公开(公告)号：EP2107807A1

公开(公告)日：2009-10-07

申请号：EP08103372.2

申请日：2008-04-04

申请人： Irdeto Access B.V.

发明人： Van der Vegt, Arjen

IPC分类号： H04N7/16 ,  H04L29/06

CPC分类号： H04N7/163 ,  G06F21/34 ,  H04L63/10 ,  H04L2463/101 ,  H04N21/4181 ,  H04N21/4623 ,  H04N21/4753 ,  H04N21/4882

摘要： The invention provides a conditional access system, wherein a conditional access client in a terminal has minimal functionality while a smartcard for use in the terminal incorporates user interaction and content authorisation functionality. The interface for user interaction between the smartcard and the conditional access client is generic. The invention enables addition or modification of conditional access functionality to the conditional access system by upgrading or replacing the smartcard, without requiring modifications to the terminal.

摘要翻译： 本发明提供一种有条件访问系统，worin终端中的条件存取客户端具有上，而在终端中使用的智能卡集成了用户交互和内容授权功能的最小功能。 对于智能卡和条件存取客户端之间的用户交互的接口是通用。 本发明使得能够通过升级或替换智能卡，而无需修改所述终端上的条件接入系统的条件接入功能的添加或修改。

公开(公告)号：EP2079238A1

公开(公告)日：2009-07-15

申请号：EP08170713.5

申请日：2008-12-04

申请人： Irdeto Access B.V.

发明人： Van der Vegt, Arjen

IPC分类号： H04N7/16 ,  H04N5/00

CPC分类号： H04N7/165 ,  H04N7/24 ,  H04N21/41407 ,  H04N21/4181 ,  H04N21/43607 ,  H04N21/4367 ,  H04N21/43853 ,  H04N21/4542 ,  H04N21/4623

摘要： The invention provides an improved conditional access system with efficient bandwidth usage on the interface between a receiver and a conditional access module. The conditional access system has a receiver, a selection module, a conditional access module and possibly a terminal. The conditional access module has a first memory for storing service identifiers of services and transmits one or more service identifiers to the selection module. The selection module receives an input signal from,the receiver and selects from the input signal those sub-signals as identified by the service identifiers and transmits the sub-signals to the conditional access module.

摘要翻译： 本发明提供了一种改进的条件访问系统，其在接收器和条件访问模块之间的接口上具有有效的带宽使用。 条件访问系统具有接收器，选择模块，条件访问模块和可能的终端。 条件访问模块具有用于存储服务的服务标识符的第一存储器，并向选择模块发送一个或多个服务标识符。 选择模块从接收器接收输入信号并从输入信号中选择由服务标识符识别的那些子信号，并将子信号发送到条件访问模块。

公开(公告)号：EP2079237A1

公开(公告)日：2009-07-15

申请号：EP08100422.8

申请日：2008-01-14

申请人： Irdeto Access B.V.

发明人： Vegt, van der, Arjen

IPC分类号： H04N7/16 ,  H04N5/00

CPC分类号： H04N7/165 ,  H04N7/24 ,  H04N21/41407 ,  H04N21/4181 ,  H04N21/43607 ,  H04N21/4367 ,  H04N21/43853 ,  H04N21/4542 ,  H04N21/4623

摘要： The invention provides an improved conditional access system with efficient bandwidth usage on the interface between a receiver and a conditional access module. The conditional access system has a receiver, a selection module, a conditional access module and possibly a terminal. The conditional access module has a first memory for storing service identifiers of services and transmits one or more service identifiers to the selection module. The selection module receives an input signal from the receiver and selects from the input signal those sub-signals as identified by the service identifiers and transmits the sub-signals to the conditional access module.

摘要翻译： 本发明提供了一种在接收机和条件访问模块之间的接口上具有高效带宽使用的改进的条件访问系统。 条件访问系统具有接收器，选择模块，条件访问模块和可能的终端。 条件访问模块具有用于存储服务的服务标识符的第一存储器，并将一个或多个服务标识符发送到选择模块。 选择模块接收来自接收器的输入信号，并从输入信号中选择由服务标识符标识的那些子信号，并将子信号发送给条件访问模块。

公开(公告)号：EP1840779A1

公开(公告)日：2007-10-03

申请号：EP06112126.5

申请日：2006-03-31

申请人： Irdeto Access B.V.

发明人： Dekker, Gerard Johan ,  Strydom, Werner Stephanus ,  Bosscha, Albert-Jan

IPC分类号： G06F21/00

CPC分类号： H04N21/442 ,  G06F21/10 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4627

摘要： A method of authorising conditional access to an encrypted digital data product, includes storing at least one set (23) of entitlements in a secure device (19,21), each entitlement including a product identifier and expiry information, receiving entitlement control messages from a decoder system (13) including a device (25) for decrypting encrypted digital data products using control words, each entitlement control message including a product identifier, and in a first mode, returning at least one control word in response to an entitlement control message including a product identifier if the product identifier corresponds to a product identifier in a stored entitlement including expiry information indicating the entitlement to be valid, and, in a second mode, progressively adjusting a counter (31) to a pre-determined value and returning at least one control word in response also to entitlement control messages including a product identifier if the product identifier corresponds to a product identifier in a stored entitlement including expiry information indicating expiry of the entitlement and if the counter (31) is at a value between an initial value and the pre-determined value. The counter (31) is set to an initial value to commence operation in the second mode upon receiving an entitlement control message including a product identifier corresponding to a product identifier in a stored entitlement that includes expiry information indicating expiry of the entitlement.

摘要翻译： 一种授权对加密的数字数据产品进行条件访问的方法，包括将至少一组（23）的授权存储在安全设备（19,21）中，每个权利包括产品标识符和到期信息，从...中接收授权控制消息 解码器系统（13），包括用于使用控制字解密加密的数字数据产品的设备（25），每个授权控制消息包括产品标识符，并且在第一模式中，响应于授权控制消息返回至少一个控制字，包括 产品标识符，如果产品标识符对应于存储的权利中的产品标识符，包括指示有效权限的到期信息，并且在第二模式中，逐个将计数器（31）调整到预定值并至少返回 一个控制字也响应于权利控制消息，包括产品标识符，如果产品标识符对应于ap 存储的权利中的产品标识符，包括指示授权的到期的到期信息，以及计数器（31）是否处于初始值和预定值之间的值。 计数器（31）被设置为初始值，以在接收到包括对应于存储的权利中的产品标识符的产品标识符的授权控制消息时，在第二模式中开始操作，该存储的权利包括表示权利终止的有效信息。

公开(公告)号：EP1821538A1

公开(公告)日：2007-08-22

申请号：EP06101704.2

申请日：2006-02-15

申请人： Irdeto Access B.V.

发明人： Wajs, Andrew Augustine

IPC分类号： H04N7/167

CPC分类号： H04N21/44055 ,  H04N7/1675 ,  H04N21/23476 ,  H04N21/23614 ,  H04N21/26606 ,  H04N21/4623

摘要： A method of providing scrambled data includes providing a stream (12;22;26) of data units based on a sequence of clear data units by at least
subjecting at least part of at least some of the clear data units to a cryptographic operation employing a first encryption key which forms a key pair with a corresponding first decryption key, such that a first section of the stream of data units includes data units including cryptograms obtained using a first value of the first encryption key, and such that a second section includes data units including cryptograms obtained using a second value of the first encryption key,
and by associating data units with scrambling state identifying data (17,18) for indicating a state of scrambling applicable to the associated data unit. The method further includes providing a stream of key messages, each carrying at least key information enabling an authorised decoder (33) to obtain a value of the first decryption key, the stream of key messages and stream of data units being synchronised, associating each data unit including a cryptogram obtained using any value of the first encryption key with scrambling state identifying data including an identifier value associated with the first decryption key, associating data units in a third section, separating the first and second sections, with scrambling state identifying data lacking an identifier value associated with the first decryption key, and providing in at least one key message coinciding with one of the first and third sections key information enabling an authorised decoder to obtain a value of the first decryption key corresponding with the second value of the first encryption key. Subjection of at least part of the clear data units to the cryptographic operation employing the first encryption key is suspended for each data unit in the sequence included in the third section.

摘要翻译： 一种提供加密数据的方法包括：通过至少将至少一些清除数据单元的至少一部分经受使用一个或多个清除数据单元的密码操作，基于清除数据单元的序列来提供数据单元的流（12; 22; 26） 第一加密密钥，其与对应的第一解密密钥形成密钥对，使得所述数据单元流的第一部分包括包括使用所述第一加密密钥的第一值获得的密码的数据单元，并且使得第二部分包括数据 单元，包括使用第一加密密钥的第二值获得的密码，以及通过将数据单元与加扰状态识别数据（17,18）相关联，用于指示适用于相关联的数据单元的加扰状态。 该方法还包括提供密钥消息流，每个密钥消息流携带至少密钥信息，使得授权解码器（33）能够获得第一解密密钥的值，密钥消息流和正在同步的数据单元流，将每个数据 单元，其包括使用具有加扰状态的任何值的第一加密密钥获得的密码，所述加扰状态标识数据包括与第一解密密钥相关联的标识符值，将第三部分中的数据单元相关联，分离第一和第二部分与加密状态识别数据不足 与所述第一解密密钥相关联的标识符值，以及提供与所述第一和第三部分之一重合的至少一个密钥消息，所述密钥信息使得授权解码器能够获得与所述第一解密密钥对应的第一解密密钥的值 加密密钥 对于每个数据单元，按照包括在第三部分中的顺序，暂停将至少部分清除数据单元丢弃到采用第一加密密钥的密码操作。

公开(公告)号：EP1772013A1

公开(公告)日：2007-04-11

申请号：EP04766315.8

申请日：2004-07-26

申请人： Irdeto Access B.V.

发明人： WAJS, Andrew Augustine, IRDETO ACCESS B.V. ,  DEKKER, Gerard Johan, IRDETO ACCESS B.V. ,  SIEDLE, David Neil, IRDETO ACCESS B.V. ,  VAN WIJK, Roelof IRDETO ACCESS B.V. ,  HOOGENBOOM, Ronaldus Petrus J., IRDETO ACCESS B.V. ,  PALMER, James, Stewart, C., IRDETO ACCESS B.V. ,  STOCKHAMMER, Thomas, Franz

IPC分类号： H04N7/167

CPC分类号： H04N7/1675 ,  H04N21/23476 ,  H04N21/44055 ,  H04N21/835

摘要： A method of partially scrambling a data stream (6) including transport stream packets (7), each transport stream packet (7) having a header (8) and a payload (9), wherein a sequence of transport stream packets (7) has payloads carrying encoded data elements, arranged in units (15), includes: selecting transport stream packets (7) forming a sub­sequence of the sequence, and scrambling at least part of the payloads (9) of each transport stream packet (7) in the subsequence. The method further includes monitoring the payloads (9) of at least some of the transport stream packets (7) in the sequence for the presence of data (22) indicating a boundary between two subsequent units (15), and, for selected units (15), including at least one of the transport stream packets (7) carrying data forming part of the selected unit (15) in the sub-sequence.

公开(公告)号：EP1011269B1

公开(公告)日：2007-02-14

申请号：EP98204137.8

申请日：1998-12-08

申请人： Irdeto Access B.V.

发明人： Wajs, Andrew Augustine ,  Dekker, Gerard Johan

IPC分类号： H04N7/167 ,  H04N7/30

CPC分类号： H04N7/1675

公开(公告)号：EP1621956A1

公开(公告)日：2006-02-01

申请号：EP04103696.3

申请日：2004-07-30

申请人： Irdeto Access B.V.

发明人： WAJS, Andrew Augustine

IPC分类号： G06F1/00

CPC分类号： G06F21/10 ,  G06F2221/2101 ,  G06F2221/2135

摘要： A method of providing rights data objects for issuing to a device having access to encrypted content belonging to one of a plurality of events and provided with an indication of a location from which the rights data object may be requested and event information uniquely associated with the event, which device includes an agent function for providing a request to a device (24) issuing rights data objects from the indicated location and data representative of the event information, includes:

receiving the request and data representative of the event information,
generating a rights data object, including event key information enabling the content data belonging to the event uniquely associated with the event information to be decrypted, and is characterised by
generating the event key information using a cryptographic function that operates on at least a part of the event information.

摘要翻译： 一种提供权限数据对象的方法，用于向具有访问属于多个事件中的一个事件的加密内容的设备提供权限数据对象，并且具有可以请求权利数据对象的位置的指示以及与该事件唯一相关联的事件信息 ，该设备包括用于向从指示的位置发出权限数据对象的设备（24）提供请求的代理功能和表示事件信息的数据，包括：接收表示事件信息的请求和数据，生成权限数据 对象，包括能够使属于与事件信息唯一相关联的事件的内容数据被解密的事件密钥信息，并且其特征在于使用对至少一部分事件信息进行操作的密码函数来生成事件密钥信息。

公开(公告)号：EP1621955A1

公开(公告)日：2006-02-01

申请号：EP04103695.5

申请日：2004-07-30

申请人： Irdeto Access B.V.

发明人： WAJS, Andrew Augustine

IPC分类号： G06F1/00

CPC分类号： G06F21/10 ,  G06F2221/2149

摘要： A method of providing access to encrypted content to one of a plurality of consumer systems (2-6),
each consumer system being able to obtain a secure content package, including the encrypted content and an indication of a location from which to request a rights data object, the rights data object including at least content key information enabling decryption of at least part of the encrypted content and being cryptographically bound to at least the device to which it is issued, such that only devices (2-4,6) with an agent function to which the rights data object has been bound are able to obtain the content key information, is characterised by transferring a rights issuer module to a protected environment (25) of a device (24) for incorporation in the one consumer system, enabling the device, when operational in the consumer system, to generate at least one rights data object cryptographically bound to a requesting one of the devices in the consumer system provided with an agent function.

摘要翻译： 一种向多个消费者系统（2-6）之一提供对加密内容的访问的方法，每个消费者系统能够获得包括加密内容的安全内容包，以及请求权限的位置的指示 数据对象，所述权利数据对象至少包括内容密钥信息，所述内容密钥信息至少能够解密所述加密内容的至少一部分，并且被加密地绑定到至少其所发行的设备，使得仅具有 权利数据对象已经绑定的代理功能能够获得内容密钥信息，其特征在于将权利发行者模块传送到用于并入在一个消费者系统中的设备（24）的受保护环境（25） 使得在消费者系统中操作的设备能够生成加密地绑定到设置有代理功能的消费者系统中的设备的请求的一个的至少一个权利数据对象 上。

公开(公告)号：EP1447976A1

公开(公告)日：2004-08-18

申请号：EP03100297.5

申请日：2003-02-12

申请人： Irdeto Access B.V.

发明人： van de Ven, Antonius, Johannes, Petrus, Maria ,  Wajs, Andrew, Augustine

IPC分类号： H04N5/00 ,  H04N7/167 ,  H04N7/16

CPC分类号： H04N21/43853 ,  H04H60/14 ,  H04N7/163 ,  H04N7/1675 ,  H04N21/2543 ,  H04N21/4181 ,  H04N21/4263 ,  H04N21/6334 ,  H04N21/835

摘要： A method of controlling descrambling of a plurality of program transport streams received by a receiver system comprises receiving a sequence of messages in a conditional access sub-system (9,10) comprised in said receiver system, each message being associated with one of a number of scrambled program transport streams and representing a request for returning information enabling the associated scrambled transport stream to be descrambled by at least one descrambler module (12) in the receiver system, determining whether messages received within a certain interval are associated with a number of different scrambled program transport streams, and denying at least one of the requests represented by the messages received in the certain interval, if the number of different scrambled program transport streams with which the messages are associated exceeds a pre-determined number.

摘要翻译： 控制由接收机系统接收的节目传输流中的多个解扰的方法包括在所述接收机系统包括一个条件访问子系统（9,10）接收消息的一个序列，每一消息被以数字的一个相关联 加扰的节目的传输流和表示返回信息，使得相关联的加扰的传输流的请求，以通过在接收机系统中的至少一个解扰器模块（12）进行解扰，确定性采矿无论是一定时间间隔内接收到的消息与许多不同的相关联的 加扰的节目的传输流，并且不认通过在一定的时间间隔接收的消息代表请求中的至少一个，如果与该消息相关联的不同加扰的节目的传输流的数量超过预先确定的数目。