Method, system and device for securely transferring digital content between electronic devices within a communication network managed by a management center

US 8,879,739 B2
Filed: 01/09/2013
Issued: 11/04/2014
Est. Priority Date: 11/26/2012
Status: Active Grant

First Claim

Patent Images

1. A method for securely transferring a digital content CT between electronic devices within a network managed by a management center, each device comprising a pre-initialized unique secret value S,an activation phase performed by the management center and including the steps of,generating a network key KN common to all of said devices,calculating, an encrypted network key KN′

personalized for each device by encrypting said network key KN using a personal device key K which is different for each device,transmitting to each of said devices the encrypted network key KN′ and

a device value V resulting from a preliminary cryptographic operation encrypting the device key K belonging to said device using the secret value S of said device,a keys recovering phase performed by each of said devices and including the steps of,performing a first cryptographic operation for obtaining the device key K from both the device value V and the secret value S of said device,performing a second cryptographic operation for obtaining the network key KN from both the encrypted network key KN′ and

the device key K,an operating phase including the steps of,generating a random value RV at one of said devices acting as a sending device,performing, at the sending device, a third cryptographic operation for generating a content key Kc by encrypting said random value RV using the network key KN, and executing at least one of the following steps,encrypting the content CT using said content key Kc to obtain an encrypted content CT′

, then sending the encrypted content CT′ and

the random value RV to at least one of said devices acting as a receiving device,orencrypting the content CT using said random value RV to obtain an encrypted content CT′

, then sending the encrypted content CT′ and

the content key Kc to at least one of said devices acting as a receiving device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securely transferring digital content between two electronic devices, comprising an activation phase performed by a management center for generating a common network key, calculating for each device an encrypted network key with a unique device key and transmitting to each device the encrypted network key and a unique device value involving said device key and a unique device secret value, a keys recovering performed by each device for obtaining the device key from both the device value and the secret value of said device and obtaining the network key from both the encrypted network key and the previously obtained device key, and an operating phase performed by each device for generating or obtaining a random value, generating a final key by encrypting the random value with the network key and using said final key for encrypting/decrypting said content.

Citations

20 Claims

1. A method for securely transferring a digital content CT between electronic devices within a network managed by a management center, each device comprising a pre-initialized unique secret value S,an activation phase performed by the management center and including the steps of,generating a network key KN common to all of said devices,calculating, an encrypted network key KN′
- personalized for each device by encrypting said network key KN using a personal device key K which is different for each device,transmitting to each of said devices the encrypted network key KN′ and
  
  a device value V resulting from a preliminary cryptographic operation encrypting the device key K belonging to said device using the secret value S of said device,a keys recovering phase performed by each of said devices and including the steps of,performing a first cryptographic operation for obtaining the device key K from both the device value V and the secret value S of said device,performing a second cryptographic operation for obtaining the network key KN from both the encrypted network key KN′ and
  
  the device key K,an operating phase including the steps of,generating a random value RV at one of said devices acting as a sending device,performing, at the sending device, a third cryptographic operation for generating a content key Kc by encrypting said random value RV using the network key KN, and executing at least one of the following steps,encrypting the content CT using said content key Kc to obtain an encrypted content CT′
  
  , then sending the encrypted content CT′ and
  
  the random value RV to at least one of said devices acting as a receiving device,orencrypting the content CT using said random value RV to obtain an encrypted content CT′
  
  , then sending the encrypted content CT′ and
  
  the content key Kc to at least one of said devices acting as a receiving device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said secret value S is implemented in a secure memory, located within a chip of the device, by a personalization authority.
  - 3. The method of claim 2, wherein said preliminary cryptographic operation is performed by the personalization authority.
  - 4. The method of claim 1, wherein the first, second and third cryptographic operations are performed with the encryption or decryption of the content CT within a single chip in the device.
  - 5. The method of claim 1, wherein the random value RV or the content key Kc, when used as an encryption key of the content CT, are stored in a non-volatile memory associated with the receiving device and with the sending device.
  - 6. The method of claim 5, wherein the device value V and the encrypted network key KN′
    - are stored in said non-volatile memory.
  - 7. The method of claim 1, further comprising the steps of:
    - decrypting, at the receiving device, the encrypted content CT′
      
      respectively by performing at least one of,said third cryptographic operation for obtaining the content key Kc used as decryption key, andretrieving said random value RV from both the network key KN and the received content key Kc and using said random value RV as decryption key.

8. A system for securely transferring a digital content CT between electronic devices within a network comprising:
- a management center including,a memory for storing, for each device, a device key K and a device value V, said device value V resulting from a preliminary cryptographic operation encrypting said device key K using a secret value S relevant to said device, said secret value S, device key K and device value V being unique to each device,a key generator for generating a network key KN,an encryption module for determining, for each device, an encrypted network key KN′
  
  resulting from the encryption of the network key KN using the device key K relevant to said device,a sending unit for transmitting to each device its device value V and its encrypted network key KN′
  
  ;
  
  and the devices, each of said devices including,at least one input/output interface for receiving and sending data,a secure memory for storing said pre-initialized secret value S,a first cryptographic module using the device value V and the secret value S relevant to said device for generating the device key K,a second cryptographic module using the encrypted network key KN′ and
  
  the device key K relevant to said device for generating the network key KN,each of said devices acting as a sending device further including,a random value generator for generating a random value RV,a third cryptographic module for generating a content key Kc by encrypting said random value RV using the network key KN; and
  
  a content cryptographic module using said content key Kc or said random value RV as an encryption key for encrypting the content CT to obtain an encrypted content CT′
  
  that can be sent respectively with said random value RV or said content key Kc through said input/output interface to at least one of said devices acting as a receiving device,oreach of said devices acting as a receiving device further including,a third cryptographic module for at least one of,generating said content key Kc by encrypting said random value RV using the network key KN, andfor recovering said random value RV from both the content key Kc and the network key KN anda content cryptographic module using respectively said content key Kc or said random value RV as a decryption key for decrypting the encrypted content CT′
  
  .
- View Dependent Claims (9, 10)
- - 9. The system of claim 8, wherein each of said devices comprises a single chip including said secure memory, said first cryptographic module, said second cryptographic module, said third cryptographic module and said content cryptographic module.
  - 10. The system of claim 8, further comprising:
    - a non-volatile memory for storing data which do not require a high security level.

11. A device for securely transferring a content CT within a network, comprising:
- at least one input/output interface for receiving and sending data,a secure memory for storing a pre-initialized unique secret value S,a first cryptographic module for generating a device key K from both said secret value S and a device value V received through said input/output interface,a second cryptographic module for recovering a network key KN from both said device key K and an encrypted network key KN′
  
  received through said input/output interface,a random value generator to generate a random value RV,a third cryptographic module for generating content key Kc by encrypting said random value RV using the network key KN,a content cryptographic module using said content key Kc or said random value RV as an encryption key for encrypting the content CT to obtain an encrypted content CT′
  
  that can be sent respectively with said random value RV or said content key Kc through said input/output interface.
- View Dependent Claims (15, 16)
- - 15. The device of claim 11, further comprising:
    - single chip including said secure memory, said first cryptographic module, said second cryptographic module, said third cryptographic module and said content cryptographic module.
  - 16. The device of claim 11, further comprising:
    - a non-volatile memory for storing data which do not require a high security level.

12. A device for securely receiving a content CT within a network, comprising:
- at least one input/output interface for receiving and sending data,a secure memory for storing a pre-initialized secret value S,a first cryptographic module for generating a device key K from both said secret value S and a device value V received through said input/output interface,a second cryptographic module for recovering a network key KN from both said device key K and an encrypted network key KN′
  
  received through said input/output interface,a third cryptographic module for at least one of,generating a content key Kc by encrypting a random value RV, received input/output interface, using the network key KN, andrecovering said random value RV from both the network key KN and said content key Kc received through said input/output interface; and
  
  a content cryptographic module using respectively said content key Kc or said random value RV as a decryption key for decrypting the encrypted content CT′
  
  .
- View Dependent Claims (13, 14)
- - 13. The device of claim 12, further comprising:
    - a single chip including said secure memory;
      
      said first cryptographic module, said second cryptographic module, said third cryptographic module and said content cryptographic module.
  - 14. The device of claim 12, further comprising:
    - a non-volatile memory for storing data which do not require a high security level.

17. A method for securely transferring a digital content CT between electronic devices within a network managed by a management center, each device comprising a pre-initialized unique secret value S, said method comprising:
- an activation hale performed by the management center and including the steps,generating a network key KN common to all of said devices,calculating an encrypted network key KN′
  
  personalized for each device by encrypting said network key KN using a personal device key K which is different for each device, andtransmitting to each of said devices the encrypted network key KN′ and
  
  a device value V resulting from a preliminary cryptographic operation encrypting the device key K belonging to said device using the unique secret value S of said device;
  
  a keys recovering phase performed by each of said devices and including the steps,performing a first cryptographic operation for obtaining the device key K from both the device value V and the secret value S of said device, andperforming a second cryptographic operation for obtaining the network key KN from both the encrypted network key KN′ and
  
  the device key K; and
  
  an operating phase performed at each device acting as a receiving device, including the steps,receiving an encrypted content CT′
  
  ,receiving at least one of a random value RV and a content key Kc,performing a third cryptographic operation respectively for generating a content key Kc by encrypting said random value RV using the network key KN, or for retrieving a random value RV from both the network key KN and said content key Kc, anddecrypting the encrypted content CT′
  
  using respectively the content key Kc or the random value RV.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein said secret value S is implemented in a secure memory, located within a chip of the device, by a personalization authority.
  - 19. The method of claim 18, wherein said preliminary cryptographic operation is performed by the personalization authority.
  - 20. The method of claim 17, wherein the first, second and third cryptographic operations are performed with the encryption or decryption of the content CT within a single chip in the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
BIEBER, Yann
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US13/737,094
Publication Number

US 20140146966A1
Time in Patent Office

664 Days
Field of Search
US Class Current

380/283
CPC Class Codes

H04L 9/08   Key distribution or managem...

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

H04L 9/0869   involving random numbers or...

Method, system and device for securely transferring digital content between electronic devices within a communication network managed by a management center

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and device for securely transferring digital content between electronic devices within a communication network managed by a management center

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links