PROCEDE ET DISPOSITIF DE SECURISATION DE L'ACCES ET DES TRANSFERTS DE DONNEES DANS UN SYSTEME INFORMATIQUE

摘要

The invention concerns a method for making secure data access and transfers in a computer system comprising at least a host and a peripheral provided with a smart card interface enabling access to the computer system while it is in use by means of smart cards. The invention also concerns a device for implementing the method. The invention is characterised in that it consists in: storing in the smart card(s) and in the host a secret key, said secret key being identical in the host and in the authorised smart cards; and during use sessions, in creating in the smart card and in the host a local session key by identical encryption of a random number using the secret key. When data are being transferred between the peripheral and the host, the method consists in: encrypting the data to be transferred by encryption means using the local session key; decrypting the transferred data symmetrically with encryption means using the other local session key; such that the transferred data are intelligible only if the same secret key is present in the host and in the smart card. The invention is applicable to a security system for authorisation and authentication.