公开(公告)号：WO2012072707A1

公开(公告)日：2012-06-07

申请号：PCT/EP2011/071435

申请日：2011-11-30

Applicant: IRDETO CORPORATE B.V. ,  ROELSE, Petrus Lambertus Adrianus

Inventor： ROELSE, Petrus Lambertus Adrianus

IPC: H04L29/06 ,  H04N5/00 ,  H04N7/16 ,  H04N7/167 ,  H04N21/266 ,  H04N21/6334 ,  H04N21/835

CPC classification number: H04L9/3234 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/0894 ,  H04L9/0897 ,  H04L63/061 ,  H04L63/0853 ,  H04L2209/60 ,  H04N7/1675 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4367 ,  H04N21/4405 ,  H04N21/4623 ,  H04N21/63345 ,  H04N21/8352

Abstract: A method for securely obtaining a control word in a chip set of a receiver, said control word for descrambling scrambled content received by the receiver, the method comprising, at the chip set: receiving a secured version of a virtual control word from a conditional access/digital rights management client communicably connected to the chip set; obtaining the virtual control word from the secured version of the virtual control word; and using a first cryptographic function to produce a given output from an input that comprises the virtual control word and either a plurality of signature verification keys or one or more values derived from a plurality of signature verification keys, each signature verification key being associated with a conditional access/digital rights management system, the given output comprising at least one control word, wherein the first cryptographic function has the property that it is infeasible to determine a key pair including a signature key and a signature verification key and an input for the first cryptographic function comprising the determined signature verification key or one or more values derived, at least in part, from the determined signature verification key, such that the first cryptographic function produces the given output from the determined input.

Abstract translation: 一种用于安全地获得接收机的芯片组中的控制字的方法，所述控制字用于解扰由接收机接收的加扰内容，该方法包括：在芯片组处：从条件访问中接收虚拟控制字的安全版本 数字版权管理客户端可通信地连接到芯片组; 从所述虚拟控制字的安全版本获取所述虚拟控制字; 并且使用第一加密函数从包括虚拟控制字和多个签名验证密钥的输入或从多个签名验证密钥导出的一个或多个值产生给定输出，每个签名验证密钥与 条件访问/数字版权管理系统，所述给定输出包括至少一个控制字，其中所述第一密码功能具有确定包括签名密钥和签名验证密钥的密钥对以及第一密码的输入是不可行的属性的属性 至少部分地从所确定的签名验证密钥导出所确定的签名验证密钥或一个或多个值的密码函数，使得所述第一加密函数从所确定的输入产生给定的输出。

公开(公告)号：WO2012072704A1

公开(公告)日：2012-06-07

申请号：PCT/EP2011/071432

申请日：2011-11-30

Applicant: IRDETO B.V. ,  ROELSE, Petrus, Lambertus, Adrianus ,  MOOIJ, Wim

Inventor： ROELSE, Petrus, Lambertus, Adrianus ,  MOOIJ, Wim

IPC: H04N5/00 ,  H04N7/16 ,  H04N7/167 ,  H04L9/08 ,  H04L9/32 ,  H04N21/4623 ,  H04N21/6334 ,  H04N21/266

CPC classification number: H04L9/3234 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/0894 ,  H04L9/0897 ,  H04L63/061 ,  H04L63/0853 ,  H04L2209/60 ,  H04N7/1675 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4367 ,  H04N21/4405 ,  H04N21/4623 ,  H04N21/63345 ,  H04N21/8352

Abstract: The invention enables the transport of a key from a sender to a receiver. The sender comprises means for generating or obtaining a virtual key and securing the virtual key to protect its authenticity and confidentiality. The secured virtual key is provided to the receiver. The receiver comprises means to derive the virtual key from the secured virtual key. The sender and the receiver comprise means to provide the virtual key and a signature verification key associated with the sender as inputs to a cryptographic function to generate an output. The output includes at least one key. The at least one key may be in turn used as input to a cryptographic mechanism, providing a service to a security application. Examples of such services are encryption or decryption of content, or generating a response to a challenge.

Abstract translation: 本发明使得能够将密钥从发送者传送到接收者。 发送方包括用于生成或获取虚拟密钥并保护虚拟密钥以保护其真实性和机密性的装置。 将受保护的虚拟键提供给接收器。 接收机包括从安全虚拟密钥导出虚拟密钥的装置。 发送方和接收方包括提供虚拟密钥和与发送方相关联的签名验证密钥作为密码功能的输入以产生输出的装置。 输出包括至少一个键。 至少一个密钥可以又被用作密码机制的输入，为安全应用提供服务。 此类服务的示例是内容的加密或解密，或产生对挑战的响应。

公开(公告)号：WO2012072703A1

公开(公告)日：2012-06-07

申请号：PCT/EP2011/071431

申请日：2011-11-30

Applicant: IRDETO B.V. ,  ROELSE, Petrus Lambertus Adrianus

Inventor： ROELSE, Petrus Lambertus Adrianus

IPC: H04L29/06 ,  H04N5/00 ,  H04N7/16 ,  H04N7/167

CPC classification number: H04L9/3234 ,  H04L9/08 ,  H04L9/0825 ,  H04L9/0877 ,  H04L9/0894 ,  H04L9/0897 ,  H04L63/061 ,  H04L63/0853 ,  H04L2209/60 ,  H04N7/1675 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4367 ,  H04N21/4405 ,  H04N21/4623 ,  H04N21/63345 ,  H04N21/8352

Abstract: The invention enables a chip set of a receiver of a conditional access system to receive control words securely from a head-end system in the content delivery network. Hereto the chip set comprises means for processing an incoming message to obtain a virtual control word, and using the virtual control word to generate the control word used for descrambling content received from the content delivery network. The authenticity of incoming messages is verified, in the sense that content descrambling fails if an incoming message is not authentic.

Abstract translation: 本发明使条件接收系统的接收机的芯片组能够从内容传送网络中的前端系统安全地接收控制字。 芯片组包括用于处理输入消息以获得虚拟控制字的装置，并且使用虚拟控制字来生成用于解扰从内容传送网络接收的内容的控制字。 验证输入消息的真实性，在内容解扰失败的意义上，如果传入的消息不可信。