公开(公告)号：US20240250805A1

公开(公告)日：2024-07-25

申请号：US18542551

申请日：2023-12-15

申请人： Jean-Bernard FISCHER ,  Nicolas FISCHER ,  Fabien GREMAUD ,  Karine VILLEGAS

发明人： Jean-Bernard FISCHER ,  Nicolas FISCHER ,  Fabien GREMAUD ,  Karine VILLEGAS

IPC分类号： H04L9/08 ,  H04L9/14

CPC分类号： H04L9/0822 ,  H04L9/0825 ,  H04L9/083 ,  H04L9/14

摘要： The present disclosure includes methods, devises and systems for preparing and installing one or more application keys owned by application owners in a remote device. The present disclosure further proposes methods, devices and systems for secure installation of subsequent application keys on a device utilising corresponding key derivation functions to associate an application with a respective policy and identifier using significantly lmv bandwidth for transfer of keys for execution of the respective application on the device.

公开(公告)号：US08782417B2

公开(公告)日：2014-07-15

申请号：US13524756

申请日：2012-06-15

申请人： Fabien Gremaud ,  Olivier Brique

发明人： Fabien Gremaud ,  Olivier Brique

IPC分类号： H04N7/167 ,  H04N21/418 ,  H04N21/4623

CPC分类号： H04N21/4181 ,  H04N7/1675 ,  H04N21/4405 ,  H04N21/4623

摘要： A method for verifying access conditions performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message includes a first part including first access conditions and a second part structured as a control message including at least second access conditions and a control word. A first conditional access device is configured for decrypting the control message with a common key specific to units having a first conditional access device and verifying the authenticity of said message. When the verification succeeds, the second part and a second right is transmitted to a second conditional access device, which decrypts the second part with a common key specific to units having a second conditional access device and verifies the authenticity of said second part and the second access conditions in relation to the second right encrypted by a personal key embedded therein.

摘要翻译： 一种用于在将控制字释放到解扰器之前对控制消息连续地验证两个条件访问设备执行的访问条件的方法。 控制消息包括包括第一访问条件的第一部分和被构造为包括至少第二访问条件和控制字的控制消息的第二部分。 第一条件访问设备被配置为用具有第一条件访问设备的单元特有的公共密钥来解密控制消息并且验证所述消息的真实性。 当验证成功时，第二部分和第二权利被传送到第二条件访问设备，第二条件访问设备用具有第二条件访问设备的单元特有的公共密钥对第二部分进行解密，并且验证所述第二部分的真实性， 通过嵌入其中的个人密钥加密的与第二权限相关的访问条件。

公开(公告)号：US20110154042A1

公开(公告)日：2011-06-23

申请号：US12971876

申请日：2010-12-17

申请人： Fabien GREMAUD ,  Olivier Brique

发明人： Fabien GREMAUD ,  Olivier Brique

IPC分类号： H04L9/32 ,  H04N7/167

CPC分类号： H04N7/1675 ,  H04N21/4181 ,  H04N21/42623 ,  H04N21/4367 ,  H04N21/4405 ,  H04N21/4623

摘要： A method based on access conditions verification performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message encapsulates a second part including another control message. The processing unit for carrying out the method comprises a first conditional access device connected to a second conditional access device provided with a descrambler and a secured processor or secured hardware logic. The control message and the second part are each encrypted and accompanied by respectively first and second authentication data. The first conditional access device decrypts and verifies integrity of the control message, verifies the first access conditions and transmits the second part to the second access control device. The second conditional access device decrypts and verifies integrity of the second part and further verifies the second access conditions, and releases and loads the control word into the descrambler.

摘要翻译： 一种基于访问条件验证的方法，该方法在将控制字释放到解扰器之前连续地在控制消息上由两个条件访问设备执行。 控制消息封装包括另一个控制消息的第二部分。 用于执行该方法的处理单元包括连接到具有解扰器和安全处理器或安全硬件逻辑的第二条件访问设备的第一条件访问设备。 控制消息和第二部分分别被加密并且分别伴随着第一和第二认证数据。 第一条件访问设备解密并验证控制消息的完整性，验证第一访问条件并将第二部分发送到第二访问控制设备。 第二条件访问设备解密和验证第二部分的完整性，并进一步验证第二访问条件，并释放并将控制字加载到解扰器中。

公开(公告)号：US07697686B2

公开(公告)日：2010-04-13

申请号：US11284101

申请日：2005-11-22

申请人： Jean-Michel Puiatti ,  André Nicoulin ,  Nicolas Fischer ,  Guy Moreillon ,  Fabien Gremaud ,  Michael John Hill

发明人： Jean-Michel Puiatti ,  André Nicoulin ,  Nicolas Fischer ,  Guy Moreillon ,  Fabien Gremaud ,  Michael John Hill

IPC分类号： H04N7/167

CPC分类号： H04N5/913 ,  H04N7/163 ,  H04N7/1675 ,  H04N21/26613 ,  H04N21/4181 ,  H04N21/4405 ,  H04N21/4408 ,  H04N21/4627 ,  H04N21/835 ,  H04N2005/91364

摘要： Example embodiments are directed to a digital audio/video (AV) data processing unit and a method of controlling access to the digital AV data. The processing unit of AV digital data includes a deciphering unit of the AV data, a decompression unit, an input/output interface of the processed AV data and communication device towards a security module. The deciphering and decompression units respectively include an encryption unit and a decryption unit, each having at least one personal key and a common encryption key. Deciphering the AV data using the control words and re-encrypting the deciphered AV data occurs only after a successful verification of the control word and the common key. After temporary storage, the re-encrypted AV data cannot be decrypted by the decryption unit unless the common key has been positively verified by the security module by way of a random number generated by the decryption unit.

摘要翻译： 示例性实施例涉及数字音频/视频（AV）数据处理单元和控制对数字AV数据的访问的方法。 AV数字数据的处理单元包括AV数据的解密单元，解压缩单元，经处理的AV数据的输入/输出接口和通信设备朝向安全模块。 解密和解压缩单元分别包括加密单元和解密单元，每个加密单元和解密单元具有至少一个个人密钥和公共加密密钥。 使用控制字对AV数据进行解密并对解密的AV数据重新进行加密，只有在成功地验证了控制字和公用密钥之后才发生。 在临时存储之后，重新加密的AV数据不能被解密单元解密，除非通过安全模块通过由解密单元生成的随机数来肯定地验证了公共密钥。

公开(公告)号：US20090319741A1

公开(公告)日：2009-12-24

申请号：US12489712

申请日：2009-06-23

申请人： Fabien Gremaud ,  Christophe Gogniat ,  Marc Bellocchio ,  Pascal Fuchs

发明人： Fabien Gremaud ,  Christophe Gogniat ,  Marc Bellocchio ,  Pascal Fuchs

IPC分类号： G06F12/14 ,  G06F21/00 ,  H04L9/00 ,  G06F12/00

CPC分类号： G06F21/57 ,  G06F21/79

摘要： The present invention describes a system and a method for securely loading digital information from a storage device into a memory module in a data processing system, said data processing system comprising at least one storage device, one memory module and at least one processor, said data processing system further comprising a memory access controller module connected between the processor and the memory module, and a secure memory management module connected to the processor, the memory module, the storage device and the memory access controller. Requests by the processor for data are passed to the secure memory management module, which loads the data from the storage device to the memory module and configures the memory access controller such that the processor will have access to the data.

摘要翻译： 本发明描述了一种用于将数字信息从存储设备安全地加载到数据处理系统中的存储器模块的系统和方法，所述数据处理系统包括至少一个存储设备，一个存储器模块和至少一个处理器，所述数据 处理系统还包括连接在处理器和存储器模块之间的存储器访问控制器模块，以及连接到处理器，存储器模块，存储设备和存储器访问控制器的安全存储器管理模块。 处理器对数据的请求被传递到安全存储器管理模块，安全存储器管理模块将数据从存储设备加载到存储器模块，并配置存储器访问控制器，使得处理器能够访问数据。

公开(公告)号：US09191621B2

公开(公告)日：2015-11-17

申请号：US13990979

申请日：2011-12-01

申请人： Fabien Gremaud ,  Nicolas Fischer

发明人： Fabien Gremaud ,  Nicolas Fischer

IPC分类号： H04N7/167 ,  H04N21/418 ,  H04N21/433 ,  H04N21/4408

CPC分类号： H04N7/167 ,  H04N21/4181 ,  H04N21/4334 ,  H04N21/4408

摘要： A television event may be consumed after been stored in a mass memory of a multimedia unit, but still fully relies on the security of a secure device. A conversion of a received content aims at firstly descrambling the content using control words included in entitlement control messages and immediately re-encrypting the descrambled content by a unique key generated specifically for this content. Access conditions attached to the entitlement control message containing the control word are temporarily stored and once the decryption is terminated, the secure device produces an information block. This information block containing for example access conditions and an identifier of the content is either stored into a secure memory of the secure device or stored in the mass memory with the encrypted content. The unique key is made up of a combination of a root key specific to the secure device and the information block.

摘要翻译： 电视事件在被存储在多媒体单元的大容量存储器中之后可能被消耗，但是仍然完全依赖于安全设备的安全性。 接收到的内容的转换旨在首先使用包括在授权控制消息中的控制字对内容进行解扰，并且通过专门针对该内容生成的唯一密钥立即重新加密解扰的内容。 临时存储附加到包含控制字的授权控制消息的访问条件，一旦解密结束，则安全设备产生信息块。 包含例如访问条件和内容的标识符的该信息块或者被存储到安全设备的安全存储器中或者存储在具有加密内容的大容量存储器中。 唯一密钥由特定于安全设备的根密钥和信息块的组合组成。

公开(公告)号：US20110075843A1

公开(公告)日：2011-03-31

申请号：US12995003

申请日：2009-05-28

申请人： Fabien Gremaud ,  Joel Wenger

发明人： Fabien Gremaud ,  Joel Wenger

IPC分类号： H04N7/167

CPC分类号： H04N7/1675 ,  H04L9/0833 ,  H04L9/0891 ,  H04L2209/603 ,  H04L2209/80 ,  H04N7/163 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4367 ,  H04N21/4623 ,  H04N21/63345

摘要： Unit for secure processing access controlled audio/video data capable of receiving control messages(ECM) comprising at least one first control word (CW1) and first right execution parameters (C1), at least one second control word (CW2) and second right execution parameters (C2), said processing unit being connected to a first access control device (CA1), said processing unit is characterized in that it comprises: —means for verifying and applying the first right execution parameters (C1) in relation to the contents of a memory (M1) of said first access control device (CA1) and means for obtaining the first control word CW1, —a second access control device (CA2) integrated into the processing unit UT including means for verifying and applying the second right execution parameters (C2) in relation to the contents of a memory (M2) associated to said second access control device (CA2) and means for obtaining the second control word (CW2), —a deciphering module (MD) capable of deciphering, sequentially with the first and the second control word (CW1) and (CW2), the access controlled audio/video data, said control words (CW1) and (CW2) being provided by the first and second access control devices (CA1, CA2) and stored in said deciphering module (MD). A method for secure processing digital access controlled audio/video data carried out by said unit is also an object of the present invention.

摘要翻译： 用于安全处理访问控制音频/视频数据的单元，其能够接收包括至少一个第一控制字（CW1）和第一右执行参数（C1）的控制消息（ECM），至少一个第二控制字（CW2）和第二右执行 参数（C2），所述处理单元连接到第一访问控制设备（CA1），所述处理单元的特征在于它包括： - 用于验证和应用第一正确执行参数（C1）的内容相对于 所述第一访问控制装置（CA1）的存储器（M1）和用于获得集成到处理单元UT中的第一控制字CW1，第二存取控制装置（CA2）的装置，包括用于验证和应用第二正确执行参数 （C2）相关于与所述第二访问控制设备（CA2）相关联的存储器（M2）的内容和用于获得第二控制字（CW2）的装置， - 解密模块（MD） 第一和第二控制字（CW1）和（CW2）顺序地由第一和第二访问控制装置（CA1，...）提供访问控制音频/视频数据，所述控制字（CW1）和（CW2） CA2）并存储在所述解密模块（MD）中。 用于由所述单元执行的用于安全处理数字访问控制的音频/视频数据的方法也是本发明的目的。