Authentication of data transmitted in a digital transmission system

US 7,437,561 B2
Filed: 01/11/2001
Issued: 10/14/2008
Est. Priority Date: 04/03/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating data transmitted in a digital transmission system, said method comprising the steps, in a device storing a plurality of keys, of:

when the data comprises at least one identifier of a certificate to be revoked;

receiving the data and at least one encrypted value determined for the data, wherein the encrypted value is determined using a key associated with at least a first encryption algorithm;

processing the at least one encrypted value using a stored key from the plurality of keys, wherein the stored key is associated with the first encryption algorithm to obtain a resulting value;

comparing the resulting value with the data to authenticate the data; and

revoking the certificate corresponding to the at least one identifier; and

when the data comprises at least one replacement root certificate;

receiving said data and at least two encrypted values determined for the data, wherein the at least two encrypted values are determined for the data, and wherein each encrypted value is determined using a key corresponding to at least a second and a third encryption algorithm, respectively;

processing each of the at least two encrypted values using one of the plurality of stored keys to obtain a plurality of resulting values, wherein each of the plurality of stored keys corresponds to one of the at least second and third the encryption algorithms;

comparing each of the plurality of resulting values with the data to authenticate the data; and

storing the replacement root certificate in a permanent memory.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating data transmitted in a digital transmission system, in which the method comprises the steps, prior to transmission, of determining at least two encrypted values for at least some of the data, each encrypted value being determined using a key of a respective encryption algorithm, and outputting said at least two encrypted values with said data.

16 Citations

View as Search Results

18 Claims

1. A method of authenticating data transmitted in a digital transmission system, said method comprising the steps, in a device storing a plurality of keys, of:
- when the data comprises at least one identifier of a certificate to be revoked;
  
  receiving the data and at least one encrypted value determined for the data, wherein the encrypted value is determined using a key associated with at least a first encryption algorithm;
  
  processing the at least one encrypted value using a stored key from the plurality of keys, wherein the stored key is associated with the first encryption algorithm to obtain a resulting value;
  
  comparing the resulting value with the data to authenticate the data; and
  
  revoking the certificate corresponding to the at least one identifier; and
  
  when the data comprises at least one replacement root certificate;
  
  receiving said data and at least two encrypted values determined for the data, wherein the at least two encrypted values are determined for the data, and wherein each encrypted value is determined using a key corresponding to at least a second and a third encryption algorithm, respectively;
  
  processing each of the at least two encrypted values using one of the plurality of stored keys to obtain a plurality of resulting values, wherein each of the plurality of stored keys corresponds to one of the at least second and third the encryption algorithms;
  
  comparing each of the plurality of resulting values with the data to authenticate the data; and
  
  storing the replacement root certificate in a permanent memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, wherein said received data is rejected if at least one of the plurality of resulting values is different from the data.
  - 3. A method according to claim 1, wherein said data and said at least two encrypted values are organized in a data file.
  - 4. A method according to claim 3, wherein said data file comprises an indication of the minimum number of encrypted values to be stored with said data in the data file.
  - 5. A method according to claim 4, wherein said data file is received by a receiver/decoder, wherein the number of encrypted values stored in said data file is compared with said minimum number, and said data file is rejected if the number of encrypted values stored in said data file is less than said minimum number.
  - 6. A method according to claim 3, wherein said data file is output in a data module.
  - 7. A method according to claim 6, wherein a module encrypted value for the data in said data module is calculated using a key corresponding to a transmitter encryption algorithm and output in said data module.
  - 8. A method according to claim 7, wherein said data module is received by a receiver/decoder, wherein said module encrypted value is processed using the key of the transmitter encryption algorithm to obtain a resulting value, and wherein the resulting value is compared with the data in said data module to authenticate the data in said data module.
  - 9. A method according to claim 6, wherein said encrypted value for the data in said data module corresponds to a digital signature calculated using a private key corresponding to a transmitter encryption algorithm and processed using a public key corresponding to said transmitter encryption algorithm.
  - 10. A method according to claim 1, wherein said digital transmission system is a digital broadcast system.
  - 11. A method according to claim 1, further comprising the step of replacing a previously stored key with said replacement root certificate.

12. A receiver/decoder configured to authenticate data transmitted in a digital transmission system, comprising:
- when the data comprises at least one identifier of a certificate to be revoked;
  
  means for receiving the data and at least one encrypted value detennined for the data, wherein the encrypted value is determined using a key associated with at least a first encryption algorithm;
  
  means for processing the encrypted value using a stored key associated with the first encryption algorithm to obtain a resulting value;
  
  means for comparing the resulting value with the data to authenticate the data; and
  
  means for revoking the certificate corresponding to the at least one identifier; and
  
  when the data comprises at least one replacement root certificate;
  
  means for receiving data and at least two encrypted values determined for the data, wherein each encrypted value is determined using a key corresponding to at least a second and a third encryption algorithm, respectively;
  
  means for storing a plurality of keys;
  
  means for processing each of the at least two encrypted values using one of the plurality of stored keys to obtain a plurality of resulting values, wherein each of the plurality of stored keys corresponds to one of the second and third encryption algorithms;
  
  means for comparing each of the plurality of resulting values with the data to authenticate the data; and
  
  means for storing said replacement root certificate included in the data.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. A receiver/decoder according to claim 12, wherein said data and said at least two encrypted values are organized in a data file, and wherein the receiver/decoder further comprises means for rejecting said data file if at least one of the plurality of resulting values is different from the data.
  - 14. A receiver/decoder according to claim 12, wherein each encrypted value corresponds to a digital signature calculated using a private key corresponding to an encryption algorithm, wherein said processing means is adapted to process each digital signature using a stored public key of said encryption algorithm.
  - 15. A receiver/decoder according to claim 14, wherein the stored public key is contained in a digital certificate stored in said storage means.
  - 16. A receiver/decoder according to claim 15, wherein said processing means is adapted to process each digital signature using a public key contained in a stored digital certificate identified by an identifier transmitted with digital signature.
  - 17. A receiver/decoder according to claim 12, comprising means for revoking a stored key according to an identifier associated with the stored key contained within said data.
  - 18. A receiver/decoder according to claim 12, further comprising:
    - means for replacing a previously stored key with said replacement root certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InterDigital Patent Holdings, Inc. (InterDigital, Inc.)
Original Assignee
Thomson Licensing SA (Vantiva SA)
Inventors
Poulain, Philippe, Beuque, Jean-Bernard G. M.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Yalew; Fikremariam

Application Number

US10/240,638
Publication Number

US 20040125959A1
Time in Patent Office

2,833 Days
Field of Search

713/176, 713/153, 380/263, 380/281, 380/279
US Class Current

713/176
CPC Class Codes

H04L 2209/601   Broadcast encryption

H04L 63/12   Applying verification of th...

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04N 21/2347   involving video stream encr...

H04N 21/235   Processing of additional da...

H04N 21/2362   Generation or processing of...

H04N 21/2541   Rights Management protectin...

H04N 21/26613   for generating or managing ...

H04N 21/435   Processing of additional da...

H04N 21/4405   involving video stream decr...

H04N 21/63345   by transmitting keys key di...

H04N 21/6433   Digital Storage Media - Com...

H04N 21/835   Generation of protective da...

H04N 7/1675   Providing digital key or au...

Authentication of data transmitted in a digital transmission system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of data transmitted in a digital transmission system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links