Abstract: A method to generate final software code resistant to reverse engineering analysis from an initial software code, said initial software code transforming an input data to an output data, said final software code being executed by a processor being able to directly handle data of a maximum bit length M, comprising the steps of: building a conversion table comprising in one side one instruction and in the other side a plurality of equivalent instructions or sets of instructions; splitting the input data into a plurality of segments of random length, said segments having a length equal or smaller than the maximum bit length M; for each instruction of a block of instructions, selecting pseudo-randomly an equivalent instruction or set of instructions from the conversion table so as to obtain an equivalent block of instructions; and appending the plurality of equivalent blocks of instructions to obtain the final software code.

Abstract: The aim of the present invention is to propose a method for providing attribute-based encryption for conjunctive normal form (CNF) expressions, the said CNF expression comprising at least one clause over a set of attributes, the said method using a key generation engine, an encryption engine and a decryption engine.

Abstract: A method to enforce by a management center access rules for a broadcast product accessed by an access key, the management center managing a plurality of Boolean positive and negative attributes, comprising the steps: associating one positive Boolean attribute to a receiver entitled to the attribute and loading the same; associating one negative Boolean attribute to a receiver not entitled to the attribute and loading the same; defining at least a second broadcast encryption scheme for the negative Boolean attributes and associating each negative Boolean attribute corresponding decryption key material; expressing access conditions on a product as a Boolean expression by combining at least one positive Boolean attribute and at least one negative Boolean attribute by at least one Boolean conjunction or disjunction; generating and broadcasting at least one cryptogram to a receiver, encrypting the access key with the two combined broadcast encryption schemes according to the Boolean expression.

Abstract: A method for authenticating access to a secured chip SC by a test device TD, the test device storing at least one common key CK and one test key TK, the secured chip SC storing the same common key CK and a reference digest F(TK) resulting from a cryptographic function on the test key TK, the method comprising the steps of:—receiving, by the test device TD, a challenge R produced by the secured chip SC,—combining, by the test device TD, the received challenge R with the test key TK by applying a bidirectional mathematical operation (op), encrypting the result (TK op R) with the common key CK, obtaining a cryptogram CK(TK op R),—sending the cryptogram CK(TK op R) to the secured chip SC—decrypting, by the secured chip SC, the cryptogram CK(TK op R) with the common key CK, obtaining an image key TK? representing the test key TK by applying, with the challenge R, the reverse operation (op-1) of the mathematical operation (op) previously used by the test device TD,—calculating an expected digest F(TK?) of the image

Abstract: The present invention makes use of techniques such as those described by Boneh and Franklin to allow for the realization of a pseudo-asymmetric encryption scheme whereby one public encryption corresponds to a plurality of private decryption keys. This scheme therefore provides a solution to the problem of inefficient use of bandwidth in asymmetrical encryption schemes which inherently require that a plurality of encryptions of data be broadcast to a plurality of receivers. The invention further ensures that the advantage of traceability, typical found in asymmetric encryption schemes, is maintained due to the characteristic that each receiver uses a unique traceable decryption key. The traceability thus achieved by the present invention allows for the revocation of a security module which has been involved in the abusive use of conditional access data, particularly by means of clones of security modules whose security has been compromised.

Abstract: An alternative scheme to the classical Boneh-Franklin scheme simplifies the generation and the use of the asymmetric keys. The alternative scheme takes advantage of the discovery that simpler calculations resulting in exponents of reduced size can be used as part of Boneh-Franklin type scheme. The alternative scheme thus provides a traceable encryption scheme which allows for fast, secure cryptographic calculations to be made while providing the necessary level of security required for reliable tracing capabilities to be achieved.

Abstract: The aim of the present invention is to propose a method for providing attribute-based encryption for conjunctive normal form (CNF) expressions, the said CNF expression comprising at least one clause over a set of attributes, the said method using a key generation engine, an encryption engine and a decryption engine.

Abstract: A method for authenticating access to a secured chip SC by a test device TD, the test device storing at least one common key CK and one test key TK, the secured chip SC storing the same common key CK and a reference digest F(TK) resulting from a cryptographic function on the test key TK, the method comprising the steps of:—receiving, by the test device TD, a challenge R produced by the secured chip SC,—combining, by the test device TD, the received challenge R with the test key TK by applying a bidirectional mathematical operation (op), encrypting the result (TK op R) with the common key CK, obtaining a cryptogram CK(TK op R),—sending the cryptogram CK(TK op R) to the secured chip SC—decrypting, by the secured chip SC, the cryptogram CK(TK op R) with the common key CK, obtaining an image key TK? representing the test key TK by applying, with the challenge R, the reverse operation (op-1) of the mathematical operation (op) previously used by the test device TD,—calculating an expected digest F(TK?) of the image

Abstract: A method to generate final software code resistant to reverse engineering analysis from an initial software code, said initial software code transforming an input data to an output data, said final software code being executed by a processor being able to directly handle data of a maximum bit length M, comprising the steps of: building a conversion table comprising in one side one instruction and in the other side a plurality of equivalent instructions or sets of instructions; splitting the input data into a plurality of segments of random length, said segments having a length equal or smaller than the maximum bit length M; for each instruction of a block of instructions, selecting pseudo-randomly an equivalent instruction or set of instructions from the conversion table so as to obtain an equivalent block of instructions; and appending the plurality of equivalent blocks of instructions to obtain the final software code.

Abstract: A method to enforce by a management center access rules for a broadcast product accessed by an access key, the management center managing a plurality of Boolean positive and negative attributes, comprising the steps: associating one positive Boolean attribute to a receiver entitled to the attribute and loading the same; associating one negative Boolean attribute to a receiver not entitled to the attribute and loading the same; defining at least a second broadcast encryption scheme for the negative Boolean attributes and associating each negative Boolean attribute corresponding decryption key material; expressing access conditions on a product as a Boolean expression by combining at least one positive Boolean attribute and at least one negative Boolean attribute by at least one Boolean conjunction or disjunction; generating and broadcasting at least one cryptogram to a receiver, encrypting the access key with the two combined broadcast encryption schemes according to the Boolean expression.

Abstract: The aim of the present invention is to propose a very fast alternative mechanism to the traitor tracing algorithm introduced by Boneh and Franklin to trace private keys in a public-key cryptosystem. This invention concerns a method to trace traceable parts of original private keys in a public-key cryptosystem consisting of one public key and ? corresponding private keys, a private key being formed by a traceable array of 2k elements forming a syndrome of a generalized Reed-Solomon code with parameters (?, ?-2k) defined by the base points {right arrow over (?)}=(?1, . . . , ??) and a scaling vector {right arrow over (c)}=(c1, c2, . . . , c?), comprising the steps of: obtaining the traceable part {right arrow over (d)}=(d1, . . . , d2k)T of a rogue private key, applying a Berlekamp-Massey algorithm on the traceable part {right arrow over (d)}=(d1, . . .

Abstract: Example embodiments relate to an encryption and decryption method for a conditional access content, including (a) extracting a marker (Mc) from a data packet (DP); (b) creating a first marking block including the marker (Mc) and a second padding value (PAD2); (c) encrypting the first marking block with a second encryption key (K2); (d) encrypting a second encrypted marking value (MK2) of the first encrypted marking block; (e) creating a mixed marking block including the second encrypted marking value (MK2) a the first encrypted padding element (PADK1); (f) decrypting the mixed marking block a device of the first encryption key (K1), in order to obtain a decrypted mixed marking block; (g) extracting a predetermined part of the decrypted mixed marking block; (h) comparing the extracted part with a reference value (Mc; PDV2); and (i) if the comparison leads to an identity, determining a new set of encryption parameters different to the first set of encryption parameters and repeating steps b) to h) in which the

Abstract: The present invention makes use of techniques such as those described by Boneh and Franklin to allow for the realisation of a pseudo-asymmetric encryption scheme whereby one public encryption corresponds to a plurality of private decryption keys. This scheme therefore provides a solution to the problem of inefficient use of bandwidth in asymmetrical encryption schemes which inherently require that a plurality of encryptions of data be broadcast to a plurality of receivers. The invention further ensures that the advantage of traceability, typical found in asymmetric encryption schemes, is maintained due to the characteristic that each receiver uses a unique traceable decryption key. The traceability thus achieved by the present invention allows for the revocation of a security module which has been involved in the abusive use of conditional access data, particularly by means of clones of security modules whose security has been compromised.

Abstract: The aim of the present invention is to propose a very fast alternative mechanism to the traitor tracing algorithm introduced by Boneh and Franklin to trace private keys in a public-key cryptosystem. This invention concerns a method to trace traceable parts of original private keys in a public-key cryptosystem consisting of one public key and l corresponding private keys, a private key being formed by a traceable array of 2k elements forming a syndrome of a generalized Reed-Solomon code with parameters (l,l-2k) defined by the base points {right arrow over (?)}=(?1, . . . , ?l and a scaling vector {right arrow over (c)}=(c1, c2, . . . , ct), comprising the steps of: obtaining the traceable part {right arrow over (d)}=(d1, . . . , d2k)T of a rogue private key, applying a Berlekamp-Massey algorithm on the traceable part {right arrow over (d)}=(d1, . . .

Abstract: The aim of the present invention is to propose an alternative scheme to the classical Boneh-Franklin scheme in order to simplify the generation and the use of the asymmetric keys. According to the present invention, it is proposed a method to generate an i-th private key in a public key encryption scheme with traceable private keys formed by a public component ?(i) and a secret component ?i, according to a maximal coalition factor k, with all arithmetic operations performed within a multiplicative group Z/qZ where q is a prime number, said public component being defined as: ?(i)pl =(1, i mod q, i2 mod q, . . . , ik-1 mod q) and said secret component being defined as: ? i = ? r j ? ? j ? r j ? ? j ( i ) ? mod ? ? q where rj and ?j are random values in the group Z/Z.

Abstract: Provided is a method to generate sub-keys based on a main key in a case in which, each sub-key gives no information to recover the main key. The method has the steps of obtaining a first value by applying to the main key a linear diversification by mixing the main key with a constant and applying to the first value a non-linear transformation. The non-linear transformation includes obtaining a second value by applying the first value to a substitution layer, obtaining a third value formed of N blocks of the same size by using a diffusion box of multi-permutation type based on the second value, obtaining the fourth value formed by blocks, obtaining the fifth value by applying to the fourth value a substitution layer, obtaining the sub-key by applying to the fifth value a symmetrical encryption module. The first value serves as the key input for this method.

Abstract: The purpose of this invention is to propose a new encryption method which offers a high level of security combined with a high execution speed. This aim is achieved by a method to encrypt or decrypt blocks of data X to Y, based on a main key R, this method using several serially connected modules, each module using a sub-key RA derived from the main key R.

Abstract: This invention relates to an encryption and decryption method for a conditional access content, in which the content is broadcast in the form of data packets (DP), the previous packets being encrypted by a first key (K1) associated to a first padding value (PAD1) and to a first encrypted padding element (PADK1) and the following packets being encrypted by a second key (K2) associated to a second padding value (PAD2) and to a second encrypted padding element (PADK2). In this method, the first key (K1) and the first padding value (PAD1) form a first set of encryption parameters, the second key (K2) and the second padding value forming a second set of encryption parameters.

Abstract: The aim of this invention is to propose a method to generate sequences or sub-keys based on a main key, in which each sub-key gives no information to recover the main key or any other sub-keys.

Abstract: The purpose of this invention is to propose a new encryption method which offers a high level of security combined with a high execution speed.