EP3818659A1 - Procede d'obtention d'une succession de cles cryptographiques - Google Patents
Procede d'obtention d'une succession de cles cryptographiquesInfo
- Publication number
- EP3818659A1 EP3818659A1 EP19749777.9A EP19749777A EP3818659A1 EP 3818659 A1 EP3818659 A1 EP 3818659A1 EP 19749777 A EP19749777 A EP 19749777A EP 3818659 A1 EP3818659 A1 EP 3818659A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- receivers
- group
- value
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the invention relates to a method for obtaining a succession of cryptographic keys as well as a method for the secure transmission of digital content implementing this method of obtaining.
- the invention also relates to an information recording medium, a receiver and a key server for implementing this method of obtaining a succession of keys.
- the index i is a sequence number of the key ki , m in the succession of keys,
- - L is an integer greater than or equal to two
- the key ki , m is only intended to be used during a validity interval [ti, m , t i + i, m [of duration Vi, m , where ti , m and t i + i, m are, respectively, the instants of beginning and end of this interval of validity.
- the group of receivers establishes a first connection with a key server and receives, during this first connection, the information necessary to obtain the key ki , m , then
- the group of receivers obtains the key ki , m .
- each key ki , m is used to process a unique segment CPi , m of multimedia content, the playing time of which is called “cryptoperiod”.
- the segment CPi , m is also called cryptoperiod.
- the key ki , m is therefore valid during a time interval [ti , m ; t i + i, m [which corresponds to the cryptoperiod CPi , m , that is to say the time interval during which the crypti period CPi , m of multimedia content is played.
- the key ki , m must be obtained by the receiver before the instant ti , m .
- the key ki , m should be obtained as late as possible before time ti , m , so as to be exposed as little as possible to attack or cryptanalysis attempts in the receiver.
- the key ki , m is obtained during the preceding cryptoperiod, that is to say during the interval [ti-i , m ; ti , m [.
- the key ki , m is exposed to attack or cryptanalysis attempts only during part of the interval [ti-i , m ; ti , m [, that is to say generally during the plus a duration of the order of ten seconds.
- the short duration of this interval makes attack attempts difficult.
- the receiver To obtain the key ki , m , the receiver must connect to a key server. Thus, if nothing special is planned, the receiver must connect to the server keys at each cryptoperiod. Since the number of receivers that must connect to the same key server can be very high, that is to say greater than 1000 or 10000, the number of connections that the key server must be able to manage during a cryptoperiod is also very high.
- application EP2567500 discloses in particular to transmit to each receiver, during a connection to the key server, not only the key ki , m valid for deciphering the cryptoperiod CPi , m following, but a succession ⁇ ki , m ; ...; k L, m ⁇ of L keys to decrypt the following L cryptoperiods.
- the receiver does not need to connect to the key server at each cryptoperiod but only all the L cryptoperiods.
- Application EP2567500 also discloses that thus sending such a succession of keys to the receiver, well before these keys are usable, reduces the security of the process.
- the key k L, m is received, like the succession ⁇ ki , m ; ...; k L, m ⁇ of L keys, before the cryptoperiod CPi , m and is only used from time t L, m .
- the key k L, m is therefore exposed to attempts to attack during L successive cryptoperiods.
- this same key k L, m would be exposed to attack attempts only for at most the duration of a single cryptoperiod if no key ki , m was transmitted in advance to the receiver.
- application EP2567500 proposes to adapt the number L of keys transmitted in advance to each receiver as a function of the probability that this receiver is victim of an attempted attack.
- it is possible both to reduce the number of connections to be established with the key server while maintaining a high level of security.
- EP24660308 describes a solution for increasing the robustness of a secure information transmission system against failures, such as packet loss, of an information transmission network. For this, only in the event of a network failure, a receiver can construct a decryption key usable during a time interval [i; i + l [from information used to build the previous encryption key. In the normal operation of the information transmission network, no reduction in the number of connections from the receiver to the server is obtained.
- the invention aims to solve the same problem as that mentioned in EP2567500 but without taking into account the security level of the receiver. It therefore relates to such a method according to claim 1.
- the embodiments of this production process may include one or more of the features of the dependent claims.
- the invention also relates to a method for the secure transmission of digital content.
- the invention also relates to an information recording medium, readable by a microprocessor, comprising instructions for the implementation of a method object of the present application, when these instructions are executed by the microprocessor .
- the invention also relates to a group of receptors for the implementation of the process for obtaining subject of this application.
- the invention also relates to a key server for the implementation of the obtaining process which is the subject of the present application.
- FIG. 1 is a schematic illustration of a secure system for transmitting and receiving multimedia content
- FIG. 2 is a flow diagram of a secure transmission method for multimedia content implemented in the system of Figure 1;
- FIGS. 3 and 4 are flow diagrams of two different variants of the method of FIG. 2.
- multimedia content means audio and / or visual content intended to be rendered in a form directly perceptible and understandable by a human being.
- multimedia content corresponds to a succession of images forming a film, a television program or advertising.
- Multimedia content can also be interactive content such as a game.
- Data "in the clear” corresponds to data before it is scrambled or encrypted. It can therefore be made directly understandable by a human being without resorting to descrambling operations and without its viewing being subject to certain conditions.
- multimedia content is broadcast in scrambled form and not in plain text. More precisely, each multimedia content is divided into a succession of cryptoperiods. Throughout the duration of a cryptoperiod, the conditions for access to scrambled multimedia content remain unchanged. In particular, throughout the duration of a cryptoperiod, the multimedia content is scrambled with the same cryptographic key known as the "control word". Generally, the control word varies from one cryptoperiod to another.
- CP m is the m-th cryptoperiod of multimedia content.
- the index "m" is a serial number which identifies a position relative to a reference point.
- the reference point can be an absolute origin independent of the multimedia content or an origin relating to the multimedia content broadcast. Thereafter, the reference point is a relative origin.
- the point of reference is the beginning of multimedia content.
- the cryptoperiod CPi is the first cryptoperiod of multimedia content
- the cryptoperiod CP 2 is the second cryptoperiod of multimedia content and so on.
- K m is the cryptographic key, known by the term "control word”, which is only used to scramble and descramble the cryptoperiod CP m .
- the key k m is therefore used immediately after the previous key k mi and immediately before the next key k m + i .
- T m and t m + i are, respectively, the instants at which begins and ends CP m cryptoperiod when played by a receiver.
- the instant ti therefore corresponds to the start of the first cryptoperiod CPi of the multimedia content.
- V m is the duration of the interval [t m ; t m + i [.
- ECM m is an ECM message (Entitlement Control Message).
- the ECM message m is the ECM message containing the identifier of the key k m which makes it possible to descramble the cryptoperiod CP m .
- SE P is the succession of keys ⁇ ki; ...; k m ; k m + i ; ...; k N ⁇ , i.e. the ordered sequence of keys ki to k N , where N is the number of keys in the succession SE P.
- SR m is the succession of keys ⁇ k m ; k m + i ; ...; k m + L -i ⁇ , i.e. the ordered sequence of keys k m to k m + L -i, where L is the number of keys in the succession SR m .
- the number L is systematically less than or equal to a pre-recorded threshold L max .
- the threshold L max is less than N, for example two or ten or a hundred times less than the number N.
- the number L max is an integer greater than or equal to two, prerecorded in memory 110.
- the number L max is the length maximum of a succession SR m . Thus, each succession SR m is much smaller than the succession SE P.
- Ki , m is the i-th key of the SR m succession.
- the index i indicates the position of the key ki , m in the succession SR m with respect to the first key k m of this succession.
- the index i is the serial number of the key ki , m in the succession SR m .
- the value of the index i for the first key of the succession SR m is equal to one.
- the key k im is equal to the key k i + mi .
- This same notation is also used for any variable associated with the key ki , m .
- the notation Ci , m denotes the control information Ci + mi associated with the key ki, m .
- Figure 1 shows a system 2 for transmitting and receiving scrambled multimedia content.
- multimedia content corresponds to a sequence of an audiovisual program such as a television program or a film.
- Plain text multimedia content is generated by one or more sources 4 and transmitted to a broadcasting device 6.
- the device 6 broadcasts the contents multimedia simultaneously to a multitude of receivers through an information transmission network 8.
- the number of receivers is generally very high, that is to say greater than 1000 or 10 000. To simplify FIG. 1, only three receivers 10 to 12 are shown.
- Network 8 is typically a long distance network for transmitting information such as the Internet or a satellite network or any other broadcasting network such as that used for the transmission of digital terrestrial television (DTT).
- DTT digital terrestrial television
- the device 6 includes an encoder 16 which compresses the multimedia content which it receives.
- Encoder 16 processes digital multimedia content.
- this encoder works in accordance with the MPEG2 standard (Moving Picture Expert Group - 2) or the ITU-T H264 standard.
- the compressed multimedia content is directed to an input 20 of a scrambler 22.
- the scrambler 22 scrambles each compressed multimedia content to condition its viewing under certain conditions such as the purchase of an access ticket by users receptors.
- the scrambled multimedia content is reproduced on an output 24 connected to the input of a multiplexer 26.
- the scrambler 22 scrambles each cryptoperiod CP m of the multimedia content compressed using a respective key k m , known by the term "control word" in the field of conditional access systems.
- this scrambling conforms to a standard such as DVB-CSA (Digital Video Broadcasting - Common Scrambling Algorithm), ISMA Cryp (Internet Streaming Media Alliance Cryp), SRTP (Secure Real-time Transport Protocol), AES (Advanced Encryption) Standard), etc.
- the duration V m of a cryptoperiod CP m is typically greater than five seconds and, preferably, between 5 seconds and 10 minutes. In this embodiment, all the cryptoperiods CP m have the same duration V.
- the device 6 also includes a system 28 for access control.
- System 28 is better known by the acronym CAS (Conditional Access System).
- CAS Consumer Access System
- the ECM message m is here associated with the cryptoperiod CP m by the multiplexer 26.
- the ECM message m and the cryptoperiod CP m are time synchronized with one another by multiplexing them in the same audiovisual signal transmitted over the network 8. More precisely, here, the message ECM m is transmitted to the receivers during the cryptoperiod CP mi which immediately precedes the cryptoperiod CP m .
- the receivers 10 to 12 are identical and only the receiver 10 is described in more detail.
- the receiver 10 includes a reception module 70 for broadcast multimedia content.
- This module 70 is connected to the input of a demultiplexer 72.
- the demultiplexer 72 transmits on the one hand each scrambled cryptoperiod CP m received to a descrambler 74 and on the other hand the ECM and EMM (Entitlement Management Message) messages to a processor 76.
- the processor 76 processes confidential information such as cryptographic keys. To preserve the confidentiality of this information, it is designed to be as robust as possible against attempted attacks by hackers. It is therefore more robust with respect to these attacks than the other components of the receiver 10. This robustness is for example obtained by implementing a software module dedicated to the protection of secret information.
- the processor 76 is for example produced using a programmable microprocessor 77 capable of executing instructions recorded on an information recording medium. To this end, the processor 76 also includes a memory 78 containing the instructions necessary for the execution of the method of FIG. 2.
- the memory 78 also contains for example:
- the memory 78 also contains a local table 79 containing the keys k m currently available.
- the descrambler 74 descrambles the scrambled multimedia content using the key k m transmitted by the processor 76.
- the descrambled multimedia content is transmitted to a decoder 80 which decodes it.
- the decompressed or decoded multimedia content is transmitted to a graphics card 82 which controls the display of this multimedia content on a display 84 equipped with a screen 86.
- the display 84 clearly displays the multimedia content on the screen 86.
- the receiver 10 also includes a transceiver 88 making it possible to establish a secure connection between the processor 76 and a network head 90 via a network 92 for transmitting information.
- the network 92 is a long distance information transmission network and more precisely a packet switched network such as the Internet network.
- the secure connection is for example a secure tunnel using the cryptographic certificate of processor 76.
- the network head 90 comprises a module 100 for managing the access titles of the different users of the system 2.
- This module 100 is better known as the English term for "subscriber authorization System”.
- This module 100 generates and keeps up to date a database 102.
- the database 102 associates with each user identifier the access titles acquired by this user.
- This database 102 is stored in a memory 104.
- the network head 90 also includes a key server 106.
- the server 106 notably comprises a generator 108 of keys k m and a memory 110.
- the memory 110 contains:
- the counter C nbc counts the number of connections, per unit of time, established by all the receivers of the system 2 with the server 106. Typically, this counter C nbc contains the number of such connections identified during a window of sliding time of duration DT. This sliding window ends at the current moment.
- the duration DT is for example between V and 24 hours or between V and 1 hour.
- the server 106 is produced from a programmable microprocessor 114 capable of executing instructions recorded on an information recording medium.
- the memory 110 also includes the instructions for carrying out the method of FIG. 2.
- the method begins, in response to a request for the transmission of content, with a phase 114 of initialization of the values of the various parameters necessary for carrying out the following steps.
- the values of these parameters are saved in memory 110. These parameters are presented as the following steps are described. Consequently, although chronologically situated before the following steps, in this description, the adjustment of the values of these parameters during phase 114 is described after these steps.
- phase 114 has ended, the transmission of multimedia content can then begin.
- the generator 108 generates, one after the other, the keys k m of the succession SE P. Each key k m of this succession is used to scramble the corresponding cryptoperiod CP m of the multimedia content to be broadcast. Over time, the generator 108 successively generates the keys ki to k N.
- the number N of keys in the succession SE P is for example equal to or greater than the number of cryptoperiods CP m of the multimedia content to be scrambled.
- the generator 108 begins by obtaining the key ki then, for any index m greater than or equal to two, it derives the following key k m from the previous key k mi by executing a first key derivation algorithm DI k m .
- the generator 108 obtains the key ki, for example, by random or pseudo-random drawing of a number in a set E k .
- the set E k contains all the integers whose binary representation comprises at most N k bits.
- the value of the number N k is prerecorded in the memory 110. For example, the value of the number N k is equal to 16, 32, 48 or 56.
- the key ki generated is then recorded in the table 112.
- the generator 108 derives each following key k m from the previous key k mi by executing the same algorithm DI parameterized by the value of the previous key k mi .
- the key k m cannot be generated before the key k mi .
- the keys k m are therefore generated one after the other.
- the DI algorithm is also parameterized by an adjustable complexity parameter, denoted PC p , which allows, as will be explained below, to increase or decrease the average number of operations executed by the receivers for obtain the key k m from the key k mi .
- the parameter PC p therefore makes it possible to increase or decrease the average time TCi , m of execution of a second algorithm D2 for deriving the key ki , m executed by the receivers.
- the average time TCi , m is the time that elapses, on average, between the instant when a processor 76 begins the execution of the algorithm D2 to obtain the key ki , m and the instant when this processor 76 ends this execution of the algorithm D2 because it obtained the key ki , m .
- the average time TCi , m therefore typically corresponds to the average of the times taken by a multitude of processors 76 of system terminals 2 to obtain the key ki , m by executing the algorithm D2.
- the parameter PC p is the size of a set E R of integers.
- the set E R contains all the integers whose binary representation comprises at most N R bits. For example, the number N R is equal to the value of the parameter PC p .
- the DI algorithm is a key calculation involving a succession of random draws of a number R in the set E R. Thereafter, this type of algorithm is called “calculation of keys with hazard”. For example, each time the algorithm Dl is executed, the generator 108 performs the following operations to generate the following key k m :
- - Fi is a known function of the generator 108 and the receivers.
- the operation "//” is the operation "or exclusive" usually designated by the symbol XOR.
- the function Fi is typically a one-way function.
- the function Fi is chosen from the group Gi of one-way functions consisting of symmetric encryption functions, asymmetric encryption functions and hash functions.
- the generator 108 also generates control information C m .
- the control information C m is a parameter of the algorithm D2 necessary to obtain the key k m from the key k mi .
- the control information C m is information which allows the receiver to obtain the key k m from the previous key k mi without knowing the number R m .
- Hi is a one-way function, that is to say for which it is very difficult to calculate a pre-image from its image, it is not possible to deduce the key k m from the only knowledge of the control information C m .
- the Hi function is also typically chosen from the group Gi of functions.
- the functions Fi and Hi are identical.
- the Fi and Hi functions are both the same hash function.
- Each key k m generated by the execution of the algorithm Dl is recorded, associated with the control information C m , in table 112.
- the generator 108 also transmits each key k m to the system 28.
- Step 116 is triggered early enough so that, whatever the value of the index m, the key k m is available in time for the scrambler 22 to scramble the cryptoperiod CP m with the key k m .
- the execution of step 116 is triggered early enough so that, at each instant t m , the table 112 already contains at least the keys k m to k m + Lmax and the associated control information C m at C m + Lmax .
- the number L max is an integer greater than or equal to a prerecorded in memory 110.
- the number L max is the maximum length of a succession SR m .
- the device 6 divides the multimedia content into successive cryptoperiods, scrambles each cryptoperiod CP m using the corresponding key k m , then transmits the scrambled cryptoperiods.
- the ECM messages m containing the identifiers ld m of the keys k m are multiplexed with the corresponding cryptoperiods of the transmitted multimedia content. This multiplexing makes it possible to synchronize the transmission of each identifier ld m with the transmission of the cryptoperiod CP m of the multimedia content.
- the identifier ld m is transmitted to the receivers only during the cryptoperiod CP mi preceding the cryptoperiod CP m .
- the identifier ldi is transmitted to the receivers during a time interval [t 0 ; ti [immediately preceding the first cryptoperiod CPi.
- the duration of the interval [t 0 ; ti is for example equal to the duration V of a cryptoperiod.
- the scrambled multimedia content is received substantially at the same time by each of the receivers in system 2.
- the following steps are therefore executed substantially in parallel for each of these receivers. The following steps are described in the particular case of the receiver 10.
- a step 122 the audiovisual signal containing the scrambled multimedia content and the ECM messages m is received by the reception module 70.
- the demultiplexer 72 extracts, as and when they are received, the cryptoperiods CP m scrambled from the scrambled multimedia content and the ECM messages m .
- the demultiplexer 72 transmits the scrambled cryptoperiods CP m extracted to the descrambler 74.
- the ECM messages m extracted are in turn transmitted to the processor 76.
- the processor 76 At least in response to each first reception of an ECM message m , and at the latest a predetermined duration d before the instant t m , during a step 126, the processor 76 checks whether it has already obtained the key ki , m . Here, for this, it searches the table 79 if it already contains the key k m corresponding to the identifier ld m contained in the ECM message received m.
- the duration d is fixed by the system operator 2 as slightly increasing the time necessary for a receiver to obtain a key ki , m from the server 106.
- the processor 76 sends to the descrambler 74 the key k m found in the table 79. No connection with the server 106 is then established to obtain the key k m .
- the descrambler 74 descrambles the cryptoperiod CP m received using the key k m .
- the descrambled cryptoperiod CP m is decoded by the decoder 80 and then transmitted to the video card 82.
- the video card 82 transforms the cryptoperiod CP m descrambled and decoded into a video signal.
- this video signal is then transmitted to the display device 84.
- the device 84 displays the cryptoperiod CP m of the multimedia content on the screen 86 in a manner directly perceptible and understandable by a human being.
- step 126 If during step 126, the key k m corresponding to the identifier ld m is not contained in the table 79, then the process continues with a step 140 and not directly with step 128 .
- step 140 the processor 76 establishes a secure connection with the server 106 and transmits via this connection a request to receive the information necessary to obtain the key k m .
- this request notably contains the identifier ld m of the key k m .
- This request is transmitted to the server 106 via the transceiver 88 and the network 92. All the exchanges of information between the processor 76 and the server 106 are made via a tunnel secure established through the network 92. The establishment of the tunnel required authentication and identification of the receiver by the server 106, for example using the cryptographic certificate contained in the memory 78. Thus, the server 106 has the 'identifier ld T of the receiver which sends him a request.
- step 140 is systematically executed by each of the receivers during the time interval [to; ti [immediately preceding the first cryptoperiod CPi to descramble multimedia content. Then, step 140 is executed each time the key k m required to descramble the cryptoperiod CP m is absent from the table 79.
- the reception by the server 106 of this request informs it that the key ki , m could not be obtained before the instant ti , m .
- the server 106 proceeds to update the counter C nbc of connections per unit of time. For example, the server 106 counts the number of connections established, including this one, between all the receivers of the system 2 and itself during the sliding window of duration DT. Here, the server 106 counts only the connections during which the information necessary to obtain a key k m is required.
- the server 106 obtains the value of an integer L.
- the number L makes it possible to adjust the number of cryptoperiods which will elapse between this connection to the server 106 of the receiver 10 and the next compulsory connection from the receiver 10 to the server 106. More specifically, the number L fixes the maximum number of following keys that the receiver 10 can derive from the key k m without connecting again to the server 106. The number L therefore fixes the length of the succession SR m of the keys k m to k m + L -i that the receiver 10 can obtain from the only information contained in the response to its request.
- the number L is here determined to distribute the connections of the receivers to the server 106 as uniformly as possible.
- the server 106 chooses a first value of the number L different from that chosen for other receivers of the system 2. For example, the server 106 randomly draws this first value in the interval [2; L my x]. In another example, the server 106 randomly draws the first value successively in subintervals forming a partition of the interval [2; Lmax]. Then, during the following connections of the receiver 10, the server 106 uses a second value of the number L which is constant and identical for all the receivers of the system 2.
- a next connection is a connection established to obtain a key k m , where the index m is strictly greater than one.
- the second value of the number L is for example prerecorded in the memory 110 during phase 114. This second value of the number L is also between 2 and L max .
- a step 146 in response to the request from the receiver 10, the server 106 transmits to the processor 76, via the connection established in the step 140, the information necessary for the receiver 10 to be able to obtain the sequence SR m of keys without this receiver needing to establish a next connection with the server 106.
- the server 106 transmits to the receiver 10 during this connection, all the information necessary for him to obtain the keys ki , m to k L, m .
- the server 106 transmits and the receiver 10 receives during this connection the following information:
- connection between the server 106 and the receiver 10 is interrupted.
- the connection is therefore interrupted before time t m where the cryptoperiod CP m begins.
- step 148 the processor 76 stores the key ki , m received in the table 79, then the method returns to step 128.
- the key ki , m is transmitted to the descrambler 74 before the instant t m so that the cryptoperiod CP m can be correctly descrambled in time.
- Step 150 the processor 76 immediately triggers the obtaining of the following keys: k 2, m to k L, m from the information received in response to its request.
- Step 150 is systematically triggered after receipt of the key ki , m .
- the triggering of step 150 is independent of the operating state of the networks 92 and 8.
- the processor 76 executes the key derivation algorithm D2.
- the algorithm D2 makes it possible to obtain the following key ki , m from the previous key ki-i , m and also from here, the values of the parameter PC p and the control information Ci, m .
- the algorithm D2 is executed a first time to obtain the key k 2, m from the key ki , m received, then a second time to obtain the key k 3, m from the key k 2, m and so on until the key k L, m is obtained from the key
- this processor performs the following operations to obtain the key ki , m :
- the processor 76 randomly draws a number R in the set E R , then
- the processor 76 compares the control information C cd with the control information Ci , m received during step 146, then
- the size of the set E R is determined from the parameter PC p received by the processor 76 at the same time as the key ki , m and control information
- the average time TCi , m of execution of this algorithm D2 depends on the size C a of the set E R. Indeed, the larger the size C a of the set E R , the greater the average number of random draws carried out before drawing a number R equal to the number R m which makes it possible to obtain the key ki , m . Here, this average number of random draws is equal to C a / 2.
- the server 106 compares the counter C nbc updated with thresholds S nbc-h and S nbc i predetermined recorded in memory 110.
- the threshold S nbc-h is equal to or strictly greater than the number of connections per unit of time which can be expected if each receiver manages to calculate in time each of the keys k 2, m to k L, m , and therefore does not connect to the server 106, except the first time, only after having obtained, by execution of the algorithm D2, the last key k L, m of a succession of keys SR m .
- the threshold S nbc-h is greater than or equal to N rec / (LV), where:
- - N rec is equal to the total number of receivers of system 2 which connect to the servers 106,
- the threshold S nb ch must also be small enough to allow the value of the parameter PC p to be adapted before the counter C nbc becomes much greater than N rec / (LV).
- the threshold S nbc-h is less than 2N rec / (LV) or less than 1.5N rec / (LV).
- the server 106 modifies the value of the parameter PC p so that the receivers can calculate the following keys ki , m more quickly.
- the value of the parameter PC p is reduced in order to decrease the size C a by the set E R. Then, the method returns to step 116 to generate the following keys of the succession SE P by taking into account the new value of the parameter PC p .
- the threshold S nbc-i is strictly lower than the threshold S nbc h and generally close to the limit N rec / (LV).
- the threshold S nbc-i belongs to the interval [N rec / (LV); 1.3N rec / (LV)] or at the interval [N rec / (LV); l, lN rec / (LV)].
- the server 106 modifies the value of the parameter PC p to increase the average time TCi , m of calculation of the key ki , m then returns to steps 116 and 120.
- the value of the parameter PC p is increased in order to increase the size C a of the set E R.
- the server 106 leaves the current value of the parameter PC p unchanged.
- the second prerecorded value of the number L is, for example, fixed to obtain a target number N cn of connections to the server 106 per second.
- the number N cn is chosen by the designer of the system 2.
- the initial value of the parameter PC p is determined so that the expected average time TCi , m of execution of the algorithm D2 by a receiver before obtaining the key ki, m is greater than 0.2Vi-i, m or 0.5Vi-i, m or 0.9Vi-i, m , where Vi-i, m is the duration of the cryptoperiod CPi-i, m .
- the initial value of the parameter PC p is designed so that, whatever the value of the index i between 2 and L, each mean time TCi , m meets the conditions (1) to (3) following:
- the key ki , m cannot be obtained before the instant ti-i , m .
- the key k L, m is exposed to attack attempts only at most during the interval [t Li, m ; t L, m [.
- the interval [ti, m ; t L, m [corresponds to the time interval during which the key k L, m is exposed to attack attempts in known methods, such as that described in application EP2567500, where the key ki_ , m is transmitted to the receiver together with the key ki , m .
- the durations of the cryptoperiods CP m are all equal to V and where it is imposed that all the mean times TCi , m are equal to a constant TC, then the conditions (1) to ( 3) are satisfied, for example, by choosing a value of the parameter PC p such that the mean time TC is between (L-1) V / L and V.
- the initial value of the parameter PC p is then chosen by determining the largest number l ⁇ l R for which the following condition is satisfied: ti -5 .C a / 2 ⁇ V, where
- - ti is the execution time by the receiver of operations 1) to 5) of step 150,
- C a is the number of elements in the set E R , and C a is equal to 2 NR , and
- phase 114 the time ti -5 is measured experimentally on a receiver.
- the duration V is fixed and known.
- FIG. 3 represents a method identical to the method of FIG. 2 except that steps 116 and 150 have been replaced, respectively, by steps 180 and 182. To simplify FIG. 3 and the following figures, only the modified steps are represented. The unmodified and therefore not shown steps are symbolized in these figures by a dotted line.
- Steps 180, 182 are identical, respectively, to steps 116 and 150, except that the algorithms DI and D2 are replaced by, respectively, algorithms D3 and D4.
- the D3 algorithm is a deterministic key calculation and no longer a random key calculation.
- a deterministic key computation unlike a key computation with a hazard, does not involve a random draw capable of substantially modifying the average time TCi , m of execution of the algorithm D4.
- the algorithm D3 executed to generate the key k m from the key k mi consists in composing Q m -1 times a one-way cryptographic function H 2 with itself.
- - H 2 is a one-way cryptographic function
- the function H 2 is composed with itself Q m -1 times.
- the function H 2 belongs to the group Gi of previously defined functions.
- the function H 2 is a hash function.
- the control information includes the parameter Q m .
- the value of the parameter Q m varies as a function of the index m. For example, for each index m greater than or equal to two, the value of the parameter Q m is drawn randomly from a set E Q of values close to V / ti 82 , where ti 82 is equal to the time it takes for the receiver to execute H 2 once .
- the set E Q is the set of whole numbers in the interval [0.7V / ti 82 ; 1.3V / ti 82 ] or the interval [0.9V / ti 82 ; l, lV / ti 82 ].
- the control information transmitted to the receiver 10 each includes values of the parameters Q 2, m to Qi_ , m .
- the set E Q is much smaller than the set E R.
- the set E Q contains 10 3 or 10 6 whole numbers.
- the size of the set E Q is here constant regardless of the value of the index m.
- the complexity parameter PC p is in this embodiment the average value M Q of the set E Q and not the number of integers it contains.
- the mean value M Q is the average of the whole numbers contained in this set E Q by assigning to each of these whole numbers the same weighting coefficient. The more the mean value M Q increases, the more the calculation time TCi , m to obtain the key ki , m from the key ki-i , m also increases.
- the set E Q is constructed so that its average value is equal to V / ti 82 . In this embodiment, the value M Q and therefore the complexity parameter PC p does not need to be transmitted to the receivers.
- the composition of the set E Q is modified to decrease its average value during step 162 and, alternately, increase its average during step 164.
- the whole number e is added to each of the whole numbers previously contained in the set E Q.
- step 182 the algorithm D4 executed by the receiver to obtain the key ki , m from the key ki_i , m is identical to the algorithm D3 except that the value of the parameter Qi , m is obtained from the control information received.
- FIG. 4 represents a method identical to the method of FIG. 3 except that steps 180 and 182 are replaced, respectively, by steps 190 and 192.
- Steps 190 and 192 are identical to steps 180 and 182 except that instead of using the same function H 2 to obtain the keys k m , the generator 108 uses a function H G 5 and the receiver 10 uses a function H D6 .
- the H G5 function is designed to allow the key k m to be calculated from the key k mi much faster than is possible by implementing the H D6 function.
- one-way H D6 cryptographic functions with backdoors are used, such as those used to perform asymmetric ciphers.
- the operating principle of such one-way cryptographic functions with backdoors is well known. For example, it is the same principle as that used in asymmetric encryption algorithms also known as the RSA (Rivest-Shamir-Adleman) encryption algorithm.
- RSA Raster-Shamir-Adleman
- prime numbers - P and Q are large prime numbers, that is to say prime numbers whose binary representation comprises at least 500 or 1000 bits, furthermore distinct from each other,
- - e is a prime number with the product (P-1) (Q-1), greater than 1 and not between a (Pl) (Ql) and a (Pl) (Ql) + 2 S , where “a” is a non-zero natural integer and, s a natural integer typically equal to 80 or greater, called the security parameter.
- the numbers P and Q are only known to the generator 108 and correspond, for example, to its private key.
- the numbers N and e are known to the generator 108 and to the receiver 10 and then correspond to the public key of the generator 108.
- the generator 108 thanks to the knowledge of the numbers P and Q, can calculate the key k m from the key k mi by executing only two modular exponentiations whereas in order to obtain the same key, the processor 76 must realize Qi, m modular exponentiations.
- the control information can be omitted.
- the server 106 does not need to transmit this control information to the receiver on each connection.
- the PC p parameter is also a constant.
- the server 106 transmits only the key ki , m to the receiver and the receiver derives the keys k 2, m to k L, m from this key ki , m without needing to receive any other information from the waiter 106.
- the number N of keys of the succession SE P can be 10 or 100 or 1000 times greater than the number L max .
- the generator 108 can stop using the succession SE P , including before the key k N has been used to encrypt the cryptoperiod CP N. From the instant t p + i , the generator begins to use another succession SE p + i of keys. In this case, preferably, before the instant t p + i , the server 106 transmits a signal to the receivers to indicate to them that the other succession SE p + i will be used from this instant. In response, the receivers immediately establish a connection with the server 106 to receive the information necessary to obtain the key ki , m and to derive the following L keys ki , m from this new succession SE p + i .
- the number N of keys of the succession SE P can also be less than the number of cryptoperiods of the multimedia content to be scrambled.
- the generator 108 after having generated the key k N , the generator 108 begins the generation of another succession SE p + i of keys intended to scramble the cryptoperiods according to the cryptoperiod CP N , for example CP N + i to CP 2N or CP N + i to CP N + M.
- the first key k N + i of the succession SE p + i is generated independently of the keys of the succession SE P and, in particular, does not depend on the key k N.
- the numbers N and M must nevertheless, where appropriate, be chosen greater than or equal to the number L max .
- the number N can also be a priori indeterminate.
- the generator 108 constantly generates new keys k m for the succession SE P.
- the generator 108 generates a new succession SE p + i in response to an external command to change the succession of keys.
- this key succession change command is issued when an attack or an attempt to attack the succession SE P of keys is detected.
- Successful cryptanalysis of the key derivation algorithm can be detected, for example, from the fact that an increasing number of receivers no longer need to connect to the server 106 every LV seconds to be able to properly descramble multimedia content.
- the server 106 does not update the counter C nbc only if the last key obtained is not the last key of the current succession of keys, that is to say if the current connection was not expected.
- the number L is not adjusted to distribute the connections of the receivers to the server 106 more uniformly over time.
- the number L is a constant, for example predetermined, and is identical for all receivers.
- the value of the parameter Q m is independent of the index m and this parameter Q m is then simply noted Q. In this case, it is possible to choose the numbers L and N equal. The generator then systematically changes the succession SE P after having generated L keys.
- step 160 is not systematically implemented after step 146.
- step 160 is implemented periodically, with a predetermined period, for example in the form of the number of bets in step 146, or as a duration.
- steps 162 and 164 are also omitted, and the server 106 leaves the current value of the parameter PC p unchanged.
- the setting of the value of the parameter PC p is triggered other than by comparing the value of the counter C nbc with the threshold S nbc-h and S nbc-i -
- the time TCi , m of execution of l the derivation algorithm by the processor 76 is measured, for example by the processor 76, then transmitted to the server 106.
- the server 106 compares this measured execution time with the duration V. If the measured execution time is less than the duration V, the value of the complexity parameter PC p is increased. Otherwise, it is reduced.
- the server 106 calculates an average execution time of the derivation algorithm, then compares this average execution time with duration V. If the average execution time is less than duration V, the value of the complexity parameter PC p is increased. Otherwise, it is reduced.
- the server 106 calculates an average execution time of the derivation algorithm for all of the receivers or of a sample of the receivers, for example of predetermined staff, for example randomly constituted.
- the server 106 calculates an average execution time of the derivation algorithm over a sliding time window of predetermined amplitude, for example of the order of one minute, ten minutes , one hour or ten hours.
- the complexity of the derivation algorithm is not adjustable.
- the value of the parameter PC p is chosen during, for example, phase 114 as previously described. Then, the parameter PC p can no longer be modified during the execution of the method of FIG. 2. In this embodiment, steps 142, 160, 162 and 164 are omitted.
- the PC p parameter can be adjusted so that the average time TCi , m is greater than the duration V.
- Receivers who do not belong to this PP subgroup will have to connect to the server 106 to obtain the key ki , m .
- this adjustment nevertheless makes it possible to reduce the number of receivers which connect at each cryptoperiod to the server 106, while increasing the security of the system.
- connection between the server 106 and the receiver 10 is not interrupted after the transmission by the server of the information necessary to build the succession SR m .
- Fi function is not necessarily a one-way function. It can be a function as simple as the identity function. However, in this case, the Hi function is different from the Fi function and remains a one-way function.
- - D m is a small number drawn randomly from a set E D containing whole numbers whose binary representation is at most 18 bits or 10 bits,
- - f is a simple function such as the addition or the multiplication between k mi and D m .
- - H 3 is a function belonging to the group Gi previously defined and preferably a hash function
- control information contains the data D m and the parameter Q.
- the data D m are coded on a number of bits preferably at least twice less than the number of bits necessary to code the parameters Q m defined in the embodiment of FIG. 3. Consequently, the bandwidth required to transmit the control information to the receiver 10 is reduced in this variant.
- the derivation algorithm instead of randomly drawing the number R from the set E r each time, the number R is initialized to 0 and then incremented by 1 at each iteration of operations 1) to 5) of step 150.
- the keys generated and received are control words used directly for encrypting and decrypting multimedia content.
- these methods can be used to obtain keys other than control words.
- the keys generated and received can be session keys used to encrypt and decrypt control words transmitted to the receiver.
- the session keys are changed, in general, with a frequency 10, 100, 1000 or 10000 times lower than the frequency of change of the control words.
- the length of the session key validity interval is greater than one minute, one hour, or 24 hours.
- the value of the complexity parameter PC p is adapted to correspond to such a duration of the validity interval.
- the methods for obtaining succession of keys described here can also be used to obtain successions of keys which are used to encrypt and decrypt digital content other than multimedia content.
- the succession of keys obtained can be used to encrypt or decrypt digital documents such as text files, or any data exchanged over a communication channel.
- the duration V , m of the validity intervals is not constant.
- the time TCi , m is for example different to obtain each key ki , m .
- the time TCi , m is adjusted using, for example, the control information Q m .
- the control information Q m is chosen so that the time TCi , m is between 0.5Vi-i , m and Vi-i , m and preferably between 0.9Vi-i , m and Vi-i , m .
- the control information Q m is chosen so that the execution time is such that the time TCi.
- the key k , m can at sooner be obtained by the receiver in the interval [ti-i , m ; ti , m [.
- the key k , m can only be attacked during the interval [ti-i , m ; ti , m [of duration Vi-i, m .
- the execution of the derivation algorithm is distributed over a group of M receivers capable of exchanging information with each other in a secure manner.
- the number M is greater than or equal to two and preferably greater than or equal to 100 or 1000.
- the receivers of the same group of receivers are connected to each other via a public network or private.
- a receptor that belongs to a group of receptors does not belong to another group of receptors.
- the exchanges of information between the receivers of the group are for example encrypted using keys known only to the receivers of this group.
- the derivation algorithm is a key calculation with a hazard
- the set E R is divided into M disjoint subsets of the same size.
- Each of these subsets is assigned to a respective receiver in the group.
- each receiver of the group In response to the reception of the key ki , m , each receiver of the group tries to calculate the key k 2, m as described previously but by choosing the number R only in the subset which has been assigned to it.
- the first receiver in the group which obtains the key k 2, m then transmits it to the other receivers of the same group.
- these receivers stop the previous execution of the derivation algorithm to obtain the key k 2, m and start to execute the derivation algorithm for obtain the key k 3, m in a similar way to what has been described for the key k 2, m .
- the group of receivers thus executes the derivation algorithm in a time TCi , m equal to TCri , m / M, where TCri , m is the average execution time of the same derivation algorithm but by a single receiver of the group which must therefore choose the number R in the whole of the set E R and not only in a subset.
- This variant therefore makes it possible to increase the size of the assembly E R and therefore to increase the safety of the process.
- the derivation algorithm is a deterministic key calculation
- the distribution of the execution of an algorithm between different microprocessors so that portions of this algorithm are executed in parallel by each of these microprocessors is well known and will not be described here in detail.
- distributing the execution of the derivation algorithm over all the receivers in the group makes it possible to increase security since this complicates obtaining the key. In particular, this increases the computing power required to be able to execute the derivation algorithm quickly enough by an illegal receiver.
- the complexity parameter PC p can be adjusted so that the time TCi , m is only included in the interval [V-TAi; V]
- the complexity parameter can be adjusted so that the time TCi , m satisfies only the following condition: TA 2 + (Ll) TCi , m > (Ll) V.
- the receiver can only obtain the key k , m after having completed the calculation of the key ki-i , m .
- the receiver is obliged to calculate the keys ki , m in the ascending order of the indices i.
- the average time TCi , m for calculating a key ki , m is long, that is to say here greater than or equal to 0.2Vi-i , m . Therefore, although all the information necessary to obtain the keys ki , m to k L, m is received before time ti , m , the following keys k 2, m to k L, m can only be obtained long after this instant ti , m .
- the key k L, m is obtained only after the instant t R + TC 2, m + TC 3, m + ... + TC L, m , where t R is the instant of information reception necessary to obtain each of the keys ki , m to k L, m .
- the key k L, m is obtained at time t R.
- the methods described here delay TCi , m + ... + TC L, m obtaining the key ki_ , m . Since the key k L, m is obtained in the receivers later than in the known receivers, the time available to attack this key k L, m before the instant t L, m is shorter than in the known methods, which increases process safety.
- the receiver need only connect once to the key server 106.
- the method always makes it possible to reduce the number of connections or exchanges of information between the server 106 and each of the receivers.
- the described method can be applied without having to determine a security level associated with each of the receivers.
- the receiver retains the capacity to establish a second connection with the server 106 to obtain the key k , m if it has not succeeded in obtaining this key in time from the information received in the first connection, enables the claimed process to be implemented with a fleet of receivers in which certain receivers are slower than others or than expected to execute the derivation algorithm. This makes it possible, if necessary, to take into account the diversity of receivers and the fluctuation of their computing performance.
- the derivation algorithm includes the reiteration Qi , m times of the same one-way function makes it possible to have an average time TCi , m which can be determined in advance and therefore which, more surely, can be systematically included in the interval [Vi-i, m / 2; Vi-i, m [.
- the one-way function is a one-way cryptographic function with a back door makes it possible to reduce the time necessary to generate the succession SE P.
- the key derivation algorithm is a calculation of keys with randomness allows the generator 108 to execute much less operations to calculate a key ki , m than the receiver has to do to calculate the same key.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1856170A FR3083660B1 (fr) | 2018-07-04 | 2018-07-04 | Procede d'obtention d'une succession de cles cryptographiques |
PCT/FR2019/051616 WO2020008131A1 (fr) | 2018-07-04 | 2019-07-01 | Procede d'obtention d'une succession de cles cryptographiques |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3818659A1 true EP3818659A1 (fr) | 2021-05-12 |
Family
ID=65031368
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19749777.9A Pending EP3818659A1 (fr) | 2018-07-04 | 2019-07-01 | Procede d'obtention d'une succession de cles cryptographiques |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP3818659A1 (fr) |
CN (1) | CN112602288A (fr) |
FR (1) | FR3083660B1 (fr) |
WO (1) | WO2020008131A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10964702B2 (en) | 2018-10-17 | 2021-03-30 | Micron Technology, Inc. | Semiconductor device with first-in-first-out circuit |
CN114143273B (zh) * | 2021-11-24 | 2024-05-17 | 深圳数马电子技术有限公司 | 通道分配方法、装置、计算机设备和计算机可读存储介质 |
CN116663041B (zh) * | 2023-07-28 | 2023-10-31 | 青岛农村商业银行股份有限公司 | 一种rpa流程机器人数据智能处理方法及系统 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8223974B2 (en) * | 2009-07-31 | 2012-07-17 | Telefonaktiebolaget L M Ericsson (Publ) | Self-healing encryption keys |
FR2959905B1 (fr) | 2010-05-04 | 2012-07-27 | Viaccess Sa | Procede de dechiffrement,de transmission et de reception de mots de controle, support d'enregistrement et serveur de mots de controle pour la mise en oeuvre de ces procedes |
FR2970134B1 (fr) * | 2010-12-29 | 2013-01-11 | Viaccess Sa | Procede de transmission et de reception d'un contenu multimedia |
BR112012033255A2 (pt) * | 2012-10-29 | 2017-11-28 | Ericsson Telecomunicacoes Sa | método e aparelho para garantir uma conexão em uma rede de comunicação |
CN103560892A (zh) * | 2013-11-21 | 2014-02-05 | 深圳中兴网信科技有限公司 | 密钥生成方法和密钥生成装置 |
-
2018
- 2018-07-04 FR FR1856170A patent/FR3083660B1/fr active Active
-
2019
- 2019-07-01 CN CN201980055283.0A patent/CN112602288A/zh active Pending
- 2019-07-01 WO PCT/FR2019/051616 patent/WO2020008131A1/fr active Application Filing
- 2019-07-01 EP EP19749777.9A patent/EP3818659A1/fr active Pending
Also Published As
Publication number | Publication date |
---|---|
FR3083660B1 (fr) | 2020-12-04 |
WO2020008131A1 (fr) | 2020-01-09 |
CN112602288A (zh) | 2021-04-02 |
FR3083660A1 (fr) | 2020-01-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1525748B1 (fr) | Procede et module electronique de transmission securisee de donnees | |
FR2818062A1 (fr) | Methode de transmission securisee de donnees numeriques d'une source vers un recepteur | |
EP2168304B1 (fr) | Verification de code mac sans revelation | |
EP2520042B1 (fr) | Procédés de déchiffrement, de transmission et de réception de mots de contrôle, support d'enregistrement et serveur pour ces procédés | |
WO2020008131A1 (fr) | Procede d'obtention d'une succession de cles cryptographiques | |
EP2567500B1 (fr) | Procedes de dechiffrement, de transmission et de reception de mots de controle, support d'enregistrement et serveur de mots de controle pour la mise en oeuvre de ces procedes | |
EP2022207B1 (fr) | Procédé cryptographique à chiffrement et révocation intégrés, système, dispositif et programmes pour la mise en oeuvre du procédé | |
EP3114598B1 (fr) | Procédé de fourniture, à un terminal, de contenus multimédias protégés | |
EP2659613B1 (fr) | Procede de transmission et de reception d'un contenu multimedia | |
EP3248379B1 (fr) | Procédé de diffusion d'un contenu multimédia protégé | |
EP2633677B1 (fr) | Procede de reception d'un contenu multimedia embrouille a l'aide de mots de controle et captcha | |
EP3380983A2 (fr) | Procédé d'identification de processeurs de sécurité | |
EP2586198B1 (fr) | Procede de protection, procede de dechiffrement, support d'enregistrement et terminal pour ce procede de protection | |
EP2652899B1 (fr) | Procédé et système d'accès conditionnel à un contenu numérique, terminal et dispositif d'abonné associés | |
EP3646526B1 (fr) | Procédé de réception et de déchiffrement d'un cryptogramme d'un mot de contrôle | |
FR3072848B1 (fr) | Procede de reception et de dechiffrement, par un processeur electronique de securite, d'un cryptogramme d'un mot de controle | |
EP2223524A1 (fr) | Procédé de conditionnement et de contrôle d'accès à des contenus en codage hiérarchique, processeur et émetteur pour ce procédé |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210104 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
RAV | Requested validation state of the european patent: fee paid |
Extension state: TN Effective date: 20210104 |