EP1989856A2 - Managing secure access to a secure digital content in a portable communicating object - Google Patents
Managing secure access to a secure digital content in a portable communicating objectInfo
- Publication number
- EP1989856A2 EP1989856A2 EP07712299A EP07712299A EP1989856A2 EP 1989856 A2 EP1989856 A2 EP 1989856A2 EP 07712299 A EP07712299 A EP 07712299A EP 07712299 A EP07712299 A EP 07712299A EP 1989856 A2 EP1989856 A2 EP 1989856A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- secure
- digital content
- terminal
- agent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Definitions
- the present invention relates to the management of secure access to secure digital content in a portable communicating object associated with a terminal comprising an agent for processing secure digital content.
- the operator uses a variety of different Digital Rights Management (DRM) digital rights management systems that each have a specific digital entitlement format for accessing and processing secure digital content that contributes to the complexity and complexity of the digital rights management. Segment the distribution of secure digital content.
- DRM Digital Rights Management
- Digital rights management systems are incompatible with one another and do not offer solutions for maintaining secure digital content and their associated access rights when the user uses a new terminal that uses a different type of digital right from the one of the old terminal.
- the technical problem lies in the fact that the key used to protect the secure digital content is encrypted with the public key of a certificate of the old terminal and is therefore not readable in the new terminal.
- a terminal contains a software agent for processing secure digital content encrypted and transmitted by a digital content server and a secure access file transmitted by a rights administration server.
- Encrypted secure digital content can be freely downloaded from a secure digital content server.
- the secure access file contains an access right and a key to decrypt secure digital content.
- the key is encrypted with the public key of an agent certificate and the secure access file is signed with a private key of the rights administration server, the latter and the agent having exchanged their certificates beforehand.
- the rights administration server revokes the certificate of the old terminal and generates a new secure access file for the new terminal.
- the old terminal can no longer use secure digital content.
- the old terminal returns the secure access file to the rights management server which generates another secure access file for the new terminal.
- This solution has the disadvantage that the old terminal must be functional and usable by the user, which is for example impossible when the old terminal is broken or stolen, or victim of a virus annihilating the capabilities of the user. old terminal.
- the software agent is implemented partly in the terminal and partly in a smart card associated with the terminal, the secure access file being cryptographically linked to the smart card.
- a new terminal is associated with the smart card, a secure communication between the smart card and the terminal software agent must be established so that the card communicates the decryption key of the card. digital content to the software agent.
- This solution has the following disadvantages: the software agents of the smart card and the terminal share secret data and require a secure channel to communicate, and digital rights types supported by the smart card and the new terminal must be compatible.
- the invention aims to overcome the aforementioned drawbacks by managing secure access to secure digital content in a manner adapted to any terminal processing said content.
- the first server such as a digital rights management server, can advantageously manage a single type of digital right to transmit secure digital content to terminals.
- digital entitlement and key sets are created respectively for secure digital content based only on the type of digital right managed by the first server.
- the first server does not require knowledge of the certificate of the agent of the terminal to which the secure digital content is transmitted.
- the method may furthermore comprise the following steps, when the portable communicating object is associated with a second terminal: accessing a certificate relating to an agent of the second terminal and a type of right digital network operated by the agent of the second terminal, adapt the key and the access right and modify the secure digital content, depending on the type of digital right operated by the agent of the second terminal, and produce a second access file secured by the formatted access right, the formatted key and the certificate for the second terminal, the second secure access file being accessible by the second terminal so that the agent of the other terminal processes the modified secure digital content according to the second secure access file.
- the portable communicating object adapts to the functionalities of the terminal with which it is associated, without communication with the first server and without resorting to the previously used terminal, the latter being able to be stolen or broken, or even used again to process secure digital content. .
- Secure digital content is for example a game for use on different terminals, such as a communicating mobile terminal, a personal computer or a personal assistant, or a piece of music to listen for example with a walkman or car radio.
- the first server transmits the key and access right only once to the user who can continue to use the secure digital content with other terminals, without having to re-purchase the digital content, such as multimedia content, and / or associated access rights.
- the universal use of secure digital content makes it possible to keep the user loyal to the operator managing the first server and to boost the purchase of secure digital content, the user being assured of retaining the access rights associated with the digital contents that he bought.
- the invention also relates to a system for managing secure access to encrypted secure digital content with a key in a portable communicating object associated with a terminal, the terminal comprising an agent for processing the secure digital content that is transmitted by a first user. server to the terminal through a communications network.
- the system is characterized in that it comprises:
- - means in the portable communicating object for adapting the received access key and right and modifying the secure digital content, depending on the type of digital right accessed, and - means in the portable communicating object for producing a file secure access according to the adapted access right, the adapted key and the accessed certificate, the secure access file being accessible by the terminal so that the agent processes the modified secure digital content according to the file; secured access.
- the communications network is a radio network and the portable communicating object is a smart card associated with a mobile terminal and including a security memory for storing sensitive data such as the access right and the key relating to the device. secure digital content.
- the invention also relates to a portable communicating object, for example constituted by a smart card, for managing a secure access to secure digital content encrypted with a key, the portable communicating object being associated with a terminal, such as a terminal mobile or terminal fixed, comprising an agent for interpreting secure digital content that is transmitted by a first server to the terminal through a communications network.
- a portable communicating object is characterized in that it comprises:
- the invention also relates to a computer program adapted to be implemented in a portable communicating object for managing secure access to secure digital content encrypted with a key, the portable communicating object being associated with a terminal comprising a agent for processing secure digital content that is transmitted by a first server to the terminal through a communications network.
- the program is characterized in that it comprises instructions which, when the program is executed in said portable communicating object, perform the steps according to the method of the invention.
- FIG. 1 is a schematic block diagram of a communication system according to a preferred embodiment of the invention, connecting a portable communicating object, a terminal and two servers;
- FIG. 2 is an algorithm of a method for managing secure access to secure digital content according to the invention.
- a preferred embodiment of the invention described hereinafter relates to the field of radio networks in which data can be transmitted between a digital content server or a digital rights management server, and a terminal associated with a portable communicating object.
- a communication system comprises an SCN digital content server and a digital rights administration server SAD communicating with at least one mobile terminal T associated with a portable communicating object, for example a smart card CP to which reference will be made later in the description.
- the SCN and SAD servers and the mobile terminal T communicate through a communications network comprising at least the RR radio network to which the terminal mobile T is attached.
- the RR radio network is of the UMTS type, of the GSM type backed by a GPRS network or of the WIFI, WIMAX or WIBRO type, or else a proximity network of the infrared, Bluetooth or Near Field Communication (NFC) type.
- the four entities SCN, SAD, T and CP are represented in the form of functional blocks, most of which provide functions relating to the invention and may correspond to software and / or hardware modules.
- the SCN digital content server hosts CNS secure digital content, generally multimedia data such as music or video files, or games, to be transmitted to terminals.
- the SCN digital content server further contains KCN encryption keys for encrypting the CNS secure digital content according to a TDNS digital rights type managed by the digital rights administration server SAD.
- a digital right type is managed by the digital content server SCN and transferred by the latter to the digital rights administration server SAD with secure digital content.
- the digital rights management server SAD combines DA access rights with CNS secure digital content that defines permissions and constraints for the use of secure digital content. DA access rights depend on TDNS digital rights type and no secure digital content can be used without associated access rights.
- the rights management server SAD also contains the KCN keys used and transmitted by the digital content server SCN, a private key KPRSAD and a certificate CSAD associated with the private key.
- the CSAD certificate contains in particular a public key corresponding to the private key KPRSAD, an identity of the owner of the public key, a period of validity, a list of attributes corresponding to the rights of use of the key, for example a signature key. message, and a cryptographic signature of the preceding data by an encryption key of a certification authority issuing the certificate.
- the certification authority also called PKI key management infrastructure ("Public Key Infrastructure" in English), is responsible in particular for generating certificates and associated private keys. The certification authority is for example the SAD server itself.
- SAD can also contain KS session keys for securely communicating with portable communicating objects, such as the smart card CP.
- the SCN and SAD servers communicate with each other securely through, for example, the fixed part of the RR radio network and the Internet.
- the servers communicate with each other via dedicated lines.
- Each of the SCN and SAD servers can be managed by an operator of the RR radio network and constitute an OTA platform ("Over The Air").
- the SCN and SAD servers are merged and constitute a single server.
- the smart card CP is a smart card with or without contact, for example with high memory capacity.
- the smart card has a security unit and a mass memory unit which are two characteristic logical units.
- the security unit comprises a security controller CS and a security memory MS.
- the mass storage unit includes a mass memory controller CM and a mass memory MM for storing data, such as CNS secure digital contents, requiring a large memory space.
- the security controller and the mass memory controller are preferably logical modules in a common physical component. In another example, the controllers are integrated into separate physical components interconnected.
- the accesses to the memories MM and MS are distinct and respectively controlled by the controllers CS and CM.
- the security controller CS can not write data to the mass memory MM.
- the CM memory controller can not write data to the MS security memory.
- the mass memory unit is entirely controlled by the terminal T which commands the mass memory controller CM to write, read or delete data in the mass memory MM, which prevents the security controller CS from to write in the mass memory MM.
- the mass storage unit has features and structure that can be similar to those of a Universal Serial Bus (USB) stick, or a flash-memory card, or a card secure digital card (Secure Digital Card), or a multimedia card type MMC (Multi Media Card).
- the security controller CS of the security unit can be a SIM application (Subscriber
- the security unit can establish, in known manner, an OTA type communication channel with a remote server, such as the rights management server SAD, so that to transmit and receive data transparently through the terminal T.
- a remote server such as the rights management server SAD
- a microcontroller of the smart card CP comprises a PC processor, or several processors, and three memory areas MCI to MC3.
- the card receives commands or requests from the terminal T, and transmits responses to the terminal T, through a PES input / output port.
- the memory MCI is of the ROM or Flash type and includes the SEC operating system of the card, a first encryption algorithm A1 and a second encryption algorithm A2.
- the memory MCI comprises the security controller CS of the security unit and the mass memory controller CM of the mass memory unit.
- the memory MC2 is a nonvolatile memory, for example EEPROM or Flash, in particular for storing identity numbers and other parameters of the profile. of the user having the card, such as a PIN code and other security data.
- the memory MC2 is only accessible by the security unit.
- the memory MC2 comprises a memory space for storing card applications, such as a management application AG, which constitute STK applets, for example SIM ToolKit, and which are installed during the manufacture of the card or possibly installed during the use of the card at the request of the user or the operator.
- card applications such as a management application AG, which constitute STK applets, for example SIM ToolKit, and which are installed during the manufacture of the card or possibly installed during the use of the card at the request of the user or the operator.
- the memory MC2 comprises a private KPRAG management application key and a CAG certificate associated with the private key KPRAG.
- the private key KPRAG and the certificate CAG are respectively identical to the private key KPRSAD and the certificate CSAD relative to the administration server of rights SAD.
- the private key KPRAG is distinct from the private key KPRSAD and the certificate CAG is linked to the certificate CSAD by a certification chain, in particular the certificate CAG is for example digitally signed by the private key KPRSAD.
- the link between the CAG and the CSAD certificates ensures a confidence granted to the CAG certificate by the certification authority.
- the memory MC2 also comprises a session key KS for communicating with the rights management server SAD in a secure manner, if the latter is not managed by the operator of the network RR.
- the security memory MS is designed to store sensitive data such as a DA access right associated with a KCN encryption key transmitted by the rights management server SAD and with which is encrypted CNS secure digital content.
- the security memory MS comprises the contents of the memory MC2.
- the memory MC3 is a RAM or SRAM memory used more particularly for data processing.
- the mass memory MM can store CNS secure digital contents transmitted by the digital content server SCN.
- the PC processor, the memory MCI, the security controller CS, the memories MC2 and MC3, the security memory MS and the port PES in the card are interconnected by a bidirectional security bus BS.
- the PC processor, the MCI memory, the CM mass memory controller, the MC3 memory, the MM mass memory and the PES port in the card are connected to each other by a bidirectional bus BM.
- the terminal T comprises a processor PT, memories MT, an IR radio interface and a card reader LT to communicate with the port PES of the smart card CP.
- the various elements of the terminal are interconnected by a bidirectional bus BT.
- the memories MT comprise three memory areas MT1, MT2 and MT3.
- the memory MT1 is of the ROM or Flash type and includes the operating system SET of the terminal T and decryption algorithms A1 and A2.
- the memory MT1 further comprises an IC communication interface so that the main application
- SIM or USIM or any other application in the smart card CP communicates with the "outside world" via the terminal T, for example with the rights management server SAD.
- the IC communication interface manages commands and responses exchanged between the "outside world" and an application of the smart card for example to adapt them to a communication on a data channel, for example according to the TCP protocol, or to adapt them to short messages exchanged with a message server short of the RR network and packaging data transmitted and received by the server SAD.
- the memory MT2 is a nonvolatile memory, for example EEPROM or Flash, and may comprise, inter alia, a private security agent key KPRAS and a certificate CAS associated with the private key KPRAS.
- the memory MT2 may furthermore comprise a digital secure CNS content.
- the memory MT3 is a RAM or SRAM memory used more particularly for data processing.
- the terminal T further comprises, in relation to the invention, a security agent AS, which may be a software agent, distributed in the memories MT1 and MT2.
- the AS security agent analyzes the DA access rights associated with CNS secure digital content and decrypts the CNS secure digital content with the corresponding KCN keys.
- the AS security agent is typically a media player.
- the security agent AS exploits at least one type of TDN digital right that is specific to the AS agent and depends for example on a choice of the manufacturer of the terminal T, the operator or the user of the terminal.
- a type of TDN digital right defines, for example, the type of a KCN key for encrypting secure digital contents or the length of said key, and the format of the DA access right associated with CNS secure digital content.
- the security agent AS can also be integrated in a personal computer connected to the terminal T associated with the smart card CP.
- the terminal T is replaced by any terminal with which can communicate a smart card, and can be a portable device for message transmission, or a personal computer (PC) with a smart card reader .
- the RR network can then be coupled for example to an intranet, a wireless local area network, or
- the method for managing secure access to secure digital content comprises steps E1 to E8.
- a step EO in the smart card CP are stored the private key management application KPRAG and a certificate CAG associated with the private key KPRAG in a secure memory only accessible by the management application AG, for example in memory MC2 or MS.
- the rights management server SAD manages a predefined TDNS digital rights type and the digital content server SCN has encrypted CNS secure digital contents with a KCN encryption key in a manner compatible with the TDNS digital right type selected in accordance with the SAD rights administration server.
- step E1 a communication is established between the management application AG of the smart card CP and the security agent AS of the terminal T.
- the security agent AS accesses the certificate CAG made available by the AG management application.
- the management application AG accesses the CAS certificate and the type of TDN digital right operated by the AS agent, made available by the latter.
- the management application AG transmits the CAG certificate to the security agent AS on the one hand, and the security agent AS transmits the certificate CAS and the type of digital right TDN operated by the agent AS to the AG management application on the other hand.
- the certificates and the type of digital right are for example transmitted when the terminal is switched on via an ATR (Answer To Reset) type communication or terminal profile during which the terminal T is informed of the capabilities of the card. CP chip or vice versa.
- the CAS certificate and the TDN digital right type received by the management application AG are for example stored in the security memory MS.
- the certificates and the type of digital right are respectively written in files accessible by the management application AG and by the security agent AS.
- the certificates and the type of digital right are exchanged between the management application and the security agent via the rights administration server SAD.
- the certificates and the type of digital right can be transmitted via proprietary or standardized commands and protocols between the management application AG and the security agent AS.
- step E1 can be executed after step E2 or E3 and before step E4.
- step E2 the user of the terminal T wishes to acquire a CNS secure digital content that he has for example selected on a hosted website by the SCN digital content server.
- the SCN server transmits the CNS secure digital content encrypted with the KCN encryption key to the terminal T, the KCN key being associated with the TDNS digital rights type managed by the rights management server SAD.
- the CNS secure digital content is stored in a high capacity memory accessible by the security agent AS, for example in the mass memory MM of the smart card CP or in the memory MT2 of the terminal T.
- CNS secure digital content can be made freely available since it is accessible and usable only with the DA access right associated with it.
- the terminal T can therefore retrieve CNS secure digital content directly from any point of sale or by successive transfers from other terminals in relation to the digital content server SCN.
- the digital content server SCN transmits the encryption key KCN to the rights management server SAD.
- the rights administration server SAD transmits to the smart card CP the encryption key KCN and the access right DA associated with the digital secure content CNS and relating to the type of digital right TDNS managed by the SAD server.
- the smart card CP stores the encryption key KCN and access right DA received in a secure memory space only accessible by the management application AG, for example in the security memory MS.
- the KCN encryption key and the DA access right are transmitted to the smart card generally when the user of the terminal T has made a transaction for the purchase or the intention to purchase the CNS content.
- the encryption key KCN and the access right DA are transmitted by the rights administration server SAD to the smart card by short message via an OTA platform of the network RR and via the communication interface IC of the network. terminal T.
- the encryption key KCN and the access rights DA are encrypted by the session key KS known to the application AG of the CP smart card.
- the encryption key KCN and the access right DA are transmitted in a secure manner, for example by means of the key KS, and stored in the smart card CP directly from a point of sale.
- the rights management server SAD transmits to the management application AG digital sets each containing an encryption key and an access right relating to respective types of access rights so that the The management application AG selects the encryption key and the access right associated with the TDN digital rights type operated by the security agent AS.
- the KCN encryption key is a conventional key compatible with all types of access rights used by the terminal manufacturers.
- the rights administration server SAD transmits to the management application AG the key KCN and the access right DA, or the key KCN and access rights DA relating to the different types of rights of access.
- the management application AG checks whether the TDNS digital right type associated with the received KCN encryption key and access right corresponds to the TDN digital right type used by the AS security agent. and transmitted by the latter to step El.
- the management application AG adapts the encryption key KCN and the access right DA and modifies the secure digital content CNS according to the type of digital right TDN operated by the security agent AS according to steps E51 to E55.
- step E51 the management application AG generates a KCNA encryption key adapted to the type of TDN digital right operated by the security agent AS.
- step E52 the management application AG decrypts the CNS secure digital content with the received encryption key KCN, and according to an algorithm associated with the key KCN.
- step E53 the management application AG formats the secure digital content decrypted CNS in a manner compatible with the security agent AS. The format of the secure digital content is then adapted to the agent AS so that the interpreter. For example, the secure digital content contains headers whose syntax is formatted so that the headers, and therefore the secure digital content, are readable by the security agent.
- the step E53 is not executed if the CNS decrypted secure digital content is interpretable by the security agent AS.
- step E54 the management application AG re-encrypts the digital security content decrypted and formatted CNS with the appropriate encryption key KCNA, and according to an encryption algorithm associated with the key KCNA.
- the CNS secure digital content is considered modified following the successive decryption, formatting and encryption thereof.
- the management application AG formats the access right DA into a DAF formatted access right in a manner compatible with the TDN digital right type.
- the DAF formatted access right is an Extensible Markup Language (XML) file whose tags must be readable by the AS security officer.
- the management application AG then adapts the syntax of the tags to the access right format defined by the TDN digital right type.
- Step E55 can be executed before one of steps E51 to E54.
- the KCN encryption key is a conventional key compatible with all types of TDN access rights exploited by the terminal manufacturers. In this case, only the received DA access right is not compatible with the TDN digital right type and the management application AG only adapts the DA access right in a manner compatible with the TDN digital right type. If the secure digital content CNS is not compatible with the security agent AS, it is decrypted with the key KCN in step E2, formatted in a compatible manner with the security agent AS in step E3 and encrypted again with the encryption key KCN, step E51 not being executed.
- the encryption key KCN is a conventional key compatible with the different types of TDN access rights exploited by the terminal manufacturers and several access rights, including the access right DA, relating to different types of access rights were transmitted by the SAD server and stored in the smart card.
- the access right DA is considered as adapted to the step E55 by selecting a right of access received compatible with the type of access right exploited by the security agent.
- digital sets each containing an encryption key and an access right relating to respective types of access rights, in particular the KCN key and the DA access right have been transmitted by the server. SAD and stored in the smart card.
- the key KCN and the right of access DA are considered as adapted to the step E5 by selecting among the digital sets the key of encryption and the right of access compatible with the type of digital right TDN exploited by the security agent AS.
- step E4 if the TDN and TDNS access right types are identical, the access right DA and the key KCN being interpretable by the agent AS are considered as adapted to the step E5.
- the management application AG produces a secure access file FAS, preferably signed into a file FASs, according to the adapted key KCNA and access right formatted DAF, according to step E6 comprising steps E61 to E63 .
- the management application AG applies to the adapted encryption key KCNA the first algorithm Al having as key the public key of the certificate CAS to produce an encrypted encryption key KCc.
- step E62 the management application AG produces a secure access file FAS comprising the encrypted encryption key KCc and the formatted access right DAF compatible with the TDN digital right type.
- step E63 the management application AG signs the secure access file FAS with the key KPRAG. More specifically, the management application AG applies the secure access file FAS to the second algorithm A2 having as key the private key management application KPRAG to produce the secure access file signed FASs.
- the smart card adapts to the terminal with which it is associated.
- the management application AG makes the secure access file signed FASs accessible to the security agent AS.
- the secure access file signed FASs is stored in a file system defined by the ISO-7816-4 specification of the smart card or in a FAT file system of a Flash memory of the card to chip.
- the secure access file signed FASs can be accessed by the security agent AS via a protocol of the HTTP (HyperText Transfer Protocol) type or any other proprietary or standardized protocol, such as the protocol Right Object Acquisition Protocol (ROAP).
- HTTP HyperText Transfer Protocol
- ROAP Right Object Acquisition Protocol
- the manner in which the security agent AS accesses the secure access file signed FASs results from a negotiation between the security agent AS and the management application AG comprising an exchange of information on the communication protocol possibilities that can be used by the AS security agent and the AG management application.
- the security agent AS processes the CNS secure digital content according to the secure access file FASs.
- the security agent AS validates the secure access file signed FASs with the certificate CAG, using the inverse decryption algorithm A2 of the second algorithm A2, and decrypts the encrypted key KCc with the private key KPRAS into one.
- decrypted key which is the key KCNA using the decryption algorithm Al inverse of the first algorithm Al.
- the security agent AS interprets the access right formatted DAF and decrypts the secure digital content CNS with the decrypted key KCNA. Once decrypted, the CNS secure digital content is then readable by a media player associated with the AS security agent.
- the secure digital content CNS and the associated secure access file FAS are updated for interpretation by the security agent AS of the second terminal.
- the user decides to change the terminal, he removes the smart card CP from the old terminal T and acquires the second terminal in which the user inserts the smart card CP which is then connected to the second terminal.
- the CNS secure digital content previously received is accessible by the management application AG.
- the management application AG and the security agent AS exchange information relating to the certificate AGC, the certificate CAS and the type of digital right TDN operated by the agent AS.
- the management application AG adapts the encryption key KCN and the access right DA and modifies the secure digital content CNS according to the type of digital right TDN operated by the security agent AS of the second terminal.
- the management application AG produces a second secure access file FAS, preferably signed FASs, according to the DAF formatted access right, the adapted key KCNA and the relative CAS certificate. at the second terminal, so that only the AS security agent of the second terminal can decrypt and process the CNS secure digital content according to the second secure access file FASs.
- a second secure access file FAS preferably signed FASs, according to the DAF formatted access right, the adapted key KCNA and the relative CAS certificate.
- the CNS secure digital content is advantageously recovered once by the user of the smart card CP, as described in step E2, and the encryption key KCN and the access right DA relative to the secure digital content CNS are also transmitted once by the rights management server SAD to the smart card CP, as described in step E3. Consequently, the user can use the smart card CP with any other terminal, since the latter stores the KCN encryption key and the DA access right in memory and adapts to the functionalities of the terminal in which it is inserted. In addition, the user can use the CP smart card again with the old terminal so that the latter reads the secure digital content.
- the invention is not limited to the field of telecommunications.
- the portable communicating object may be a USB (Universal Serial Bus) key for exchanging confidential data stored in the mass memory of the USB key whose secure access is managed by the security unit of the USB key.
- USB Universal Serial Bus
- the rights administration server SAD can be a personal computer (PC) connected to the terminal T by a wired link of the serial link or USB link type, or by a wireless link Bluetooth, WIFI, infrared (IrDA: Infrared Data Association) or ZigBee.
- PC personal computer
- WIFI wireless link
- IrDA Infrared Data Association
- ZigBee ZigBee
- a personal computer serves as a gateway between the rights administration server SAD and / or the digital content server SCN and the terminal.
- the SCN server and / or the SAD server communicate with the computer via a communication network of the internet type, and the computer communicates with the terminal via a wireless link of the Bluetooth, WIFI, infrared (IrDA: Infrared Data Association) type. or ZigBee.
- the terminal may be a fixed terminal, such as a personal computer, associated with the portable communicating object and communicating with the SCN and SAD servers via the Internet in particular.
- the invention described here relates to a method and a portable communicating object for managing secure access to CNS secure digital content encrypted with a KCN key, the portable communicating object CP being associated with a terminal T comprising an agent AS to process the content.
- secure digital signal that is transmitted by a first SCN server to the terminal through an RR communications network.
- the steps of the method of the invention are determined by the instructions of a computer program incorporated into the portable communicating object such as a smart card CP.
- the program comprises program instructions which, when said program is executed in the portable communicating object whose operation is then controlled by the execution of the program, carry out the steps of the method according to the invention.
- the invention also applies to a computer program, including a computer program on or in an information carrier, adapted to implement the invention.
- This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code such as in a partially compiled form, or in any other form desirable to implement the method according to the invention.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0650692A FR2898001A1 (en) | 2006-02-28 | 2006-02-28 | Secured digital content`s e.g. musical piece, secured access management method, involves producing file based on adapted access right, key and certificate, where file is accessible by terminal so that officer processes content based on file |
PCT/EP2007/051752 WO2007099062A2 (en) | 2006-02-28 | 2007-02-23 | Managing secure access to a secure digital content in a portable communicating object |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1989856A2 true EP1989856A2 (en) | 2008-11-12 |
Family
ID=37564881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07712299A Withdrawn EP1989856A2 (en) | 2006-02-28 | 2007-02-23 | Managing secure access to a secure digital content in a portable communicating object |
Country Status (6)
Country | Link |
---|---|
US (1) | US8488787B2 (en) |
EP (1) | EP1989856A2 (en) |
KR (1) | KR20080090549A (en) |
CN (1) | CN101390368B (en) |
FR (1) | FR2898001A1 (en) |
WO (1) | WO2007099062A2 (en) |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8639627B2 (en) * | 2007-07-06 | 2014-01-28 | Microsoft Corporation | Portable digital rights for multiple devices |
US9286293B2 (en) * | 2008-07-30 | 2016-03-15 | Microsoft Technology Licensing, Llc | Populating and using caches in client-side caching |
WO2010087567A1 (en) | 2009-01-29 | 2010-08-05 | Lg Electronics Inc. | Method for installing rights object for content in memory card |
US8307457B2 (en) * | 2009-01-29 | 2012-11-06 | Lg Electronics Inc. | Method and terminal for receiving rights object for content on behalf of memory card |
KR20100088051A (en) * | 2009-01-29 | 2010-08-06 | 엘지전자 주식회사 | Method for installing rights object for content in memory card |
CN102880958B (en) * | 2011-07-13 | 2016-08-10 | 中国银联股份有限公司 | Data process and storage device |
KR101794693B1 (en) * | 2012-02-10 | 2017-12-01 | 한국전자통신연구원 | Apparatus and method for providing near field communication for mobile device |
EP2658298A1 (en) * | 2012-04-23 | 2013-10-30 | ST-Ericsson SA | Security chip of a communication device |
JP5377712B2 (en) * | 2012-05-31 | 2013-12-25 | 株式会社東芝 | Electronics |
CN103812649B (en) * | 2012-11-07 | 2017-05-17 | 中国电信股份有限公司 | Method and system for safety access control of machine-card interface, and handset terminal |
EP2887712A1 (en) * | 2013-12-23 | 2015-06-24 | Gemalto SA | Method for accessing a service, corresponding device and system |
MX363020B (en) * | 2013-12-31 | 2019-03-05 | Vasco Data Security Inc | Electronic signing methods, systems and apparatus. |
CN111629002B (en) * | 2020-05-28 | 2022-02-08 | 爱瑟福信息科技(上海)有限公司 | OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit) |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8055899B2 (en) * | 2000-12-18 | 2011-11-08 | Digimarc Corporation | Systems and methods using digital watermarking and identifier extraction to provide promotional opportunities |
US7266704B2 (en) * | 2000-12-18 | 2007-09-04 | Digimarc Corporation | User-friendly rights management systems and methods |
KR100567827B1 (en) * | 2003-10-22 | 2006-04-05 | 삼성전자주식회사 | Method and apparatus for managing digital rights using portable storage device |
EP1667046A1 (en) * | 2003-10-22 | 2006-06-07 | Samsung Electronics Co., Ltd. | Method for managing digital rights using portable storage device |
KR100643278B1 (en) * | 2003-10-22 | 2006-11-10 | 삼성전자주식회사 | Method and Apparatus for managing digital rights of portable storage device |
US7185195B2 (en) * | 2003-12-14 | 2007-02-27 | Realnetworks, Inc. | Certificate based digital rights management |
KR101100385B1 (en) | 2004-03-22 | 2011-12-30 | 삼성전자주식회사 | Method and apparatus for digital rights management by using certificate revocation list |
KR101254209B1 (en) * | 2004-03-22 | 2013-04-23 | 삼성전자주식회사 | Apparatus and method for moving and copying right objects between device and portable storage device |
US20060218650A1 (en) * | 2005-03-25 | 2006-09-28 | Nokia Corporation | System and method for effectuating digital rights management in a home network |
EP1732023A1 (en) * | 2005-05-20 | 2006-12-13 | Axalto SA | DRM system for devices communicating with a portable device |
WO2007031104A1 (en) * | 2005-09-15 | 2007-03-22 | Nero Ag | Apparatus and method for licensing |
-
2006
- 2006-02-28 FR FR0650692A patent/FR2898001A1/en active Pending
-
2007
- 2007-02-23 CN CN2007800068125A patent/CN101390368B/en active Active
- 2007-02-23 US US12/279,289 patent/US8488787B2/en active Active
- 2007-02-23 EP EP07712299A patent/EP1989856A2/en not_active Withdrawn
- 2007-02-23 KR KR1020087020986A patent/KR20080090549A/en not_active Application Discontinuation
- 2007-02-23 WO PCT/EP2007/051752 patent/WO2007099062A2/en active Application Filing
Non-Patent Citations (1)
Title |
---|
See references of WO2007099062A2 * |
Also Published As
Publication number | Publication date |
---|---|
CN101390368B (en) | 2012-04-25 |
US20090006845A1 (en) | 2009-01-01 |
US8488787B2 (en) | 2013-07-16 |
WO2007099062A3 (en) | 2007-10-25 |
FR2898001A1 (en) | 2007-08-31 |
CN101390368A (en) | 2009-03-18 |
KR20080090549A (en) | 2008-10-08 |
WO2007099062A2 (en) | 2007-09-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007099062A2 (en) | Managing secure access to a secure digital content in a portable communicating object | |
EP1994780B1 (en) | System for remotely accessing a mass storage unit and a security storage unit in a portable communicating object | |
EP1427231B1 (en) | Method of establishing and managing a confidence model between a SIM-card and a mobile terminal | |
KR101248790B1 (en) | Method of providing access to encrypted content to one of a plurality of consumer systems, device for providing access to encrypted content and method of generating a secure content package | |
EP1867190B1 (en) | Managing access to multimedia contents | |
EP2063675B1 (en) | Robust and flexible Digital Rights Management (DRM) involving a tamper-resistant identity module | |
US8336105B2 (en) | Method and devices for the control of the usage of content | |
EP2084604A2 (en) | Method for loading and managing an application in a mobile equipment | |
FR2930391A1 (en) | AUTHENTICATION TERMINAL OF A USER. | |
JP2008537862A (en) | Security method and device for managing access to multimedia content | |
EP1739913A1 (en) | DRM system for devices communicating with portable device. | |
WO2016207715A1 (en) | Secure management of electronic tokens in a cell phone | |
EP3667530B1 (en) | Secure access to encrypted data from a user terminal | |
EP2471237B1 (en) | Mobile electronic device configured to establish secure wireless communication | |
KR20130053132A (en) | Memory card and portable terminal and encrypted message exchanging method | |
FR3018021A1 (en) | METHOD AND SYSTEM FOR SECURING TRANSACTIONS PROVIDED BY A PLURALITY OF SERVICES BETWEEN A MOBILE DEVICE OF A USER AND A POINT OF ACCEPTANCE | |
EP1933528B1 (en) | Secure service access from a communication apparatus with a personal device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20080808 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GEMALTO SA |
|
17Q | First examination report despatched |
Effective date: 20110118 |
|
DAX | Request for extension of the european patent (deleted) | ||
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20160401 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20160812 |