Abstract: The invention relates to a local digital network comprising: at least one source device intended to broadcast data over the network; and at least one receiver device intended to receive said data. The source device uses a network active encryption key to encrypt data liable to be broadcast in the network and the receiver device contains: a network active decryption key for decrypting data encrypted using said active encryption key and at least one decryption key of the network for decrypting data encrypted with the aid of an encryption key used previously in the network. The invention also relates to the installing of new devices in such a network as well as the sending of data from a source device to a receiver device.

Abstract: The invention concerns a method implemented in a communication network comprising a source device including: a first symmetrical key for encrypting data to be transmitted to a display device connected to the network; and the first symmetrical key encrypted with a second symmetrical network key known only to at least one display device connected to the network. When the source device needs to renew its first symmetrical key to encrypt new data, it generates a random number, then it calculates a new symmetrical key based on the first symmetrical key and on the random number. It then encrypts the data to be transmitted with the new symmetrical key and transmits to a display device, via the network: the data encrypted with the new symmetrical key, the random number, and the first encrypted symmetrical key with the second symmetrical network key.

Abstract: The local digital network comprises: access devices (1), for receiving data originating from outside the network and transmitting them at a point of the network; and presentation devices (2,3) for receiving the data flowing in the network and presenting them at a point of the network. The data flow in the network in encrypted form and all the devices of the network use a single key, the local key of the network, for the encryption and decryption of the data. Preferably, the local key of the network is formed by a pair of public and private keys. The purpose of this network is to make it possible to copy data in the local network whilst preventing pirate copies destined for other local networks.

Abstract: The invention relates to pairing a slave device with a master device, for example decoders in a conditional access system. There is provided a security module that stores a device state that indicates whether a decoder shall be a master or a slave decoder. There is also provided a method in a conditional access system of providing a device with a device state stored on a security module. It is detected that the security module is in connection with the device and the device state is transferred from the security module to the device. There is further provided a method of pairing a slave device with a master device. The slave device asks the master device to identify itself, the master device returns an identification, and if the slave device has not yet been paired with a master device, it checks the identity of the master device and, if the identity is verified pairs with the master device. There is also provided a first, slave, device for pairing with a second, master, device.

Abstract: A method for performing at least one evolution operation in a dynamic, evolutive community of devices in a network comprising at least a first device. The method comprises a step of sending at least one message over the network from the first device to a second device, wherein the first device continues the method without acknowledgement of the at least one message from the second device. The method is suitable for execution on clockless devices. A device for performing the method is also claimed.

Abstract: A method for performing at least one evolution operation in a dynamic, evolutive community of devices in a network comprising at least a first device. The method comprises a step of sending at least one message over the network from the first device to a second device, wherein the first device continues the method without acknowledgement of the at least one message from the second device. The method is suitable for execution on clockless devices. A device for performing the method is also claimed.

Abstract: A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, Kperm, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key gx, which is sent to the second peer. The second peer calculates a second ephemeral public key gy in the same manner, and an ephemeral shared key Keph, hashes gy, Keph, Kperm, and its identity, and sends gy and the hash to the first peer. The first peer calculates Keph, verifies the hash, and hashes gx, Keph, Kperm, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing Keph. The apparatuses may then use the session key to establish a secure authenticated channel (SAC).

Abstract: The invention relates to a method to verify that data received by a receiver has been sent by a transmitter authorized by a trusted third party, the transmitter and the receiver being connected to a digital network. An identifier is associated with the data sent by the transmitter and, on receipt of the data by the receiver, the receiver generates a random number and diffuses the same on the network. The transmitter that receives the random number calculates a response by applying a first function to the random number and to the identifier, and sends the response to the receiver which verifies the response received by applying a second function to the response received, the random number and the identifier. The first function is delivered first to the transmitter by the trusted third party. The second function is a function for checking the result of the first function which is delivered first to the receiver by the trusted third party.

Abstract: The invention relates to the protection by firewall of a domestic community of interconnectable appliances. The invention allows distributed and totally decentralized management of the firewall policy, implemented at the level of each appliance, which is consistent and adapts dynamically to the changes occurring within the domestic network. We shall speak of ubiquitous firewalls.

Abstract: This invention relates to a method for controlling the consumption limit date of a digital content which is transferred from distribution means (100) to a consuming device (120) during a temporary connection to be consumed on that device until the limit date, the distribution means (100) having a clock (104), called a reference clock, the value of which at each instant is called the true date. According to this invention, each time the consuming device connects to the distribution means (100), a signal including the true date is transmitted from the distribution means (100) to the consuming device (120) by a secured method to verify that the consumption limit date is not exceeded.

Abstract: A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, Kperm, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key gx, which is sent to the second peer. The second peer calculates a second ephemeral public key gy in the same manner, and an ephemeral shared key Keph, hashes gy, Keph, Kperm, and its identity, and sends gy and the hash to the first peer. The first peer calculates Keph, verifies the hash, and hashes gx, Keph, Kperm, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing Keph. The apparatuses may then use the session key to establish a secure authenticated channel (SAC).

Abstract: A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, Kperm, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key gx, which is sent to the second peer. The second peer calculates a second ephemeral public key gy in the same manner, and an ephemeral shared key Keph, hashes gy, Keph, Kperm, and its identity, and sends gy and the hash to the first peer. The first peer calculates Keph, verifies the hash, and hashes gx, Keph, Kperm, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing Keph. The apparatuses may then use the session key to establish a secure authenticated channel (SAC).

Abstract: To transmit digital data representing a content from a source to a receiver through a digital communication channel, the data being scrambled by at least one control word, the method includes the following steps. The source generates an encryption key which it stores temporarily. It encrypts the control word with the encryption key and transmits to the receiver the scrambled digital data and the encrypted control word, the latter being transmitted through an encrypted communication channel. The receiver then performs an operation of authentication of the source. When the source is authenticated by the receiver, it transmits the encryption key to it. The receiver then decrypts the control word and descrambles the data so as to present them to a user. The encryption key is then erased from the memories of the source and the receiver when the content has been entirely transmitted.

Abstract: A symmetric key management process in a communication network comprising a source device furnished with a source of data to be broadcast over the network and at least one receiver device intended to receive the broadcast data. The process comprises: determining and securely transmitting a first symmetric key to a receiver device; the receiver device encrypting the first symmetric key using a second symmetric key and transmitting it to the source device; and the source device recovering and storing it. Before transmitting the data to at least one reception device, the source device encrypts these data with the aid of the first symmetric key, then it transmits these encrypted data, accompanied by the first encrypted symmetric key, to at least one receiver device. The receiver device decrypts the first symmetric key with the aid of the second key which it possesses, then it decrypts the encrypted data with the aid of the first symmetric key thus recovered.

Abstract: The local digital network comprises: access devices (1), for receiving data originating from outside the network and transmitting them at a point of the network; and presentation devices (2, 3) for receiving the data flowing in the network and presenting them at a point of the network. The data flow in the network in encrypted form and all the devices of the network use a single key, the local key of the network, for the encryption and decryption of the data. Preferably, the local key of the network is formed by a pair of public and private keys. The purpose of this network is to make it possible to copy data in the local network whilst preventing pirate copies destined for other local networks.

Abstract: The local digital network comprises: access devices, for receiving data originating from outside the network and transmitting them at a point of the network; and presentation devices for receiving the data flowing in the network and presenting them at a point of the network. The data flow in the network in encrypted form and all the devices of the network use a single key, the local key of the network, for the encryption and decryption of the data. Preferably, the local key of the network is formed by a pair of public and private keys. The purpose of this network is to make it possible to copy data in the local network whilst preventing pirate copies destined for other local networks.

Abstract: A new system for creating and updating a secure community of devices in digital networks is disclosed. A device adapted to belong to a community of networked devices contains; a provable identity and/or means for generating and/or obtaining a provable identity; means adapted to store information about devices of the community having trust relationships with the device; means adapted to store information about devices not trusted by this device; and means for trust relationships synchronization.

Abstract: This invention relates to a method for managing consumption of digital contents of a provider in a client domain comprising a portable isolated device where the portable isolated device receives an isolated content, the result of a digital processing of the audio and/or video provider content, and an isolated license associated with the content and containing rights to use the isolated content and authorization information. Also, the portable isolated device manages the consumption of the content in devices of the domain in accordance with the associated rights that it has received, independently of the provider.

Abstract: The invention concerns a method implemented in a communication network comprising a source device including: a first symmetrical key for encrypting data to be transmitted to a display device connected to the network; and the first symmetrical key encrypted with a second symmetrical network key known only to at least one display device connected to the network. When the source device needs to renew its first symmetrical key to encrypt new data, it generates a random number, then it calculates a new symmetrical key based on the first symmetrical key and on the random number. It then encrypts the data to be transmitted with the new symmetrical key and transmits to a display device, via the network: the data encrypted with the new symmetrical key, the random number, and the first encrypted symmetrical key with the second symmetrical network key.

Abstract: A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, Kperm, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key gx, which is sent to the second peer. The second peer calculates a second ephemeral public key gy in the same manner, and an ephemeral shared key Keph, hashes gy, Keph, Kperm, and its identity, and sends gy and the hash to the first peer. The first peer calculates Keph, verifies the hash, and hashes gx, Keph, Kperm, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing Keph. The apparatuses may then use the session key to establish a secure authenticated channel (SAC).