Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
  • H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04K—SECRET COMMUNICATION; JAMMING OF COMMUNICATION
  • H04K1/00—Secret communication
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
  • H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
  • H04L9/3013—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
  • H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
  • H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
  • H04N21/2343—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving reformatting operations of video signals for distribution or compliance with end-user requests or end-user device requirements
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
  • H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
  • H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
  • H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
  • H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/76—Proxy, i.e. using intermediary entity to perform cryptographic operations

Definitions

• the present invention relates on the one hand to a new method for transmitting messages intended to be transmitted between a transmitter and at least one receiver, and on the other hand, a system comprising a transmitter and at least one receiver, this system using the method of encryption mentioned above.
• the content is first encrypted by means of a plurality of keys which can each have a relatively short lifetime, these keys being called “control words" or control words.
• the encrypted content is broadcast to multimedia units subscribed to the provider.
• the control words are themselves encrypted by means of a transmission key and sent in the form of control messages (Entitlement control message ECM).
• control words are performed in a security module which may have the particular shape of a smart card.
• control words When the control words have been decrypted, they can be used to decrypt the content. This procedure being well known to those skilled in the art, it is not described in more detail here.
• This document describes an encryption method in which a message is encrypted by means of a key linked to the transmitter and sent to a conversion module which transforms the received message into another message which can be decrypted by means of a key linked to the receiver.
• This conversion module does not deliver the message in clear, nor the key related to the transmitter, nor that related to the receiver.
• This module also contains a particular function, hereinafter referred to as the conversion function, which makes it possible to modify the message according to the constraints defined above.
• a secret key a and a random number generator, which generates a value k.
• the notion of large numbers is not defined by a specific numerical value. The larger the numbers used, the more difficult it is for a third party to find these values by successive trials. The level of security is therefore related to the size of the numbers used.
• the issuer also has a value g belonging to the set 9 p .
• the value (g a ) m0 d P is the public key of the transmitter.
• the pair ⁇ C1;C2> forms the message that is generated by the transmitter and is transmitted to the conversion module.
• the conversion module has a conversion key and a conversion function.
• the key is equal to:
• the couple ⁇ C1, C2> entering the conversion module is transformed into an outgoing couple ⁇ C1, C2 '>.
• the latter is transmitted to the receiver and more specifically to the secure part of the receiver which contains the secret key b1 specific to this receiver.
• each receiver has a key b of its own.
• the receiver can deduce the message by applying the following formula:
• the present invention proposes to overcome the disadvantages of the processes of the prior art and in particular of the Blaze & Strauss method as described above.
• This object is achieved by a method of transmitting messages between a transmitter and at least one receiver, comprising the following steps: encrypting the message (m) to be transmitted by means of a key associated with said transmitter;
• the conversion key (71 to _> b ) of the conversion module is dependent on a non-trivial value raised to a power of the key (a) linked to the transmitter and the key (b) related to the receiver.
• a system for transmitting messages between a transmitter and at least one receiver said transmitter comprising means for encrypting said message (m) by means of a key (a) associated with this transmitter , said system comprising at least one conversion module in which is memorized a conversion key (7l a _> b ) and a conversion function, this conversion module being arranged to convert the incoming message (m) into a message capable of being decrypted by a key (b) specific to said receiver, this receiver comprising a decryption stage arranged to decrypt the outgoing message of the conversion module, characterized in that the conversion key (7I 3 ⁇ b ) of the module conversion depends on a non-trivial value raised to a power of the key (a) linked to the transmitter and the key (b) linked to the receiver.
• the method of the invention applies in cases where the receiver is capable of decrypting encrypted messages according to the EIGamal algorithm (Taher EIGamal, "A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms", IEEE Transactions on Information Theory, v. IT-31, No. 4, 1985, pp469-472 or CRYPTO 84, pp10-18, Springer-Verlag.) Or any variants thereof, especially variants using at least one curve elliptical.
• the method of the invention ensures optimal security while avoiding the need to use a security module.
• the data and message streams are identically encrypted for each user and can be broadcast in a conventional manner.
• the data and messages are then decrypted by each user so that the data accessed by one of the users can not be used by another user.
• Figure 1 shows the message transmission system according to the present invention, in a specific embodiment
• Figure 2 generally illustrates the method of transmitting messages of the invention.
• the transmitter is a pay-TV CG management center and in which the receivers are STB multimedia units for receiving events.
• the receivers are STB multimedia units for receiving events.
• Pay TV These multimedia units are for example decoders or computers.
• a content CT to be transmitted that is to say data relating to a pay-TV event
• control words cw control words
• the method according to the invention is applied to the ECM control messages containing the control words. It should be noted, however, that it is possible to apply the method of the invention directly to the data relating to pay-TV events. In this case, these would not be encrypted by control words. This approach is however not preferred in practice because the decryption time of the messages must be short enough to be able to display the content adequately.
• the method of the invention requires a relatively large bandwidth. The method could therefore be used when there is sufficient bandwidth and the decryption can be done quickly enough.
• Each multimedia unit STB-i, STB 2 , STB n has a specific key respectively bi, b 2 , b n and is associated with a conversion module CM.
• This module may be in an unsecured part of the decoder or physically removed from the decoder, for example in a redistribution center such as those known by the acronym DSLAM.
• the CG Management Center has a key a. It should be noted that this key may be specific to a channel or product.
• CT control words
• the message obtained is represented by (CT) cw in FIG. 1.
• the set of messages is sent in the form of a data stream DF to the receivers concerned.
• the same control words cw are encrypted by the key a of the management center, which gives (cw) a .
• the receiver comprises a monolithic security unit containing a secret key b1, inaccessible from outside this unit. It also includes an MPEG decompressor.
• the stream DF of the encrypted content (CT) cw is transmitted directly to the security unit in which it will be processed.
• the flow of the ECM control messages is processed conventionally to extract the encrypted control words (cw) a .
• These control words (cw) a are then sent to the conversion module of the multimedia unit concerned.
• the conversion module is shown as integrated in the multimedia unit. It is also possible to group the conversion modules in a retransmission center such as those known by the acronym DSLAM (Digital Subscriber Access Access Multiplexer). Each conversion module is then connected to the multimedia unit by a specific line.
• the incoming message encrypted by the key a is converted into an outgoing message, encrypted by the key b1.
• the outgoing message (cw) b i is sent to the decryption stage which can decipher it by means of the key b1.
• control words cw when the control words cw have been decrypted using the key b1 of the multimedia unit, they can be conventionally used to decrypt the content CT, which in turn can be processed in order to its use for example on a TV screen.
• 9 * 2q is the set of integers between 0 and 2q-1 that are prime with 2q.
• the pair ⁇ C1; C2> forms the encrypted message to be sent.
• This torque is sent to the conversion modules of the receivers concerned.
• the following description relates to the processing of this torque in the conversion module associated with the multimedia unit STB1 having the secret key b1.
• This conversion module contains the following conversion key:
• (-) mod ⁇ is such that (a * -) m0 d ⁇ ⁇ st is equal to 1.
• the converted torque is ⁇ 1; 8> or generally ⁇ C1, C2 '>.
• equation ) mod P without knowing g.
• the resolution of this equation requires a logarithmic calculation. Due to the extreme difficulty in solving this genre of equations, one can be sure, by choosing sufficiently large numbers, that the equation is not solved during the validity period of these keys. At each key change, the calculation should be repeated.
• the present invention therefore makes it possible to guarantee an optimal level of security since, on the one hand, it is very difficult to obtain the secret key of a specific multimedia unit, on the other hand, the discovery of a key does not endanger the whole system.
• This invention is therefore particularly well suited in an environment in which it is not desirable to use removable security modules such as smart cards.
• the conversion module of the invention may be remote from the multimedia unit.
• the method therefore perfectly meets the requirements and constraints of conditional access television broadcast by a network such as the Internet. It should be noted, however, that this represents only one of the possible applications of the invention.

Landscapes

• Engineering & Computer Science (AREA)
• Signal Processing (AREA)
• Theoretical Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Multimedia (AREA)
• Computer Networks & Wireless Communication (AREA)
• Computing Systems (AREA)
• Algebra (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Mathematical Analysis (AREA)
• Mathematical Optimization (AREA)
• Mathematical Physics (AREA)
• Pure & Applied Mathematics (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
• Mobile Radio Communication Systems (AREA)
• Data Exchanges In Wide-Area Networks (AREA)
• Storage Device Security (AREA)
• Communication Control (AREA)

Priority Applications (1)

Applications Claiming Priority (3)

Publications (1)

Family

ID=34931598

Family Applications (2)

Family Applications Before (1)

Country Status (15)

Families Citing this family (4)

Citations (2)

Family Cites Families (4)

• 2004
  • 2004-12-10 EP EP04292975A patent/EP1670172A1/de not_active Withdrawn
• 2005
  • 2005-12-08 JP JP2007544920A patent/JP4838809B2/ja not_active Expired - Fee Related
  • 2005-12-08 CA CA2590008A patent/CA2590008C/en not_active Expired - Fee Related
  • 2005-12-08 BR BRPI0517168-7A patent/BRPI0517168A2/pt not_active Application Discontinuation
  • 2005-12-08 MX MX2007006904A patent/MX2007006904A/es active IP Right Grant
  • 2005-12-08 WO PCT/EP2005/056613 patent/WO2006061420A1/fr active Application Filing
  • 2005-12-08 KR KR1020077013145A patent/KR101203276B1/ko active IP Right Grant
  • 2005-12-08 EP EP05821572A patent/EP1829277A1/de not_active Withdrawn
  • 2005-12-08 RU RU2007121323/09A patent/RU2007121323A/ru not_active Application Discontinuation
  • 2005-12-08 AU AU2005313270A patent/AU2005313270B2/en not_active Ceased
  • 2005-12-08 ZA ZA200704815A patent/ZA200704815B/xx unknown
  • 2005-12-08 TW TW094143432A patent/TWI376136B/zh not_active IP Right Cessation
  • 2005-12-09 US US11/297,637 patent/US7724896B2/en active Active
  • 2005-12-09 CN CN2005101373255A patent/CN1812320B/zh not_active Expired - Fee Related
  • 2005-12-12 AR ARP050105182A patent/AR052652A1/es active IP Right Grant
• 2007
  • 2007-06-10 IL IL183799A patent/IL183799A/en not_active IP Right Cessation

Patent Citations (2)

Also Published As

Similar Documents

Legal Events