Patents by Inventor Rached Ksontini
Rached Ksontini has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9531681Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyzes and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.Type: GrantFiled: August 13, 2015Date of Patent: December 27, 2016Assignee: NAGRAVISION S.A.Inventors: Rached Ksontini, Renato Cantini
-
Publication number: 20150350169Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.Type: ApplicationFiled: August 13, 2015Publication date: December 3, 2015Inventors: Rached KSONTINI, Renato CANTINI
-
Patent number: 9143888Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyzes and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.Type: GrantFiled: July 16, 2014Date of Patent: September 22, 2015Assignee: NAGRAVISION S.A.Inventors: Rached Ksontini, Renato Cantini
-
Publication number: 20140321646Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.Type: ApplicationFiled: July 16, 2014Publication date: October 30, 2014Inventors: Rached KSONTINI, Renato CANTINI
-
Patent number: 8813253Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.Type: GrantFiled: July 25, 2012Date of Patent: August 19, 2014Assignee: Nagravision S.A.Inventors: Rached Ksontini, Renato Cantini
-
Patent number: 8646097Abstract: The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterized in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.Type: GrantFiled: March 27, 2009Date of Patent: February 4, 2014Assignee: Nagravision, S.A.Inventors: Joel Conus, Luca Gradassi, Rached Ksontini, Henri Kudelski
-
Publication number: 20120314859Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.Type: ApplicationFiled: July 25, 2012Publication date: December 13, 2012Inventors: Rached Ksontini, Renato Cantini
-
Patent number: 8261365Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.Type: GrantFiled: November 26, 2004Date of Patent: September 4, 2012Assignee: Nagravision S.A.Inventors: Rached Ksontini, Renato Cantini
-
Patent number: 8001615Abstract: A method for managing the security of applications with a security module associated to an equipment connected to a network managed by a control server of an operator. The applications use resources as data or functions stored in the security module locally connected to the equipment. The method may include steps of receiving, analyzing and verifying, by the control server, identification data from the equipment and the security module, generating a cryptogram from the result of the verification of the identification data, transmitting the cryptogram to the security module of the equipment, and selectively activating or selectively deactivating by the security module at least one resource as data or functions of the security module by executing instructions included in the cryptogram and conditioning the functioning of an application according to criteria established by a supplier of the application or the operator or a user of the equipment.Type: GrantFiled: November 3, 2004Date of Patent: August 16, 2011Assignees: Nagravision S.A., Swisscom Mobile AGInventors: Rached Ksontini, Renato Cantini
-
Patent number: 7822205Abstract: The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre.Type: GrantFiled: September 19, 2003Date of Patent: October 26, 2010Assignee: Nagravision S.A.Inventors: Rached Ksontini, Marco Sasselli
-
Patent number: 7616763Abstract: The aim of this invention is to propose a control method for the conformity of a network key (NK). This method is applied during the transfer of data coming from a conditional access source to a domestic network. It handles on the verification of the network key (NK) authenticity using relevant control data provided by the verification center in general in form of a list {(TK)NK1, (TK)NK2, (TK)NK3 . . . }. A verification of the presence or absence of a cryptogram (TK)NK is carried out according to the list {(TK)NK1, (TK)NK2, (TK)NK3 . . . }. The cryptogram (TK)NK is constituted from a test key (TK), provided by the verification center, encrypted by a network key (NK) of a security module (CT) of a device (TV1, TV2, PC) connected to the network.Type: GrantFiled: August 14, 2003Date of Patent: November 10, 2009Assignee: Nagravision SAInventors: Corinne Le Buhan, Rached Ksontini
-
Publication number: 20090254996Abstract: The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterised in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.Type: ApplicationFiled: March 27, 2009Publication date: October 8, 2009Applicant: Nagravision S.A.Inventors: Joel Conus, Luca Gradassi, Rached Ksontini, Henri Kudelski
-
Patent number: 7487349Abstract: A method is for protecting an encrypted content, by use of at least one encryption key. The method includes generation of a temporary encryption key, encryption by the temporary key of a value allowing the determination of the encryption keys of the content, transmission of the encrypted value to a multimedia unit, and encryption and transmission of at least two cryptograms including the temporary key encrypted by an authorization key. The first cryptogram is encrypted by a first authorization key pertaining to a first security module and the second cryptogram is encrypted by a second authorization key pertaining to a group of security modules whose first security module is excluded.Type: GrantFiled: April 23, 2004Date of Patent: February 3, 2009Assignee: NagraCard S.A.Inventors: Rached Ksontini, Henri Kudelski, Cédric Groux
-
Publication number: 20070274524Abstract: The aim of this invention is to propose a method to manage the security of the set composed by an equipment, a security module and applications in order to limit the risk related to the fact that a security module could be fraudulently used by applications executed on a type of equipment and/or of software version that does not entirely fulfill the established security criteria.Type: ApplicationFiled: November 3, 2004Publication date: November 29, 2007Applicants: NAGRACARD S.A., SWISSCOM MOBILE AGInventors: Rached Ksontini, Renato Cantini
-
Publication number: 20070198834Abstract: A method is disclosed for the authentication of applications both at the time of their downloading, as well as at the time of their execution. At least one application works in an equipment connected by a network to a control server, the equipment being locally connected to a security module. The application is loaded and/or executed via an application execution environment of the equipment and uses resources stored in the security module.Type: ApplicationFiled: November 26, 2004Publication date: August 23, 2007Inventors: Rached Ksontini, Renato Cantini
-
Publication number: 20070009101Abstract: The aim of this invention is to provide a method to allocate resources on a security module of a portable apparatus such as a telephone, taking into account the security imperatives of the different intervening parties, such as the operator and application suppliers.Type: ApplicationFiled: June 22, 2004Publication date: January 11, 2007Applicants: NAGRACARD S.A., SWISSCOM MOBILE AGInventors: Rached Ksontini, Stephane Joly, Renato Cantini, Mehdi Tazi
-
Publication number: 20060153386Abstract: The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre.Type: ApplicationFiled: September 19, 2003Publication date: July 13, 2006Inventors: Rached Ksontini, Marco Sasselli
-
Publication number: 20060107045Abstract: The aim of this invention is to propose a control method for the conformity of a network key (NK). This method is applied during the transfer of data coming from a conditional access source to a domestic network. It handles on the verification of the network key (NK) authenticity using relevant control data provided by the verification center in general in form of a list {(TK)NK1, (TK)NK2, (TK)NK3 . . . }. A verification of the presence or absence of a cryptogram (TK)NK is carried out according to the list {(TK)NK1, (TK)NK2, (TK)NK3 . . . }. The cryptogram (TK)NK is constituted from a test key (TK), provided by the verification center, encrypted by a network key (NK) of a security module (CT) of a device (TV1, TV2, PC) connected to the network.Type: ApplicationFiled: August 14, 2003Publication date: May 18, 2006Inventors: Corinne Le Buhan, Rached Ksontini
-
Publication number: 20060023876Abstract: The aim of this invention is to propose a solution to prevent the modification of access conditions to an encrypted multimedia content. This aim is achieved by a method to secure an event with control words (CW), the use of this event by user units being subjected to access conditions (AC), said method comprising the following steps: generation of a pseudo-random number (RNG), formation of a control block (CB) by the association of the pseudo-random number (RNG) and the access conditions (AC), calculation of the control word (CW) by the application of a unidirectional function (F) on the control block (CB), use of the control word (CW) to encrypt the event, transmission of the control block (CB) to the user units.Type: ApplicationFiled: March 9, 2005Publication date: February 2, 2006Inventors: Rached Ksontini, Henri Kudelski
-
Publication number: 20050238170Abstract: A method is for protecting an encrypted content, by use of at least one encryption key. The method includes generation of a temporary encryption key, encryption by the temporary key of a value allowing the determination of the encryption keys of the content, transmission of the encrypted value to a multimedia unit, and encryption and transmission of at least two cryptograms including the temporary key encrypted by an authorization key. The first cryptogram is encrypted by a first authorization key pertaining to a first security module and the second cryptogram is encrypted by a second authorization key pertaining to a group of security modules whose first security module is excluded.Type: ApplicationFiled: April 23, 2004Publication date: October 27, 2005Inventors: Rached Ksontini, Henri Kudelski, Cedric Groux