Method, system and device for securely transferring digital content between electronic devices within a communication network managed by a management center
First Claim
1. A method for securely transferring a digital content CT between electronic devices within a network managed by a management center, each device comprising a pre-initialized unique secret value S,an activation phase performed by the management center and including the steps of,generating a network key KN common to all of said devices,calculating, an encrypted network key KN′
- personalized for each device by encrypting said network key KN using a personal device key K which is different for each device,transmitting to each of said devices the encrypted network key KN′ and
a device value V resulting from a preliminary cryptographic operation encrypting the device key K belonging to said device using the secret value S of said device,a keys recovering phase performed by each of said devices and including the steps of,performing a first cryptographic operation for obtaining the device key K from both the device value V and the secret value S of said device,performing a second cryptographic operation for obtaining the network key KN from both the encrypted network key KN′ and
the device key K,an operating phase including the steps of,generating a random value RV at one of said devices acting as a sending device,performing, at the sending device, a third cryptographic operation for generating a content key Kc by encrypting said random value RV using the network key KN, and executing at least one of the following steps,encrypting the content CT using said content key Kc to obtain an encrypted content CT′
, then sending the encrypted content CT′ and
the random value RV to at least one of said devices acting as a receiving device,orencrypting the content CT using said random value RV to obtain an encrypted content CT′
, then sending the encrypted content CT′ and
the content key Kc to at least one of said devices acting as a receiving device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for securely transferring digital content between two electronic devices, comprising an activation phase performed by a management center for generating a common network key, calculating for each device an encrypted network key with a unique device key and transmitting to each device the encrypted network key and a unique device value involving said device key and a unique device secret value, a keys recovering performed by each device for obtaining the device key from both the device value and the secret value of said device and obtaining the network key from both the encrypted network key and the previously obtained device key, and an operating phase performed by each device for generating or obtaining a random value, generating a final key by encrypting the random value with the network key and using said final key for encrypting/decrypting said content.
-
Citations
20 Claims
-
1. A method for securely transferring a digital content CT between electronic devices within a network managed by a management center, each device comprising a pre-initialized unique secret value S,
an activation phase performed by the management center and including the steps of, generating a network key KN common to all of said devices, calculating, an encrypted network key KN′ - personalized for each device by encrypting said network key KN using a personal device key K which is different for each device,
transmitting to each of said devices the encrypted network key KN′ and
a device value V resulting from a preliminary cryptographic operation encrypting the device key K belonging to said device using the secret value S of said device,a keys recovering phase performed by each of said devices and including the steps of, performing a first cryptographic operation for obtaining the device key K from both the device value V and the secret value S of said device, performing a second cryptographic operation for obtaining the network key KN from both the encrypted network key KN′ and
the device key K,an operating phase including the steps of, generating a random value RV at one of said devices acting as a sending device, performing, at the sending device, a third cryptographic operation for generating a content key Kc by encrypting said random value RV using the network key KN, and executing at least one of the following steps, encrypting the content CT using said content key Kc to obtain an encrypted content CT′
, then sending the encrypted content CT′ and
the random value RV to at least one of said devices acting as a receiving device,or encrypting the content CT using said random value RV to obtain an encrypted content CT′
, then sending the encrypted content CT′ and
the content key Kc to at least one of said devices acting as a receiving device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- personalized for each device by encrypting said network key KN using a personal device key K which is different for each device,
-
8. A system for securely transferring a digital content CT between electronic devices within a network comprising:
-
a management center including, a memory for storing, for each device, a device key K and a device value V, said device value V resulting from a preliminary cryptographic operation encrypting said device key K using a secret value S relevant to said device, said secret value S, device key K and device value V being unique to each device, a key generator for generating a network key KN, an encryption module for determining, for each device, an encrypted network key KN′
resulting from the encryption of the network key KN using the device key K relevant to said device,a sending unit for transmitting to each device its device value V and its encrypted network key KN′
;and the devices, each of said devices including, at least one input/output interface for receiving and sending data, a secure memory for storing said pre-initialized secret value S, a first cryptographic module using the device value V and the secret value S relevant to said device for generating the device key K, a second cryptographic module using the encrypted network key KN′ and
the device key K relevant to said device for generating the network key KN,each of said devices acting as a sending device further including, a random value generator for generating a random value RV, a third cryptographic module for generating a content key Kc by encrypting said random value RV using the network key KN; and a content cryptographic module using said content key Kc or said random value RV as an encryption key for encrypting the content CT to obtain an encrypted content CT′
that can be sent respectively with said random value RV or said content key Kc through said input/output interface to at least one of said devices acting as a receiving device,or each of said devices acting as a receiving device further including, a third cryptographic module for at least one of, generating said content key Kc by encrypting said random value RV using the network key KN, and for recovering said random value RV from both the content key Kc and the network key KN and a content cryptographic module using respectively said content key Kc or said random value RV as a decryption key for decrypting the encrypted content CT′
. - View Dependent Claims (9, 10)
-
-
11. A device for securely transferring a content CT within a network, comprising:
-
at least one input/output interface for receiving and sending data, a secure memory for storing a pre-initialized unique secret value S, a first cryptographic module for generating a device key K from both said secret value S and a device value V received through said input/output interface, a second cryptographic module for recovering a network key KN from both said device key K and an encrypted network key KN′
received through said input/output interface,a random value generator to generate a random value RV, a third cryptographic module for generating content key Kc by encrypting said random value RV using the network key KN, a content cryptographic module using said content key Kc or said random value RV as an encryption key for encrypting the content CT to obtain an encrypted content CT′
that can be sent respectively with said random value RV or said content key Kc through said input/output interface. - View Dependent Claims (15, 16)
-
-
12. A device for securely receiving a content CT within a network, comprising:
-
at least one input/output interface for receiving and sending data, a secure memory for storing a pre-initialized secret value S, a first cryptographic module for generating a device key K from both said secret value S and a device value V received through said input/output interface, a second cryptographic module for recovering a network key KN from both said device key K and an encrypted network key KN′
received through said input/output interface,a third cryptographic module for at least one of, generating a content key Kc by encrypting a random value RV, received input/output interface, using the network key KN, and recovering said random value RV from both the network key KN and said content key Kc received through said input/output interface; and a content cryptographic module using respectively said content key Kc or said random value RV as a decryption key for decrypting the encrypted content CT′
. - View Dependent Claims (13, 14)
-
-
17. A method for securely transferring a digital content CT between electronic devices within a network managed by a management center, each device comprising a pre-initialized unique secret value S, said method comprising:
-
an activation hale performed by the management center and including the steps, generating a network key KN common to all of said devices, calculating an encrypted network key KN′
personalized for each device by encrypting said network key KN using a personal device key K which is different for each device, andtransmitting to each of said devices the encrypted network key KN′ and
a device value V resulting from a preliminary cryptographic operation encrypting the device key K belonging to said device using the unique secret value S of said device;a keys recovering phase performed by each of said devices and including the steps, performing a first cryptographic operation for obtaining the device key K from both the device value V and the secret value S of said device, and performing a second cryptographic operation for obtaining the network key KN from both the encrypted network key KN′ and
the device key K; andan operating phase performed at each device acting as a receiving device, including the steps, receiving an encrypted content CT′
,receiving at least one of a random value RV and a content key Kc, performing a third cryptographic operation respectively for generating a content key Kc by encrypting said random value RV using the network key KN, or for retrieving a random value RV from both the network key KN and said content key Kc, and decrypting the encrypted content CT′
using respectively the content key Kc or the random value RV. - View Dependent Claims (18, 19, 20)
-
Specification