetric encryption Enigma type encryption machine, comprising a prior step of registering a client. user in said data server, characterized in that this registration step comprises: a user input of so-called input parameters,

a processing by the encryption machine of the input parameters to generate temporary parameters, comprising at least one random processing step and a generation of output parameters,

a determination of security data comprising an initial position of rotors and an encryption alphabet for said encryption machine, based on said temporary parameters,

said security data being recorded by said server and login credentials being transmitted to said client.

 Login credentials can be registered by the server.

Advantageously, the processing of the input parameters can comprise:

 a step of determining a configuration of an Enigma type machine,

a step of using the configuration to generate the security data from the connection identifiers and parameters.

 Advantageously, the connection of the client to the data server may be conditioned by an authentication step comprising:

 a step of entering and / or sending the security data to the server,

 a step of verification by the server of the security data received,

 an access authorization to the data server in the case where the verification step is conclusive.

 In a particular version, the method according to the invention may further comprise a step for downloading from the server on the client software implementing the encryption machine.

 Advantageously, the method according to the invention can include a step of creating a code conversion file on the server.

 In a particular version, the method according to the invention may further comprise a step for registering a guest user by an already registered customer.

Advantageously, the method according to the invention can be implemented for a file by a client files on the server operated as a safe. In a particular version, the method according to the invention can be implemented for a communication between a client and a guest, by joint use of the server, an electronic mail and the encryption machine.

 Advantageously, the method according to the invention can be implemented in a state machine of a communication between a client and a guest.

 Advantageously, the method according to the invention may comprise a setting up on the server of a token indicating the state of the communication between the client and the guest, the token only existing once the communication initiated.

Detailed description of the invention

 Other advantages and features of the invention will appear on reading the detailed description of implementations and a non-limiting embodiment, and the following appended drawings:

 FIG. 1 illustrates the conventional implementation of an Enigma machine,

FIG. 2 is a diagram of the inputs and outputs of a method for determining an encryption alphabet and an initial position of the rotors according to the invention,

 FIG. 3 specifies a method for determining an encryption alphabet according to the invention,

 FIG. 4 specifies a method for determining an initial position of the rotors according to the invention,

 FIG. 5a illustrates the possible state changes of the client state machine and their meanings for the customer, and

 Figure 5b illustrates the possible state changes of the guest state machine and their meanings for the guest.

In the figures, an element appearing in several figures retains the same reference.

FIG. 1 illustrates the conventional use of an Enigma 100 machine. The use of a machine such as machine 100 requires initializing it in a precise configuration. This configuration is here entirely determined by an encryption alphabet 102 and the initial position of rotors 104. Once this configuration is determined, a text to be encrypted 106 can actually be encrypted by the machine 100 to generate an encrypted text 108. The decryption of the encrypted text is done by repositioning the Enigma machine according to the precise configuration. The decryption of the encrypted text 108 is obtained by encryption of the encrypted text 108. The decryption of the encrypted text 108 leads to the text to be encrypted 106. Indeed, the Enigma machine is a symmetric encryption method.

An Enigma machine with 5 rotors with 26 positions and an alphabet of 78 characters, the number of possible configurations is 26 ⁵ * 78 !, that is more than 1.34 * 10 ¹²² configurations. Enigma encryption is therefore safe when the transmission of the chosen configuration for encryption is safe.

 In the exemplary embodiment described hereinafter, a method of computer use of an Enigma machine with five rotors and 78 characters is implemented. It is well understood that these choices are given only as an example.

In the remainder of this talk, a key designates a set of five characters selected from the set A-Z.

 To a key are associated 5 numbers that define it, all between 0 and 25 and vice versa, according to the following correspondence: the first number corresponds to the position in the alphabet of the first character. At five numbers all between 0 and 25 is also associated with one and only one key.

For example, the key associated with numbers (6,13,2,8,0) is GNCIA and vice versa.

 According to the invention, a so-called simple encryption of a text by a key consists of an encryption obtained by shifting each letter of the text by a number of letters equal to twice the sum of the five numbers associated with the key, modulo 26.

 By way of example, the result of the encryption by the GNCIA key of the SECRET text is YKIXKZ. Indeed,

 the numbers associated with the GNCIA key are (6,13,2,8,0),

 - double the sum of the numbers associated with the key, modulo 26, is 6,

- the offset of the letter S (18) results in the letter Y (24) and so on for the letters E (4), C (2), R (17), E (4), T (19) which are enciphered by the letters K (10), I (8), X (23), K (10), Z (25). Method of determining an encryption alphabet 102 and method of determining an initial position of the rotors 104.

Method of determining an encryption alphabet 102

FIG. 2 illustrates the use of a method according to the invention for determining such an encryption alphabet 102 among the 78! possible as well as a position of the rotors among the possible 26 ⁵ .

 This method requires the choice by a user of a key 202, as well as three numbers ni, n2 and n3, respectively referenced 204, 206 and 208. Moreover, the method also requires the use of a file 210 called an , which will be described later.

 More precisely, this process according to the invention can be decomposed into two sub-processes 212 and 214.

 The subprocess 212 has for inputs the numbers n2 and n3 as well as the file An and output the encryption alphabet 102.

 The subprocess 214 has for inputs the key, the number ni and the value ValSer and for output the position of the rotors 104.

FIG. 3 illustrates the subprocess 212 for determining the encryption alphabet 102 from the numbers n2, n3 as well as from the file An.

 The number n2 entered by the user is transformed during step A (0.77), 302, into a random number 304, called NbChoice, between 0 and 77. Then, a step 306, determines one of the 78 pre-generated alphabets from NbChoice. These alphabets are generated by successive circular offsets. We thus obtain the choice of a first temporary alphabet C1.

 The third number n3 is transformed during step A (9, 39), 308, into a random number 310, called Chgt, between 9 and 39. A step T5 is then performed. It has for entry the first temporary alphabet cl as well as the number Chgt. This step T5 outputs a second temporary alphabet C2.

 Random numbers 304 and 310 are also temporary parameters generated during the registration step.

In a first part of step T5, the first block of characters Chgt of the first temporary alphabet is permuted with the last block of characters Chgt of the first temporary alphabet. If it exists, the second Chgt block characters of the first temporary alphabet is then swapped with the next to last block of Chgt characters from the second temporary alphabet. The same operation is repeated with the third block of characters Chgt if it is permuted with the third block of Chgt, and this is done as far as possible. In the second part of step T5, a rotation of t characters is applied to the alphabet resulting from the treatment just described. The value t is equal to the value NbChoix, raised to the power 4, module 78. The alphabet resulting from this last processing is the second temporary alphabet C2.

 A step T6, 316, is then performed. It has as input the second temporary alphabet C2, 316, and an An file, 210. This step T6 has output of the encryption alphabet.

 The file An is a connection file. This file contains 10 lines. Each row is an array of integers from 0 to 77. This table contains 78 integers. It indicates the permutations to be performed on the second temporary alphabet C2 to obtain the encryption alphabet. Each line corresponds to the last digit of the customer's registration year. Thus, the third line is used for the year 2012.

 The direct knowledge of the NbChoix and Chgt values as well as the An file thus allows the precise determination of an encryption alphabet.

Method for determining an initial position of the rotors 104

 FIG. 4 illustrates the sub-method 214 for determining the initial position of the rotors 104 from a key 202, and the number ni 204.

 The key 202 is encrypted during the step 402 by the simple encryption of the key 202 by itself. By way of example, the result of step 402 for a key 202 is UBQWO is an encrypted key 404 equal to KRGME. Indeed, the encryption by the key 202 consists of a shift of 16 notches modulo 26.

 The encrypted key 404 is then associated in step T1, 406 with the five numbers 408 defining it, here denoted by (a, b, c, d, e). By way of example, when the encrypted key 404 is KRGME, the transformation T1 results in the numbers (a = 10, b = 17, c = 6, d = 12, e = 4).

The first number entered by the user is transformed in step A (1,16), 410, into a random number x, 412, between 1 and 16. The number x is used in step T2, 414, to generate five new numbers. The result of the transformation is obtained in step 416 and is a number called y. The T2 transformation is performed as follows:

 the number x is added to the number a, modulo 26,

 the number x + 1 is added to the number b, modulo 26,

 the number x + 2 is added to the number c, modulo 26,

 the number x + 3 is added to the number d, modulo 26, and

 the number x + 4 is added to the number e, modulo 26.

By way of example, when x = 6, this second transformation results in 416 the five numbers y (16,24, 14,21, 14). These numbers define the initial position 104 of the rotors of the Enigma machine. The right-hand rotor is placed i4 ^th position, to the left in 21 ^th position, one to the left of the previous in i4 ^th position, one to the left of the previous ^24-th position, and the leftmost 16 ^th position .

Moreover, during step T, 418, the number x is transformed into a set of 8 characters, called random, obtained in step 420. This transformation implements a table of correspondence between the number x and the hazard. A number x corresponds to one and only one hazard. For example, at x = 6, a lookup table matches the SIXUNSIX characters.

 The hazard is encrypted according to the following method:

 . the letters SIXUNSIX correspond to the number 18 8 23 20 13 18 8 23;

 . the encryption by the key 202 UBQWO of the alea consists, as has been seen above, in a shift of 16 notches modulo 26, which corresponds to the numbers 8 24 13 10 3 8 24 13;

 . the encrypted hazard is: IYN KDIYN.

In addition, FIG. 4 illustrates a step A (0, 99), 422, during which a random number ValSer, 424, is generated between 0 and 99.

The key 202 and the value ValSer 424 are used during the step T3, 426, to generate a code, 428 according to the following method: calculating a number z corresponding to the key 202 by determining the five numbers (m0, ml, m2, m3, m4) associated with the key 202 then z = mo * 26 ⁰ + m ₁ * 26 ¹ + m ₂ * 26 ² + rTi3 * 26 ³ + rTi4 * 26 ⁴ .

 By way of example and when the key is UBQWO, the five numbers associated with the key UBQWO are (20,1,16,22,14) and:

13 * 26 ^Λ 1 + 2 * 26 ^Λ 2 + 8 * 26 ^Λ 3 + 0 * 26 ^/ = 6795198

 a value called Pdf, dependent on z, is determined according to the following algorithm:

 index = 4;

If (z> 10 ^A index)

TantQue (z> 10 ^A index):

 lndice ++;

 End TantQue

 index: = index-1;

Pdf: = 10 ^A index;

 End if

 If not

TantQue (z <10 ^A index)

 Index-- ;

 End TantQue

Pdf: = 10 ^A index;

 End Otherwise

 The index value is here: index = 6

 The Pdf value is here: Pdf = 1000000

 - we apply the following algorithm to the number z

If (2 * 10 ^A 6 <Z <3 * 10 ^A 6) pdf * = 2;

If (z-pdf <= pdf) THEN z: = d-10 ^{(index _1)} -ValSer; End if

 Otherwise z: = z-pdf-ValSer; End Otherwise

 In the example given, for the key 202 equal to UBQWO and a value 242, ValSer equal to 7, the code 428 obtained is: 5795191.

 The alea value 420 and the code 428 are output parameters generated during the registration step.

Creating a code conversion file on the server It is created on the server a file comprising 26 ^Λ 5 lines filled in according to a method now described:

For all 5-tuples (a, b, c, d, e) where a, b, c, d, e are numbers between 0 and 25, calculate p = a * 26 ^ 0 + b * 26 ^ 1 + c * 26 ^ 2 + d * 26 ^ 3 + e * 26 ^/ and enter in the p + 1 th column row the numbers a, b, c, d, e.

 Thus, knowing the number 6795198, the reading of the 6795199 th line leads to the knowledge of the 5-tuple (20,1,16,22, 14).

 Of course, these tuples can be stored in a database traversed using a B + tree, rather than written to a file. In the rest of the presentation, reference will be made to a file, called a conversion file.

Registration method and method for authenticating a client or a guest on a data server terminal II will now be exposed a method for registering and authenticating access to data located on a server . This method of registration and authentication of a client or a user according to the invention implements a previously described method for determining an encryption alphabet 102 and a method according to the invention for determining an initial position of the rotors. 104.

 The registration method of a user according to the invention distinguishes a user, said client, a user, said guest, who is a guest user by at least one customer. According to the invention, any person can become a client user. To become a guest user of a client user according to the invention, the client user must invite the person wishing to be the guest user.

 As a result, the registration procedures of a client user and a guest user are different. How to register and authenticate a client on a data server

Customer registration process

When a user wishes to register with the server, a form is displayed on the screen of the user terminal and the user is asked to enter an email address and a password. The user is also asked to enter a sequence of five characters, called Key, consisting of letters selected from the set A-Z. The user is also asked to choose three numbers n1, n2 and n3 between 1 and 10.

 The server implements a method for determining an encryption alphabet 102 according to the invention. The values n2, 206, and n3, 208, of the determination sub-process 212 of an encryption alphabet 102 according to the invention are the numbers n2 and n3 entered by the user. The An 210 file is a pre-established connection file known only to the server terminal. Thus, decryption is impossible without the knowledge of this file, which in fact authenticates the server terminal when the decryption is correct. NbChoix 304 and Chgt 310 values are generated by the server during the implementation of this subprocess 212 for determining an encryption alphabet.

 The server implements a method for determining the initial position of the rotors 104 according to the invention. The value ni, 204, of the determination sub-process 214 of an initial position of the rotors 104 according to the invention is the number not grasped by the user. The key 202 of this subprocess 214 is the key entered by the user. ValSer value 424 is generated in step 422 by the server. This ValSer value can also be read from an acquisition card connected to the server terminal. A new ValSer value is generated at each registration. The values alea 420 and code 428 are generated by the server during the implementation of this subprocess 214 for determining an initial position of the rotors.

Once the final encryption alphabet and the initial position of the determined rotors, the Enigma machine 100 is set in an encryption configuration. In this encryption configuration, the server terminal encrypts the user's email.

In addition, information about the new client is stored in a client table of a database at the server level. This information includes a client identifier, the primary key of the database client table. Other information recorded about the new customer is the ValSer values, the email (unencrypted) as well as the customer's registration year. The customer is informed of the values of the code corresponding to the key, ie 428, encrypted randomness, password and customer identifier.

 The server terminal also registers for each client three files named JeuCle, Config, Phrase.

 The JeuCle file includes the ValSer value.

 The Config file contains the values Chgt, NbChoix, and password (unencrypted).

 The Phrase file contains the result of the encryption of the email.

 The password and the customer ID are exit parameters from the registration step of a customer.

 Three small files ("cookies") are also deposited on the client's terminal.

Authenticating a client

 Once registered, a customer user knows his code, encrypted random, password and login. In addition, the three files ("cookies") described above are stored in his terminal.

 When a user wishes to connect to the terminal server, he fills out an authentication form in which he enters his code, encrypted alea, password, and his identifier.

 Then, the server retrieves the three cookies deposited on the client terminal to find the three files JeuCle, Config, and Phrase, relating to the client, which he recorded on the server terminal during the registration of the

Customer.

 A first comparison is made between the password contained in the Config file and the one entered in the form.

Determining the Encryption Alphabet 102

The values Chgt and NbChoice from the Config file are used by the server to determine the alphabet Cl 306, then the alphabet C2 314. The knowledge by the server of the file An as well as the date of registration of the customer registered in the client table and associated with the client identifier, allows the server to implement step T6 316 the definitive alphabet. The definitive alphabet can only be validly determined by the server on which the client is registered. Determination of the initial position of the rotors 104

 The knowledge of the value ValSer present in the JeuCle file as well as that of the code entered in the form leads to the determination of the key 202. The following method is used:

 - adding code and ValSer value. When the code entered by the customer in the form is 5795191 and the ValSer value is 7:

 - the code entered added to the ValSer value to obtain a temporary value: 1 = 5795198

 a value called Pdf2, dependent on I, is determined according to the following algorithm:

 index2 = 4;

 If (l> 10 index2)

TantQue (l> 10 ^A index2):

 Index2 ++;

 End TantQue

 Index2: = index2-l;

Pdf2: = 10 ^A index2;

 End if

 If not

TantQue (l <10 ^A index2)

 Index2-;

 End TantQue

Pdf: = 10 ^A index2;

 End Otherwise

 The index2 value is here: index = 6

 The Pdf value is here: Pdf2 = 1000000

- If (2 * 10 ^A 6 <l <3 * 10 ^A 6) pdf * = 2;

if l-pdf2 <= pdf2 then I = | + io ^{index2 "1} else I = l + pdf2.

 Here the condition I = pdf2 <= pdf2 is not checked and 1 = 6795198

The previously constructed code conversion file is then used. This file associates directly with line 6795199 the five numbers (20, 1, 16, 22, 14) associated with the characters UBQWO.

The server thus knows the key 202. Knowing the encrypted hazard entered by the user, for example IYN KDIYN and the key 202, for example UBQWO, the server can decrypt the encrypted randomness to obtain the hazard 420. It has been seen above that the encryption by the UBQWO key consisted of a 6-letter offset. Thus decryption of IYN KDIYN encrypted randomness results in SIXUNSIX.

 The knowledge of the hazard 420 and the file to reverse the T 418 step described above leads the server to the knowledge of the value 412 x. For example, the value x associated with the SIXUNSIX randomness is 6.

 Knowing the key 202 and the value x 412, the server can implement the steps 402, 406 and 414 and thus find the value 416 y. The value 416 defines the initial position 104 of the rotors as previously described.

 Decryption and authentication

 The server terminal then decrypts the contents of the Phrase file and compares the result of this decryption to the corresponding Vemail in the client table to the identifier identifier. When this comparison is conclusive, the user is authenticated.

Method for registering and authenticating a guest on a data server

Guest registration process

 To allow a guest to register with the server terminal, a previously registered customer authenticates with the server terminal.

 Once authenticated, the client creates a guest by typing into a form his email address and the name of the guest. The nickname is then the concatenation of the name of the guest with the customer ID.

 The customer sends his guest his pseudonym via another communication channel than the internet messenger.

 To register with the server, the guest will proceed to the steps described in the registration part of a client except for one piece of information: the password information is replaced by that of the pseudonym assigned by the customer.

To create a pirate guest account, you must know the email address and the pseudonym entered by the customer. Guest Authentication

 The guest proceeds in the same manner as a client to authenticate to the terminal server except for the password that is replaced by its alias.

Thus, the security of the system relies in part on the process of registering a client or a guest, generating random numbers, which makes it impossible to replay the enrollment process.

 Moreover, the deposit of small files ("cookies") on the client terminal or guest makes vain the interception of the data generated by the server and sent to the client because it is not possible to authenticate without these files being on the client or guest terminal.

 Finally, the use of the file An, only known to the server after registration, provides authentication of the terminal server when the client authenticates with the terminal server.

Functionalities of the implementation of the server according to the invention

Access to a safe.

 Once authenticated, a client can save files to the server. These files will be searchable only by himself and his guests. The client can also delete his files. The invention thus makes it possible to ensure the authentication of the client to the safe that is the server and which contains the files of the client.

Secure communication of a client with a guest

 Furthermore, the invention also allows a client to communicate with a guest in a secure manner.

 The communication of a client with a guest is through the joint use of the server according to the invention and the electronic mail and an encryption machine according to the invention.

Description of an encryption machine according to the invention

An encryption machine according to the invention is software provided with its documentation and a code conversion file as defined above. The software of the encryption machine according to the invention allows message encryption and decryption by means of an Enigma machine with 5 rotors and using an alphabet of 78 characters. As has been seen above, the determination of the initial position of the rotors for each text to be encrypted depends on:

 of the key 202 and the number ni 204, chosen by a user for each encryption,

 a user-specific ValSer value 424 that is determined during the user registration process and remains the same for all subsequent ciphers.

 The determination of the encryption alphabet for each text depends on:

 n2 and n3 values, chosen by the user for each encryption,

 - An 210 file specific to the user and remains the same for all subsequent ciphers.

As has been seen above, the determination of the initial position of the rotors used for the encryption of the text results from:

 the knowledge of the code 428 and the encrypted randomness present in the file Config and generated with each encryption, and

 - knowledge of the ValSer value specific to the person who encrypted the text and which remains the same for all subsequent ciphers as well as the code conversion file.

 As has been seen above, the determination of the alphabet used for the encryption of the text results from:

 - the knowledge of Chgt and NbChoice determined during the encryption,

 - as well as knowledge of the file An.

State machine for communication between a client and a guest

 The customer is the person who initiates the communication.

For each client / guest pair, a token is placed on the server indicating the state of the communication between the client and the guest. This token exists only once the communication initiated. When a communication has been initiated, this token can then take three values: j = 0, j = 1 and j = 2.

 Figure 5a and 5b illustrate the possible values of the token and their meanings:

 when the token is j = 0, it is an end of communication,

 when the token is j = 1, the guest has received a message from the client, and

 when the token is j = 2, the client has received a message from the guest in response to his previously sent message. The communication between client and guest is concurrent. To do this, there are two state machines: one for the client and one for the guest. These two machines indicate the state of the communication between the client and the guest.

Figure 5a illustrates the possible state changes (circles E1 and E2) of the client state machine and their meanings to the client.

 The state E0 represents the moment at which the customer wishes to initiate a communication. A test, represented by the diamond Test on the figure, of the value of the token is then carried out:

 when the value of the token is j = 0, the state machine of the client goes to the state El,

 when the value of the token is j = 1, the state machine of the client returns to the state E0, and

 when the value of the token is j = 2, the customer's communication state machine goes to the E2 state.

 In the state El, the customer can send a message to his guest:

 if it has not already downloaded it, the client authenticates with the server, downloads an encryption machine according to the invention, as well as its An and ValSer files,

the client encrypts a message using his encryption machine according to the invention, authenticates if necessary again on the server and provides the guest with the Config file generated by the encryption of his message, the token is then set to 1 and the customer's state machine goes to the E0 state. the client sends, by electronic mail, the result of the encryption of his message which is generated by the encryption machine according to the invention as well as his code, his password and his alea.

 In state E2, the client received a response from the guest after sending his first message.

 - the client authenticates with the server and downloads the Config file made available by the guest after a response message encryption generated by the guest. The token is then set to j = 0 and the client state machine goes to the E0 state.

 the client uses the encryption machine according to the invention to decrypt the encrypted message received from the guest by electronic mail. Figure 5b illustrates the possible state changes (circles E1, E2 and

E3) of the guest state machine and their meanings for the guest.

 The state E0 represents the moment when the guest consults his mailbox on the server. A test, represented by the diamond Test on the figure, of the value of the token is then carried out:

when the value of the token is j = 1, the state machine of the guest goes to the state El,

 - when the value of the token is j = 0, the guest has received a message from the client. A test, represented by the diamond A in the figure is then made, and

when the value of the token is j = 2, the guest's communication state machine returns to the state E0.

 During test A, the guest chooses to answer the client's message or not. If it chooses not to answer, the guest's communication state machine returns to the E0 state. If it chooses to respond, the guest's communication state machine goes to state E2.

 In the El state, the guest has received a message from the client:

- if it has not already downloaded, the guest authenticates with the server, downloads an encryption machine according to the invention, and the file ValSer and An made available by the client, the guest decrypts the message by also using the encrypted codes and random numbers provided by the customer and received by electronic mail using his encryption machine according to the invention, authenticates if necessary again on the server and downloads the file Config made available by the customer. The token is then set to 0. The guest state machine goes to the E0 state.

 the client sends, by electronic mail, the result of the encryption of his message which is generated by the encryption machine according to the invention as well as his code, his password and his alea.

 In state E2, the guest sends a message in response to that received from the client

the guest encrypts a message using the encryption machine according to the invention, authenticates if necessary again on the server and makes available to the client the Config file generated by the encryption of his message, the token is then set to 2 and the guest state machine goes to the E0 state.

 the guest sends by electronic mail the result of the encryption of his message which is generated by the encryption machine according to the invention as well as its code, its password and its alea.

Thus, the method according to the invention performs both authentication and data encryption. Moreover, the deposit of small files ("cookies") on the client terminal or guest makes vain the interception of the data generated by the server and sent to the client because it is not possible to authenticate without these files being on the client or guest terminal. It is therefore not possible subsequently to use the vault functions or to download an encryption machine according to the invention thereafter.

 Finally, the use of the file An, known only to the server after registration, provides authentication of the terminal server when the client authenticates with the terminal server

Of course, the invention is not limited to the examples that have just been described and many adjustments can be made to these examples without departing from the scope of the invention.

Claims

claims A method of securing a connection to a data server, implementing a symmetric encryption Enigma type encryption machine, comprising a prior step of registering a user client with said data server, characterized in that that this registration step includes:  a user input of so-called input parameters (202, 204, 206, 208) a processing by the encryption machine of the input parameters to generate temporary parameters (304, 310), comprising at least one random processing step and an output parameter generation (420, 428),  a security data determination comprising an initial position of rotors (104) and an encryption alphabet (102) for said encryption machine, from said temporary parameters, said security data being recorded by said server and identifiers connection being transmitted to said client. Method according to claim 1, characterized in that the processing of the input parameters comprises:  a step of determining a configuration of an Enigma type machine,  a step of using said configuration to generate the security data from said connection identifiers and parameters. 3. Method according to one of claims 1 or 2, characterized in that the connection of the client to the data server is conditioned by an authentication step comprising:  a step of inputting and / or sending to said server the security data, a step of verification by said server of said received security data, an access authorization to the data server in the case where the verification step is conclusive. 4. Method according to any one of the preceding claims, characterized in that it further comprises a step for downloading from the server on the client software implementing the encryption machine. 5. Method according to any one of the preceding claims, characterized in that it comprises a step of creating a code conversion file on the server. 6. Method according to any one of the preceding claims, characterized in that it further comprises a step for registering a guest user by a customer already registered. 7. Method according to any one of the preceding claims, characterized in that it is implemented for a file by a client files on the server operated as a safe. 8. Method according to any one of the preceding claims, characterized in that it is implemented for a communication between a client and a guest, by joint use of the server, an electronic mail and the encryption machine. 9. Method according to claim 8, characterized in that it is implemented in a state machine of a communication between a client and a guest. 10. Method according to claim 9, characterized in that it comprises an implementation on the server of a token (j) indicating the state of the communication between the client and the guest, said token existing only once communication is initiated.