1. Field of the Disclosed Embodiments
The present invention relates to the field of the securing, storage and control of access to digital data and to its broadcasting.
The present invention pertains more particularly to a method capable of securing data and broadcasting data streams in an autonomous and secured way to fixed or mobile PDA (Personal Digital Assistant) type terminals.
2. Description of the Related Art
In the field of the securing of access to data, there are existing methods in the prior art, already known through the ISO/CEI 9594-8, RFC-2459 and RFC-2510 publications, for making standard public key cryptosystems. The principle of encryption using a public key system relies on the existence of a pair of keys denoted as Ke (private key) and Kq (public key), having values that are different but mathematically related, the keys belonging to a same proprietary entity or owner entity.
Kq is a public key published in a sort of directory as belonging to a certain entity. Thus, any individual can retrieve this key Kq, test its origin and use it to encrypt a message that it wishes to send confidentially to the proprietary or owner entity that owns the key Kq.
Ke is a private key which is known only to its proprietor and must be kept secret. The proprietary entity owning the key Kq uses the key Ke to decrypt the messages that it receives and that have been encrypted with Kq. The most widely known examples of asymmetrical cryptographic protocols called public key protocols are:                the RSA (Rivest, Shamir and Adleman) system based on the factoring of integers;        the Diffie-Hellman key exchange system;        the El Gamal system based on the discrete logarithm.        
This system which has been widely adopted relies on schemes of encryption and public key signatures implementing at least one public key infrastructure which shall here below be designated as PKI (Public Key Infrastructure) providing for the authenticity of the public keys used. A certification authority here below designated as CA makes a certain number of checks and, after making these checks, delivers a standardized X.509 digital certificate to a candidate entity and, by affixing its private signature on said digital certificate, certifies the relationship existing between a public key and the identity of the legitimate entity having access to the corresponding private key.
In this context, it is assumed that the entities acting in the exchange of encrypted data streams have prior knowledge of their identities and respective public keys which are recorded and published on said digital certificate.
A digital certificate compliant with the X.509v3 format consists of the following main fields:                Version: indicates the version of X.509 to which the certificate corresponds.        Serial number: serial number of the certificate proper to each PKI.        Algo ID signature: identifier of the type of signature used.        Issuer name: distinctive name of the CA issuing the certificate.        Validity period: validity period.        Subject name: distinctive name of the holder of the public key.        Subject public key info: information (such as value, type of algorithm etc) on the public key of this certificate.        Issuer unique ID: the unique issuer ID of the issuer of this certificate.        Subject unique ID: unique ID of the holder of the public key.        Signature: digital signature of the CA on the previous fields.        
Furthermore, the prior art especially knows the making of standard secret key cryptosystems, especially from the publications FIPS-197, RFC2405.
The principle of encryption with a secret key system relies on the existence of a unique secret key denoted as K (with K=Ke=Kq) used for both the encryption and the decryption of data. In practice, it is chiefly stream ciphers that are used when the speed of processing is essential (in telephony, links between central processing units etc). When security predominates, block encryptions or block ciphers are more used. Such cryptosystems have the main advantage of being efficient in terms of computation time for both encrypting and decrypting.
The best known examples of symmetrical cryptographic protocols (with secret keys) are:                The DES (Data Encryption Standard, RFC 2405) system;        The AES (Advanced Encryption Standard, FIPS-197) system;        The 3-DES system;        The IDEA system;        The RC6/RC4 (stream) system.        
The major drawback of such cryptosystems, with regard to both the public key and the secret key, lies in the complexity of the administration and management of the keys. What is understood by the management of keys attached to any cryptosystem are the aspects of securing related to the storage, distribution, exchange, archiving, functional diversification, restoration, replacement, revocation and timelines (or history) of the keys.
In addition to this drawback, there is a far more important flaw in present-day cryptosystems especially in the case of the reading of the secured data by a user.
In a public key cryptosystem, the secured data elements are systematically disassociated from the authentication during their interpretation by a user. There is a real risk of usurpation and/or degradation of the contents without any efficient means of checking. It is thus difficult to determine the person who has accessed or modified secured data.
In the case of a secret key cryptosystem, the risk here is centered rather on the confidentiality of the data. During the interpretation by a user of the secured data (the decrypting of the data), this data is vulnerable throughout the reading period. There is a then a real risk of interception, of fraudulent passive listening or again of diversion of this data.
Furthermore, the lack of interoperability between cryptosystems, whether of the PKI or of the secret key type is a major obstacle to their deployment in companies. The well-known complexity of the prior art for cross-certification between PKIs or again their incompatibility with the encrypting techniques of a secret key cryptosystem will be noted. It is thus difficult for an entity to set up a policy of security with several other entities using distinct cryptosystems.