公开(公告)号：US20090254996A1

公开(公告)日：2009-10-08

申请号：US12383787

申请日：2009-03-27

申请人： Joel Conus ,  Luca Gradassi ,  Rached Ksontini ,  Henri Kudelski

发明人： Joel Conus ,  Luca Gradassi ,  Rached Ksontini ,  Henri Kudelski

IPC分类号： G06F21/00 ,  H04L9/06

CPC分类号： H04N7/1675 ,  H04N7/163 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4623 ,  H04N21/8193

摘要： The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterised in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.

摘要翻译： 本发明的目的是限制作为安全模块的仿真器的安全漏洞的影响。 该目的由音频/视频数字条件访问数据的处理单元达到，由控制字加密，负责处理包含相对于控制字的至少一个密码和相对于控制字的一个指令的安全消息，其特征在于： 包括通过安全消息接收至少两个微程序的装置，由安全模块执行，所述安全模块包括存储至少两个微程序的装置和用于接收包含在安全消息中的指令的装置，用于选择由 所述指令用于执行所述微程序至少具有密码作为执行参数，该执行允许控制字的计算被发送回音频/视频处理单元。

公开(公告)号：US08646097B2

公开(公告)日：2014-02-04

申请号：US12383787

申请日：2009-03-27

申请人： Joel Conus ,  Luca Gradassi ,  Rached Ksontini ,  Henri Kudelski

发明人： Joel Conus ,  Luca Gradassi ,  Rached Ksontini ,  Henri Kudelski

IPC分类号： G06F17/30

CPC分类号： H04N7/1675 ,  H04N7/163 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4623 ,  H04N21/8193

摘要： The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterized in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.

摘要翻译： 本发明的目的是限制作为安全模块的仿真器的安全漏洞的影响。 该目的由音频/视频数字条件访问数据的处理单元达到，由控制字加密，负责处理包含相对于控制字的至少一个密码和相对于控制字的一个指令的安全消息，其特征在于： 包括通过安全消息接收至少两个微程序的装置，由安全模块执行，所述安全模块包括存储至少两个微程序的装置和用于接收包含在安全消息中的指令的装置，用于选择由 所述指令用于执行所述微程序至少具有密码作为执行参数，该执行允许控制字的计算被发送回音频/视频处理单元。

公开(公告)号：US20100138636A1

公开(公告)日：2010-06-03

申请号：US12452567

申请日：2008-07-09

申请人： Joël Conus ,  Luca Gradassi

发明人： Joël Conus ,  Luca Gradassi

IPC分类号： G06F9/30 ,  G06F12/00 ,  G06F9/54 ,  G06F21/22

CPC分类号： H04N7/1675 ,  H04N7/163 ,  H04N21/4181 ,  H04N21/4435 ,  H04N21/4586 ,  H04N21/4623 ,  H04N21/8193

摘要： One embodiment of the present invention discloses a process for sending an executable code to a security module locally connected to a receiving device. This security module comprises a microcontroller and a memory, the memory including at least one executable area provided to contain instructions suitable to be executed by the microcontroller, and at least one non-executable area, wherein the microcontroller cannot execute the instructions, further comprising the steps of dividing the executable code into blocks; adding at least one block management code to the blocks in order to create an extended block; introducing the content of an extended block into a message to be processed in the receiving device, in such a way that the whole executable code is contained in a plurality of messages; sending a message to the receiving device, this message containing one of the extended blocks different from the first extended block; processing the message in order to extract its extended block; storing the executable code and the at least one management code of the block received in the executable area of the memory; executing at least one management code of the extended block, this management code includes the effect of transferring the content of the block to a non-executable area of the memory; repeating the previous steps until all the extended blocks are stored in the memory, except for the first block; sending a message containing the first extended block to the receiving device; processing the message in order to extract the extended block and storing the executable code of the block received in the executable area of the memory. One embodiment of the invention also concerns a process for the execution of this code.

摘要翻译： 本发明的一个实施例公开了一种用于向本地连接到接收设备的安全模块发送可执行代码的过程。 该安全模块包括微控制器和存储器，该存储器包括被提供以包含适于由微控制器执行的指令的至少一个可执行区域以及至少一个不可执行区域，其中微控制器不能执行指令，还包括 将可执行代码划分为块的步骤; 向块中添加至少一个块管理代码以创建扩展块; 将扩展块的内容引入要在接收设备中处理的消息，使得整个可执行代码被包含在多个消息中; 向接收设备发送消息，该消息包含与第一扩展块不同的扩展块之一; 处理消息以提取其扩展块; 将所述可执行代码和所接收的块的所述至少一个管理代码存储在所述存储器的可执行区域中; 执行扩展块的至少一个管理代码，该管理代码包括将块的内容传送到存储器的不可执行区域的效果; 重复前面的步骤，直到所有扩展块都存储在存储器中，除了第一块之外; 向所述接收设备发送包含所述第一扩展块的消息; 处理消息以便提取扩展块并将接收到的块的可执行代码存储在存储器的可执行区域中。 本发明的一个实施例还涉及用于执行该代码的过程。

公开(公告)号：US08484484B2

公开(公告)日：2013-07-09

申请号：US12452567

申请日：2008-07-09

申请人： Joël Conus ,  Luca Gradassi

发明人： Joël Conus ,  Luca Gradassi

IPC分类号： G06F21/00

CPC分类号： H04N7/1675 ,  H04N7/163 ,  H04N21/4181 ,  H04N21/4435 ,  H04N21/4586 ,  H04N21/4623 ,  H04N21/8193

摘要： One embodiment of the present invention discloses a process for sending an executable code to a security module locally connected to a receiving device. This security module comprises a microcontroller and a memory, the memory including at least one executable area provided to contain instructions suitable to be executed by the microcontroller, and at least one non-executable area, wherein the microcontroller cannot execute the instructions. The process includes dividing the executable code into blocks; adding at least one block management code to the blocks in order to create an extended block; introducing the content of an extended block into a message to be processed in the receiving device, in such a way that the whole executable code is contained in a plurality of messages; and sending a message to the receiving device, this message containing one of the extended blocks different from the first extended block.

摘要翻译： 本发明的一个实施例公开了一种用于向本地连接到接收设备的安全模块发送可执行代码的过程。 该安全模块包括微控制器和存储器，该存储器包括被提供以包含适于由微控制器执行的指令的至少一个可执行区域以及至少一个不可执行区域，其中微控制器不能执行指令。 该过程包括将可执行代码分成块; 向块中添加至少一个块管理代码以创建扩展块; 将扩展块的内容引入要在接收设备中处理的消息，使得整个可执行代码被包含在多个消息中; 并且向接收设备发送消息，该消息包含与第一扩展块不同的扩展块之一。