WO2002087144A1 - Procede pour une communication securisee entre deux dispositifs - Google Patents
Procede pour une communication securisee entre deux dispositifs Download PDFInfo
- Publication number
- WO2002087144A1 WO2002087144A1 PCT/FR2002/001324 FR0201324W WO02087144A1 WO 2002087144 A1 WO2002087144 A1 WO 2002087144A1 FR 0201324 W FR0201324 W FR 0201324W WO 02087144 A1 WO02087144 A1 WO 02087144A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- module
- key
- encrypted
- keys
- random number
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
Definitions
- the invention relates to the field of methods for ensuring secure transmission between a first device and a second device, in particular between a digital television decoder and a smart card making it possible to verify that the user is indeed authorized to use said decoder.
- the confidential information consists of a control word (CW) received by the decoder in a data stream comprising in particular for example a scrambled digital television program.
- the control word is included in an authorization control message.
- This control word is itself encrypted.
- the encrypted control word is transmitted to the smart card.
- the smart card is provided with a renewable key periodically received for example in an authorization management message (EMM).
- EMM authorization management message
- Digko provides on page 4, at the top of the page, a method for coding the control word. This method is described below: when a smart card 5 is inserted in the decoder, a microprocessor 8 of an access control module 4 of the decoder generates two random numbers Ci and A. The microprocessor 8 then encrypts the random numbers C and A by means of a public key of the access controller 4. A first message thus encrypted containing the numbers Ci and A is transferred to the smart card 5. A microprocessor 10 contained in the smart card 5 decrypts this first message using the controller's private key access 4 (contained in card 5).
- the microprocessor 10 of the smart card 5 sends a second message to the access controller 4, this second message being the random number A encrypted by means of the random number C used as the encryption key.
- the microprocessor 8 of the access controller 4 deciphers this second message and verifies that the random number A is correct, that is to say is indeed equal to the random number A initially sent. If this verification is positive, it is assumed that the inserted smart card 5 is an authorized smart card. Under these conditions, the access controller 4 will transmit the control message containing the encrypted control word (CW) to the smart card 5 which will process the authorization control message to extract the control word from it. a known way.
- CW encrypted control word
- the smart card 5 will send the extracted control word but encrypted by means of the key C and this encrypted control word will be decrypted by the microprocessor 8 of the controller d access 4 using the same key Ci. It is then concluded in this request that as soon as an attempt is made to replace the chip card 5 initially inserted by another chip card, for example, by replacing the authorized card 5 by an unauthorized card, the access controller 4 will immediately notice such a change since the key Ci is not known to the new smart card, so that the access controller 4 will no longer be able to descramble the return messages containing the control word (CW).
- CW control word
- a decryption unit 7 of the decoder which normally must use this word control to be able to operate, will be disabled. It is then specified that in the same way the same method can be used to secure a communication between the access controller 4 and the decoder in which the same protocol as that shown in an appended figure is followed.
- the microprocessor of the decoder will generate the two random words Ci and A and as soon as the microprocessor has deciphered the second "message received from microprocessor 8 of the access controller. 4 and has checked that the random number A is correct, the key Ci will be used in all transmissions between the access controller 4 and the microprocessor 6 of the decoder, used to decode the scrambled program.
- the session key constituted by the number Ci is transmitted between the two modules on the one hand, from the access controller 4 to the smart card 5 and , on the other hand, from the smart card 5 to the access controller 4. Although this transmission is carried out in an encrypted form, this key can be captured during the transmission then decrypted and used.
- the Manual authored by MENEZES and entitled “Handbook of Applied Cryptography” published in 1997 under ISBN number 0-8493-8523-7 describes page 508 a protocol known as NEEDHAM-SCHROEDER in which modules A and B exchange three messages. In the first message A sends kl data to B using the public key of B In the second message B sends to A the data kl and a data k2 using the public key of A.
- module A It is then checked in module A that the message received does indeed contain the data kl. This allows authentication of B and provides assurance that B knows kl.
- a session key is then constructed in each of the modules, from the data k1 and k2, using an appropriate publicly known non-reversible function. Such a protocol is safe but requires a long verification time.
- the object of the present invention is to provide a method of communication between two modules, a first and a second, the communication having improved security compared to the prior art described for example in the patent application already cited, but only taking 'a relatively short duration of verification.
- each of the two modules, the first and the second are provided, for example, the decoder of a public key, and the other the second, for example, the smart card of a private key.
- the public key and the private key of the first and of the second module respectively are generated in a known manner, so that each of the keys can encrypt a message which can be decrypted by the other key.
- Two pairs of keys are created, the first module is loaded with a public key the second module is loaded with the corresponding private key, in the same way, the second module is loaded with a public key the first module is loaded with the private key corresponding. The following method is then used.
- a session number S and a random number Ai are generated using a decoder random number generator.
- the session number S and the random number A x are then encrypted using the public key of the smart card. The result of this encryption of the session number and the random number is transmitted to the smart card.
- the numbers S and Ai are decrypted using the private key of the smart card.
- This private key is the one that is part of the public key private key couple of a first couple.
- the smart card will then generate by means of a random number generator of the smart card a second random number A 2 .
- This random number is encrypted as well as S in the smart card using the public key of the decoder.
- the numbers A 2 and S thus encrypted are transmitted to the decoder.
- a random session key K is generated using a hash function and the values S, Ai and A 2 .
- the decoder when the session numbers S and the second random number A 2 have been received, this session number and the number A 2 are decrypted using the private key of the decoder. he is then verified that the number S is indeed the number initially sent by the decoder. If not, the communication session ends. In the decoder it is then generated using a hash function and the values of S, and A 2 a random session key K. Also in the decoder the session key is used to encrypt S. The transmission of the result of encryption of S using the session key K is then transmitted to the smart card.
- the third message, transmitted from the first to the second module is not encrypted using the public key of the second module but directly the session key since from the reception of the number k2 by the first module, the two modules are in possession of the data necessary to produce the session key, for example from a hash function or more generally from a publicly known non-reversible function.
- the smart card S is decrypted using the key K. It is verified that the number S is indeed the initial number of sessions sent. Otherwise, communication between the two modules is stopped. Thus, each of the two modules is found equipped with the same session key K without there having been transmission of said key between the two modules. Then, the key K is used by each of the two modules to encrypt the information transmitted from one module to the other.
- the information to be transmitted is the authorization control message (ECM) containing the control word, said message (ECM) is encrypted with the key K and transmitted to the card. smart.
- ECM authorization control message
- the ECM message encrypted with the key K is decrypted with this same key.
- the invention relates to a method for the secure transmission of information between a first and a second module each containing one of the keys of two pairs of keys, in which a first and a second number are randomly generated. in the first module, a third number in the second module, and where:
- the method for secure transmission of information between two modules, a first and a second takes place as follows:
- the first and second modules are each equipped with a key forming part of a first pair of keys comprising a public key and a private key, -
- the method comprises as in the prior art described in relation to the patent already cited the following operations: a) - generation in the first module of the two random numbers a first S and a second Al, b) - encryption in the first module of two random numbers with the public key, c) - transmission of the first to the second module of a first message containing the first and second numbers S and Al encrypted with the public key of the first pair of keys, d) - decryption in the second module of the first and second numbers S and Al using the private key of the first pair of keys.
- the method further comprises the following operations, e) - generation by the second module of a third random number A2, f) - encryption in the second module of the first and third random numbers using the public key of the second pair of keys, g) - transmission of the second to the first module of the first and third random numbers encrypted using the public key of the second pair of keys , h) - decryption in the first module of the first and third random numbers encrypted using the public key of the second pair of keys, i) - verification in the first module of the identity of the first random number as generated by the random number generator of the first module and the first random number encrypted using the public key of the second pair of keys as received from the second module.
- the first module emitted towards the second module a random number which was encrypted in the first module, transmitted to the second, decrypted in the second then retransmitted to the first who has it decrypted and verified the identity between the number initially issued and the number resulting from the encrypted transmission operations between the two modules.
- operation 1 makes it possible in particular to ensure that the numbers S and A2 transmitted from the second to the first module have been received and deciphered by the first module.
- the verification of the identity of A2 is implicit since if A2 has not been decrypted correctly the session key K with which the first encrypted module S is not the same as the session key K created in the second module, and under these conditions during the decryption by the second module of the message containing S encrypted using the key K of the first module , we will not get the initial value of S.
- Figure 1 shows a two-part flow diagram 25 and 26 respectively.
- Part 25 framed by a dotted line contains the flow chart of the operations carried out in the decoder.
- Part 26 framed by a dotted line represents the operations carried out in the smart card.
- Oriented arrows 36, 40, 46, 50, 54 represent transmissions between the first and the second module or between the second and the first module depending on the direction of the arrow.
- the first and second modules have a first pair of keys 33, 31 respectively the key 33 being the public key of the smart card 26 and the key 31 being the private key of said card.
- a second pair of keys 32, 30 includes a private key 30 in the module 25 and a public key 32 in the module 26.
- the access control sequence begins with an initialization routine not shown triggered, for example, by the introduction of the smart card 26 into the decoder 25.
- a random number generator of the decoder 25 generates a session number S and a first number Ai.
- the numbers and S are encrypted using the public key 2 number 33 of the second module 26.
- a first transmission 36 is then carried out to transmit the numbers Ai and S to the second module 26 constituted by the smart card.
- the numbers A x and S encrypted in step 35 are decrypted using the private key 31 of the smart card 26.
- a random number generator of the card smart generates in step 38 a random number A 2 .
- step 39 S and A 2 are encrypted using the public key 32 contained in the smart card 26.
- the result of this encryption is transmitted in a step 40 to the module 25.
- the module 25 decrypts at a step 41 using the private key 30 of the decoder 25, the session number S and the second random number A 2 . It is then verified in the module 25 in a step 42 that the session number S deciphered in step 41 is indeed equal to the session number S generated in step 34. If S is not found the exchange of communication is finished. On the contrary, if S is found there is generation of a session key K in step 43.
- step 43 a hash function is applied to the numbers S Ai and A 2 , the result of this hashing being precisely the session key K.
- module 26 the same hash function is applied in a step 44 to the random numbers A l7 A 2 and to the session number S to obtain the session key K.
- the key session K is used in a step 45 to encrypt S.
- the result of this encryption is transmitted in a step 46 to the smart card 26.
- the session number S is decrypted in a step 47 in using the K key created in step 44.
- the result of the decryption is checked in a step 48. If S is not found, the communication is ended. The authentication having failed, the card 26 will refuse to go further until a new session is activated. If S is found then the communication can continue.
- the hashing methods are the same in module 25 and in card 26. These methods have been introduced beforehand. We can notice at this stage, - that it is not compulsory to use a hashing method applied to the three numbers Ai, A 2 and S to obtain the session key K.
- the method to obtain K must preferably have , like the hash method, a pseudo-random output.
- the advantage of hash functions is that they do not make it possible to reverse the result, that is to say to go back to the numbers S, i and A 2 .
- each of the data transmitted from module 25 to module 26 or from module 26 to module 25 is encrypted with the key K and decrypted with this same key by the other module.
- the session key is more secure because it is generated from two hazards (Ai, A 2 ) each of the hazards being generated by one of the parties.
- the encryption and decryption are fast because symmetrical techniques are used, moreover in the same session there is encryption of communications in both directions between the two modules.
- the following operations include the transmission of the authorization message from the decoder 25 to the smart card 26, the processing of this message to extract the control word CW therefrom, and the return in encrypted form using the key K of this control word to the module 25 which will then be able, using this word, to decipher the scrambled digital data received to extract unscrambled transmitted image data therefrom.
- This exchange which follows the opening of a session is represented at the bottom of FIG. 1 in a horizontal line.
- the authorization verification message ECM is encrypted using the key K previously produced.
- this message is transmitted to the module 26 in its encrypted form.
- the message is then decrypted in the module 26 in a step 51 using the key K produced in step 44.
- the authorization verification message ECM is then processed in a step 52 to extract the control word therefrom.
- CW The control word CW is encrypted in a step 53 by means of the key K.
- step 54 the encrypted message containing the control word CW is sent to the module 25.
- the control word is decrypted using the key K in a step 55 and the control word CW is extracted.
- the method according to one of the variants of the invention is used for secure transmission between a first module 25 which is a digital television decoder having a function of decoding a scrambled digital video stream or a module conditional access to such a decoder, and a second module 26 which is an access authorization recording device, for example a smart card.
- This card periodically receives in an known manner an authorization management message (EMM).
- EMM authorization management message
- Figure 2 has an upper part and a lower part separated from each other by a thick line.
- FIG. 2 represents the same treatment as that illustrated in the upper part of FIG. 1. This part of the invention will not be described again.
- the decoder 25 and the smart card 26 are each in possession of a certificate 56, 57 respectively.
- These certificates comply with the X509 standard.
- the certificate 56 of the decoder 25 contains the public key 32 of said decoder 25.
- the certificate 57 of the smart card 26 contains the public key 33 of the smart card 26.
- the decoder 25 and the card 26 have a private key respectively 30 and 31 associated with their public key respectively 32 and 33.
- the decoder 25 and the card 26 have a public certification key respectively 58 and 59 associated with the certificate 57 and 56.
- the decoder transmits in a step 60 the certificate 56 to the smart card 26. On receipt of this certificate, it is verified in the smart card 26, in a step 61 that a signature contained in the certificate 56 is a good signature. This verification is carried out using the public certification key 59 contained in the smart card 26. If the verification gives good results, the public key 32 can be extracted from the certificate 56. Conversely, the smart card 26 transmits the certificate 57 during a step 62 at the decoder 25. This decoder performs the verification of the certificate 57 using the certification key 58 and if the verification gives good results is capable of extracting the public key from it 33 .
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Storage Device Security (AREA)
- Communication Control (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/474,588 US7328342B2 (en) | 2001-04-19 | 2002-04-17 | Method for secure communication between two devices |
EP02727668A EP1391074A1 (fr) | 2001-04-19 | 2002-04-17 | Procede pour une communication securisee entre deux dispositifs |
CA002444422A CA2444422A1 (fr) | 2001-04-19 | 2002-04-17 | Procede pour une communication securisee entre deux dispositifs |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0105316A FR2823928B1 (fr) | 2001-04-19 | 2001-04-19 | Procede pour une communication securisee entre deux dispositifs |
FR0105316 | 2001-04-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002087144A1 true WO2002087144A1 (fr) | 2002-10-31 |
Family
ID=8862483
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2002/001324 WO2002087144A1 (fr) | 2001-04-19 | 2002-04-17 | Procede pour une communication securisee entre deux dispositifs |
Country Status (5)
Country | Link |
---|---|
US (1) | US7328342B2 (fr) |
EP (1) | EP1391074A1 (fr) |
CA (1) | CA2444422A1 (fr) |
FR (1) | FR2823928B1 (fr) |
WO (1) | WO2002087144A1 (fr) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008100815A1 (fr) | 2007-02-09 | 2008-08-21 | Sony Corporation | Procédé et appareil d'autorisation d'une interface de communication |
CN102170595A (zh) * | 2010-02-25 | 2011-08-31 | 爱迪德有限责任公司 | 在有条件接入系统中禁用明文控制字加载机制 |
US8209535B2 (en) | 2004-03-22 | 2012-06-26 | Samsung Electronics Co., Ltd. | Authentication between device and portable storage |
CN107040536A (zh) * | 2017-04-10 | 2017-08-11 | 北京德威特继保自动化科技股份有限公司 | 数据加密方法、装置和系统 |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4357480B2 (ja) * | 2003-06-30 | 2009-11-04 | 富士通株式会社 | 無線通信認証プログラムおよび無線通信プログラム |
JP4976135B2 (ja) * | 2003-11-13 | 2012-07-18 | イルデト アイントホーフェン ベー フェー | 限定アクセス方法及び限定アクセス装置 |
US7502473B2 (en) * | 2004-02-25 | 2009-03-10 | Nagravision S.A. | Process for managing the handling of conditional access data by at least two decoders |
KR20050096040A (ko) * | 2004-03-29 | 2005-10-05 | 삼성전자주식회사 | 휴대형 저장장치와 디바이스간에 디지털 저작권 관리를이용한 콘텐츠 재생방법 및 장치와, 이를 위한 휴대형저장장치 |
US7805611B1 (en) * | 2004-12-03 | 2010-09-28 | Oracle America, Inc. | Method for secure communication from chip card and system for performing the same |
US8560829B2 (en) * | 2006-05-09 | 2013-10-15 | Broadcom Corporation | Method and system for command interface protection to achieve a secure interface |
US8285988B2 (en) | 2006-05-09 | 2012-10-09 | Broadcom Corporation | Method and system for command authentication to achieve a secure interface |
JP4923974B2 (ja) * | 2006-09-05 | 2012-04-25 | 株式会社デンソー | 無線通信システム及び車載装置 |
KR101424972B1 (ko) | 2007-05-10 | 2014-07-31 | 삼성전자주식회사 | 모바일 카드를 이용한 컨텐츠 사용 방법, 호스트 장치, 및모바일 카드 |
US8149085B2 (en) * | 2008-05-02 | 2012-04-03 | Research In Motion Limited | Coordinated security systems and methods for an electronic device |
US20090287929A1 (en) * | 2008-05-15 | 2009-11-19 | Lucent Technologies Inc. | Method and apparatus for two-factor key exchange protocol resilient to password mistyping |
EP2159762A1 (fr) * | 2008-08-27 | 2010-03-03 | Deutsche Telekom AG | Procédé d'authentification à base de cartes à puce |
EP2211497A1 (fr) * | 2009-01-26 | 2010-07-28 | Gemalto SA | Procédé d'établissement de communication sécurisée sans partage d'information préalable |
JP4760938B2 (ja) * | 2009-03-23 | 2011-08-31 | 富士ゼロックス株式会社 | 鍵生成プログラム、鍵記録プログラム、鍵生成装置、pkiカード及び鍵記録システム |
US11032259B1 (en) | 2012-09-26 | 2021-06-08 | Pure Storage, Inc. | Data protection in a storage system |
US8745415B2 (en) | 2012-09-26 | 2014-06-03 | Pure Storage, Inc. | Multi-drive cooperation to generate an encryption key |
US10623386B1 (en) | 2012-09-26 | 2020-04-14 | Pure Storage, Inc. | Secret sharing data protection in a storage system |
US9596077B2 (en) * | 2013-04-22 | 2017-03-14 | Unisys Corporation | Community of interest-based secured communications over IPsec |
US11128448B1 (en) | 2013-11-06 | 2021-09-21 | Pure Storage, Inc. | Quorum-aware secret sharing |
US10263770B2 (en) | 2013-11-06 | 2019-04-16 | Pure Storage, Inc. | Data protection in a storage system using external secrets |
US9516016B2 (en) * | 2013-11-11 | 2016-12-06 | Pure Storage, Inc. | Storage array password management |
US9503447B2 (en) | 2014-01-30 | 2016-11-22 | Sap Se | Secure communication between processes in cloud |
US9729518B1 (en) | 2014-04-17 | 2017-08-08 | Altera Corporation | Method and apparatus for secure provisioning of an integrated circuit device |
BR112018011779B1 (pt) | 2015-12-23 | 2024-01-23 | Nagravision Sa | Método para exploração e dispositivo cliente |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997038530A1 (fr) * | 1996-04-03 | 1997-10-16 | Digco B.V. | Procede servant a etablir une communication sure entre deux dispositifs et mise en application du procede |
Family Cites Families (27)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6292568B1 (en) * | 1966-12-16 | 2001-09-18 | Scientific-Atlanta, Inc. | Representing entitlements to service in a conditional access system |
DK190784D0 (da) * | 1984-04-12 | 1984-04-12 | Pengeinst Koebe Kreditkort | Fremgangsmaade og apparat til datatransmission |
US4799061A (en) * | 1985-11-18 | 1989-01-17 | International Business Machines Corporation | Secure component authentication system |
US5227613A (en) * | 1989-01-24 | 1993-07-13 | Matsushita Electric Industrial Co., Ltd. | Secure encrypted data communication system having physically secure ic cards and session key generation based on card identifying information |
US5557518A (en) * | 1994-04-28 | 1996-09-17 | Citibank, N.A. | Trusted agents for open electronic commerce |
US6011848A (en) * | 1994-03-07 | 2000-01-04 | Nippon Telegraph And Telephone Corporation | Method and system for message delivery utilizing zero knowledge interactive proof protocol |
US5602917A (en) * | 1994-12-30 | 1997-02-11 | Lucent Technologies Inc. | Method for secure session key generation |
US6424717B1 (en) * | 1995-04-03 | 2002-07-23 | Scientific-Atlanta, Inc. | Encryption devices for use in a conditional access system |
US6246767B1 (en) * | 1995-04-03 | 2001-06-12 | Scientific-Atlanta, Inc. | Source authentication of download information in a conditional access system |
US6157719A (en) * | 1995-04-03 | 2000-12-05 | Scientific-Atlanta, Inc. | Conditional access system |
GB9507885D0 (en) * | 1995-04-18 | 1995-05-31 | Hewlett Packard Co | Methods and apparatus for authenticating an originator of a message |
US5883958A (en) * | 1996-04-01 | 1999-03-16 | Sony Corporation | Method and device for data decryption, a method and device for device identification, a recording medium, a method of disk production, and a method and apparatus for disk recording |
US5915021A (en) * | 1997-02-07 | 1999-06-22 | Nokia Mobile Phones Limited | Method for secure communications in a telecommunications system |
US6490680B1 (en) * | 1997-12-04 | 2002-12-03 | Tecsec Incorporated | Access control and authorization system |
US6151676A (en) * | 1997-12-24 | 2000-11-21 | Philips Electronics North America Corporation | Administration and utilization of secret fresh random numbers in a networked environment |
US7096494B1 (en) * | 1998-05-05 | 2006-08-22 | Chen Jay C | Cryptographic system and method for electronic transactions |
US6816968B1 (en) * | 1998-07-10 | 2004-11-09 | Silverbrook Research Pty Ltd | Consumable authentication protocol and system |
US7162642B2 (en) * | 1999-01-06 | 2007-01-09 | Digital Video Express, L.P. | Digital content distribution system and method |
US7095851B1 (en) * | 1999-03-11 | 2006-08-22 | Tecsec, Inc. | Voice and data encryption method using a cryptographic key split combiner |
WO2001011843A1 (fr) * | 1999-08-06 | 2001-02-15 | Sudia Frank W | Systemes d'autorisation et de statut a arbre bloque |
US7085931B1 (en) * | 1999-09-03 | 2006-08-01 | Secure Computing Corporation | Virtual smart card system and method |
US6961849B1 (en) * | 1999-10-21 | 2005-11-01 | International Business Machines Corporation | Selective data encryption using style sheet processing for decryption by a group clerk |
US6577733B1 (en) * | 1999-12-03 | 2003-06-10 | Smart Card Integrators, Inc. | Method and system for secure cashless gaming |
US6792113B1 (en) * | 1999-12-20 | 2004-09-14 | Microsoft Corporation | Adaptable security mechanism for preventing unauthorized access of digital data |
US6986046B1 (en) * | 2000-05-12 | 2006-01-10 | Groove Networks, Incorporated | Method and apparatus for managing secure collaborative transactions |
US20030196109A1 (en) * | 2000-08-28 | 2003-10-16 | Contentguard Holdings, Inc. | Method and apparatus for content transaction aggregation |
US6601771B2 (en) * | 2001-04-09 | 2003-08-05 | Smart Card Integrators, Inc. | Combined smartcard and magnetic-stripe card and reader and associated method |
-
2001
- 2001-04-19 FR FR0105316A patent/FR2823928B1/fr not_active Expired - Fee Related
-
2002
- 2002-04-17 US US10/474,588 patent/US7328342B2/en not_active Expired - Lifetime
- 2002-04-17 WO PCT/FR2002/001324 patent/WO2002087144A1/fr not_active Application Discontinuation
- 2002-04-17 CA CA002444422A patent/CA2444422A1/fr not_active Abandoned
- 2002-04-17 EP EP02727668A patent/EP1391074A1/fr not_active Withdrawn
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997038530A1 (fr) * | 1996-04-03 | 1997-10-16 | Digco B.V. | Procede servant a etablir une communication sure entre deux dispositifs et mise en application du procede |
Non-Patent Citations (1)
Title |
---|
MENEZES: "Handbook of Applied Cryptography", 1997, CRC PRESS LLC, USA, XP002186996 * |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8209535B2 (en) | 2004-03-22 | 2012-06-26 | Samsung Electronics Co., Ltd. | Authentication between device and portable storage |
WO2008100815A1 (fr) | 2007-02-09 | 2008-08-21 | Sony Corporation | Procédé et appareil d'autorisation d'une interface de communication |
EP2109956A1 (fr) * | 2007-02-09 | 2009-10-21 | Sony Corporation | Procédé et appareil d'autorisation d'une interface de communication |
EP2109956A4 (fr) * | 2007-02-09 | 2011-01-26 | Sony Corp | Procédé et appareil d'autorisation d'une interface de communication |
US8156545B2 (en) | 2007-02-09 | 2012-04-10 | Sony Corporation | Method and apparatus for authorizing a communication interface |
CN102170595A (zh) * | 2010-02-25 | 2011-08-31 | 爱迪德有限责任公司 | 在有条件接入系统中禁用明文控制字加载机制 |
EP2362635A1 (fr) * | 2010-02-25 | 2011-08-31 | Irdeto B.V. | Désactivation d'un mécanisme de chargement de mots de contrôle de texte clair dans un système d'accès conditionnel |
CN107040536A (zh) * | 2017-04-10 | 2017-08-11 | 北京德威特继保自动化科技股份有限公司 | 数据加密方法、装置和系统 |
Also Published As
Publication number | Publication date |
---|---|
US7328342B2 (en) | 2008-02-05 |
CA2444422A1 (fr) | 2002-10-31 |
EP1391074A1 (fr) | 2004-02-25 |
FR2823928B1 (fr) | 2003-08-22 |
US20050033964A1 (en) | 2005-02-10 |
FR2823928A1 (fr) | 2002-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1391074A1 (fr) | Procede pour une communication securisee entre deux dispositifs | |
EP0661846B1 (fr) | Procédé d'authentification d'au moins un dispositif d'identification par un dispositif de vérification utilisant un protocole à apport nul de connaissance | |
CA2112518C (fr) | Procede d'authentification d'au moins un dispositif d'identification par un dispositif de verification et dispositif pour sa mise en oeuvre | |
EP2887574A1 (fr) | Procédé de conversion d'un contenu à acces conditionnel | |
EP2168304B1 (fr) | Verification de code mac sans revelation | |
EP0317400B1 (fr) | Dispositif et procédé de sécurisation d'échange de données entre un terminal vidéotex et un serveur | |
FR2804561A1 (fr) | Procede de communication avec sequestre et recuperation de cle de chiffrement | |
EP1867189A1 (fr) | Communication securisee entre un dispositif de traitement de donnees et un module de securite | |
WO2003107587A1 (fr) | Procede et dispositif d’interface pour echanger de maniere protegee des donnees de contenu en ligne | |
WO2020008131A1 (fr) | Procede d'obtention d'une succession de cles cryptographiques | |
EP2824868A1 (fr) | Réseau numérique local, procédés d'installation de nouveux dispositifs et procédés de diffusion et de réception de données dans un tel réseau | |
WO2006061420A1 (fr) | Procede et systeme d ' encryption par un proxy | |
EP1216458B1 (fr) | Procede permettant de securiser des donnees lors de transactions et systeme pour sa mise en oeuvre | |
EP1032158B1 (fr) | Circuit et procédé pour la sécurisation d'un coprocesseur dédié à la cryptographie | |
EP0566492B1 (fr) | Procédé d'authentification d'un ensemble informatique à partir d'une disquette informatique | |
WO2012080683A2 (fr) | Procédé et système d'accès conditionnel à un contenu numérique, terminal et dispositif d'abonné associés | |
EP3526946A1 (fr) | Procédé de chiffrement, procédé de déchiffrement, dispositif et programme d'ordinateur correspondant | |
EP1362334A1 (fr) | Module d'identification pourvu d'un code d'authentification securise | |
EP1502382B1 (fr) | Procede de controle d acces a un reseau | |
FR2786049A1 (fr) | Procede de cryptographie a cle dynamique | |
WO2019002736A1 (fr) | Procédé de réception et de déchiffrement d'un cryptogramme d'un mot de contrôle | |
FR2770065A1 (fr) | Procede de transfert de cle d'embrouillage | |
FR2800537A1 (fr) | Procede et systeme d'emulation d'un code secret entre deux modules materiels |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU CA IL IN JP KR NO RU UA US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002727668 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2444422 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10474588 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2002727668 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2002727668 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |