Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
  • H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
  • H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
  • H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
  • H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
  • H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
  • H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/254—Management at additional data server, e.g. shopping server, rights management server
  • H04N21/2541—Rights Management
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
  • H04N21/25808—Management of client data
  • H04N21/25816—Management of client data involving client authentication
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
  • H04N21/462—Content or additional data management e.g. creating a master electronic programme guide from data received from the Internet and a Head-end or controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
  • H04N21/4622—Retrieving content or additional data from different sources, e.g. from a broadcast channel and the Internet
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/47—End-user applications
  • H04N21/472—End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
  • H04N21/47202—End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
  • H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
  • H04N21/631—Multimode Transmission, e.g. transmitting basic layers and enhancement layers of the content over different transmission paths or transmitting with different error corrections, different keys or with different transmission protocols
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
  • H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
  • H04N21/835—Generation of protective data, e.g. certificates
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
  • H04N7/17309—Transmission or handling of upstream communications
  • H04N7/17318—Direct or substantially direct transmission and handling of requests
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/30—Compression, e.g. Merkle-Damgard construction
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/60—Digital content management, e.g. content distribution
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/80—Wireless

Definitions

• the present invention relates to the field of secure distribution of digital audiovisual sequences. It is proposed in the present invention to provide a method and a system making it possible to visually and / or auditively protect an audiovisual sequence originating from a digital compression standard or a digital compression standard, to distribute said sequence securely to through a distributed telecommunications network and to reconstruct its original content from a digital audiovisual stream on a module for recomposition of the recipient equipment.
• the present invention relates more particularly to a device capable of transmitting securely through a distributed network a set of high-quality audiovisual streams to a display screen and / or to an audio output belonging to a terminal or to a device.
• the invention essentially refers to a client-server method and system which protects audiovisual content by separating it into two parts, the second part being absolutely essential for the reconstruction of the original stream, the latter being restored according to the recombination of the first part with the second part
• the method used for the description of a preferred embodiment in the present invention separates the audiovisual stream in two parts, so that the first part called “modified main stream” contains almost all of the initial information, for example more than 99%, and a second part called “additional information" containing elements targeted initial information, which is very small compared to the first part.
• the first part called “modified main stream” contains almost all of the initial information, for example more than 99%
• additional information containing elements targeted initial information, which is very small compared to the first part.
• the latter are often encrypted or scrambled by various means well known in the prior art.
• Concerning distributed systems based on the client-server principle characterized by "caching” the prior art knows two main types of systems, which are classified according to the content processed by said "caching” characterizing a server intermediary also called “cache” server.
• the term “caching” means the possibility of being able to temporarily keep a copy of the content or data (permanently stored in a central server) on a point or on different points of the network (for example intermediate servers), in order to serve the requests of the customers closest to these points, and thus reduce the overhead of the central data server and therefore optimize the throughput used on the intermediate servers.
• the first type deals with data whose distribution has no time constraints (file distribution systems by "caching")
• the second type concerns distribution with time constraints, such as the distribution of multimedia data (audio / video).
• Conventional distributed file systems like Sun NFS, Apollo Domain, Andrew, IBM AIX DS, AT&T RFS do "caching" of files locally, they do not have the possibility of "caching” of files in nearby nodes or distant, and cannot allocate intermediate servers to apply caching on multimedia files.
• conventional distributed systems characterized by “caching” have a granularity of the size of a file, and consequently, the possibilities of having scalability of distribution of contents via the network are greatly reduced.
• the present invention proposes a system characterized by “caching” via intermediate servers in the sense that it processes data in real time, but with the particularity that the processing is carried out on elements characterized by a nominal structure formatted in packets, these elements being independent entities called “processing units”, from a processing point of view and from a caching point of view, said formatted packets conveying data for the reconstruction of audiovisual information complete, said formatted packets being personalized for each user and sent to the destination devices in real time via a low bandwidth network, from an intermediate server.
• the protection applied to the content distributed by the distributed secure system, object of the present invention is based on the principle of deletion and replacement of certain information present in the encoded original audiovisual signal, by any method, either: substitution, modification, permutation or displacement of information.
• This protection is also based on knowledge of the structure of the digital flow.
• the solution consists in permanently extracting and storing in a secure server linked to the broadcasting and transmission network, in said additional information, part of the data of the audiovisual program recorded at the user or broadcast live, this part being essential for reconstruct said audiovisual program on a screen or on an audio output of a terminal, but being of a very low volume compared to the total volume of the digital audiovisual program recorded by the user or received in real time by the user.
• the missing part (additional information) will be transmitted via the secure, distributed broadcasting or transmission network when viewing and / or hearing the audiovisual program.
• the data removed in the original audiovisual program is replaced, to form the modified main stream, by random or calculated data, called decoys.
• decoys random or calculated data, called decoys.
• Said modified main stream is fully compatible with the format of the original stream, and can therefore be copied and read by a reader, but it is completely inconsistent in terms of human visual and auditory perception.
• the digital stream being separated into two parts, most of the audiovisual stream, said modified main stream, will therefore be transmitted via a conventional broadcasting network, while the missing part, said additional information, will be sent on demand via a network.
• narrowband telecommunications networks such as conventional telephone networks or cellular networks of the GSM, GPRS, EDGE or UMTS type or using a small part of a DSL or BLR type network, or using a subset of the shared bandwidth over a wired network, or via a physical medium such as a memory card or any other medium.
• the two networks can be merged, while keeping the two transmission channels separate.
• the audiovisual stream is reconstructed on the recipient equipment by a synthesis module from the modified main stream and additional information, sent piece by piece during the consumption of the audiovisual stream.
• GRIWODZ C and AL Protecting VOD the easier ay", XP000977484- ACM 1998) of September 12, 1998
• This document presents a protection method for an MPEG-1 video stream with the objective of make it publicly available through "cache" servers.
• the video stream is protected by a separation of the additional information.
• the protected video stream contains a part of corruption which is inserted in place of the previously separated information. This corruption data is independent of the main stream data. They are chosen using a calculation algorithm that minimizes correlation attacks on the protected video stream (section 4.3).
• Protected video stream may not conform to format MPEG-1 which is the main video stream format.
• the method proposed by said document uses “point to point” connections (unicast) to provide the complementary part of the data.
• the additional information includes billing, user identification, and information to track hackers of reproduction rights (by setting atermarking mechanisms).
• the replacement corrects the corrupted part of the data.
• the additional information is transmitted to the customer by means of point to point (unicast). This part will be encrypted on the server side using a personal key which could be produced by a trusted third party.
• This document answers in particular the question of scalability for the main video stream by securing this stream with the corruption method, but said document does not answer the question of scalability neither for securing, nor for the distribution of additional information in the event of networks with limited bandwidth and a high delay and jitter value, such as GSM or GPRS networks.
• French patent FR2835386 is also known, relating to an MPEG-4 type video and multimedia interface arrangement for connecting at least one display device to at least one video source, essentially consisting, on the one hand, of a processing adapted to display any MPEG-4 video stream in real or deferred time, to store it, record it and / or send it on a broadcasting network and / or on a low-bandwidth telecommunications network bandwidth and / or save it on a smart card and, on the other hand, at least one screen interface and an interface for connection to a local or wide area network and / or to a card reader smart, characterized in that it essentially comprises on the one hand, a memory of certain correlation coefficients I-VOP and / or P-VOP plans, and / or a memory of certain B-VOP and P-VOP plans of the video stream in each audiovisual portal and, on the other hand, that each video interfacing arrangement has functions for storing, recording and processing audiovisual programs and is associated with at least one integrated display device or television
• the technical means consist in carrying out before the transmission to the client equipment, an analysis of the flow to generate a first modified flow, having the format of a nominal flow, and a second flow of any format, comprising the digital information. able to allow the reconstruction of said modified plans, then to transmit separately the two streams thus generated from the server to the recipient equipment, and in that a summary of a stream in nominal format is calculated on the recipient equipment function of said first flow and said second flow.
• This document deals in particular with the issue of protecting the MPEG-4 video stream by separating additional information and securing the sending of additional information to the customer portal using a secure element such as a credit card. chip.
• Document D2 does not answer the question of scalability for the distribution of additional information; nor does it answer the question of securing this information on “cache” points or intermediate servers on the network.
• the latter is characterized by a limited bandwidth and a high value of the delay and jitter such as for example a GSM or GPRS type network.
• the object of the present invention is the secure transmission, after identification and authentication of the user, of the additional information via a distributed network, so as to avoid that it can be copied or fall entirely in possession of the user or any malicious person.
• the present invention relates, in its most general sense, to a method for the secure distribution of digital audiovisual streams according to a standard, standardized or proprietary format, said streams on which the stream is separated before the transmission to the recipient equipment.
• a modified main stream presenting the format of the original stream, and additional information, comprising the digital information able to allow the reconstruction of the original stream, characterized in that one transmits by separate channels during the phase of distribution, said main stream modified from a distribution server and said additional information to said recipient equipment from a secure central server passing through at least one intermediate server connecting said recipient equipment to said central server, said additional information being defined according to a f nominal structured ormat, containing logical entities of modular size, called processing units, each of said processing units being prefixed by a header containing information relating to said processing unit and a payload containing data and references on the main stream modified, said units being packaged before transmission.
• the information present in the header relating to said processing unit contains time references and position references on the modified main stream.
• said packaged units are encrypted before transmission.
• said processing units are compressed before being encrypted.
• the central server decides on a dynamic and regular regeneration of the session key during the communication.
• said central server decides on the adaptation of the degree of encryption of the additional information as a function of the load of the transmission network.
• said intermediate server decides on the adaptation of the degree of encryption of the additional information as a function of the bandwidth allocated to the user.
• the encryption of said processing units is personalized for each user.
• the client equipment sends at regular intervals an event report to the server of the additional information.
• the invention also relates to a system for the secure distribution of audiovisual streams for implementing the method according to one of the preceding claims, characterized in that it comprises a device for separating the original video stream into a modified main stream and in additional information, at least one multimedia server containing the protected audiovisual streams, at least one secure central server, comprising a device for securing and personalizing said additional information, from which the complementary information is distributed, at least one server intermediary, at least one correspondence management module between the modified main stream and the additional information associated with it, at least one subscriber management module, at at least one module for managing and generating session keys, at least one device on the recipient equipment comprising a smart card for decrypting said session key and at least one module for reconstructing the original audiovisual stream as a function of said main stream changed and said additional information.
• the present invention will be better understood with the aid of the exemplary embodiments and of the steps detailed below.
• a preferred, but non-limiting implementation of the method which meets the security and reliability criteria is illustrated by means of the client-server system presented in the figure.
• the original digital audiovisual stream (1) is transmitted to the analysis and scrambling module (2) to be separated into two parts.
• the modified main stream (14) is stored in a multimedia server (13). It can then be sent in real time to the client via the broadband network (12i) or else be saved on the backup device of the user's terminal (lli) for later viewing.
• the additional information (3) is sent to the storage module of the secure central server (4).
• the additional information being sent only on demand, its distribution in real time and its personalization for each user is carried out taking into account the property of scalability in speed on the transport and broadcasting networks.
• scalability in speed as the capacity of a network to manage, modify, distribute and adapt the speed of flows that pass according to the available or negotiated bandwidth and according to congestion of the network.
• the additional information generated by the module (2) corresponding to a structured nominal format.
• the additional information represents a binary data stream comprising the values of the elements extracted from the original stream.
• Said additional information is made up of logical components (entities) called packets, which are easy to handle and of modular sizes.
• a packet is the elementary receiving entity and it consists of a packet header called the primary node and one or more secondary nodes.
• the packet header contains a set of time and position metadata that uniquely define the packet in the stream.
• a secondary node is the elementary processing entity at the level of the client's equipment (lli), it is jointly linked to the packet header and is self-sufficient in terms of processing.
• the temporal metadata of the packet header are synchronization temporal fingerprints extracted from the original stream or generated during the creation and formatting of the additional information. Position metadata allow you to easily position yourself in the stream and offer user rights management services such as the possibility of prohibiting replay of the audiovisual stream, so each packet header is given a field says package index. This field is generated by a counter which increments with each sending of a packet.
• This packet structure gives the additional information flexibility in terms of processing, in terms of ease of synchronization with the central server and also in terms of distribution as will be explained below, using an example of realization of architecture based on the client-server model comprising the following modules: "" Cache “servers (or intermediate servers) (6i, 6d, 6k) to respond locally to client requests;” A central server (4) which receives client requests, in the event that the content requested is not referenced in intermediate servers; "A module for managing correspondence between the modified main stream and the additional information associated with it (17);” A module for managing subscribers (9); “A module for generating and managing session keys (10);” A link to a certification authority for the public keys of subscribers (7). Subsequently, this exemplary embodiment describes the complete process for recovering additional information on the network.
• the user When the user wishes, for example, to view a sequence, he connects via his equipment (lli) and the link (8i) to the intermediate server (6i) performing the "caching" function which redirects the request to the central server (4) in the case of a first request relating to this flow which is not part of the flows referenced on the intermediate server (6i).
• the stream to be displayed is stored beforehand on the backup device of the client equipment (lli), comprising a decoder, a backup device, a smart card (15i), a display screen and outputs audio.
• the stream to be displayed is sent in real time from the media server (13) via the broadband link (12i) to be displayed on the display screen of the device (lli).
• the device (li) formulates the user's request in the form of a request to the nearest physically intermediate server (6i), this request being provided with the signature of the media that the client has requested to view.
• the intermediate server (6i) consults the module (17) containing the database of correspondences between the modified main stream and the additional information associated with it, and if necessary, redirects the request to the central server (4) to authenticate the client.
• the cache server (6i) sends a message to the client equipment (lli) informing it that it cannot not process the request and at the same time addresses the central server (4) to report this message, so that the central server (4) proceeds to update its own additional information database.
• the central server (4) Before sending the additional information from the intermediate server (6i) or from the central server (4), the central server (4) proceeds to an authentication phase with the client equipment (lli) and to the sending of additional encrypted information.
• a hybrid cryptography approach is used, combining the performance of secret key cryptography and the flexibility of using public key cryptography.
• the client equipment (li) has a private key, engraved on their smart card (15i) and a public key available in digital form.
• the client equipment (lli) sends its identifier to the central server (4) (for example the identifier of its decoder unit or the serial number of the decoding circuit), its public key signed by the certification authority (7).
• the central server (4) receives the public key from the client and verifies its authenticity with the key certification module (7).
• the central server (4) requests the session key generation and management module (10) to generate a session key, this key is random and the security of the transaction is largely based on this aspect.
• the complementary information or a part of the complementary information is then encrypted with said session key using a conventional symmetric cryptography algorithm, for example DES (“Digital Encryption Standard” in English), AES (“Advanced Encryption Standard” in English) in order to gain speed of treatment.
• the session key is then itself encrypted with the client's public key.
• the additional information thus encrypted and the session key thus encrypted are sent to the client equipment (lli).
• An authenticity control message (“Message Authentif ication Code” in English) of the additional information or part of the encrypted additional information is also sent in order to certify the authenticity and integrity of the content.
• the server (4) or the intermediate server (6i) compresses it, the compression making it possible to eliminate the multiple occurrences of the elements in the additional information and thus improving the resistance to crypto-analysis.
• the full or partial encryption of the additional information is carried out as a function of the load of the transmission network and / or of the bandwidth allocated to the user.
• the full or partial encryption of the additional information is carried out taking into account the speed scalability characteristic of the transmission network.
• the decision to apply full or partial encryption to the additional information is taken by the central server (4).
• the decision to apply full or partial encryption to the additional information is taken by the intermediate server (6i).
• the encryption of the additional information is personalized for each client.
• the client equipment regularly sends an event report to the server with additional information (6i), containing data relating to the connection (bandwidth, quality of the channel for example) and to the session (time , date, duration of connection for example). This event report is transmitted to the central server (4) which updates the subscriber management data of the module (9).
• the client's decryption process begins with extracting the session key using the client's secret key, then decrypting the additional information or part of the additional information with the session key thus decrypted .
• the server requests a dynamic and regular regeneration of the session key, this making it possible to reinforce security and to divert hacking attempts from malicious people.
• the method is implemented for a set of clients lli, 11j, 11k connected respectively to the intermediate servers 6i, 6j, 6k by the links 8i, 8j, 8k. Each customer having his smart card 15i, 15d, 15k.
• Each intermediate server 6i, 6j, 6k being connected by the links 16i, 16j and 16k to the module (17) containing the database of correspondences between the modified main stream and the complementary information associated with it.

Landscapes

• Engineering & Computer Science (AREA)
• Signal Processing (AREA)
• Computer Security & Cryptography (AREA)
• Multimedia (AREA)
• Databases & Information Systems (AREA)
• Computer Networks & Wireless Communication (AREA)
• Human Computer Interaction (AREA)
• Computer Graphics (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=34385400

Family Applications (1)

Country Status (4)

Cited By (1)

Families Citing this family (5)

Citations (1)

Family Cites Families (13)

• 2003
  • 2003-10-15 FR FR0350684A patent/FR2861240B1/fr not_active Expired - Fee Related
• 2004
  • 2004-10-15 WO PCT/FR2004/002652 patent/WO2005039098A1/fr not_active Ceased
  • 2004-10-15 EP EP04817227A patent/EP1673897A1/de not_active Withdrawn
• 2006
  • 2006-03-23 US US11/387,284 patent/US7633941B2/en active Active

Patent Citations (1)

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events