Device for processing and method for transmission of encoded data for a first domain in a network pertaining to a second domain

US 20050084108A1
Filed: 02/21/2003
Published: 04/21/2005
Est. Priority Date: 02/25/2002
Status: Active Grant

First Claim

Patent Images

1. Data processing device intended to be connected to a network belonging to a second domain so as to receive data encrypted according to an encryption method specific to a first domain, wherein it comprises:

a memory for containing a first secret specific to the first domain;

means of decryption of said data encrypted with the aid of said first secret so as to obtain decrypted data;

means of encryption of said data decrypted according to an encryption method specific to the second domain, so that the data encrypted by said means of encryption cannot be decrypted other than with the aid of a second secret specific to the second domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The processing device is intended to be connected to a network of the second domain so as to receive data encrypted according to an encryption method specific to the first domain. It comprises: a memory for containing a first secret specific to the first domain; means of decryption of the data encrypted with the aid of the first secret so as to obtain decrypted data; means of encryption of the data decrypted according to an encryption method specific to the second domain, so that the data encrypted by said means of encryption cannot be decrypted other than with the aid of a second secret specific to the second domain. The invention also relates to the method for transmitting data encrypted with the aid of the secret specific to the first domain in the network of the second domain.

Citations

13 Claims

1. Data processing device intended to be connected to a network belonging to a second domain so as to receive data encrypted according to an encryption method specific to a first domain, wherein it comprises:
- a memory for containing a first secret specific to the first domain;
  
  means of decryption of said data encrypted with the aid of said first secret so as to obtain decrypted data;
  
  means of encryption of said data decrypted according to an encryption method specific to the second domain, so that the data encrypted by said means of encryption cannot be decrypted other than with the aid of a second secret specific to the second domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. Device according to claim 1, wherein it furthermore comprises:
    - a memory for containing a first symmetric key as well as the encryption of said first symmetric key with the aid of the second secret specific to said second domain;
      
      said means of encryption performing an encryption of the data decrypted with the aid of the first symmetric key; and
      
      means of broadcasting on the network;
      
      the data encrypted by said means of encryption; and
      
      the encryption of said first symmetric key with the aid of the second secret specific to the second domain.
  - 3. Device according to claim 1, wherein the first secret specific to the first domain and the second secret specific to the second domain are respectively symmetric keys.
  - 4. Device according to claim 2, wherein it furthermore comprises means for generating an ephemeral masking key;
    - means for masking the data decrypted with the aid of said masking key so as to form masked data, said masked data being encrypted by the means of encryption with the aid of the first symmetric key; and
      
      means for responding to an operation of authentication by a presentation device connected to the network which has previously received the data broadcast by said means of broadcasting, the response to the authentication operation comprising said ephemeral masking key.
  - 5. Device according to claim 4, wherein it furthermore comprises means for generating an ephemeral authentication key, said ephemeral authentication key being encrypted, with said masked data, by the means of encryption with the aid of the first symmetric key;
    - and the means of response to the authentication operation calculating the response as a function of said authentication key and of a random number received from said presentation device.
  - 6. Device according to claim 2, wherein the data received by said device contain copy control information of the “
    - private copy authorized”
      
      or “
      
      single copy only authorized”
      
      type, in that the device comprises means for replacing said copy control information with other copy control information of the “
      
      read only”
      
      type;
      
      and in that the data broadcast by said device contain said copy control information of the “
      
      read only”
      
      type.
  - 7. Method of transmitting data, encrypted according to a method of encryption using a first secret specific to a first domain, in a network belonging to a second domain, wherein it comprises the steps consisting, for a first broadcasting device connected to the network, in:
    - (a) performing a first broadcast of the data encrypted in the network to a data processing device according to claim 1;
      
      and consisting, for said processing device, in;
      
      (b) decrypting said data encrypted with the aid of the first secret contained in the processing device so as to obtain decrypted data;
      
      (c) encrypting the data decrypted with the aid of a first symmetric key contained in the processing device; and
      
      (d) performing a second broadcast (408Kin the network;
      
      of the data encrypted in step (c) with the aid of the first symmetric key; and
      
      of the encryption of said first symmetric key with the aid of a second secret specific to the second domain, said encryption having been transmitted previously to the processing device by a device of the second domain.
  - 8. Method according to claim 7, wherein step (c) comprises the substeps consisting, for the processing device, in:
    - generating and storing an ephemeral masking key;
      
      masking the data decrypted with the aid of said masking key so as to form masked data; and
      
      encrypting said data masked with the aid of the first symmetric key.
  - 9. Method according to claim 8, wherein step (c) furthermore comprises the substeps consisting, for the processing device, in:
    - generating and storing an ephemeral authentication key; and
      
      encrypting said ephemeral authentication key and the data masked with the aid of the first symmetric key;
      
      and in that the method furthermore comprises, after step (d), a step consisting in;
      
      (f) responding to an operation of authentication by a presentation device connected to the network which has previously received the data broadcast in step (d), the response to the authentication operation comprising said ephemeral masking key.
  - 10. Method according to claim 9, wherein the response to the authentication operation is calculated as a function of said authentication key and of a random number received from said presentation device.
  - 11. Method according to claim 7, wherein the encrypted data transmitted during the first broadcast contain copy control information of the “
    - private copy authorized”
      
      or “
      
      single copy only authorized”
      
      type; and
      
      in that the method furthermore comprises, before step (d), a step consisting in replacing said copy control information with other copy control information of the “
      
      read only”
      
      type.
  - 12. Method according to claim 7, wherein it furthermore comprises a phase of initializing the processing device consisting in:
    - connecting said processing device to the network belonging to the first domain; and
      
      receiving in said processing device the secret specific to the first domain, said secret being transmitted by another device connected to the network of the first domain.
  - 13. Method according to claim 12, wherein the initializing phase furthermore comprises the steps consisting in:
    - connecting said processing device to the network belonging to the second domain;
      
      and consisting, for said processing device, in;
      
      generating the first symmetric key;
      
      transmitting said first symmetric key in a secure manner to at least one device of the second domain; and
      
      receiving from a device of the second domain the encryption of said first symmetric key with the aid of the second secret specific to the second domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thomson Licensing SA (Vantiva SA)
Original Assignee
Thomson Licensing SA (Vantiva SA)
Inventors
Laurent, Christophe, Durand, Alain, Lelievre, Sylvain

Granted Patent

US 9,258,595 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/259
CPC Class Codes

H04N 21/4122   additional display device, ...

H04N 21/4147   PVR [Personal Video Recorde...

H04N 21/4367   Establishing a secure commu...

H04N 7/163   by receiver means only

H04N 7/1675   Providing digital key or au...

Device for processing and method for transmission of encoded data for a first domain in a network pertaining to a second domain

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Device for processing and method for transmission of encoded data for a first domain in a network pertaining to a second domain

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links