DESCRIPTION Technical Field

The invention relates to a method which provides transferring the messages formed safely to the opposite user over the smart cards. The invention especially relates to an encrypted messaging method which provides transferring the session-based key to the opposite user safely using the RSA based asymmetric cryptography method even on the unsecured networks over the smart cards used in the mobile devices.

State of the Art

Smart card is a plastic card which comprises therein a processor and/or a memory unit, and can have a process power required for different applications upon matching with a reader. Thanks to being capable of providing controlled access, it provides the personal or commercial information to be seen by the relevant persons. Data transmission is a technology which is being diversified and used more commonly day by day due to the safety of the data being transferred and the ease of transferring. Today, depending on the use of the mobile devices, access over the unsecured networks becomes widespread. Accordingly, obtaining the communication content is facilitated. This gives rise to the safe communication need. Although the use of the smart card in the mobile devices has not become widespread yet, it can be used in the security applications. In the state of the art, the message communication between the users is achieved by encrypting each message with the asymmetric cryptography methods. However, this method brings about the performance problems. In addition, the known intervention methods such as certificate attempts cause the content of the communication between the persons to be obtained. The keys used in the asymmetric cryptography can be stored by the devices or presented in the certificates signed by the authorized institutions. However, the fact that someone else can act as the real user or that the certificate or source certificates can be replaced in the devices or similar attempts can be made with the certificate attempts bring about the requirement to keep the public keys in safer environments.

In case the users communicate directly, the user learn the IP addresses of each other (Internet Protocol Address), which results in security gaps. The application No. WO200904180 encountered as a result of the technical researches relates to instant and safe messaging. In the method mentioned in the document, smart cards are utilized for authorizing the clients in the server. Thus, the users available in the clients on the server are confirmed. The messages of the users authorized over the TLS (Transport Layer Security) are first received by the server and then transmitted to the user authorized again over the TLS. As a result of this, the server can look at the content of the messages. However, authorization of the clients on the server is not mentioned in said application. The system comprises the signaling activities required for sending the messages by encrypting in a way to provide only the end users to see the content of the messages there between after the clients are confirmed to the server in any way. Moreover, the fact that confirmation of the server is based on the control of the certificate during TLS in the method presented in the patent No. WO200904180 creates an environment open to the certificate attempts and a risk of obtaining the content of the message by means of a false server. As seen, said system is related to an end-to-end safe messaging, however; an embodiment which will solve the aforementioned disadvantages is not mentioned.

Another application, the patent No. CN101330685 encountered as a result of the technical researches relates to forwarding encrypted short message using the smart card technology independently of the SIM card. In said method of the document, encrypting the content of the short message by formulating is disclosed. Said embodiment does not have the novelty aiming to solve the aforementioned performance problems or other drawbacks.

To conclude, due to the aforementioned drawbacks and the inadequacy of the existing solutions regarding the subject, a development is deemed necessary to be made in the related technical field. Objects of the Invention

Developed by being inspired by the present conditions, the present invention aims to eliminate the above mentioned drawbacks.

The primary object of the invention is to provide an encrypted message based communication even on the unsecured networks. With the method according to the invention, the session-based key can be transferred to the opposite user safely using the RSA (public-key encryption method developed by Ron Rivest, Adi Shamir and Leonard Adleman) based asymmetric cryptography method. The messages can be transferred with the key sent later using the symmetric cryptography methods such as AES (Advanced Encryption Standard).

Asymmetric key pairs are stored on the smart cards. Each card comprises the public key information of the other card to be communicated and its own private key. The number of the keys to be used in the communication depends on the capacity of the card. In addition to this perfect safe solution, in order to increase the capacity the hash information of the other keys can also be stored. Thereby, while a session is being opened, the parties first request the public keys of each other. Confirmation is made when the hash of the received public key is the same as the hash value of the card. In this manner, safe communication can be established with more users.

An object of the invention is to provide the transmission of the messages subject of the communication between the clients thanks to the servers between the parties and to protect the IP information of the users. The server forms each message again and sends the same to the other client. Thereby, the parties cannot see the IP information of each other.

In this method, the smart cards not only provide the users to connect to the system but the symmetric keys specific to the session are transferred safely, as well.

Another object of the invention is to provide the private key to be inaccessible by the devices and thereby to prevent the backward communication. Moreover, encrypted communication of the users independently of the device is provided. To achieve the aforementioned objects, the invention is an encrypted messaging method which provides the messages formed to be transferred safely to the opposite user over the smart cards, wherein it comprises the following process steps so as to provide transferring of the messages encrypted with the same session key between the client 1 and the client 2 by means of the server until one of the parties terminates the session or the validity period of the session key expires upon, the confirmation of the source with the key information of the smart card 1 in the smart card 2 and the interchange of the session key to be used during the session between the parties;

- generating a random session key by the client 1 in the smart card 1 ,

- reading, by the client 1 , the key information of the smart card 2 from the smart card 1 ,

- encrypting the generated session key with the key information of the smart card 2, - sending the encrypted session key to the smart card 1 so as to be signed,

- sending, by the smart card 1 , the encrypted session key to the client 1 by signing the same with its own private key,

- sending, by the client 1 , the message comprising the session key encrypted with the key information of the smart card 2 and signed with the private key by the smart card 1 , to the server so as to be directed with the username information of the client 2,

- sending, by the server, said message to the client 2,

- sending, by the client 2, said message to the smart card 2 so as to be decrypted with the private key,

- decrypting, by the smart card 2, said message and sending the same to the client 2.

Moreover, said key information is the public key information of the smart cards or public key hash information of the smart cards. Said clients, however, are mobile applications.

The structural and characteristic features and all the advantages of the present invention will be more clearly understood thanks to the figures below and the detailed description written with reference to those figures. Therefore, the evaluation needs to be done by taking said figures and the detailed description into consideration.

Figures for a Better Understanding of the Invention

Figure 1 is the view comprising the elements of the method according to the invention.

The drawings do not need to be scaled and the details that are not necessary for understanding the present invention may have been ignored. In addition, the members that are at least identical to a great extent or at least have identical functions to a great extent are referred with the same number. Description of the Part References

1 . Smart card

1 .1 . Smart card 1

1 .2. Smart card 2

2. Client

2.1 . Client 1

2.2. Client 2

3. Server

Detailed Description of the Invention

In this detailed description, the preferred embodiments of the invention are described only for a better understanding of the subject without any limiting effect.

The elements of the encrypted messaging method over the smart cards (1 ) are as follows; The smart cards (1 ) which perform the asymmetric cryptography method and comprise the public key or their hash information; clients (2) which are mobile applications developed in a device such as Android, IOS, Windows, MacOS; server (3) which provides the communication between the client 1 (2.1 ) and the client 2 (2.2) by forming each message again and sending the same to the other client (2).

The process steps of the encrypted messaging method over the smart cards (1 ) are as follows;

- If the one of the users in the clients (2), for instance in the client 1 (2.1 ), wants to message with the other, first a random session key is generated in the smart card 1 (1 .1 ) by the client 1 (2.1 ).

- The client 1 (2.1 ) reads the key information of the smart card 2 (1 .2) belonging to the other user from the smart card 1 (1 .1 ).

- The generated session key is encrypted with the key information of the smart card 2 (1 .2) and sent to the smart card 1 (1 .1 ) so as to be signed.

- The smart card 1 (1 .1 ) sends the encrypted session key to the client 1 (2.1 ) by signing the same with its own private key.

The client 1 (2.1 ) sends the message comprising the session key encrypted with the key information of the smart card 2 (1 .2) and signed with the private key by the smart card 1 (1 .1 ) , to the server (3) so as to be directed with the username information of the client 2

(2.2) .

- The server (3) sends said message to the client 2 (2.2).

- The client 2 (2.2) sends the message to the smart card 2 (1 .2) so as to be decrypted with the private key.

- The smart card 2 (1 .2) decrypts the message and sends the same to the client 2 (2.2).

The confirmation of the source is made with the key information of the smart card 1 (1 .1 ) in the smart card 2 (1 .2) and the interchange of the session key to be used during the session between the parties is realized.

- The messages encrypted with the same session key are transferred between the client 1 (2.1 ) and the client 2 (2.2) by means of the server (3) until one of the parties terminates the session or the validity period of the session key expires.