公开(公告)号：WO2020114860A1

公开(公告)日：2020-06-11

申请号：PCT/EP2019/082737

申请日：2019-11-27

Applicant: NAGRAVISION S.A.

Inventor： GREMAUD, Fabien ,  FUCHS, Pascal ,  VILLEGAS, Karine ,  PERRINE, Jérôme ,  HAUTIER, Roan

IPC: G06F21/74 ,  G06F21/78

Abstract: A method for anti-replay protection of a memory of a device, wherein the memory is used by and external to a secure element of the device, the method comprising the following steps, wherein the steps are performed in the device after a content of the memory is modified: generating device state data indicative of a state of the content of the memory; transmitting the device state data to a remote system for updating an authentication key of the device stored in a data storage of the remote system and for use by the remote system in an authentication procedure; and providing authentication information based on the device state data from the secure element to the remote system in the authentication procedure between the device and the remote system to verify a validity of the content of the memory.

公开(公告)号：WO2016193404A1

公开(公告)日：2016-12-08

申请号：PCT/EP2016/062578

申请日：2016-06-03

Applicant: NAGRAVISION S.A.

Inventor： PERRINE, Jérôme ,  BENOIT, Bernard ,  VAN RIEK, Maurice ,  OSEN, Karl

IPC: H04L29/06 ,  H04W12/02 ,  H04M1/253 ,  H04M1/60

CPC classification number: H04L63/045 ,  H04L63/0428 ,  H04L63/061 ,  H04L65/1006 ,  H04L65/1069 ,  H04L65/608 ,  H04M1/006 ,  H04M1/2535 ,  H04M1/6066 ,  H04W4/80 ,  H04W12/02

Abstract: In an embodiment, a communication device receives a request to establish a media session with a remote endpoint. In response to receiving the request, the communication device exchanges media-session control data with the remote endpoint on behalf of a local endpoint to establish the requested media session between the local endpoint and the remote endpoint. The communication device is communicatively connected to the local endpoint via a Personal Area Network (PAN) communication link. The communication device relays media-session payload data between the local and remote endpoints. The media-session payload data (i) is associated with the media session and (ii) is encrypted based on at least one payload-data cryptographic key that is not accessible to the communication device.

Abstract translation: 在一个实施例中，通信设备接收与远程端点建立媒体会话的请求。 响应于接收到请求，通信设备代表本地端点与远程端点交换媒体会话控制数据，以在本地端点和远程端点之间建立所请求的媒体会话。 通信设备经由个人局域网（PAN）通信链路与本地端点通信地连接。 通信设备在本地和远程端点之间中继媒体会话有效负载数据。 媒体会话有效载荷数据（i）与媒体会话相关联，并且（ii）基于通信设备不可访问的至少一个有效载荷数据密码密钥进行加密。

公开(公告)号：WO2016193135A1

公开(公告)日：2016-12-08

申请号：PCT/EP2016/061966

申请日：2016-05-27

Applicant: NAGRAVISION S.A.

Inventor： FER, François ,  MACCHETTI, Marco ,  GAUTERON, Laurent ,  PERRINE, Jérôme

IPC: H04L29/06

CPC classification number: H04L65/1006 ,  G06F17/30312 ,  H04L63/06 ,  H04L63/065 ,  H04L65/403 ,  H04L65/605 ,  H04M7/006 ,  H04W12/04 ,  H04W12/08

Abstract: System and method for establishing secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.

Abstract translation: 用于建立安全电话会议的系统和方法。 在一个示例系统中，中央电话会议服务器与包括安全元件的附件设备建立点对点连接并连接到相应的参与者设备。 会议呼叫服务器包括与多个安全元件的接口，该多个安全元件被配置为对与辅助设备通信的媒体信号执行加扰和解扰频。 在另一示例中，参与者设备之一作为中央电话会议服务器。 在其他示例中，参与者设备通过连接到参与者设备的所有附件设备之间的点到点连接在电话会议上进行通信。 附件设备包括用于解密和加密在附件设备之间传送的媒体信号的安全元件。

公开(公告)号：WO2016189070A1

公开(公告)日：2016-12-01

申请号：PCT/EP2016/061867

申请日：2016-05-26

Applicant: NAGRAVISION S.A.

Inventor： MACCHETTI, Marco ,  HAUTIER, Roan ,  FAVI, Claudio ,  PERRINE, Jérôme

IPC: H03K3/84 ,  H04L9/08

CPC classification number: H04L9/3278 ,  G09C1/00 ,  H03K3/84 ,  H04L9/0866

Abstract: Method for generating a value (19) inherent to an electronic circuit (10) by means of measures of a physical quantity carried out on components (11) of this circuit; this method is intended to: calculate and associate to each component (11) at least one value (V) derived from a series of measures carried out on said component, the calculation of said value (V) being done by determining a statistical value from said series of measures and by defining said value (V) as being either said statistical value, or an uncertainty range calculated from this statistical value, form a collection of invariable pairs of components, select, in said collection, pairs so that said values (V) associated to the components of each of these pairs are spaced by at least one setpoint value, generate said value (19) inherent to the electronic circuit on the basis of results of comparisons of the values (V) associated to the components of each selected pair.

Abstract translation: 用于通过在该电路的部件（11）上执行的物理量的测量来产生电子电路（10）固有的值（19）的方法; 该方法旨在：对每个组件（11）计算和关联从对所述组件执行的一系列测量得到的至少一个值（V），通过确定所述值（V）的统计值来计算所述值（V） 所述一系列措施并且将所述值（V）定义为所述统计值或从该统计值计算的不确定性范围，形成不变组分对的集合，在所述集合中选择对，使得所述值 V）与这些对中的每一个的组件相关联，间隔至少一个设定点值，基于与每个组件相关联的值（V）的比较结果，生成电子电路固有的所述值（19） 选择对。

公开(公告)号：WO2014056876A1

公开(公告)日：2014-04-17

申请号：PCT/EP2013/070889

申请日：2013-10-08

Applicant: NAGRAVISION S.A.

Inventor： HAUTIER, Roan ,  MACCHETTI, Marco ,  PERRINE, Jérôme

IPC: G06F21/31 ,  G06F21/44

CPC classification number: H04L9/0897 ,  G06F21/31 ,  G06F21/44 ,  G06F21/572 ,  G06F21/76 ,  H04L9/0643 ,  H04L9/0869 ,  H04L9/0877 ,  H04L9/14 ,  H04L2209/24

Abstract: A method and system configured for personalizing at least one chip (IC), intended to be integrated into a smart card, comprising a tester (T) associated to a (Field Programmable Gate Array) FPGA device (WB) connected to the chip (IC), the chip (IC) being part of a wafer (W) comprising an arrangement of a plurality of chips and a disposable hardware module (HM) for verifying presence of the chip (IC) on the wafer (W). The tester (T) sends a first secret code (S1) to the FPGA device (WB), which sends a command (C) to the chip to initiate a test mode activation. The FPGA device (WB) encrypts a second secret code (S2) by using a secret encryption algorithm (E) parameterized with a true random number (R) received from the chip (IC) and the first secret code (S1) to obtain a first cryptogram (M1) which is sent to the chip (IC).The chip (IC) determines a second cryptogram (M2) by carrying out a Boolean function (F) over a result obtained by decryption of the first cryptogram (M1) using the inverse of the secret encryption algorithm (E-) parameterized with the random number (R) and the first secret code (S1). The second cryptogram (M2) is compared with a calculated result F(S2) obtained by carrying out the Boolean function (F) over the second secret code (S2) temporarily stored on the chip (IC). The FPGA device (WB) performs personalization of the chip (IC) only if the test mode of the chip (IC) is enabled by a successful comparison between the second cryptogram (M2) and the calculated result F(S2).

Abstract translation: 一种方法和系统，被配置为个性化旨在集成到智能卡中的至少一个芯片（IC），其包括与连接到芯片（IC）的（现场可编程门阵列）FPGA器件（WB）相关联的测试器（T） ），所述芯片（IC）是包括多个芯片的布置的晶片（W）的一部分，以及用于验证晶片（W）上的芯片（IC）的存在的一次性硬件模块（HM）。 测试器（T）向FPGA器件（WB）发送第一密码（S1），该器件向芯片发送命令（C）以启动测试模式激活。 FPGA器件（WB）通过使用由从芯片（IC）和第一密码（S1）接收的真随机数（R）参数化的秘密加密算法（E）来加密第二密码（S2），以获得 发送到芯片（IC）的第一密码（M1）。芯片（IC）通过对通过第一密封（M1）的解密获得的结果执行布尔函数（F）来确定第二密码（M2） 用随机数（R）和第一密码（S1）参数化的秘密加密算法（E）的倒数。 将第二密码（M2）与通过临时存储在芯片（IC）上的第二秘密码（S2）执行布尔函数（F）而获得的计算结果F（S2）进行比较。 仅当通过第二密码（M2）和计算结果F（S2）之间的成功比较来启用芯片（IC）的测试模式时，FPGA器件（WB）才执行芯片（IC）的个性化。

公开(公告)号：WO2020109623A1

公开(公告)日：2020-06-04

申请号：PCT/EP2019/083314

申请日：2019-12-02

Applicant: NAGRAVISION S.A.

Inventor： MACCHETTI, Marco ,  PERRINE, Jérôme ,  HUNACEK, Didier ,  WIRZ, Christian

IPC: H04W12/00 ,  H04N21/2347 ,  H04N7/18 ,  G08B13/196 ,  H04L9/08

Abstract: The disclosure enables securing a transmission of content from a surveillance device to a remote server. The surveillance device is configured to obtain the content from observing a surroundings. The surveillance device is e.g. a security camera, in which case the content can comprise video data. The remote server is e.g. a centralized monitoring system or VMS. An encryption key that is generated in the remote server is received in the surveillance device from the remote server. The content is encrypted in the surveillance device using the encryption key and transmitted from the surveillance device to the remote server. The encryption key can be a control word that is received in an entitlement control message generated in the remote server.

公开(公告)号：WO2017140759A1

公开(公告)日：2017-08-24

申请号：PCT/EP2017/053466

申请日：2017-02-16

Applicant: NAGRAVISION S.A.

Inventor： BENOIT, Bernard ,  FOURNIER, Jean-Claude ,  PERRINE, Jérôme ,  GAUTERON, Laurent

IPC: H04L29/06 ,  G06F21/60

CPC classification number: H04W12/02 ,  G06F21/606 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/3066 ,  H04L63/0435 ,  H04L63/0478 ,  H04W12/04 ,  H04W12/06

Abstract: Disclosed herein are methods and systems for encrypting communications using a secure element. An embodiment takes the form of a method including the steps of performing a key- exchange procedure with an endpoint via a voice-communication device to obtain a symmetric seed key for a secure voice session with the endpoint; generating first and second symmetric session keys for the secure voice session based on the obtained symmetric seed key; receiving outbound voice packets from the voice-communication device in connection with the secure voice session, each outbound voice packet including a header and an unencrypted payload; using a first symmetric encryption algorithm and the first symmetric session key, followed by a second symmetric encryption algorithm and the second symmetric session key to generate and output twice-encrypted outbound-voice-packet payloads to the voice-communication device for transmission to the endpoint in connection with the secure voice session.

Abstract translation: 这里公开了使用安全元件来加密通信的方法和系统。 一个实施例采取包括以下步骤的方法的形式：经由语音通信设备与端点执行密钥交换过程以获得用于与端点的安全语音会话的对称种子密钥; 基于所获得的对称种子密钥来生成安全语音会话的第一和第二对称会话密钥; 接收来自所述语音通信设备的与所述安全语音会话相关的出站语音分组，每个出站语音分组包括头部和未加密的有效载荷; 使用第一对称加密算法和第一对称会话密钥，接着是第二对称加密算法和第二对称会话密钥，以生成两次加密的出站语音分组有效载荷并将其输出到语音通信设备以传输到端点 与安全的语音会话相关。

公开(公告)号：WO2015007549A1

公开(公告)日：2015-01-22

申请号：PCT/EP2014/064332

申请日：2014-07-04

Applicant: NAGRAVISION S.A.

Inventor： MACCHETTI (IT), Marco ,  PERRINE, Jérôme ,  SERVET, Patrick ,  HUNACEK, Didier

IPC: H04N21/438 ,  H04N21/4623

CPC classification number: H04N21/4623 ,  H04N21/43853 ,  H04N21/4405 ,  H04N21/4408

Abstract: Méthode pour sécuriser des mots de contrôle (CW) au sein d'un décodeur (10) en charge de désembrouiller un contenu numérique protégé par ces mots de contrôle, comprenant les étapes suivantes: - pour chaque unité de désembrouillage (14) que compte ce décodeur, charger dans un répertoire (22), une clé d'appariement (PK) référencée par un identifiant (ID) l'associant à une unité de désembrouillage, - réceptionner au moins un mot de contrôle chiffré et référencé par une indication (D) permettant d'identifier l'unité de désembrouillage à qui il est destiné, - déchiffrer le mot de contrôle au moyen d'une première clé partagée avec un module de sécurité (30), - identifier dans le répertoire la clé d'appariement dont l'identifiant (ID) correspond à l'indication de destination (D) associée au mot de contrôle, - chiffrer ce mot de contrôle à l'aide de cette clé d'appariement, - stocker dans un registre (15) le mot de contrôle d'une manière chronologique et référencée.

Abstract translation: 本发明涉及一种用于保护解码器（10）内的控制字（CW）的方法，该解码器（10）负责解扰由这些控制字保护的数字内容，包括以下步骤： - 对于所述解码器的每个解扰频单元（14），加载配对 由标识符（ID）引用的密钥（PK），其将解密单元与解扰单元相关联到目录（22）中， - 接收由指示引用的至少一个加密的控制字，使得可以识别其所针对的解扰单元， - 使用与安全模块（30）共享的第一密钥来解密所述控制字; - 在日志中识别其标识符（ID）对应于与所述控制字相关联的预期用途（D）的指示的配对密钥， 使用该配对密钥加密该控制字， - 按照时间和参考方式将控制字存储在日志（15）中。