WO2000062505A1 - Digital home network and method for creating and updating such a network - Google Patents

Digital home network and method for creating and updating such a network Download PDF

Info

Publication number
WO2000062505A1
WO2000062505A1 PCT/EP2000/002918 EP0002918W WO0062505A1 WO 2000062505 A1 WO2000062505 A1 WO 2000062505A1 EP 0002918 W EP0002918 W EP 0002918W WO 0062505 A1 WO0062505 A1 WO 0062505A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
presentation device
state
local
digital
Prior art date
Application number
PCT/EP2000/002918
Other languages
French (fr)
Inventor
Florence Ques
Jean-Pierre Andreaux
Teddy Furon
Original Assignee
Thomson Licensing S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing S.A. filed Critical Thomson Licensing S.A.
Priority to AU36589/00A priority Critical patent/AU3658900A/en
Priority to DE60026495T priority patent/DE60026495T2/en
Priority to EP00915193A priority patent/EP1169831B1/en
Priority to US09/958,733 priority patent/US7305087B1/en
Priority to JP2000611462A priority patent/JP4621359B2/en
Publication of WO2000062505A1 publication Critical patent/WO2000062505A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2838Distribution of signals within a home automation network, e.g. involving splitting/multiplexing signals to/from different paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications

Definitions

  • the present invention relates generally to the field of local digital networks and more particularly to the field of digital home networks.
  • Such a network consists of a set of devices interlinked by a digital bus, for example a bus according to the IEEE 1394 standard. It comprises two main types of devices :
  • This second type of device has no link with the outside of the local network.
  • the access devices are for example digital decoders or set-top boxes receiving video programmes from outside the network, via a satellite antenna or via a cable connection, or else readers of optical disks broadcasting on the network, in digital form, data (audio and/or video) read from a disk (in this case the disk contains data originating from outside the network) .
  • the presentation devices are for example television receivers making it possible to view video programmes received from the network or, more generally, any type of apparatus capable of converting digital information received into an analogue signal so as to broadcast this signal to an end user.
  • a home network of the type mentioned hereinabove can also comprise a third type of device having no link with the outside of the network and having the function of recording the data flowing in the network.
  • apparatuses of this third type mention may in particular be made of digital video recorders or apparatuses capable of recording optical disks, of the DVD type (the abbreviation "DVD” standing for "Digital Versatile Disk”) .
  • an apparatus for recording optical disks can also be capable of reading commercial prerecorded disks and thus of belonging at the same time to the first and to the third categories of devices mentioned above. If one considers the viewpoint of the content providers who provide the data originating from outside the local network, especially providers of services broadcasting pay-televised programmes or else publishers of optical disks for example, it is necessary to prevent these transmitted data from being copied and from being able to flow easily (for example by being copied onto an optical disk or any other recording medium) from one local network to the other.
  • the invention proposes a local digital network, in particular a digital home network, comprising at least one access device, capable of receiving data originating from outside the network and of transmitting them at a point of the network; and at least one presentation device, adapted to receive data flowing in the network so as to present them at a point of the network; in which the data are adapted to flow only in encrypted form.
  • all the devices of the network use for the encryption and decryption of the data flowing in the network a single encryption key specific to the network: the local key of the network.
  • the invention meets the wishes of content providers and also of users.
  • the data are encrypted using a cryptographic system with public keys, also known as asymmetric cryptographic system.
  • the local key of the network is in this case formed by a pair of public and private keys: the local public key and the local private key of the network.
  • only the presentation devices connected to the network know the local private key.
  • a single presentation device of the network is authorized to transmit the local private key to a new presentation device apt to be connected to the network.
  • This device will subsequently be referred to as the genitor of the network.
  • this genitor is removed from the local network, especially to create a pirate local network possessing the same local key as the initial local network, the latter will no longer be able to alter since no device of the initial network will any longer be capable of transmitting the local private key of the network to a new presentation device apt to be connected to the initial local network.
  • a presentation device can be in only one of the following states: i) a first state, the virgin state, when the presentation device is connected for the first time to the network; ii) a second state, the genitor state, in which the presentation device is authorized to transmit the local private key of the network to any new presentation device apt to be connected to the network; iii) a third state, the sterile state, in which the presentation device is no longer authorized to transmit the local private key of the network to any new presentation device apt to be connected to the said network.
  • a presentation device can change state only so as to pass to a state of higher rank, that is to say from the virgin state to the genitor state or from the genitor state to the sterile state, or else from the virgin state to the sterile state.
  • a single presentation device of the network is in the second state, the genitor state: the genitor of the net-work.
  • the genitor of the network is the presentation device which was connected last to the network.
  • the invention also relates to a presentation device adapted to be connected to a digital network such as described hereinabove and which, at a given instant, can be in only one of the states which were mentioned above, namely: the virgin state, the genitor state or the sterile state, the said presentation device being adapted to change state only so as to go to a state of higher rank.
  • the presentation device when the presentation device is in the virgin state, it possesses its own pair of public and private keys and it is authorized to receive the pair of local keys of a network to which it is apt to be connected so as to store them instead of its own pair of keys.
  • the presentation device when the presentation device is in the sterile state, it is no longer authorized to receive the pair of local keys of a network to which it is apt to be connected.
  • the presentation device comprises a means for storing the state which sai ⁇ presentation device occupies, this storage means being integrated into a smart card.
  • the pair of local keys of the network is contained in a smart card with which said device is furnished.
  • the invention also relates to a process for creating and for updating a network such as hereinabove, which will be described subsequently.
  • FIG. 1 represents a local digital network according to the invention
  • Figure 2 illustrates a process for creating a digital network such as that of Figure 1;
  • FIG. 3 illustrates a process for connecting a new presentation device to a local digital network created according to the process of Figure 2 for example.
  • FIG. 1 Represented in Figure 1 is a digital home network comprising an access device 1, two presentation devices 2 and 3 as well as a digital video recorder 4, commonly referred to as a DVCR (the abbreviation DVCR standing for "Digital Video Cassette Recorder”) .
  • the assembly of devices 1, 2, 3 and 4 is connected to a domestic digital bus B which is for example a bus according to the IEEE 1394 standard.
  • the access device 1 comprises a digital decoder 10 equipped with a smart card reader furnished with a smart card 11.
  • This digital decoder 10 is connected, either to a satellite antenna, or to a cable network, so as . to receive video programmes distributed by a service provider. These programmes are received in a stream F of data for example in the MPEG-2 format. In a manner known per se, they are transmitted in scrambled form, the content being scrambled by control words CW. These control words are themselves transmitted, in the data stream F, in a form encrypted using a key K according to a given enciphering algorithm in such a way as to remain secret during transmission.
  • the provider supplies the authorized users with the key K serving to decrypt the control words CW.
  • authorization to receive the programmes is only temporary, so long as the user pays his subscription.
  • the key K is therefore modified regularly by the service provider.
  • the user will nevertheless be able to record programmes transmitted while he is subscribing and to replay them as often as he wishes on his own network, even if he is no longer a subscriber.
  • the data are recorded in scrambled form, it will only be possible to replay them on the network of the user who recorded them.
  • the data stream F comprises a succession of video data packets, of audio data packets and of management data packets.
  • the management data packets comprise in particular control messages denoted ECM (the abbreviation "ECM” standing for "Entitlement Control Message”) in which are transmitted, in a form encrypted using a key K, the control words CW which served to scramble the data transmitted in the video and audio data packets .
  • This data stream F is transmitted to the smart card 11 so as to be processed therein. It is received by a demultiplexer circuit (DEMUX) 12, which circuit transmits, on the one hand to an access control circuit
  • DEMUX demultiplexer circuit
  • CA the ECMs and, on the other hand, to a multiplexing circuit (MUX) 15 the packets, denoted DE, of scrambled video and audio data.
  • the circuit CA contains the key K and can thus decrypt the control words CW which are contained in the ECMs.
  • the circuit CA transmits these control words CW to a converter circuit 14 which contains, according to the invention, the local public key of the network K PUB . LOC -
  • the converter 14 uses the key K PUB . LOC to encrypt the control words CW and transmits these control words, encrypted using the local public key, to the multiplexing circuit 15 in control messages denoted LECM.
  • These messages LECM have the same function as the messages ECM received in the initial data stream F, namely of transmitting the control words CW, but in the messages LECM, the control words CW are encrypted therein using the local public key K POB . LOC instead of being encrypted using the key K of the service provider.
  • the multiplexing circuit 15 then transmits the data packets DE and the converted control messages LECM in a data stream F' which is received by the decoder 10. It is this data stream F' which will then flow around the domestic bus B so as to be received, either by one of the presentation devices 2 or 3, or by the digital video recorder 4 so as to be recorded.
  • the data therefore always flow in encrypted form in the bus B, and only the apparatus containing the private local key Kp R ⁇ .
  • LO c of the network are capable of decrypting the control words CW and hence of decrypting the data DE . This therefore prevents the broadcasting to other local networks of any copy made in the domestic network of Figure 1.
  • the circuits 12 to 15 are integrated into the smart card 11 but in a variant embodiment, it is possible to place the circuits DEMUX and MUX in the decoder 10, only the circuits 13 and 14 remaining integrated into the smart card. Specifically, since the circuit CA 13 and the converter 14 contain decryption and encryption keys, they must be integrated into a secure medium such as a smart card.
  • the presentation device 2 comprises a digital television receiver (DTVl) 20 equipped with a smart card reader furnished with a smart card 21.
  • the receiver 20 receives the data stream F' originating, either from the decoder 10, or from the digital video recorder 4, through the bus B.
  • the data stream F' is transmitted to the smart card 21. It is received by a demultiplexer circuit (DEMUX) 22, which transmits, on the one hand the scrambled video and audio data packets DE to a descrambling circuit (DES.) 24, and on the other hand the converted control messages LECM to a terminal module 23.
  • the terminal module contains the pair of public (K PUB . LOC ) and private (K PR ⁇ . LO c) keys of the network.
  • control messages LECM contain the control words CW which have been encrypted using the local public key K PUB . LOC of the network
  • the terminal module can decrypt these control words using the local private key K PR ⁇ . LO c so as to obtain the control words CW in clear.
  • These control words CW are then transmitted to the descrambling circuit 24 which uses them to descramble the data packets DE and to output clear data packets DC to the television receiver 20.
  • the interface I between said smart card and the card reader of the receiver 20 is for example made secure according to the American NRSS standard (NRSS being the acronym for National Renewable Security Standard) for securing smart cards .
  • NRSS National Renewable Security Standard
  • the second presentation device 3 comprising a digital television receiver (DTV2) 30 equipped with a smart card reader furnished with a smart card 31 operates in exactly the same way as the presentation device 2 and will not be described further.
  • DTV2 digital television receiver
  • the data stream F originating from a content provider is transformed by the access device which receives it into a data stream F 1 by virtue of the local public key of the network K PU B.LOC-
  • This data stream F' thus contains data having a format specific to the local network, which data cannot be decrypted other than by the presentation devices of the local network which all contain the local private key of the network.
  • the network is created by connecting the access device 1 and the presentation device 2 by way of the digital bus B.
  • the various steps of the process for creating the network have been represented along a time axis t which is doubled up in such a way as to illustrate the exchanges which take place between the two devices.
  • the presentation device contains a pair of public K PUB2 and private K PR ⁇ 2 keys and is, according to the invention, in the virgin state.
  • the state of the device is stored preferably by a state indicator IE which is a 2-bit register located in the terminal module 23 ( Figure 1) of the presentation device.
  • a state indicator IE is a 2-bit register located in the terminal module 23 ( Figure 1) of the presentation device.
  • the state indicator IE is contained in an integrated circuit in a smart card so as to guarantee that it is tamper-proof.
  • any presentation device which is manufactured according to the invention routinely comprises a pair of public and private keys, this pair of keys being unique and different from one device to another, so as to guarantee the fact that each local network created according to the invention also possesses a unique pair of keys.
  • all the pairs of private/public keys used are certified according to a method known to the person skilled in the art.
  • the access devices are manufactured and sold without containing any encryption/decryption key. They nevertheless preferably contain a converter circuit (contained in a smart card) according to the invention and such as described previously in conjunction with Figure 1, which is capable of storing a local kev of a network to which they are apt to be connected.
  • a converter circuit contained in a smart card according to the invention and such as described previously in conjunction with Figure 1, which is capable of storing a local kev of a network to which they are apt to be connected.
  • step 101 of the process consists, for the presentation device 2, in dispatching over the bus B its public key K PUB2 destined for all the access devices apt to be connected to the bus
  • step 103 the access device 1 dispatches over the bus B a change of state signal destined for the presentation device 2.
  • This step has the objective of indicating to the presentation device 2 that it is the first to be connected to the network and that it must therefore become the genitor of the network, that is to say the only presentation device authorized to transmit its private key K PRI2 (which becomes the local private key of the network K PRI . L oc) to any new presentation device apt to be connected to the network.
  • LOC equal to the initial public key K PU B 2 of the presentation device 2 which is known to both devices of the network, and a unique local private key K PR ⁇ .
  • L oc which is known only to the presentation device 2.
  • the network also comprises, in accordance with the invention, a genitor presentation device which is capable of altering it by allowing the connection of new presentation devices.
  • the second step 201 consists, for the presentation device 3, in dispatching over the bus B its public key K PUB3 destined for all the access devices apt to be connected to the bus B, in this instance the access device 1.
  • This step is the same as step 101 ( Figure 2) of the creation process.
  • Step 202 consists, for the access device 1, in receiving the public key K PUB3 and in verifying whether it already contains a public key or not (VERIF. PRESENCE
  • the next step 203 consists, for the access device 1, in dispatching the local public key K PUB . L oc over the bus B destined for the new presentation device 3.
  • the presentation device 3 receives the local public key K PUB .L OC and stores it, preferably in its terminal module.
  • the next step 205 consists, for the presentation device 3, in dispatching a signal over the bus B, addressed to all the presentation devices of the network, in the form of a message (GENITOR?) requesting the genitor device of the network to respond to it.
  • Step 207 then consists, for the presentation device 2, in dispatching the local private key of the network in encrypted form (E (Kp R ⁇ . L0C ) ) which can be decrypted by the presentation device 3.
  • this secure transmission of the local private key between the presentation devices 2 and 3 can be performed using the initial public key K PUB3 of the presentation device 3 to encrypt the local private key, the presentation device 3 being capable of decrypting this message using its private key K PR ⁇ .3 .
  • the key K PU B 3 is for example transmitted to the presentation device 2 during step 205.
  • the presentation device 3 receives and decrypts the local private key and stores it, preferably in its terminal module, integrated into the smart card 31 ( Figure 1) .
  • Step 209 consists, for the presentation device 3, in dispatching a signal acknowledging receipt of the local private key (ACKNOWLEDGE-RECEIPT (Kp RI . LO c) ) over the bus B destined for the presentation device 2.
  • ACKNOWLEDGE-RECEIPT Kp RI . LO c
  • the presentation device 2 Since the presentation device 2 is henceforth in the sterile state, it is no longer authorized to transmit the local public key of the network to another presentation device. This makes it possible to prevent this device 2 from being removed from the network so as to create another pirate local network possessing the same pair of local keys as the network just described.

Abstract

The local digital network comprises: access devices (1), for receiving data originating from outside the network and transmitting them at a point of the network; and presentation devices (2, 3) for receiving the data flowing in the network and presenting them at a point of the network. The data flow in the network in encrypted form and all the devices of the network use a single key, the local key of the network, for the encryption and decryption of the data. Preferably, the local key of the network is formed by a pair of public and private keys. The purpose of this network is to make it possible to copy data in the local network whilst preventing pirate copies destined for other local networks.

Description

DIGITAL HOME NETWORK AND METHOD FOR CREATING AND UPDATING SUCH A NETWORK
The present invention relates generally to the field of local digital networks and more particularly to the field of digital home networks.
Such a network consists of a set of devices interlinked by a digital bus, for example a bus according to the IEEE 1394 standard. It comprises two main types of devices :
- access devices capable of receiving data originating from outside the local network and of transmitting them at a point of the network to which the devices are connected, and
- presentation devices, adapted to receive the data flowing in the network so as to present them at another point of the network to which these devices are connected. This second type of device has no link with the outside of the local network.
Thus, if one takes the example of a digital home network intended for conveying audio and/or video data into various rooms of a house, the access devices are for example digital decoders or set-top boxes receiving video programmes from outside the network, via a satellite antenna or via a cable connection, or else readers of optical disks broadcasting on the network, in digital form, data (audio and/or video) read from a disk (in this case the disk contains data originating from outside the network) . The presentation devices are for example television receivers making it possible to view video programmes received from the network or, more generally, any type of apparatus capable of converting digital information received into an analogue signal so as to broadcast this signal to an end user.
A home network of the type mentioned hereinabove can also comprise a third type of device having no link with the outside of the network and having the function of recording the data flowing in the network. By way of example of apparatuses of this third type, mention may in particular be made of digital video recorders or apparatuses capable of recording optical disks, of the DVD type (the abbreviation "DVD" standing for "Digital Versatile Disk") .
It should be noted that one and the same apparatus can belong to two, or even three different categories of devices mentioned hereinabove. For example, an apparatus for recording optical disks can also be capable of reading commercial prerecorded disks and thus of belonging at the same time to the first and to the third categories of devices mentioned above. If one considers the viewpoint of the content providers who provide the data originating from outside the local network, especially providers of services broadcasting pay-televised programmes or else publishers of optical disks for example, it is necessary to prevent these transmitted data from being copied and from being able to flow easily (for example by being copied onto an optical disk or any other recording medium) from one local network to the other.
To do this, it is known practice to transmit the data in secret form by encrypting them with the aid of cryptography algorithms using keys which are known beforehand to the devices authorized to receive these data or else which are exchanged according to particular secure protocols between the content provider and these devices.
If one now considers the viewpoint of a user who possesses a digital home network, it is desirable for these data to be able to be transmitted to all the other devices of the network when one of the devices of the network is authorized to receive data from a content provider. Thus, a user who is a subscriber to a pay- television service and receives programmes (transmitted in encrypted form) on a set-top box located in his lounge (authorized to decrypt them) , will wish to be able to watch these programmes for example on a television located in his bedroom. Moreover, the user is interested in recording programmes received and in being able subsequently to view them on several devices of the network even when he no longer subscribes to the pay- television service.
To take into account the wishes of content providers and also of users, it is an object of the invention to provide a means such that data received by a local digital network can flow freely between the various devices of the network whilst preventing them from flowing from one local network to another. To this end, the invention proposes a local digital network, in particular a digital home network, comprising at least one access device, capable of receiving data originating from outside the network and of transmitting them at a point of the network; and at least one presentation device, adapted to receive data flowing in the network so as to present them at a point of the network; in which the data are adapted to flow only in encrypted form. According to the invention, all the devices of the network use for the encryption and decryption of the data flowing in the network a single encryption key specific to the network: the local key of the network.
Since each local network possesses its own local key which is different from that of the other local networks, any information which enters the said network will be readable equally by all the devices of the network but will not be copiable for being read onto another local network. More exactly, the information will be copiable, in its encrypted form, but it will not be possible to replay it in a local network different from that to which it was copied. Thus, the invention meets the wishes of content providers and also of users. According to a preferred aspect cf the invention, the data are encrypted using a cryptographic system with public keys, also known as asymmetric cryptographic system. The local key of the network is in this case formed by a pair of public and private keys: the local public key and the local private key of the network.
Preferably, only the presentation devices connected to the network know the local private key.
According to a particular embodiment, at a given instant, a single presentation device of the network is authorized to transmit the local private key to a new presentation device apt to be connected to the network.
This device will subsequently be referred to as the genitor of the network. Thus, if this genitor is removed from the local network, especially to create a pirate local network possessing the same local key as the initial local network, the latter will no longer be able to alter since no device of the initial network will any longer be capable of transmitting the local private key of the network to a new presentation device apt to be connected to the initial local network.
According to another aspect of the invention, at a given instant, a presentation device can be in only one of the following states: i) a first state, the virgin state, when the presentation device is connected for the first time to the network; ii) a second state, the genitor state, in which the presentation device is authorized to transmit the local private key of the network to any new presentation device apt to be connected to the network; iii) a third state, the sterile state, in which the presentation device is no longer authorized to transmit the local private key of the network to any new presentation device apt to be connected to the said network. A presentation device can change state only so as to pass to a state of higher rank, that is to say from the virgin state to the genitor state or from the genitor state to the sterile state, or else from the virgin state to the sterile state.
According to a preferred aspect of the invention, a single presentation device of the network is in the second state, the genitor state: the genitor of the net-work. According to a particular embodiment, at a given instant, the genitor of the network is the presentation device which was connected last to the network.
Thus, the title of "genitor" of the network is transmitted to each new apparatus connected to the local network. This prevents a pirate from being able, starting from a single genitor presentation device, to create in series local networks all having the same local keys.
The invention also relates to a presentation device adapted to be connected to a digital network such as described hereinabove and which, at a given instant, can be in only one of the states which were mentioned above, namely: the virgin state, the genitor state or the sterile state, the said presentation device being adapted to change state only so as to go to a state of higher rank.
According to one aspect of the invention, when the presentation device is in the virgin state, it possesses its own pair of public and private keys and it is authorized to receive the pair of local keys of a network to which it is apt to be connected so as to store them instead of its own pair of keys.
According to another aspect of the invention, when the presentation device is in the sterile state, it is no longer authorized to receive the pair of local keys of a network to which it is apt to be connected.
According to another aspect of the invention, the presentation device comprises a means for storing the state which saiα presentation device occupies, this storage means being integrated into a smart card.
According to yet another aspect of the invention, the pair of local keys of the network is contained in a smart card with which said device is furnished.
The invention also relates to a process for creating and for updating a network such as hereinabove, which will be described subsequently.
Other characteristics and advantages of the invention will become apparent on reading the following description of a particular, nonlimiting embodiment of the invention, given with reference to the appended drawings in which:
- Figure 1 represents a local digital network according to the invention;
- Figure 2 illustrates a process for creating a digital network such as that of Figure 1; and
- Figure 3 illustrates a process for connecting a new presentation device to a local digital network created according to the process of Figure 2 for example.
In the figures, only the elements which are vital to the understanding of the invention and of the particular embodiment which will be described have been represented. Represented in Figure 1 is a digital home network comprising an access device 1, two presentation devices 2 and 3 as well as a digital video recorder 4, commonly referred to as a DVCR (the abbreviation DVCR standing for "Digital Video Cassette Recorder") . The assembly of devices 1, 2, 3 and 4 is connected to a domestic digital bus B which is for example a bus according to the IEEE 1394 standard.
The access device 1 comprises a digital decoder 10 equipped with a smart card reader furnished with a smart card 11. This digital decoder 10 is connected, either to a satellite antenna, or to a cable network, so as . to receive video programmes distributed by a service provider. These programmes are received in a stream F of data for example in the MPEG-2 format. In a manner known per se, they are transmitted in scrambled form, the content being scrambled by control words CW. These control words are themselves transmitted, in the data stream F, in a form encrypted using a key K according to a given enciphering algorithm in such a way as to remain secret during transmission.
Thus, only the users authorized by the service provider are empowered to descramble the data transmitted (against payment of a subscription for example) . To do this, the provider supplies the authorized users with the key K serving to decrypt the control words CW. Very often, authorization to receive the programmes is only temporary, so long as the user pays his subscription. The key K is therefore modified regularly by the service provider.
By virtue of the invention, and as will be seen hereinbelow, the user will nevertheless be able to record programmes transmitted while he is subscribing and to replay them as often as he wishes on his own network, even if he is no longer a subscriber. On the other hand, since the data are recorded in scrambled form, it will only be possible to replay them on the network of the user who recorded them.
In Figure 1, the network is represented in the state which it occupies when all the apparatuses have been connected according to the processes which will be described subsequently in conjunction with Figures 2 and 3.
We shall now describe how the data which are transmitted in the stream F received by the decoder 10 are processed. As is known to the person skilled in the art, in the case of data transmitted according to the MPEG-2 format, the data stream F comprises a succession of video data packets, of audio data packets and of management data packets. The management data packets comprise in particular control messages denoted ECM (the abbreviation "ECM" standing for "Entitlement Control Message") in which are transmitted, in a form encrypted using a key K, the control words CW which served to scramble the data transmitted in the video and audio data packets .
This data stream F is transmitted to the smart card 11 so as to be processed therein. It is received by a demultiplexer circuit (DEMUX) 12, which circuit transmits, on the one hand to an access control circuit
(CA) 13 the ECMs and, on the other hand, to a multiplexing circuit (MUX) 15 the packets, denoted DE, of scrambled video and audio data. The circuit CA contains the key K and can thus decrypt the control words CW which are contained in the ECMs. The circuit CA transmits these control words CW to a converter circuit 14 which contains, according to the invention, the local public key of the network KPUB.LOC- The converter 14 uses the key KPUB.LOC to encrypt the control words CW and transmits these control words, encrypted using the local public key, to the multiplexing circuit 15 in control messages denoted LECM. These messages LECM have the same function as the messages ECM received in the initial data stream F, namely of transmitting the control words CW, but in the messages LECM, the control words CW are encrypted therein using the local public key KPOB.LOC instead of being encrypted using the key K of the service provider.
The multiplexing circuit 15 then transmits the data packets DE and the converted control messages LECM in a data stream F' which is received by the decoder 10. It is this data stream F' which will then flow around the domestic bus B so as to be received, either by one of the presentation devices 2 or 3, or by the digital video recorder 4 so as to be recorded. According to the invention, the data therefore always flow in encrypted form in the bus B, and only the apparatus containing the private local key KpRι.LOc of the network are capable of decrypting the control words CW and hence of decrypting the data DE . This therefore prevents the broadcasting to other local networks of any copy made in the domestic network of Figure 1. In the example of Figure 1, the circuits 12 to 15 are integrated into the smart card 11 but in a variant embodiment, it is possible to place the circuits DEMUX and MUX in the decoder 10, only the circuits 13 and 14 remaining integrated into the smart card. Specifically, since the circuit CA 13 and the converter 14 contain decryption and encryption keys, they must be integrated into a secure medium such as a smart card.
The presentation device 2 comprises a digital television receiver (DTVl) 20 equipped with a smart card reader furnished with a smart card 21. The receiver 20 receives the data stream F' originating, either from the decoder 10, or from the digital video recorder 4, through the bus B. The data stream F' is transmitted to the smart card 21. It is received by a demultiplexer circuit (DEMUX) 22, which transmits, on the one hand the scrambled video and audio data packets DE to a descrambling circuit (DES.) 24, and on the other hand the converted control messages LECM to a terminal module 23. The terminal module contains the pair of public (KPUB.LOC) and private (KPRι.LOc) keys of the network. Since the control messages LECM contain the control words CW which have been encrypted using the local public key KPUB.LOC of the network, the terminal module can decrypt these control words using the local private key KPRι.LOc so as to obtain the control words CW in clear. These control words CW are then transmitted to the descrambling circuit 24 which uses them to descramble the data packets DE and to output clear data packets DC to the television receiver 20. In order to secure the transmission lastly of the clear data DC between the smart card 21 and the display circuits of the television receiver 20, the interface I between said smart card and the card reader of the receiver 20 is for example made secure according to the American NRSS standard (NRSS being the acronym for National Renewable Security Standard) for securing smart cards .
The second presentation device 3, comprising a digital television receiver (DTV2) 30 equipped with a smart card reader furnished with a smart card 31 operates in exactly the same way as the presentation device 2 and will not be described further.
By virtue of the local digital network just described, the data stream F originating from a content provider is transformed by the access device which receives it into a data stream F1 by virtue of the local public key of the network KPUB.LOC- This data stream F' thus contains data having a format specific to the local network, which data cannot be decrypted other than by the presentation devices of the local network which all contain the local private key of the network. We shall now describe how the local digital network of Figure 1 is created and how the connecting of new apparatuses to the said network is managed so as to guarantee that all the apparatuses of the network all share the unique local pair of keys of the network. In Figure 2, the process for creating the digital network represented in Figure 1 is illustrated diagrammatically.
To create a digital network according to the invention, it is necessary to connect together an access device and a presentation device.
In Figure 2, it is assumed that at the outset the network is created by connecting the access device 1 and the presentation device 2 by way of the digital bus B. The various steps of the process for creating the network have been represented along a time axis t which is doubled up in such a way as to illustrate the exchanges which take place between the two devices. In the first step 100 c: the process, when the two devices are connected together, the presentation device contains a pair of public KPUB2 and private KPRι2 keys and is, according to the invention, in the virgin state.
The state of the device is stored preferably by a state indicator IE which is a 2-bit register located in the terminal module 23 (Figure 1) of the presentation device. By convention, it is assumed that when the device is in the virgin state, the state indicator IE is equal to 00; when the device is in the genitor state, IE = 01 and when the device is in the sterile state, IE = 10.
The state indicator IE is contained in an integrated circuit in a smart card so as to guarantee that it is tamper-proof.
When a presentation device is sold by a manufacturer, it must be able to be connected to any existing local digital network, of the type of the invention. It must also be capable of being connected to an access device so as to create a new network. This is why any presentation device which is manufactured according to the invention routinely comprises a pair of public and private keys, this pair of keys being unique and different from one device to another, so as to guarantee the fact that each local network created according to the invention also possesses a unique pair of keys. Moreover, to guarantee the security of the exchanges, all the pairs of private/public keys used are certified according to a method known to the person skilled in the art.
The access devices, on the other hand, are manufactured and sold without containing any encryption/decryption key. They nevertheless preferably contain a converter circuit (contained in a smart card) according to the invention and such as described previously in conjunction with Figure 1, which is capable of storing a local kev of a network to which they are apt to be connected.
Referring again to Figure 2, step 101 of the process consists, for the presentation device 2, in dispatching over the bus B its public key KPUB2 destined for all the access devices apt to be connected to the bus
B, in this instance the access device 1.
Step 102 consists, for the access device 1, in receiving the public key KPUB2 and in storing it as the new local public key of the network (KPUB.LOC = KPUB2) •
In step 103, the access device 1 dispatches over the bus B a change of state signal destined for the presentation device 2. This step has the objective of indicating to the presentation device 2 that it is the first to be connected to the network and that it must therefore become the genitor of the network, that is to say the only presentation device authorized to transmit its private key KPRI2 (which becomes the local private key of the network KPRI.Loc) to any new presentation device apt to be connected to the network.
Step 104 therefore consists, for the presentation device 2, in receiving the change of state signal and modifying its state indicator so as to pass to the genitor state (IE = 01). At the end of the process, one therefore has a local digital network in accordance with the invention which comprises a unique local public key KPUB.LOC (equal to the initial public key KPUB2 of the presentation device 2) which is known to both devices of the network, and a unique local private key KPRι.Loc which is known only to the presentation device 2. The network also comprises, in accordance with the invention, a genitor presentation device which is capable of altering it by allowing the connection of new presentation devices. The process for connecting a new presentation device, in this instance the presentation device 3, to the network created in accordance with the process of Figure 2, will now be described in conjunction with Figure 3.
In the first step 200, 200' 200" of the process, which consists in connecting the presentation device 3 to the existing local network by way of the digital bus B, the presentation device 3 contains its own pair of public KPUB3 and private KPRT.3 keys and it is in the virgin state (IE = 00) . The access device 1 and presentation device 2 are respectively in the same state as at the end of the process of Figure 2, that is to say the access device 1 contains the local public key of the network KPUB.LOC and the presentation device is the genitor of the network (IE = 01) and contains the pair of local keys (KPUB.LOC? KPRI.LOC) of the network. The second step 201 consists, for the presentation device 3, in dispatching over the bus B its public key KPUB3 destined for all the access devices apt to be connected to the bus B, in this instance the access device 1. This step is the same as step 101 (Figure 2) of the creation process.
Step 202 consists, for the access device 1, in receiving the public key KPUB3 and in verifying whether it already contains a public key or not (VERIF. PRESENCE
In the event of a positive verification, this being the case in this instance, the next step 203 consists, for the access device 1, in dispatching the local public key KPUB.Loc over the bus B destined for the new presentation device 3. In step 204, the presentation device 3 receives the local public key KPUB.LOC and stores it, preferably in its terminal module.
The next step 205 consists, for the presentation device 3, in dispatching a signal over the bus B, addressed to all the presentation devices of the network, in the form of a message (GENITOR?) requesting the genitor device of the network to respond to it. In step 206, the genitor device of the network, in this instance the presentation device 2, receives this message and, once the communication has been established in a dependable manner between the presentation devices 2 and 3, it changes state so as to pass to the sterile state (IE = 10) .
Step 207 then consists, for the presentation device 2, in dispatching the local private key of the network in encrypted form (E (KpRι.L0C) ) which can be decrypted by the presentation device 3. In particular, this secure transmission of the local private key between the presentation devices 2 and 3 can be performed using the initial public key KPUB3 of the presentation device 3 to encrypt the local private key, the presentation device 3 being capable of decrypting this message using its private key KPRτ.3. The key KPUB3 is for example transmitted to the presentation device 2 during step 205.
In step 208, the presentation device 3 receives and decrypts the local private key and stores it, preferably in its terminal module, integrated into the smart card 31 (Figure 1) .
Step 209 consists, for the presentation device 3, in dispatching a signal acknowledging receipt of the local private key (ACKNOWLEDGE-RECEIPT (KpRI.LOc) ) over the bus B destined for the presentation device 2.
In step 210, the presentation device 2 receives this acknowledgement of receipt signal and dispatches, in response, a change of state signal to the new presentation device 3 and in step 211, the presentation device 3 receives this signal and changes state so as to become the new genitor of the network (IE = 01) .
Since the presentation device 2 is henceforth in the sterile state, it is no longer authorized to transmit the local public key of the network to another presentation device. This makes it possible to prevent this device 2 from being removed from the network so as to create another pirate local network possessing the same pair of local keys as the network just described.
At the end of the process, there are therefore two presentation devices 2 and 3 and one access device 1 which are connected to the local network. They all share the local key pair of the network KPϋB.Locr KPRI.LOc- There is always a unique genitor in the network which is the presentation device which was connected last to the network. The connecting of a new access device to the local network is for its part much simpler since any access device in accordance with the invention is sold without containing a key. It is in particular possible to envisage that when a new access device is plugged into the network, it dispatches a message over the bus B requesting to receive the public key of the network. It is then possible to make provision for either the first network device which receives this message, or only the genitor device, to dispatch, in response to this message, the public key of the network to the new access device.

Claims

1. Local digital network, in particular digital home network, comprising: - at least one access device (1), capable of receiving data originating from outside said network and of transmitting them at a point of said network; and
- at least one presentation device (2, 3) , adapted to receive data flowing in the network so as to present them at a point of the network; in which the data are adapted to flow only in encrypted form, characterized in that all the devices of said network use for the encryption and decryption of the data flowing in the network a single encryption key specific to the network: the local key (KPαB.L0C, KPRI.L0C) of the network.
2. Digital network according to Claim 1, in which the data are encrypted using a public keys cryptographic system, characterized in that said local key of the network is formed by a pair of public and private keys: the local public key (KPUB.LOC) and the local private key (KPRI.Loc) of the network.
3. Digital network according to Claim 2, characterized in that only the presentation devices (2, 3) connected to the said network contain the local private key (KPRI.L0C) •
4. Digital network according to Claim 3, characterized in that at a given instant, a single presentation device of the network is authorized to transmit the local private key (KPRI.Oc) to a new presentation device apt to be connected to said network.
5. Digital network according to Claim 3, characterized in that at a given instant, a presentation device can be in only one of the following states: i) a first state, the virgin state (IE = 00) , when the presentation device is connected for the first time to said network; ii) a second stare, the genitor state (IE = 01), in which the presentation device is authorized to transmit the local private key of the network to any new presentation device apt to be connected to said network; ϋi) a third state, the sterile state (IE = 10) , in which the presentation device is no longer authorized to' transmit the local private key of the network to any new presentation device apt to be connected to the said network, a presentation device being adapted to change state only so as to pass to a state of higher rank.
6. Digital network according to Claim 5, characterized in that a single presentation device of the network is in the second state, the genitor state: the genitor of the network.
7. Digital network according to Claim 6, characterized in that at a given instant, the genitor of the network is the presentation device which was connected last to the said network.
8. Presentation device adapted to be connected to a digital network according to one of Claims 2 to 7, characterized in that at a given instant, said presentation device can be in only one of the following states : i) a first state, the virgin state (IE = 00) , when the presentation device is connected for the first time to a network; ii) a second state, the genitor state (IE = 01), in which the presentation device is authorized to transmit the local private key of the network to any new presentation device apt to be connected to said network; iii) a third state, the sterile state (IE = 10), in which the presentation device is no longer authorized to transmit the local private key of the network to any new presentation device apt to be connected to said network, said presentation device being adapted to change state only so as to pass to a state of higher rank.
9. Presentation device according to Claim 8, characterized in that when said presentation device is in the virgin state, it contains its own pair of public and private keys and it is authorized to receive the pair of local keys of a network to which it is apt to be connected so as to store them instead of its own pair of keys .
10. Presentation device according to one of Claims 8 or 9, characterized in that when said presentation device is in the sterile state, it is no longer authorized to receive the pair of local keys of a network to which it is apt to be connected.
11. Presentation device according to one of Claims 8 to 10, characterized in that it comprises a means (IE) for storing the state which said presentation device occupies, this storage means being integrated into a smart card (21, 31) .
12. Presentation device according to one of Claims 8 to 11, characterized in that the pair of local keys of the network is contained in a smart card (21, 31) with which said device is furnished.
13. Process for creating a local digital network according to one of Claims 5 to 7, characterized in that it comprises the steps consisting successively: a) in connecting together by way of a digital bus (B) an access device (1) and a presentation device (2) in the virgin state and containing a pair of public (KpUB2) and private (KPRϊ2) keys; b) for the presentation device (2) , in dispatching over said bus (B) its public key (KPUB2) ; c) for the access device (1) , in receiving said public key (KP0B2) , in storing it as a new local public key of the network (KPUB.LOC = KPUB2) and in dispatching over said bus a signal of change of state of the presentation device; d) for the presentation device (2), in receiving said change of state signal and in passing to the genitor state (IE = 01) .
14. Process for connecting a new presentation device (3) in the virgin state (IE = 00) and containing a pair of public (KPUB3) and private (KPRT.3) keys to a local digital network according to one of Claims 5 to 7, characterized in that it comprises the steps consisting successively: e) in connecting the new presentation device (3) to the said local network by way of a digital bus (B) ; f ) for the new presentation device (3) , in dispatching over said bus its public key (KPUB3) ; g) for at least one of the access devices (1) of said network, in receiving the public key (KPUB3) of the new presentation device, in verifying that said access device already contains a public key, the local public key (KPUB.LOc) of the network, and, in the event of a positive verification, in dispatching over the bus (B) the local public key of the network; h) for the new presentation device (3) , in receiving the local public key (Kpub,LOc) of the network, in storing it and in dispatching over said bus a signal, addressed to all the presentation devices of the network, requesting response from the presentation device in the genitor state; i) for the genitor presentation device of the network (2), in receiving said response request signal, in passing to the sterile state (IE = 10) , and in dispatching in response to the new presentation device (3) the local private key (KPRI.LOc) of the network in an encrypted form which can be decrypted by the new presentation device (3) ; j) for the new presentation device (3), in receiving said local private key (KPRι.Loc) of the network, in storing it and in dispatching an acknowledgement of receipt signal to the presentation device which was formerly the genitor of the network (2) ; k) for the presentation device which was formerly the genitor of the network (2), in receiving said acknowledgement of receipt signal and in dispatching to the new presentation device (3) a change of state signal;
1) for the new presentation device (3), in receiving said change of state signal and in passing to the genitor state (IE = 01) .
PCT/EP2000/002918 1999-04-13 2000-03-31 Digital home network and method for creating and updating such a network WO2000062505A1 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
AU36589/00A AU3658900A (en) 1999-04-13 2000-03-31 Digital home network and method for creating and updating such a network
DE60026495T DE60026495T2 (en) 1999-04-13 2000-03-31 Video device for connection to a local digital network for data reception
EP00915193A EP1169831B1 (en) 1999-04-13 2000-03-31 Presentation Device adapted to be connected to a local digital network for receiving data
US09/958,733 US7305087B1 (en) 1999-04-13 2000-03-31 Digital home network and method for creating and updating such a network
JP2000611462A JP4621359B2 (en) 1999-04-13 2000-03-31 Digital home network and method for creating and updating digital home network

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR9904767A FR2792482A1 (en) 1999-04-13 1999-04-13 LOCAL DIGITAL NETWORK, ESPECIALLY DOMESTIC DIGITAL NETWORK, AND METHOD FOR CREATING AND UPDATING SUCH A NETWORK
FR99/04767 1999-04-13

Publications (1)

Publication Number Publication Date
WO2000062505A1 true WO2000062505A1 (en) 2000-10-19

Family

ID=9544469

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/002918 WO2000062505A1 (en) 1999-04-13 2000-03-31 Digital home network and method for creating and updating such a network

Country Status (11)

Country Link
US (2) US7305087B1 (en)
EP (1) EP1169831B1 (en)
JP (1) JP4621359B2 (en)
CN (1) CN1166144C (en)
AT (1) ATE320133T1 (en)
AU (1) AU3658900A (en)
DE (1) DE60026495T2 (en)
ES (1) ES2260004T3 (en)
FR (1) FR2792482A1 (en)
TW (1) TW502513B (en)
WO (1) WO2000062505A1 (en)

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003019899A2 (en) * 2001-08-24 2003-03-06 Thomson Licensing S.A. Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
FR2836609A1 (en) * 2002-02-25 2003-08-29 Thomson Licensing Sa Data transfer process for domestic digital network includes decoding and encoding using secrets specific to transmitting and receiving domains
FR2836608A1 (en) * 2002-02-25 2003-08-29 Thomson Licensing Sa Encoded data transfer process uses decoding and encoding with secrets specific to sending and receiving domains
WO2003085929A1 (en) * 2002-04-05 2003-10-16 Matsushita Electric Industrial Co., Ltd. Content using system
WO2004004222A1 (en) * 2002-06-26 2004-01-08 Thomson Licensing S.A. Module for integration in a home network
WO2004059559A2 (en) * 2002-12-17 2004-07-15 Sony Pictures Entertainment Inc. System and method for home network content protection and copy management
WO2004100007A1 (en) * 2003-05-12 2004-11-18 Sony Corporation Inter-apparatus authentication system andinter-apparatus authentication method, communication device, and computer program
WO2005015419A1 (en) 2003-08-12 2005-02-17 Sony Corporation Communication processing apparatus, communication control method, and computer program
US6973576B2 (en) 2000-12-27 2005-12-06 Margent Development, Llc Digital content security system
US7305560B2 (en) 2000-12-27 2007-12-04 Proxense, Llc Digital content security system
US7472280B2 (en) 2000-12-27 2008-12-30 Proxense, Llc Digital rights management
CN100459699C (en) * 2002-12-17 2009-02-04 索尼电影娱乐公司 System and method for home network content protection and copy management
EP2028860A1 (en) * 2002-12-17 2009-02-25 Sony Pictures Entertainment Inc. Method and apparatus for access control in an overlapping multiserver network environment
US7883003B2 (en) 2006-11-13 2011-02-08 Proxense, Llc Tracking system using personal digital key groups
US7904718B2 (en) 2006-05-05 2011-03-08 Proxense, Llc Personal digital key differentiation for secure transactions
US7934263B2 (en) 2002-12-17 2011-04-26 Sony Pictures Entertainment Inc. License management in a media network environment
US8171528B1 (en) 2007-12-06 2012-05-01 Proxense, Llc Hybrid device having a personal digital key and receiver-decoder circuit and methods of use
US8352730B2 (en) 2004-12-20 2013-01-08 Proxense, Llc Biometric personal data key (PDK) authentication
US8677152B2 (en) 2001-09-21 2014-03-18 The Directv Group, Inc. Method and apparatus for encrypting media programs for later purchase and viewing
US8724808B2 (en) * 2000-08-04 2014-05-13 Thomson Licensing S.A. Method for secure distribution of digital data representing a multimedia content
US8782438B2 (en) 2000-07-21 2014-07-15 The Directv Group, Inc. Secure storage and replay of media programs using a hard-paired receiver and storage device
US9269221B2 (en) 2006-11-13 2016-02-23 John J. Gobbi Configuration of interfaces for a location detection system and application
US9613483B2 (en) 2000-12-27 2017-04-04 Proxense, Llc Personal digital key and receiver/decoder circuit system and method
US10769939B2 (en) 2007-11-09 2020-09-08 Proxense, Llc Proximity-sensor supporting multiple application services
US10909229B2 (en) 2013-05-10 2021-02-02 Proxense, Llc Secure element as a digital pocket
US10971251B1 (en) 2008-02-14 2021-04-06 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US11086979B1 (en) 2007-12-19 2021-08-10 Proxense, Llc Security system and method for controlling access to computing resources
US11095640B1 (en) 2010-03-15 2021-08-17 Proxense, Llc Proximity-based system for automatic application or data access and item tracking
US11113482B1 (en) 2011-02-21 2021-09-07 Proxense, Llc Implementation of a proximity-based system for object tracking and automatic application initialization
US11120449B2 (en) 2008-04-08 2021-09-14 Proxense, Llc Automated service-based order processing
US11206664B2 (en) 2006-01-06 2021-12-21 Proxense, Llc Wireless network synchronization of cells and client devices on a network
US11258791B2 (en) 2004-03-08 2022-02-22 Proxense, Llc Linked account system using personal digital key (PDK-LAS)
US11546325B2 (en) 2010-07-15 2023-01-03 Proxense, Llc Proximity-based system for object tracking
US11553481B2 (en) 2006-01-06 2023-01-10 Proxense, Llc Wireless network synchronization of cells and client devices on a network

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1656792A (en) * 2002-05-21 2005-08-17 皇家飞利浦电子股份有限公司 Conditional access system
EP1418750A1 (en) * 2002-11-11 2004-05-12 STMicroelectronics Limited Security integrated circuit
JP4547880B2 (en) * 2003-08-07 2010-09-22 ソニー株式会社 Information processing apparatus, information recording medium playback apparatus, content use control system and method, and computer program
US7580523B2 (en) * 2004-01-16 2009-08-25 The Directv Group, Inc. Distribution of video content using client to host pairing of integrated receivers/decoders
US7548624B2 (en) * 2004-01-16 2009-06-16 The Directv Group, Inc. Distribution of broadcast content for remote decryption and viewing
EP1800200B1 (en) * 2004-10-08 2015-12-23 Koninklijke Philips N.V. User based content key encryption for a drm system
FR2881596A1 (en) * 2005-01-28 2006-08-04 Thomson Licensing Sa METHOD FOR PROTECTING AUDIO AND / OR VIDEO DIGITAL CONTENTS AND ELECTRONIC DEVICES USING THE SAME
JP4760101B2 (en) * 2005-04-07 2011-08-31 ソニー株式会社 Content providing system, content reproducing apparatus, program, and content reproducing method
US9325944B2 (en) 2005-08-11 2016-04-26 The Directv Group, Inc. Secure delivery of program content via a removable storage medium
US9277259B2 (en) 2006-10-13 2016-03-01 Syphermedia International, Inc. Method and apparatus for providing secure internet protocol media services
US8761393B2 (en) * 2006-10-13 2014-06-24 Syphermedia International, Inc. Method and apparatus for providing secure internet protocol media services
WO2015038831A1 (en) * 2013-09-12 2015-03-19 Arris Enterprises, Inc. Persistent household keys for in-home media content distribution
US9847975B2 (en) 2013-09-13 2017-12-19 Arris Enterprises Llc Method of provisioning persistent household keys for in-home media content distribution
US9979702B2 (en) 2013-09-12 2018-05-22 Arris Enterprises Llc Persistent household keys for in-home media content distribution
CN104239812A (en) * 2014-08-25 2014-12-24 福建伊时代信息科技股份有限公司 Local area network data safety protection method and system
US20160134604A1 (en) * 2014-11-12 2016-05-12 Smartlabs, Inc. Systems and methods to securely install network devices using installed network devices

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0382296A1 (en) * 1989-02-08 1990-08-16 Koninklijke Philips Electronics N.V. Public communication system comprising distributed stations, and station and sub-station for use in such a communication system
EP0679029A1 (en) * 1991-03-29 1995-10-25 Scientific-Atlanta, Inc. System for cooperating with a satellite transponder

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5870474A (en) * 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
JPH03214834A (en) * 1990-01-19 1991-09-20 Canon Inc Multi-medium network system
JPH04348438A (en) * 1991-02-21 1992-12-03 Hokkaido Nippon Denki Software Kk Using right control system
DE69330065T2 (en) * 1993-12-08 2001-08-09 Ibm Method and system for key distribution and authentication in a data transmission system
JP3383127B2 (en) * 1994-05-24 2003-03-04 ソニー株式会社 Communication method
EP0684721B1 (en) 1994-05-24 2000-05-03 Sony Corporation Data bus communication
US6026167A (en) * 1994-06-10 2000-02-15 Sun Microsystems, Inc. Method and apparatus for sending secure datagram multicasts
US5640453A (en) * 1994-08-11 1997-06-17 Stanford Telecommunications, Inc. Universal interactive set-top controller for downloading and playback of information and entertainment services
US5978481A (en) * 1994-08-16 1999-11-02 Intel Corporation Modem compatible method and apparatus for encrypting data that is transparent to software applications
US5740246A (en) * 1994-12-13 1998-04-14 Mitsubishi Corporation Crypt key system
US5642418A (en) * 1995-02-21 1997-06-24 Bell Atlantic Network Services, Inc. Satellite television system and method
US5742680A (en) * 1995-11-13 1998-04-21 E Star, Inc. Set top box for receiving and decryption and descrambling a plurality of satellite television signals
JP3688830B2 (en) * 1995-11-30 2005-08-31 株式会社東芝 Packet transfer method and packet processing apparatus
JPH09185501A (en) * 1995-12-28 1997-07-15 Matsushita Electric Ind Co Ltd Software execution control system
JPH1040154A (en) * 1996-07-25 1998-02-13 Meidensha Corp Exclusive control system for distributed database
JPH10178421A (en) * 1996-10-18 1998-06-30 Toshiba Corp Packet processor, mobile computer, packet transferring method and packet processing method
JP3796883B2 (en) * 1997-03-26 2006-07-12 ソニー株式会社 Receiving method and receiving apparatus
US6263437B1 (en) * 1998-02-19 2001-07-17 Openware Systems Inc Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks
EP1125182B1 (en) * 1998-10-07 2003-01-02 Adobe Systems Incorporated Distributing access to a data item
JP2002354557A (en) * 2001-05-29 2002-12-06 Fujitsu Ltd Control system of apparatus
US6980651B2 (en) * 2001-06-19 2005-12-27 Thomson Licensing Method for using an access card to create a secure sub-network on a public network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0382296A1 (en) * 1989-02-08 1990-08-16 Koninklijke Philips Electronics N.V. Public communication system comprising distributed stations, and station and sub-station for use in such a communication system
EP0679029A1 (en) * 1991-03-29 1995-10-25 Scientific-Atlanta, Inc. System for cooperating with a satellite transponder

Cited By (90)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8782438B2 (en) 2000-07-21 2014-07-15 The Directv Group, Inc. Secure storage and replay of media programs using a hard-paired receiver and storage device
US8724808B2 (en) * 2000-08-04 2014-05-13 Thomson Licensing S.A. Method for secure distribution of digital data representing a multimedia content
US10026253B2 (en) 2000-12-27 2018-07-17 Proxense, Llc Personal digital key and receiver/decoder circuit system and method
US9613483B2 (en) 2000-12-27 2017-04-04 Proxense, Llc Personal digital key and receiver/decoder circuit system and method
US7305560B2 (en) 2000-12-27 2007-12-04 Proxense, Llc Digital content security system
US7472280B2 (en) 2000-12-27 2008-12-30 Proxense, Llc Digital rights management
US6973576B2 (en) 2000-12-27 2005-12-06 Margent Development, Llc Digital content security system
WO2003019899A3 (en) * 2001-08-24 2003-11-27 Thomson Licensing Sa Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
WO2003019899A2 (en) * 2001-08-24 2003-03-06 Thomson Licensing S.A. Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
KR100977969B1 (en) 2001-08-24 2010-08-24 톰슨 라이센싱 Methods for transmitting and receiving data in a network
EP2824868A1 (en) * 2001-08-24 2015-01-14 Thomson Licensing Local digital network, methods of installing novel devices and methods for broadcasting and receiving data in such a network
CN100440884C (en) * 2001-08-24 2008-12-03 汤姆森许可贸易公司 Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
US9210137B2 (en) 2001-08-24 2015-12-08 Thomson Licensing Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
US8677152B2 (en) 2001-09-21 2014-03-18 The Directv Group, Inc. Method and apparatus for encrypting media programs for later purchase and viewing
US7529375B2 (en) 2002-02-25 2009-05-05 Thomson Licensing Method for processing encrypted data for first domain received in a network pertaining to a second domain
WO2003073760A1 (en) 2002-02-25 2003-09-04 Thomson Licensing S.A. Device for processing and method for transmission of encoded data for a first domain in a network pertaining to a second domain
WO2003073761A1 (en) * 2002-02-25 2003-09-04 Thomson Licensing S.A. Method for processing encoded data for a first domain received in a network pertaining to a second domain
CN1323554C (en) * 2002-02-25 2007-06-27 汤姆森许可贸易公司 Device for processing and method for transmission of encoded data for a first domain in a network pertaining to a second domain
FR2836609A1 (en) * 2002-02-25 2003-08-29 Thomson Licensing Sa Data transfer process for domestic digital network includes decoding and encoding using secrets specific to transmitting and receiving domains
CN100385941C (en) * 2002-02-25 2008-04-30 汤姆森许可贸易公司 Method for processing encoded data for a first domain received in a network pertaining to a second domain
KR100936458B1 (en) * 2002-02-25 2010-01-13 톰슨 라이센싱 Device for processing and method for transmitting data encrypted for a first domain in a network belonging to a second domain
FR2836608A1 (en) * 2002-02-25 2003-08-29 Thomson Licensing Sa Encoded data transfer process uses decoding and encoding with secrets specific to sending and receiving domains
US9258595B2 (en) 2002-02-25 2016-02-09 Thomson Licensing Device for processing and method for transmission of encoded data for a first domain in a network pertaining to a second domain
KR100927920B1 (en) * 2002-02-25 2009-11-19 톰슨 라이센싱 Method for processing encoded data for a first domain received in a network pertaining to a second domain
WO2003085929A1 (en) * 2002-04-05 2003-10-16 Matsushita Electric Industrial Co., Ltd. Content using system
US7194091B2 (en) 2002-04-05 2007-03-20 Matsushita Electric Industrial Co., Ltd. Content using system
WO2004004222A1 (en) * 2002-06-26 2004-01-08 Thomson Licensing S.A. Module for integration in a home network
US7203965B2 (en) 2002-12-17 2007-04-10 Sony Corporation System and method for home network content protection and copy management
EP2028860A1 (en) * 2002-12-17 2009-02-25 Sony Pictures Entertainment Inc. Method and apparatus for access control in an overlapping multiserver network environment
US7784100B2 (en) 2002-12-17 2010-08-24 Sony Corporation System and method for home network content protection and copy management
WO2004059559A3 (en) * 2002-12-17 2004-09-30 Sony Pictures Entertainment System and method for home network content protection and copy management
US9813756B2 (en) 2002-12-17 2017-11-07 Sony Corporation Media network environment
US8589546B2 (en) 2002-12-17 2013-11-19 Sony Corporation Network management in a media network environment
CN100459699C (en) * 2002-12-17 2009-02-04 索尼电影娱乐公司 System and method for home network content protection and copy management
US7934263B2 (en) 2002-12-17 2011-04-26 Sony Pictures Entertainment Inc. License management in a media network environment
US8011015B2 (en) 2002-12-17 2011-08-30 Sony Corporation Content access in a media network environment
WO2004059559A2 (en) * 2002-12-17 2004-07-15 Sony Pictures Entertainment Inc. System and method for home network content protection and copy management
EP2290976A3 (en) * 2002-12-17 2012-05-23 Sony Pictures Entertainment Inc. Method and apparatus for access control in an overlapping multiserver network environment
US8230084B2 (en) 2002-12-17 2012-07-24 Sony Corporation Network management in a media network environment
US7930536B2 (en) 2003-05-12 2011-04-19 Sony Corporation Device-to-device authentication system, device-to-device authentication method, communication apparatus, and computer program
CN100412841C (en) * 2003-05-12 2008-08-20 索尼株式会社 Inter-apparatus authentication system and inter-apparatus authentication method, communication device, and computer program
WO2004100007A1 (en) * 2003-05-12 2004-11-18 Sony Corporation Inter-apparatus authentication system andinter-apparatus authentication method, communication device, and computer program
US7657928B2 (en) 2003-08-12 2010-02-02 Sony Corporation Communication apparatus and associated method of controlling distribution of content to network devices
EP1548605A1 (en) * 2003-08-12 2005-06-29 Sony Corporation Communication processing apparatus, communication control method, and computer program
WO2005015419A1 (en) 2003-08-12 2005-02-17 Sony Corporation Communication processing apparatus, communication control method, and computer program
EP1548605A4 (en) * 2003-08-12 2006-05-24 Sony Corp Communication processing apparatus, communication control method, and computer program
US11922395B2 (en) 2004-03-08 2024-03-05 Proxense, Llc Linked account system using personal digital key (PDK-LAS)
US11258791B2 (en) 2004-03-08 2022-02-22 Proxense, Llc Linked account system using personal digital key (PDK-LAS)
US9298905B1 (en) 2004-12-20 2016-03-29 Proxense, Llc Biometric personal data key (PDK) authentication
US8886954B1 (en) 2004-12-20 2014-11-11 Proxense, Llc Biometric personal data key (PDK) authentication
US10698989B2 (en) 2004-12-20 2020-06-30 Proxense, Llc Biometric personal data key (PDK) authentication
US10437976B2 (en) 2004-12-20 2019-10-08 Proxense, Llc Biometric personal data key (PDK) authentication
US8352730B2 (en) 2004-12-20 2013-01-08 Proxense, Llc Biometric personal data key (PDK) authentication
US9542542B2 (en) 2005-11-30 2017-01-10 Proxense, Llc Single step transaction authentication using proximity and biometric input
US9990628B2 (en) 2005-11-30 2018-06-05 Proxense, Llc Two-level authentication for secure transactions
US8433919B2 (en) 2005-11-30 2013-04-30 Proxense, Llc Two-level authentication for secure transactions
US11219022B2 (en) 2006-01-06 2022-01-04 Proxense, Llc Wireless network synchronization of cells and client devices on a network with dynamic adjustment
US11212797B2 (en) 2006-01-06 2021-12-28 Proxense, Llc Wireless network synchronization of cells and client devices on a network with masking
US11206664B2 (en) 2006-01-06 2021-12-21 Proxense, Llc Wireless network synchronization of cells and client devices on a network
US11553481B2 (en) 2006-01-06 2023-01-10 Proxense, Llc Wireless network synchronization of cells and client devices on a network
US11800502B2 (en) 2006-01-06 2023-10-24 Proxense, LL Wireless network synchronization of cells and client devices on a network
US10764044B1 (en) 2006-05-05 2020-09-01 Proxense, Llc Personal digital key initialization and registration for secure transactions
US11551222B2 (en) 2006-05-05 2023-01-10 Proxense, Llc Single step transaction authentication using proximity and biometric input
US10374795B1 (en) 2006-05-05 2019-08-06 Proxense, Llc Personal digital key initialization and registration for secure transactions
US8412949B2 (en) 2006-05-05 2013-04-02 Proxense, Llc Personal digital key initialization and registration for secure transactions
US7904718B2 (en) 2006-05-05 2011-03-08 Proxense, Llc Personal digital key differentiation for secure transactions
US8838993B2 (en) 2006-05-05 2014-09-16 Proxense, Llc Personal digital key initialization and registration for secure transactions
US9251326B2 (en) 2006-05-05 2016-02-02 Proxense, Llc Personal digital key initialization and registration for secure transactions
US11182792B2 (en) 2006-05-05 2021-11-23 Proxense, Llc Personal digital key initialization and registration for secure transactions
US11157909B2 (en) 2006-05-05 2021-10-26 Proxense, Llc Two-level authentication for secure transactions
US9269221B2 (en) 2006-11-13 2016-02-23 John J. Gobbi Configuration of interfaces for a location detection system and application
US10943471B1 (en) 2006-11-13 2021-03-09 Proxense, Llc Biometric authentication using proximity and secure information on a user device
US7883003B2 (en) 2006-11-13 2011-02-08 Proxense, Llc Tracking system using personal digital key groups
US10769939B2 (en) 2007-11-09 2020-09-08 Proxense, Llc Proximity-sensor supporting multiple application services
US11562644B2 (en) 2007-11-09 2023-01-24 Proxense, Llc Proximity-sensor supporting multiple application services
US8646042B1 (en) 2007-12-06 2014-02-04 Proxense, Llc Hybrid device having a personal digital key and receiver-decoder circuit and methods of use
US8171528B1 (en) 2007-12-06 2012-05-01 Proxense, Llc Hybrid device having a personal digital key and receiver-decoder circuit and methods of use
US11080378B1 (en) 2007-12-06 2021-08-03 Proxense, Llc Hybrid device having a personal digital key and receiver-decoder circuit and methods of use
US9049188B1 (en) 2007-12-06 2015-06-02 Proxense, Llc Hybrid device having a personal digital key and receiver-decoder circuit and methods of use
US11086979B1 (en) 2007-12-19 2021-08-10 Proxense, Llc Security system and method for controlling access to computing resources
US10971251B1 (en) 2008-02-14 2021-04-06 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US11727355B2 (en) 2008-02-14 2023-08-15 Proxense, Llc Proximity-based healthcare management system with automatic access to private information
US11120449B2 (en) 2008-04-08 2021-09-14 Proxense, Llc Automated service-based order processing
US11095640B1 (en) 2010-03-15 2021-08-17 Proxense, Llc Proximity-based system for automatic application or data access and item tracking
US11546325B2 (en) 2010-07-15 2023-01-03 Proxense, Llc Proximity-based system for object tracking
US11669701B2 (en) 2011-02-21 2023-06-06 Proxense, Llc Implementation of a proximity-based system for object tracking and automatic application initialization
US11132882B1 (en) 2011-02-21 2021-09-28 Proxense, Llc Proximity-based system for object tracking and automatic application initialization
US11113482B1 (en) 2011-02-21 2021-09-07 Proxense, Llc Implementation of a proximity-based system for object tracking and automatic application initialization
US10909229B2 (en) 2013-05-10 2021-02-02 Proxense, Llc Secure element as a digital pocket
US11914695B2 (en) 2013-05-10 2024-02-27 Proxense, Llc Secure element as a digital pocket

Also Published As

Publication number Publication date
US7305087B1 (en) 2007-12-04
CN1354946A (en) 2002-06-19
US20080085002A1 (en) 2008-04-10
JP2002542672A (en) 2002-12-10
ATE320133T1 (en) 2006-03-15
ES2260004T3 (en) 2006-11-01
DE60026495T2 (en) 2006-08-24
AU3658900A (en) 2000-11-14
US8345872B2 (en) 2013-01-01
JP4621359B2 (en) 2011-01-26
CN1166144C (en) 2004-09-08
TW502513B (en) 2002-09-11
FR2792482A1 (en) 2000-10-20
EP1169831B1 (en) 2006-03-08
DE60026495D1 (en) 2006-05-04
EP1169831A1 (en) 2002-01-09

Similar Documents

Publication Publication Date Title
US8345872B2 (en) Digital local network, notably digital home network, and method for creating and updating such a network
CA2381110C (en) Process for managing a symmetric key in a communication network and devices for the implementation of this process
US7769171B2 (en) Method for transmitting digital data in a local network
JP4394833B2 (en) Communication network
AU754015B2 (en) Method and apparatus for recording of encrypted digital data
CN1323554C (en) Device for processing and method for transmission of encoded data for a first domain in a network pertaining to a second domain
CN100385941C (en) Method for processing encoded data for a first domain received in a network pertaining to a second domain
US9210137B2 (en) Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
US8132201B2 (en) Process for transmitting digital data representative of a content
KR20010072934A (en) A copy protection system for home networks
IL168929A (en) Virtual smart card device, method and system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 00806219.6

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref document number: 2000 611462

Country of ref document: JP

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: IN/PCT/2001/1063/KOL

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2000915193

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000915193

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 09958733

Country of ref document: US

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWG Wipo information: grant in national office

Ref document number: 2000915193

Country of ref document: EP