公开(公告)号：EP3369206A1

公开(公告)日：2018-09-05

申请号：EP16815850.9

申请日：2016-12-20

Applicant: Nagravision S.A.

Inventor： BIEBER, Yann ,  NICOULIN, André

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/16 ,  H04N7/167 ,  H04N21/6334

CPC classification number: H04L9/0819 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/083 ,  H04L9/088 ,  H04L9/14 ,  H04L9/16 ,  H04N7/1675 ,  H04N21/4405 ,  H04N21/63345 ,  H04N21/835

Abstract: A method for securely receiving a multimedia content by a client device operated by one or more operator(s) involving a dedicated provisioning server of a security provider managing symmetric secrets used by the client devices and operators license servers. The provisioning server provides to the client device one or more generations of operator specific unique device secrets, which are then exploited by the various operators' license servers to deliver licenses such that authorized client devices can consume protected multimedia contents.

公开(公告)号：EP2369778B1

公开(公告)日：2018-08-15

申请号：EP10157952.2

申请日：2010-03-26

Applicant: Irdeto B.V.

Inventor： Doumen, Jeroen Mathias

IPC: H04L9/06 ,  H04N7/16 ,  H04N7/167 ,  H04N21/2347 ,  H04N21/418 ,  H04N21/4405 ,  H04N21/4623

CPC classification number: H04L9/0819 ,  H04L9/0618 ,  H04L9/0631 ,  H04L9/065 ,  H04L9/14 ,  H04L9/30 ,  H04L2209/16 ,  H04L2209/601 ,  H04N7/163 ,  H04N7/1675 ,  H04N21/2347 ,  H04N21/254 ,  H04N21/266 ,  H04N21/4181 ,  H04N21/4182 ,  H04N21/4405 ,  H04N21/4623 ,  H04N21/4627 ,  H04N21/47211

Abstract: The invention prevents intercepted keys from being used in unauthorized whitebox descrambler modules for the decryption of a ciphertext. Hereto a receiver with a personalized whitebox descrambler is proposed, whereby a part of the descrambling operation of the personalized descrambler is performed in a preprocessing module external to the descrambler.

公开(公告)号：EP3205047A4

公开(公告)日：2018-06-13

申请号：EP15849138

申请日：2015-10-08

Applicant: KELISEC AB

Inventor： REVELL ELISE

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L63/0435 ,  H04L9/0819 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/0869 ,  H04L9/3236 ,  H04L63/062 ,  H04L63/0807 ,  H04W12/04 ,  H04W12/06

Abstract: A system comprising a terminal and a server, wherein the terminal is installed in the system by the server being configured to: identify the terminal; generate key generation data, comprising at least one data seed; distribute the at least one seed to the terminal; generate key data and meta data based on said at least one seed and a function; store an identifier for the terminal along with the key data and the meta data for the terminal, wherein the terminal is arranged to receive the at least one seed from the server; generate key data and meta data based on said at least one seed and the same function; store the key data and the meta data, wherein the key data and the meta data stored in the terminal are the same as the key data and the meta data stored in the server.

公开(公告)号：EP3095210A4

公开(公告)日：2018-05-30

申请号：EP15735349

申请日：2015-01-13

Applicant: VISA INT SERVICE ASS

Inventor： LE SAINT ERIC

IPC: H04L9/08

CPC classification number: H04L9/0819 ,  H04L9/0844 ,  H04L9/14 ,  H04L63/061 ,  H04L2209/04 ,  H04L2209/16 ,  H04L2209/24 ,  H04L2209/56 ,  H04L2209/805 ,  H04W12/04

Abstract: Systems and methods are provided for protecting identity in an authenticated data transmission. For example, a contactless transaction between a portable user device and an access device may be conducted without exposing the portable user device's public key in cleartext. In one embodiment, an access device may send an access device public key to a portable user device. The user device may return a blinded user device public key and encrypted user device data. The access device may determine a shared secret using the blinded user device public key and an access device private key. The access device may then decrypt the encrypted user device data using the shared secret.

公开(公告)号：EP2601772B1

公开(公告)日：2018-05-23

申请号：EP11754550.9

申请日：2011-08-01

Applicant: NEC Corporation

Inventor： PRASAD, Raghawa ,  ZHANG, Xiaowei

IPC: H04L29/06 ,  H04L29/12 ,  H04L9/08 ,  H04W8/00 ,  H04W4/08 ,  H04W4/00

CPC classification number: H04L63/065 ,  H04L9/0819 ,  H04L9/083 ,  H04L9/0833 ,  H04L29/12207 ,  H04L61/20 ,  H04L63/062 ,  H04L63/067 ,  H04W4/08 ,  H04W4/70

Abstract: If the related secure communication method is applied to the system which includes a plurality of the MTC devices, traffic in a network would increase in proportion to the number of MTC devices. A disclosed communication apparatus is connected to a network and a plurality of communication terminals, and includes: a group information sending unit for sending group information, which is received from the network; an access control unit for 1) receiving a reply from the communication terminal(s) which responded to the group information and 2) sending the reply to the network; and a temporary identifier and group key sending unit for sending a temporary identifier and a group key to the communication terminal which responded to the group information, when the communication apparatus received the temporary identifier and the group key from the network.

公开(公告)号：EP3322133A1

公开(公告)日：2018-05-16

申请号：EP17188110.5

申请日：2017-08-28

Applicant: KABUSHIKI KAISHA TOSHIBA

Inventor： Komano, Yuichi ,  Xia, Zhengfan ,  Kawabata, Takeshi ,  Kito, Toshiyuki

IPC: H04L12/40

CPC classification number: H04L12/40 ,  H04L9/0819 ,  H04L12/40163 ,  H04L2012/40215 ,  H04L2012/40273

Abstract: According to an arrangement, a communication apparatus (30) is connected to a bus (90) in which a second bit has higher priority than a first bit, and the communication apparatus (30) includes an acquisition unit (32), a generation unit (33), and transmission unit (34). In the communicaiton apparatus (30), the acquisition unit (32) is configured to obtain first information. The generation unit (33) is configured to generate second information in which the first information is set at a predetermined position and a predetermined bit string including the first bit is set at a position other than the predetermined position. The transmission unit (34) is configured to transmit communication data including the second information.

Abstract translation: 根据一种布置，通信设备（30）连接到总线（90），其中第二比特具有比第一比特更高的优先级，并且通信设备（30）包括获取单元（32），生成单元 （33）和传输单元（34）。 在通信设备（30）中，获取单元（32）被配置为获取第一信息。 生成单元（33）被配置为生成其中第一信息被设置在预定位置并且包括第一比特的预定比特串被设置在除了预定位置之外的位置的第二信息。 传输单元（34）被配置为传输包括第二信息的通信数据。

公开(公告)号：EP3319266A1

公开(公告)日：2018-05-09

申请号：EP16821331.2

申请日：2016-07-01

Applicant: KDDI Corporation

Inventor： KAWABATA Hideaki ,  MIZOGUCHI Seiichiro ,  KUBOTA Ayumu

IPC: H04L9/16 ,  B60R16/02 ,  G06F21/64 ,  G09C1/00 ,  H04L9/32

CPC classification number: H04L9/3247 ,  B60R16/02 ,  G06F8/61 ,  G06F8/65 ,  G06F21/572 ,  G06F21/64 ,  G09C1/00 ,  H04L9/0819 ,  H04L9/16 ,  H04L9/32 ,  H04L63/0428

Abstract: A software distribution processing device stores a common key for each ECU and a verification key for an electronic signature of software updating data, verifies an electronic signature of the updating data received from management server equipment by use of the verification key, attaches an electronic signature using the common key for each ECU to the updating data succeeded in verification of the electronic signature, and then transmits to each ECU the updating data attached with the electronic signature using the common key for each ECU.

Abstract translation: 软件分发处理装置存储用于每个ECU的公共密钥和用于软件更新数据的电子签名的验证密钥，使用验证密钥验证从管理服务器设备接收到的更新数据的电子签名，使用该电子签名来附加电子签名 用于每个ECU的用于更新数据的公共密钥在电子签名的验证中成功，然后使用用于每个ECU的公共密钥向每个ECU发送附有电子签名的更新数据。

公开(公告)号：EP3247083A1

公开(公告)日：2017-11-22

申请号：EP16305569.2

申请日：2016-05-17

Applicant: GEMALTO SA

Inventor： BROLH, Abraham ,  MALLET, Chrystèle ,  BLOCHET, Marc

IPC: H04L29/06 ,  H04L12/24 ,  H04L9/08 ,  H04W12/04 ,  H04W4/00

CPC classification number: H04W12/04 ,  H04L9/0819 ,  H04L41/0806 ,  H04L63/064 ,  H04W4/50 ,  H04W4/70

Abstract: The present invention relates to a system to provision flexible secure Internet of Things networks (Ni) owned by owners, said system comprising at least a device provisioning server (DPS), as many gateways (GWi) as loT networks (Ni), devices (Di) to be connected to loT network (Ni) and a configurator (CFG), said configurator (CFG) having connectivity adapted to connect to device provisioning server (DPS) using a certificate (CCFG) indicating its identity and its configuration function to get at least, for each loT network (Ni), an unique key (DK_LINK), gateway network information and identifier (GWi) and an upper level key (DK_DTLS) to be used to derive device keys (DDK_DTLS) to be sent to devices (Di) in order to enable them to communicate with the device provisioning server (DPS), said configurator (CFG) having a non-encrypted link layer enabling any device (Di) to connect to it any time to get parameters enabling them to get connectivity in a given network (Ni) of the system.

Abstract translation: （Ni）的系统，所述系统至少包括设备供应服务器（DPS），与网络（Ni）一样多的网关（GWi），设备（ Di）被连接到loT网络（Ni）和配置器（CFG），所述配置器（CFG）具有适于使用指示其身份及其配置功能的证书（CCFG）连接到设备供应服务器（DPS） 至少对于每个loT网络（Ni），将使用唯一密钥（DK_LINK），网关网络信息和标识符（GWi）和上级密钥（DK_DTLS）来导出要发送给设备的设备密钥（DDK_DTLS） Di）为了使它们能够与设备供应服务器（DPS）进行通信，所述配置器（CFG）具有非加密的链路层，使得任何设备（Di）能够随时连接到它以获取使它们能够连接的参数 在系统的给定网络（Ni）中。

公开(公告)号：EP3242436A1

公开(公告)日：2017-11-08

申请号：EP17166183.8

申请日：2008-07-21

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Norrman, Karl ,  Näslund, Mats

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04W12/06 ,  H04L9/065 ,  H04L9/0819 ,  H04L9/0838 ,  H04L9/0866 ,  H04L9/0869 ,  H04L9/0891 ,  H04L9/14 ,  H04L9/3271 ,  H04L2209/24 ,  H04L2209/80 ,  H04L2463/061 ,  H04W12/04

Abstract: A technique for generating a cryptographic key (120) is provided. The technique is particularly useful for protecting the communication between two entities (202, 302; 204, 304) cooperatively running a distributed security operation. The technique comprises providing at least two parameters (106, 108), the first parameter (106) comprising or deriving from some cryptographic keys (110, 112) which have been computed by the first entity (202, 302) by running the security operation; and the second parameter (108) comprising or deriving from a token (116) having a different value each time the security (114) operation is initiated by the second entity (204, 304) for the first entity (202, 302). A key derivation function is applied to the provided parameters (106, 108) to generate the desired cryptographic key (120).

Abstract translation: 提供了一种用于生成密码密钥（120）的技术。 该技术对保护协作运行分布式安全操作的两个实体（202,302; 204,304）之间的通信特别有用。 该技术包括提供至少两个参数（106,108），所述第一参数（106）包括或来自已经由所述第一实体（202,302）通过运行所述安全操作而计算出的一些密码密钥（110,112） ; 并且每当所述第二实体（204,304）针对所述第一实体（202,302）发起所述安全（114）操作时，所述第二参数（108）包括或者从具有不同值的令牌（116）导出。 将密钥推导函数应用于提供的参数（106,108）以生成期望的密码密钥（120）。

公开(公告)号：EP3138011A4

公开(公告)日：2017-10-18

申请号：EP15786725

申请日：2015-04-29

Applicant: TWITTER INC

Inventor： SEIBERT JEFFREY ,  DUCKER MICHAEL

IPC: G06Q10/06 ,  G06F21/44 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06

CPC classification number: H04L63/0884 ,  G06F21/44 ,  H04L9/0819 ,  H04L9/3236 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/102

Abstract: Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application.