Device arranged for exchanging data, and method of authenticating

US 20040187001A1
Filed: 12/11/2003
Published: 09/23/2004
Est. Priority Date: 06/21/2001
Status: Abandoned Application

First Claim

Patent Images

1. A first device arranged for exchanging data with a second device comprising receiving means for receiving from the second device a certificate for a public key (UPK) for the second device, and authenticating means for authenticating the second device as a strongly protected device upon a successful verification of the received certificate with a public key of a Certifying Authority (CAPK), if the public key of the Certifying Authority is available, and authenticating the second device as a weakly protected device upon a successful verification of the received certificate with a locally available public key (SPK).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first device (110) arranged for exchanging data with a second device (130). The first device (110) receives from the second device (130) a certificate comprising a public key (UPK) for the second device. The first device (110) then authenticates the second device (130) as a strongly protected device upon a successful verification of the received certificate with a public key (CAPK) of a Certifying Authority, if the public key of the Certifying Authority is available, and authenticates the second device (130) as a weakly protected device upon a successful verification of the received certificate with a locally available public key (SPK). The second device (130) does the same to achieve mutual authentication. Having authenticated each other, the devices (110, 130) can securely set up session keys and exchange data. The data preferably has associated DRM rules.

Citations

10 Claims

1. A first device arranged for exchanging data with a second device comprising receiving means for receiving from the second device a certificate for a public key (UPK) for the second device, and authenticating means for authenticating the second device as a strongly protected device upon a successful verification of the received certificate with a public key of a Certifying Authority (CAPK), if the public key of the Certifying Authority is available, and authenticating the second device as a weakly protected device upon a successful verification of the received certificate with a locally available public key (SPK).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The first device of claim 1, further comprising transmitting means for transmitting to the second device a certificate for a public key (UPK) for the first device, the certificate either being signed by a Certifying Authority or being signed by a locally available secret key (SSK).
  - 3. The first device of claim 2, whereby the transmitted certificate is signed by the Certifying Authority if the second device has been authenticated as a strongly protected device, and the transmitted certificate is signed by the locally available secret key (SSK) if the second device has been authenticated as a weakly protected device.
  - 4. The first device of claim 1, the authenticating means being arranged for preventing exchanging data with the second device if the second device has been authenticated as a weakly protected device and the first device is a strongly protected device.
  - 5. The first device of claim 1, further comprising a weak encryption key generator arranged for computing a first hash of a concatenation of the session key and the locally available secret key (SSK), and using the first hash as an encryption key for encrypting data to be exchanged with the second device.
  - 6. The first device of claim 5, whereby the weak encryption key generator is further arranged for subsequently computing a second hash of a concatenation of the first hash and the locally available secret key, and using the second hash in the place of the first hash.
  - 7. The first device of claim 1, further comprising session establishing means for building a container comprising a session key and Digital Rights Management data, signing the container with a secret key (USK) corresponding to the public key (UPK) for the first device, encrypting the signed container with the public key (UPK) for the second device and transmitting the signed and encrypted container to the second device.
  - 8. The first device of claim 1, further comprising session establishing means for receiving from the second device a signed and encrypted container, decrypting the container with a secret key (USK) corresponding to the public key (UPK) for the first device, verifying the signature with the public key (UPK) for the second device, and obtaining a session key and Digital Rights Management data from the container.

9. A method of authenticating a remote device, comprising receiving from the remote device a certificate comprising a public key (UPK) for the remote device, authenticating the remote device as a strongly protected device upon a successful verification of the received certificate with a public key (CAPK) of a Certifying Authority, if the public key of the Certifying Authority is available, and authenticating the remote device as a weakly protected device upon a successful verification of the received certificate with a locally available public key (SPK).
- View Dependent Claims (10)
- - 10. A computer program product arranged for causing a processor to execute the method of claim 9.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Inventors
Bousis, Laurent Pierre Francois

Application Number

US10/480,337
Publication Number

US 20040187001A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06F 21/445   by mutual authentication, e...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 63/104   Grouping of entities

Device arranged for exchanging data, and method of authenticating

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Device arranged for exchanging data, and method of authenticating

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links