Title of Invention	METHOD OF PRODUCTION AND DISTRIBUTION OF ASYMMETRIC PUBLIC AND PRIVATE KEYS BETWEEN A KEY GENERATION CENTRE AND AT LEAST ONE USER UNIT
Abstract	A method of production and distribution of asymmetric public and private keys between a key generation centre and at least one user unit (DEC), said unit comprising a security module (SM), said method consisting in: generating certificates comprising a public key and a private key in a first cryptographic unit (KPG), coding the private key by means of a service key in the first cryptographic unit (KPG) and storing said private key in a key memory (KPS), when sending the keys to a user unit, extracting the keys from the key memory (KPS), composing the certification with the public key, decoding the corresponding private key by means of the service key in a cryptographic security module and coding it with a transport key of the user.

Title of Invention

METHOD OF PRODUCTION AND DISTRIBUTION OF ASYMMETRIC PUBLIC AND PRIVATE KEYS BETWEEN A KEY GENERATION CENTRE AND AT LEAST ONE USER UNIT

Abstract

A method of production and distribution of asymmetric public and private keys between a key generation centre and at least one user unit (DEC), said unit comprising a security module (SM), said method consisting in: generating certificates comprising a public key and a private key in a first cryptographic unit (KPG), coding the private key by means of a service key in the first cryptographic unit (KPG) and storing said private key in a key memory (KPS), when sending the keys to a user unit, extracting the keys from the key memory (KPS), composing the certification with the public key, decoding the corresponding private key by means of the service key in a cryptographic security module and coding it with a transport key of the user.

Full Text	FORM 2 THE PATENTS ACT 1970 [39 OF 1970] & THE PATENTS RULES, 2003 COMPLETE SPECIFICATION [See Section 10; rule 13] "METHOD OF PRODUCTION AND DISTRIBUTION OF ASYMMETRIC PUBLIC AND PRIVATE KEYS BETWEEN A KEY GENERATION CENTRE AND AT LEAST ONE USER UNIT" NAGRAVISION SA, of 22, route de Geneve, CH-1033 Cheseaux-sur-Lausanne, Switzerland. The following specification particularly describes the invention and the manner in which it is to be performed: ORIGINAL 457/MUMNP/2003 The present invention concerns the field of secured transactions, particularly in the field of pay television. With the development of traffic on open resources such as the Internet the need has quickly raised to be able to identify with certainty the person with whom one is going to communicate and to make incomprehensible the data exchanged between two units. This is why web browsers include an encrypting module, of the SSL type, in order to code the data that is emitted from a user to a computer utility. In this type of configuration the computer utility sends a certification to the user's address, said certification containing the public key of the centre. Once this certification is received, the data sent by the user are encrypted by the public key and sent to the centre. It is then only possible to decode these data with the private key of the centre, key that is secretly kept in the centre. It is immediately necessary to point out that this system suffers from a first drawback which is that it only secures the data in one direction. The centre has no guarantee that the user is in fact who he/she pretends to be. The other drawback is that the certification sent by the centre can be intercepted by a third person in order to substitute it with his/hers. It is the well known scenario of the "man in the middle". All the data sent by the user are then decoded by the private key of the third person and then are encrypted by the public key of the centre. The centre and the user will not see in any way this intrusion as all the data sent by the user will be tampered with by the third person. t In a mutual identification configuration both speakers have a certification with a public and a private key. In order to obtain a certification there are several methods of which two examples are explained below; - The user access via Internet to a Certification Authority. After receiving certain personal data this Certification Authority sends the certification to the electronic postbox of the user. It has to be mentioned that at this stage the certification contains the private key and the public key. - The user goes in person to the Certification Authority and presents an identity card. The person receives a disc containing the certification to install it in his/her computer. Although the first method has the advantage of simplicity, it does not guarantee a high level security. On the contrary, the second method offers all the security guarantees but discourages many users in view of all the necessary steps to be taken. The object of the present invention is to generate and distribute certifications in a secure way with no annoyance for the user and guaranteeing the identity data of the receiver. This object is achieved by a distribution method of asymmetric keys, public and private keys, between a key centre and at least one user unit, said unit comprising a security module, said method consisting in generating certifications comprising a public key and a private key, coding with a transport key these certifications and sending them to the security module of a known user, said module comprising the transport key for decoding the certification. The use of a tested security module such as the microprocessor of a user allows to avoid several exchanges for the dynamic creation of a transfer key. * These security modules have coding means and keys in security zones that particularly guarantee the secrecy of the private key. In fact, according to the known solutions the various keys are generally stored in the mass memory of the computer, which implies the risk that they be tampered with. The system of the invention also applies to the secured generation of certifications. The object sought by this system is to avoid having keys in clear during the generation process, while keeping short issuing times so as to satisfy a large demand. The invention will be better understood with the following detailed description referring to the only annexed figure that describes the configuration of the generation system of certifications and private keys according to the invention. In this figure are diagrammatically represented the different modules in charge of the generation of certificates and keys. The generation as such of the pair private key and public key is carried out in the cryptographic module KPG according to a known technique in itself. Such a module is described in the application PCT/IB00701589 and is based on the use of a great number of security units working in parallel. Once generated, the keys are directly encrypted in this same module by a service key of the system and transmitted under this form to the key data base KPS. This service key codes or decodes the locally stored data from the moment these confidential data leave the security module. This stage is important because the generation of a pair of keys takes several seconds and the on-line generation (upon request) is thus too slow to satisfy the users. This is why the pairs of keys are generated and stored in the data base KPS for future use. The left part of the OFFL line concerns the generation of keys in off-line mode. Upon request of the user, the encrypted keys are sent to the CG certificate generation module, certificate that contains the public key. The private key, always in encrypted form, as well as the certificate are stored in the C&K DB data base. Before sending the private key, it is previously decoded by the service key of the system and encrypted by the transmission key of the security module of the user. This key can either be a secret symmetric key or the public key of the security module. This stage is carried out inside a high speed coding security module according to the architecture described in PCT/IBOO/01589. For future identification, the certificate of the Certification Authority can also be transmitted. The encrypted private key as well as its certificate are transmitted to the final user by usual means by resource interface N-INT on the Internet. In the applications of pay television it is possible to use the standard transmission forms of management of subscribers represented by the CAS module (Conditional Access System). The transmission of such a certificate can be done either on the initiative of the centre or of the user unit. The user unit DEC is not considered sufficiently secure for containing the private key. This is why the private key is sent, always in encrypted form, to the security module SM which only can decode this message. The private key is then stored in the protected memory of this module, which generally has the form of a smart card. The certificate, of greater size, is generally stored in the decoder as it does not contain confidential data. When a transaction is initiated by the user, the signature is prepared in the security module by means of the private key. This key is in no moment accessible outside the security module. According to one embodiment, the certificate and the signature are sent the management centre. This management centre access the data base of the C&K DB certificates to verify the authenticity of the certificate and to use the public key of the user in order to decode the signature. In return, the centre sends its certificate with its signature. To form the latter the centre uses its private key stored in encrypted form in the same C&K DB data base. The key is transmitted to the signature module EME which is of the secured type. The key is then decoded in this module in order to compose the signature. The signature and the certificate are then sent to the user's unit. The certificate of the centre transmitted when establishing the private key of the user is then used to decode and verify the signature. The authentication is then ensured on both sides. According to an embodiment, the public key of the centre is kept in the user's security module so that this important identification criterion cannot be modified. We Claim: 1. A method of production and distribution of asymmetric public and private keys between a key generation centre and at least one user unit (DEC), said unit comprising a security module (SM), said method consisting in: generating certificates comprising a public key and a private key in a first cryptographic unit (KPG), coding the private key by means of a service key in the first cryptographic unit (KPG) and storing said private key in a key memory (KPS), when sending the keys to a user unit, extracting the keys from the key memory (KPS), composing the certification with the public key, decoding the corresponding private key by means of the service key in a cryptographic security module and coding it with a transport key of the user. 2. A method as claimed in claim 1, wherein the encrypted private key is received by the user unit (DEC) and transmitted to the security module (SM) containing the transport key for decoding and storing the private key. 3. A method as claimed in claim 1, wherein it consists in using several monolithic cryptographic unit to obtain a high speed coding module. 4. A method as claimed in any of the preceding claims, wherein it consists in: coding the public key of the centre with the transport key and transmitting it to the user unit (DEC), receiving by the user unit, the encrypted public key and transmitting it to the security module (SM). decoding and storing the public key by means of the transport key inside the security module (SM). Dated this 28th day of April, 2003 [RITUSHKA NHGI] OF REMFRY AND SAGAR ATTORNEY FOR THE APPLICANTS

Full Text

FORM 2
THE PATENTS ACT 1970
[39 OF 1970]
&
THE PATENTS RULES, 2003
COMPLETE SPECIFICATION
[See Section 10; rule 13]
"METHOD OF PRODUCTION AND DISTRIBUTION OF ASYMMETRIC PUBLIC AND PRIVATE KEYS BETWEEN A KEY GENERATION CENTRE AND AT LEAST ONE USER UNIT"
NAGRAVISION SA, of 22, route de Geneve, CH-1033 Cheseaux-sur-Lausanne, Switzerland.
The following specification particularly describes the invention and the manner in which it is to be performed:

ORIGINAL
457/MUMNP/2003

The present invention concerns the field of secured transactions, particularly in the field of pay television.
With the development of traffic on open resources such as the Internet the need has quickly raised to be able to identify with certainty the person with whom one is going to communicate and to make incomprehensible the data exchanged between two units.
This is why web browsers include an encrypting module, of the SSL type, in order to code the data that is emitted from a user to a computer utility.
In this type of configuration the computer utility sends a certification to the user's address, said certification containing the public key of the centre. Once this certification is received, the data sent by the user are encrypted by the public key and sent to the centre. It is then only possible to decode these data with the private key of the centre, key that is secretly kept in the centre.
It is immediately necessary to point out that this system suffers from a first drawback which is that it only secures the data in one direction. The centre has no guarantee that the user is in fact who he/she pretends to be.
The other drawback is that the certification sent by the centre can be intercepted by a third person in order to substitute it with his/hers. It is the well known scenario of the "man in the middle". All the data sent by the user are then decoded by the private key of the third person and then are encrypted by the public key of the centre. The centre and the user will not see in any way this intrusion as all the data sent by the user will be tampered with by the third person.

t In a mutual identification configuration both speakers have a certification with a public and a private key. In order to obtain a certification there are several methods of which two examples are explained below;
- The user access via Internet to a Certification Authority. After receiving certain personal data this Certification Authority sends the certification to the electronic postbox of the user. It has to be mentioned that at this stage the certification contains the private key and the public key.
- The user goes in person to the Certification Authority and presents an identity card. The person receives a disc containing the certification to install it in his/her computer.
Although the first method has the advantage of simplicity, it does not guarantee a high level security.
On the contrary, the second method offers all the security guarantees but discourages many users in view of all the necessary steps to be taken.
The object of the present invention is to generate and distribute certifications in a secure way with no annoyance for the user and guaranteeing the identity data of the receiver.
This object is achieved by a distribution method of asymmetric keys, public and private keys, between a key centre and at least one user unit, said unit comprising a security module, said method consisting in generating certifications comprising a public key and a private key, coding with a transport key these certifications and sending them to the security module of a known user, said module comprising the transport key for decoding the certification.
The use of a tested security module such as the microprocessor of a user allows to avoid several exchanges for the dynamic creation of a transfer key.

* These security modules have coding means and keys in security zones that particularly guarantee the secrecy of the private key.
In fact, according to the known solutions the various keys are generally stored in the mass memory of the computer, which implies the risk that they be tampered with.
The system of the invention also applies to the secured generation of certifications. The object sought by this system is to avoid having keys in clear during the generation process, while keeping short issuing times so as to satisfy a large demand.
The invention will be better understood with the following detailed description referring to the only annexed figure that describes the configuration of the generation system of certifications and private keys according to the invention.
In this figure are diagrammatically represented the different modules in charge of the generation of certificates and keys. The generation as such of the pair private key and public key is carried out in the cryptographic module KPG according to a known technique in itself. Such a module is described in the application PCT/IB00701589 and is based on the use of a great number of security units working in parallel. Once generated, the keys are directly encrypted in this same module by a service key of the system and transmitted under this form to the key data base KPS. This service key codes or decodes the locally stored data from the moment these confidential data leave the security module.
This stage is important because the generation of a pair of keys takes several seconds and the on-line generation (upon request) is thus too slow to satisfy the users. This is why the pairs of keys are generated and stored in the data base KPS for future use. The left part of the OFFL line concerns the generation of keys in off-line mode.

Upon request of the user, the encrypted keys are sent to the CG certificate generation module, certificate that contains the public key. The private key, always in encrypted form, as well as the certificate are stored in the C&K DB data base. Before sending the private key, it is previously decoded by the service key of the system and encrypted by the transmission key of the security module of the user. This key can either be a secret symmetric key or the public key of the security module. This stage is carried out inside a high speed coding security module according to the architecture described in PCT/IBOO/01589.
For future identification, the certificate of the Certification Authority can also be transmitted.
The encrypted private key as well as its certificate are transmitted to the final user by usual means by resource interface N-INT on the Internet.
In the applications of pay television it is possible to use the standard transmission forms of management of subscribers represented by the CAS module (Conditional Access System).
The transmission of such a certificate can be done either on the initiative of the centre or of the user unit.
The user unit DEC is not considered sufficiently secure for containing the private key. This is why the private key is sent, always in encrypted form, to the security module SM which only can decode this message. The private key is then stored in the protected memory of this module, which generally has the form of a smart card. The certificate, of greater size, is generally stored in the decoder as it does not contain confidential data.
When a transaction is initiated by the user, the signature is prepared in the security module by means of the private key. This key is in no moment accessible outside the security module.

According to one embodiment, the certificate and the signature are sent the management centre. This management centre access the data base of the C&K DB certificates to verify the authenticity of the certificate and to use the public key of the user in order to decode the signature. In return, the centre sends its certificate with its signature. To form the latter the centre uses its private key stored in encrypted form in the same C&K DB data base. The key is transmitted to the signature module EME which is of the secured type. The key is then decoded in this module in order to compose the signature.
The signature and the certificate are then sent to the user's unit. The certificate of the centre transmitted when establishing the private key of the user is then used to decode and verify the signature.
The authentication is then ensured on both sides.
According to an embodiment, the public key of the centre is kept in the user's security module so that this important identification criterion cannot be modified.

We Claim:
1. A method of production and distribution of asymmetric public and
private keys between a key generation centre and at least one user
unit (DEC), said unit comprising a security module (SM), said
method consisting in:
generating certificates comprising a public key and a private
key in a first cryptographic unit (KPG),
coding the private key by means of a service key in the first
cryptographic unit (KPG) and storing said private key in a
key memory (KPS),
when sending the keys to a user unit, extracting the keys
from the key memory (KPS), composing the certification with
the public key,
decoding the corresponding private key by means of the
service key in a cryptographic security module and coding it
with a transport key of the user.
2. A method as claimed in claim 1, wherein the encrypted private key is received by the user unit (DEC) and transmitted to the security module (SM) containing the transport key for decoding and storing the private key.
3. A method as claimed in claim 1, wherein it consists in using several monolithic cryptographic unit to obtain a high speed coding module.
4. A method as claimed in any of the preceding claims, wherein it consists in:
coding the public key of the centre with the transport key

and transmitting it to the user unit (DEC),
receiving by the user unit, the encrypted public key and transmitting it to the security module (SM). decoding and storing the public key by means of the transport key inside the security module (SM).
Dated this 28th day of April, 2003
[RITUSHKA NHGI]
OF REMFRY AND SAGAR
ATTORNEY FOR THE APPLICANTS

Documents:

457-mumnp-2003-cancelled pages(11-05-2006).pdf

457-mumnp-2003-claims(granted)-(11-05-2006).doc

457-mumnp-2003-claims(granted)-(11-05-2006).pdf

457-mumnp-2003-correspondence(13-12-2006).pdf

457-mumnp-2003-correspondence(ipo)-(21-06-2006).pdf

457-mumnp-2003-form 1(11-05-2006).pdf

457-mumnp-2003-form 18(25-11-2005).pdf

457-mumnp-2003-form 2(granted)-(11-05-2006).doc

457-mumnp-2003-form 2(granted)-(11-05-2006).pdf

457-mumnp-2003-form 3(10-05-2006).pdf

457-mumnp-2003-form 3(11-05-2006).pdf

457-mumnp-2003-form 5(11-05-2006).pdf

457-mumnp-2003-pct-ipea-409(11-05-2006).pdf

457-mumnp-2003-pct-isa-210(11-05-2006).pdf

457-mumnp-2003-petition under rule 137(11-05-2006).pdf

457-mumnp-2003-petition under rule 138(29-06-2006).pdf

457-mumnp-2003-power of authority(11-05-2006).pdf

457-mumnp-2003-power of authority(28-04-2003).pdf

« Previous Patent

Next Patent »

Patent Number

206222

Indian Patent Application Number

457/MUMNP/2003

PG Journal Number

43/2008

Publication Date

24-Oct-2008

Grant Date

19-Apr-2007

Date of Filing

28-Apr-2003

Name of Patentee

NAGRAVISION SA

Applicant Address

22, ROUTE DE GENEVE, CH-1033 CHESEAUX-SUR-LAUSANNE, SWITZERLAND.

Inventors:

#	Inventor's Name	Inventor's Address
1	PHILIPPE STRANSKY	PRE-FONTAINE H, CH-1261 MARCHISSY, SWITZERLAND.

PCT International Classification Number

H 04 L 9/08

PCT International Application Number

PCT/IB01/02269

PCT International Filing date

2001-11-27

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	2308 / 00	2000-11-28	Switzerland