Method for generating and managing a local area network
First Claim
1. A method for creating and managing a local network, the local network including at least one restitution device for receiving an encrypted data stream and at least one diffusion and re-encrypting device for transmitting all or part of the encrypted data stream to the restitution device, the at least one restitution device and the at least one diffusion and re-encrypting device including at least one security module, the method comprisingduring an initialization stage:
- connecting a master security module to one of the at least one restitution device and the at least one diffusion and re-encrypting device connected to the local network,establishing a network key by the master security module, andsecurely transmitting the network key over the local network to the at least one security module included in the at least one restitution device and the at least one diffusion and re-encrypting device, whereinwhen the master security module is connected to the at least one restitution device, the network key is securely transmitted to the at least one diffusion and re-encrypting device, andwhen the master security module is connected to the at least one diffusion and re-encrypting device, the network key is securely transmitted to the at least one restitution device,and while receiving the encrypted data stream;
decrypting the encrypted data stream by the at least one diffusion and re-encrypting device,re-encrypting the decrypted data stream by the at least one diffusion and re-encrypting device using a local key, the local key being a session key that is generated by the at least one diffusion and re-encrypting device and that is encrypted by the network key,transmitting the re-encrypted data stream to the at least one restitution device, anddecrypting the received encrypted data stream by the at least one restitution device using the associated security module, the associated security module including means to decrypt the local key using the network key.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
The present invention relates to a method for creating and managing a local area network including at least one device for reproducing an encrypted data flow and a device for transmitting and re-encrypting all or part of said encrypted data, which devices include security modules. The method includes the steps of connecting a so-called master security module in one of the devices connected to the local area network, causing the master security module to generate a network key, securely transmitting the network key to one or more so-called user security modules, decrypting the data encrypted by the transmission and re-encryption device, re-encrypting the data with said device by means of a local key, transmitting the re-encrypted data to the reproduction device, and holding the reproduction device to perform decryption using the user security module associated therewith and provided with means for locating the local key.
25 Citations
11 Claims
-
1. A method for creating and managing a local network, the local network including at least one restitution device for receiving an encrypted data stream and at least one diffusion and re-encrypting device for transmitting all or part of the encrypted data stream to the restitution device, the at least one restitution device and the at least one diffusion and re-encrypting device including at least one security module, the method comprising
during an initialization stage: -
connecting a master security module to one of the at least one restitution device and the at least one diffusion and re-encrypting device connected to the local network, establishing a network key by the master security module, and securely transmitting the network key over the local network to the at least one security module included in the at least one restitution device and the at least one diffusion and re-encrypting device, wherein when the master security module is connected to the at least one restitution device, the network key is securely transmitted to the at least one diffusion and re-encrypting device, and when the master security module is connected to the at least one diffusion and re-encrypting device, the network key is securely transmitted to the at least one restitution device, and while receiving the encrypted data stream; decrypting the encrypted data stream by the at least one diffusion and re-encrypting device, re-encrypting the decrypted data stream by the at least one diffusion and re-encrypting device using a local key, the local key being a session key that is generated by the at least one diffusion and re-encrypting device and that is encrypted by the network key, transmitting the re-encrypted data stream to the at least one restitution device, and decrypting the received encrypted data stream by the at least one restitution device using the associated security module, the associated security module including means to decrypt the local key using the network key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification
-
- Resources
-
Current AssigneeNagravision SA (Kudelski SA)
-
Original AssigneeNagravision SA (Kudelski SA)
-
InventorsMoreillon, Guy
-
Primary Examiner(s)Moise, Emmanuel L
-
Assistant Examiner(s)SHOLEMAN, ABU S
-
Application NumberUS10/564,544Publication NumberTime in Patent Office2,149 DaysField of Search173/171, 173/170, 173/168, 173/150, 173/155, 173156-159, 173/163, 173/172, 173/173, 380 47-227, 380/229, 380/241, 380/232, 380/45, 380/228, 380/277, 726/2, 726/5, 726/9, 726/27, 726/32, 726/35, 725/31, 713/171, 713/170, 713/168, 713/150, 713/155, 713156-159, 713/163, 713/172, 713/173US Class Current713/171CPC Class CodesH04L 63/0272 Virtual private networksH04L 63/0435 wherein the sending and rec...H04L 63/0442 wherein the sending and rec...H04L 63/0464 using hop-by-hop encryption...H04L 63/062 for key distribution, e.g. ...H04L 63/0869 for achieving mutual authen...
