-
公开(公告)号:US08261365B2
公开(公告)日:2012-09-04
申请号:US10577857
申请日:2004-11-26
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: H04L29/06
CPC分类号: H04L63/0428 , G06F8/65 , G06F21/10 , G06F21/34 , G06F21/51 , G06F21/554 , G06F2221/2107 , G06F2221/2153 , H04L63/0823 , H04L63/0853 , H04L63/10 , H04L63/12 , H04L63/123 , H04W4/60 , H04W12/08 , H04W12/10
摘要: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.
摘要翻译: 使用存储在与经由网络连接到控制服务器的设备相关联的安全模块中的资源的至少一个应用的认证方法。 控制服务器经由网络接收,分析和验证至少包括设备的标识符和安全模块的标识符的标识数据,生成包括应用的摘要,识别数据和用于安全模块的指令的密码,以及 通过网络和设备将密码传输到安全模块。 后者通过将从密码提取的摘要与计算的摘要进行比较来验证应用,其中,在应用的初始化和激活期间的至少一个期间,安全模块执行从密码提取的指令,并且释放或阻止访问某些 根据应用验证的结果,所述安全模块的资源。
-
2.发明申请公开(公告)号:US20070274524A1
公开(公告)日:2007-11-29
申请号:US10577158
申请日:2004-11-03
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: H04K1/00
摘要: The aim of this invention is to propose a method to manage the security of the set composed by an equipment, a security module and applications in order to limit the risk related to the fact that a security module could be fraudulently used by applications executed on a type of equipment and/or of software version that does not entirely fulfill the established security criteria. This aim is reached by a method for managing the security of applications with a security module functioning in an equipment connected to a network, said network being managed by a control server of an operator, said applications using resources as data or functions stored in a security module locally connected to said equipment, comprising the following preliminary steps: reception of data comprising at least the type and software version of the equipment and the identity of the security module, via the network, by the control server, analysis and verification by the control server of said data, generation of a cryptogram from the result of the verification of said data, and transmission of said cryptogram, via the network and the equipment, to the security module, said method further comprises steps wherein the security module analyses the received cryptogram and activates, respectively deactivates the resources as data or functions used by at least one application installed in the equipment, said cryptogram comprising the instructions conditioning the functioning of the application according to criteria established by the supplier of said application and/or the operator and/or the user of the equipment.
摘要翻译: 本发明的目的是提出一种管理由设备,安全模块和应用组成的集合的安全性的方法,以便限制与安全模块可能被欺骗性地使用的应用程序相关的风险 类型的设备和/或软件版本不完全符合既定的安全标准。 该目的通过一种用于利用在连接到网络的设备中工作的安全模块来管理应用的安全性的方法来实现,所述网络由操作者的控制服务器管理,所述应用使用资源作为存储在安全性中的数据或功能 模块本地连接到所述设备,包括以下初步步骤:由控制服务器通过控制服务器接收至少包括设备的类型和软件版本以及安全模块的身份的数据,由控制器进行分析和验证 所述数据的服务器,从所述数据的验证结果生成密码,以及经由所述网络和所述设备将所述密码传输到所述安全模块,所述方法还包括以下步骤,其中所述安全模块分析所接收的密码 并激活,分别将资源停用为安装在e中的至少一个应用所使用的数据或功能 设备,所述密码包括根据由所述应用的供应商和/或操作者和/或设备的用户建立的标准来调节应用的功能的指令。
-
公开(公告)号:US20060153386A1
公开(公告)日:2006-07-13
申请号:US10528787
申请日:2003-09-19
申请人: Rached Ksontini , Marco Sasselli
发明人: Rached Ksontini , Marco Sasselli
IPC分类号: H04L9/00
CPC分类号: H04N21/4181 , H04N7/163 , H04N21/4367
摘要: The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre. This aim is achieved thanks to a pairing control method between a first device such as a removable security module and a second device such as a host apparatus, this pairing consisting in securing data exchanges with the aid of a unique pairing key, this method consisting in: verifying the pairing between the two devices and using the unique pairing key if the pairing has been already carried out, if not, searching for a free location among the locations reserved for the pairing data in the first device and in this case, initiating a pairing procedure by transmitting a cryptogram contained in the second device and that contains an identifier belonging to this device, this cryptogram being encrypted by a secret key common to all the first devices, decrypting this cryptogram using the first device and extracting from this cryptogram the identifier of the second device, generating a pairing key based on this identifier, storing in the first device the pairing data with the second device.
摘要翻译: 本发明的目的是在主机模块与管理中心没有连接的环境中将安全模块与一个或多个主机设备进行配对。 该目的是由于诸如可拆卸安全模块的第一设备和诸如主机设备的第二设备之间的配对控制方法而实现的,该配对包括借助于唯一的配对密钥来保护数据交换,该方法包括 :验证两个设备之间的配对,并且如果已经执行了配对,则使用唯一的配对密钥(如果没有),则在为第一设备中的配对数据保留的位置之间搜索空闲位置,并且在这种情况下,启动一个 通过发送包含在第二设备中并且包含属于该设备的标识符的密码的配对过程,该密码由所有第一设备共同的秘密密钥加密,使用第一设备解密该密码,并从该密码提取标识符 生成基于该标识符的配对密钥,在第一设备中存储与第二设备的配对数据。
-
公开(公告)号:US20060023876A1
公开(公告)日:2006-02-02
申请号:US11074688
申请日:2005-03-09
申请人: Rached Ksontini , Henri Kudelski
发明人: Rached Ksontini , Henri Kudelski
IPC分类号: H04L9/28
CPC分类号: H04N7/167 , H04N7/1675 , H04N21/26606 , H04N21/4405 , H04N21/4623
摘要: The aim of this invention is to propose a solution to prevent the modification of access conditions to an encrypted multimedia content. This aim is achieved by a method to secure an event with control words (CW), the use of this event by user units being subjected to access conditions (AC), said method comprising the following steps: generation of a pseudo-random number (RNG), formation of a control block (CB) by the association of the pseudo-random number (RNG) and the access conditions (AC), calculation of the control word (CW) by the application of a unidirectional function (F) on the control block (CB), use of the control word (CW) to encrypt the event, transmission of the control block (CB) to the user units.
摘要翻译: 本发明的目的是提出一种解决方案,以防止对加密的多媒体内容的访问条件的修改。 该目的通过一种利用控制字(CW)来保护事件的方法来实现,该用户单元受到访问条件(AC)的使用,所述方法包括以下步骤:产生伪随机数( RNG),通过伪随机数(RNG)和访问条件(AC)的关联来形成控制块(CB),通过应用单向函数(F)对控制字(CW)的计算 控制块(CB),使用控制字(CW)加密事件,将控制块(CB)发送给用户单元。
-
公开(公告)号:US07616763B2
公开(公告)日:2009-11-10
申请号:US10521451
申请日:2003-08-14
申请人: Corinne Le Buhan , Rached Ksontini
发明人: Corinne Le Buhan , Rached Ksontini
IPC分类号: H04N7/167
CPC分类号: H04N21/4181 , H04N7/163 , H04N7/1675 , H04N21/4405 , H04N21/4623 , H04N21/4627 , H04N2005/91364
摘要: The aim of this invention is to propose a control method for the conformity of a network key (NK). This method is applied during the transfer of data coming from a conditional access source to a domestic network. It handles on the verification of the network key (NK) authenticity using relevant control data provided by the verification center in general in form of a list {(TK)NK1, (TK)NK2, (TK)NK3 . . . }.A verification of the presence or absence of a cryptogram (TK)NK is carried out according to the list {(TK)NK1, (TK)NK2, (TK)NK3 . . . }. The cryptogram (TK)NK is constituted from a test key (TK), provided by the verification center, encrypted by a network key (NK) of a security module (CT) of a device (TV1, TV2, PC) connected to the network.
摘要翻译: 本发明的目的是提出一种用于网络密钥(NK)的一致性的控制方法。 在从条件访问源传输到家庭网络的数据传输期间应用该方法。 它使用由验证中心提供的相关控制数据来处理网络密钥(NK)真实性的验证,通常以列表((TK)NK1,(TK)NK2,(TK)NK3)的形式提供。 。 。 }。 根据列表((TK)NK1,(TK)NK2,(TK)NK3)进行密码(TK)NK的存在或不存在的验证。 。 。 }。 密码(TK)NK由验证中心提供的测试密钥(TK)构成,通过连接到该验证中心的设备(TV1,TV2,PC)的安全模块(CT)的网络密钥(NK)加密 网络。
-
公开(公告)号:US20070198834A1
公开(公告)日:2007-08-23
申请号:US10577857
申请日:2004-11-26
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , G06F8/65 , G06F21/10 , G06F21/34 , G06F21/51 , G06F21/554 , G06F2221/2107 , G06F2221/2153 , H04L63/0823 , H04L63/0853 , H04L63/10 , H04L63/12 , H04L63/123 , H04W4/60 , H04W12/08 , H04W12/10
摘要: A method is disclosed for the authentication of applications both at the time of their downloading, as well as at the time of their execution. At least one application works in an equipment connected by a network to a control server, the equipment being locally connected to a security module. The application is loaded and/or executed via an application execution environment of the equipment and uses resources stored in the security module. The authentication method includes reception by the control server, via the network, of data including at least the identifier of the equipment and the identifier of the security module, analysis and verification by the control server of the data; generation of a cryptogram including a digest of the application, data identifying the equipment and the security module and instructions intended for the module; transmission of the cryptogram, via the network and the equipment, to the security module; and verification of the application by comparing the digest extracted from the cryptogram received with a digest determined by the security module. Further, said method further comprising steps wherein, during the initialization and/or the activation of the application, the security module executes the instructions extracted from the cryptogram, to at least one of release and block the access to certain resources of the security module according to the result of the verification suited to this application carried out previously.
摘要翻译: 公开了一种用于在其下载时以及在其执行时对应用进行认证的方法。 至少一个应用程序在通过网络连接到控制服务器的设备中工作,该设备本地连接到安全模块。 应用程序通过设备的应用程序执行环境加载和/或执行,并使用存储在安全模块中的资源。 认证方法包括控制服务器经由网络接收至少包括设备的标识符和安全模块的标识符的数据,由控制服务器分析和验证数据; 生成包含应用摘要的密码,标识设备的数据和安全模块以及用于该模块的指令; 通过网络和设备将密码传输到安全模块; 以及通过将从所接收的密码提取的摘要与由安全模块确定的摘要进行比较来验证应用。 此外,所述方法还包括以下步骤,其中在所述应用的初始化和/或激活期间,所述安全模块执行从所述密码提取的指令中的至少一个,以释放和阻止对所述安全模块的某些资源的访问中的至少一个, 对于以前进行的适用于该应用的验证的结果。
-
公开(公告)号:US20060107045A1
公开(公告)日:2006-05-18
申请号:US10521451
申请日:2003-08-14
申请人: Corinne Le Buhan , Rached Ksontini
发明人: Corinne Le Buhan , Rached Ksontini
IPC分类号: H04L9/00
CPC分类号: H04N21/4181 , H04N7/163 , H04N7/1675 , H04N21/4405 , H04N21/4623 , H04N21/4627 , H04N2005/91364
摘要: The aim of this invention is to propose a control method for the conformity of a network key (NK). This method is applied during the transfer of data coming from a conditional access source to a domestic network. It handles on the verification of the network key (NK) authenticity using relevant control data provided by the verification center in general in form of a list {(TK)NK1, (TK)NK2, (TK)NK3 . . . }. A verification of the presence or absence of a cryptogram (TK)NK is carried out according to the list {(TK)NK1, (TK)NK2, (TK)NK3 . . . }. The cryptogram (TK)NK is constituted from a test key (TK), provided by the verification center, encrypted by a network key (NK) of a security module (CT) of a device (TV1, TV2, PC) connected to the network.
摘要翻译: 本发明的目的是提出一种用于网络密钥(NK)的一致性的控制方法。 在从条件访问源传输到家庭网络的数据传输期间应用该方法。 它使用由验证中心提供的相关控制数据来处理网络密钥(NK)真实性的验证,通常以列表((TK)NK1,(TK)NK2), (TK)NK3。 。 。 }。 根据列表((TK)NK1,(TK)NK2)进行密码(TK)NK 的存在或不存在的验证, (TK)NK3 。 。 。 }。 密码(TK)NK 由验证中心提供的测试密钥(TK)构成,该测试密钥由设备的安全模块(CT)的网络密钥(NK)加密 ,TV 2,PC)连接到网络。
-
公开(公告)号:US20050238170A1
公开(公告)日:2005-10-27
申请号:US10830063
申请日:2004-04-23
申请人: Rached Ksontini , Henri Kudelski , Cedric Groux
发明人: Rached Ksontini , Henri Kudelski , Cedric Groux
CPC分类号: H04N7/1675 , H04L9/0822 , H04L9/0833 , H04L2209/60 , H04N21/2347 , H04N21/2585 , H04N21/26606 , H04N21/26613 , H04N21/4181 , H04N21/44236
摘要: A method is for protecting an encrypted content, by use of at least one encryption key. The method includes generation of a temporary encryption key, encryption by the temporary key of a value allowing the determination of the encryption keys of the content, transmission of the encrypted value to a multimedia unit, and encryption and transmission of at least two cryptograms including the temporary key encrypted by an authorization key. The first cryptogram is encrypted by a first authorization key pertaining to a first security module and the second cryptogram is encrypted by a second authorization key pertaining to a group of security modules whose first security module is excluded.
摘要翻译: 一种方法是通过使用至少一个加密密钥来保护加密的内容。 该方法包括生成临时加密密钥,通过临时密钥加密允许确定内容的加密密钥的值,将加密值传输到多媒体单元,以及加密和传输至少两个密码,包括 临时密钥由授权密钥加密。 通过与第一安全模块有关的第一授权密钥对第一密码进行加密,并且通过与排除其第一安全模块的一组安全模块相关的第二授权密钥对第二密码进行加密。
-
公开(公告)号:US08813253B2
公开(公告)日:2014-08-19
申请号:US13557266
申请日:2012-07-25
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
CPC分类号: H04L63/0428 , G06F8/65 , G06F21/10 , G06F21/34 , G06F21/51 , G06F21/554 , G06F2221/2107 , G06F2221/2153 , H04L63/0823 , H04L63/0853 , H04L63/10 , H04L63/12 , H04L63/123 , H04W4/60 , H04W12/08 , H04W12/10
摘要: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.
摘要翻译: 使用存储在与经由网络连接到控制服务器的设备相关联的安全模块中的资源的至少一个应用的认证方法。 控制服务器经由网络接收,分析和验证至少包括设备的标识符和安全模块的标识符的标识数据,生成包括应用的摘要,识别数据和用于安全模块的指令的密码,以及 通过网络和设备将密码传输到安全模块。 后者通过将从密码提取的摘要与计算的摘要进行比较来验证应用,其中,在应用的初始化和激活期间的至少一个期间,安全模块执行从密码提取的指令,并且释放或阻止访问某些 根据应用验证的结果,所述安全模块的资源。
-
10.发明授权公开(公告)号:US08001615B2
公开(公告)日:2011-08-16
申请号:US10577158
申请日:2004-11-03
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: G06F7/04
摘要: A method for managing the security of applications with a security module associated to an equipment connected to a network managed by a control server of an operator. The applications use resources as data or functions stored in the security module locally connected to the equipment. The method may include steps of receiving, analyzing and verifying, by the control server, identification data from the equipment and the security module, generating a cryptogram from the result of the verification of the identification data, transmitting the cryptogram to the security module of the equipment, and selectively activating or selectively deactivating by the security module at least one resource as data or functions of the security module by executing instructions included in the cryptogram and conditioning the functioning of an application according to criteria established by a supplier of the application or the operator or a user of the equipment.
摘要翻译: 一种用于利用与连接到由操作员的控制服务器管理的网络连接的设备相关联的安全模块来管理应用的安全性的方法。 应用程序使用资源作为存储在本地连接到设备的安全模块中的数据或功能。 该方法可以包括以下步骤:由控制服务器接收,分析和验证来自设备和安全模块的识别数据,从识别数据的验证结果生成密码,将密码发送到安全模块 设备,并且通过执行包括在密封件中的指令并且根据应用的供应商建立的标准来调节应用程序的功能,由安全模块至少一个资源作为安全模块的数据或功能选择性地激活或选择性地去激活, 操作员或设备的用户。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.012 秒)
