-
公开(公告)号:US20110022854A1
公开(公告)日:2011-01-27
申请号:US12801891
申请日:2010-06-30
申请人: Marco Macchetti , Henri Kudelski
发明人: Marco Macchetti , Henri Kudelski
IPC分类号: G06F12/14
CPC分类号: G06F21/125
摘要: The present invention provides a solution to the problem of guaranteeing the integrity of software programmes by encrypting all or part of each instruction of a programme using a key based on all or part of one or a plurality of previous instructions, thus resulting in a different encryption key per instruction. The invention is applicable to software programmes whose structures are not necessarily tree-like in nature and is also applicable when the programme includes loops, jumps, calls or breaks etc. The invention allows for an exception to be flagged when an encrypted instruction is wrongly decrypted. There is no need for the first instruction to be in clear, since the instruction key may be appropriately initialised as required. The invention can be realised in software or entirely in hardware thereby eliminating the possibility of a third party intercepting a decrypted instruction or a decryption key.
摘要翻译: 本发明通过使用基于一个或多个先前指令的全部或部分的密钥加密程序的每个指令的全部或部分来提供软件程序的完整性的问题的解决方案,从而导致不同的加密 按指令键。 本发明适用于其结构本质上不一定是树状的软件程序,并且当程序包括循环,跳转,调用或中断等时也是适用的。本发明允许在加密指令被错误地解密时被标记的异常 。 不需要第一条指令清楚,因为指令键可以根据需要进行适当的初始化。 本发明可以以软件或完全在硬件中实现,从而消除了第三方拦截解密指令或解密密钥的可能性。
-
22.发明申请Management messages transmission method by a management center intended to a plurality of multimedia units 审中-公开由多个多媒体单元的管理中心的管理消息发送方法公开(公告)号:US20060083371A1
公开(公告)日:2006-04-20
申请号:US11247224
申请日:2005-10-12
IPC分类号: H04L9/28
CPC分类号: H04N21/4181 , H04N7/163 , H04N21/26606
摘要: The present invention relates to a management messages transmission method by a management center intended to a plurality of multimedia units. Each unit has a security module (SC) comprising at least one global encryption key used in relation with an encryption module. This method is characterized in that it consists of dividing the totality of the security modules allowing access to encrypted data originating from a determined provider into at least two groups (GR1, GR2), a first group of security modules having a first configuration of the security elements and a second group of security modules having a second configuration of the security elements, the first configuration being different from the second configuration.
摘要翻译: 本发明涉及一种管理中心,用于多个多媒体单元的管理消息传输方法。 每个单元具有包括与加密模块相关联使用的至少一个全局加密密钥的安全模块(SC)。 该方法的特征在于,它包括将安全模块的总数除以允许从源自确定的提供者的加密数据访问至少两个组(GR 1,GR 2),第一组安全模块,其具有第一配置 所述安全元件和具有所述安全元件的第二配置的第二组安全模块,所述第一配置不同于所述第二配置。
-
公开(公告)号:US10419800B2
公开(公告)日:2019-09-17
申请号:US14111776
申请日:2012-04-02
申请人: Henri Kudelski
发明人: Henri Kudelski
IPC分类号: H04N21/266 , H04N21/418 , H04N21/4623 , H04N21/835 , H04N21/8358
摘要: A method to identify the origin of a security module in a pay-tv system comprising: receiving by the pay-tv decoder system at least a first stream, a second stream and a control word stream, the first and second streams being encrypted by a first and a second control word, respectively, extracting from the control word stream, entitlement messages containing a main control word allowing retrieval of the first and second control words and access conditions, transferring the control word stream to the security module and checking the access conditions, selecting a current control word from the first or second control word based on part of the internal parameter, transmitting the current control word to the pay-tv decoder, selecting a current stream from the first or second stream in accordance with the selection of the first or second control word, and decrypting the current stream with the current control word.
-
公开(公告)号:US08458739B2
公开(公告)日:2013-06-04
申请号:US12064427
申请日:2006-08-08
CPC分类号: G11B20/0021 , G11B20/00086 , H04N5/913 , H04N7/162 , H04N21/26606 , H04N21/4325 , H04N21/4334 , H04N21/4623 , H04N21/4627 , H04N21/8455 , H04N2005/91364
摘要: A method allows a broadcasted conditional access content accessible at the time of transmission to be also accessible at a later time thanks to intermediate storage on a hard disk of a user unit. The processing method includes the steps of receiving at the user unit a data stream encrypted by at least one control word, at least one control message stream containing the control words, forming an index file, each index comprising an identifier of a control message formed by the extraction of data associated to the control messages and an identifier of the part of the content to which the control message is applied; and, at the time of the deferred processing of the content, extracting at least one part of the control messages and resynchronizing the content with the control messages by the use of the index file, the identifier of the control message allowing the selection of the current control message from a set of control messages at the time of the exploitation of the content identified by the identifier of the part of the content related to this control message.
摘要翻译: 一种方法允许在传输时可访问的广播条件访问内容也可以在稍后的时间被访问,这归功于用户单元的硬盘上的中间存储。 处理方法包括以下步骤:在用户单元处接收由至少一个控制字加密的数据流,至少一个包含控制字的控制消息流,形成索引文件,每个索引包括由 提取与控制消息相关联的数据以及应用控制消息的内容的一部分的标识符; 并且在所述内容的延迟处理时,通过使用所述索引文件来提取所述控制消息的至少一部分并且与所述控制消息重新同步所述内容,所述控制消息的标识符允许选择所述当前 在利用由与该控制消息相关的内容的部分的标识符标识的内容时,来自一组控制消息的控制消息。
-
公开(公告)号:US08352734B2
公开(公告)日:2013-01-08
申请号:US11656468
申请日:2007-01-23
申请人: Xavier Carrel , Olivier Brique , Henri Kudelski , Nicolas Fisher
发明人: Xavier Carrel , Olivier Brique , Henri Kudelski , Nicolas Fisher
IPC分类号: H04L29/06
CPC分类号: G06F21/62 , G06F21/12 , H04N7/163 , H04N7/165 , H04N7/1675 , H04N21/235 , H04N21/26291 , H04N21/26606 , H04N21/4181 , H04N21/435 , H04N21/4383 , H04N21/4623 , H04N21/6543 , H04N21/8166
摘要: A method for updating the firmware of a security module allowing it to “jump” towards a dedicated separate patch message stream thanks to a trigger messages stream broadcasted in a main stream of management messages. The trigger messages comprise version information allowing establishing whether the security module is up-to-date, and an identifier indicating to the security module the suitable patch stream. If the current version of the firmware of the security module is inferior to the patch version, the security module is directed towards the stream of patch messages designated by the identifier included in the trigger messages. Once the update of the firmware is complete, the security module is again directed towards the main stream. This return can be carried out automatically, namely with a switch message comprising an identifier of the first stream.
摘要翻译: 一种用于更新安全模块的固件的方法,其允许其跳转到专用的单独的补丁消息流,这归功于在主流管理消息中广播的触发消息流。 触发消息包括允许确定安全模块是否是最新的版本信息,以及向安全模块指示适当的补丁流的标识符。 如果安全模块的固件的当前版本低于补丁版本,则安全模块指向由包括在触发消息中的标识符指定的补丁消息流。 一旦固件更新完成,安全模块将再次指向主流。 该返回可以自动执行,即具有包括第一流的标识符的切换消息。
-
公开(公告)号:US08036387B2
公开(公告)日:2011-10-11
申请号:US11705051
申请日:2007-02-12
申请人: Henri Kudelski , Joël Conus
发明人: Henri Kudelski , Joël Conus
CPC分类号: H04N7/162 , H04N21/2347 , H04N21/26606 , H04N21/4405 , H04N21/4623 , H04N21/63345
摘要: This invention relates to a method for the transmission of management data to at least one multimedia unit or a group of multimedia units. This method is characterized in that said management data is sent in the form of at least one authorization message encrypted by means of at least one synchronization key (SK), the sending of said at least one authorization message being repeated cyclically and intended for said multimedia unit or said group of multimedia units, and in that the synchronization key is modified at least during each cycle.
摘要翻译: 本发明涉及一种用于将管理数据传输到至少一个多媒体单元或一组多媒体单元的方法。 该方法的特征在于,所述管理数据以至少一个授权消息的形式发送,所述授权消息通过至少一个同步密钥(SK)加密,所述至少一个授权消息的发送被周期性重复地发送并且用于所述多媒体 单元或所述多媒体单元组,并且至少在每个周期期间修改同步密钥。
-
公开(公告)号:US07908491B2
公开(公告)日:2011-03-15
申请号:US11994485
申请日:2006-07-06
申请人: Henri Kudelski , Jimmy Cochard
发明人: Henri Kudelski , Jimmy Cochard
CPC分类号: H04N21/44236 , H04N7/1675 , H04N21/26606 , H04N21/4181 , H04N21/4405 , H04N21/4623
摘要: The invention concerns a method for controlling access to encrypted data by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on (STB) the encrypted data. The method includes the following steps: receiving a first control message (ECM) comprising at least one control word (CW) and a time stamp (TS), receiving a second control message (ECM2) consecutive to the first control message (ECM1), said second message comprising at least one control word (CW) and a time stamp (TS), determining a duration corresponding to the difference between the time stamps (TS) of the two consecutive control messages (ECM1, ECM2), if said duration is less than a predefined duration (CP), incrementing an error counter (CE), and if said duration is not less than said predefined duration, decrementing said error counter (CE), returning the control word (CW) to the operating unit (STB) after a waiting time depending on the value of the error counter (CE).
摘要翻译: 本发明涉及一种用于通过控制字(CW)控制对加密数据的访问的方法,所述控制字由控制消息(ECM)中的安全模块接收并返回到在(STB)加密数据上操作的单元。 该方法包括以下步骤:接收包括至少一个控制字(CW)和时间戳(TS)的第一控制消息(ECM),接收与第一控制消息(ECM1)连续的第二控制消息(ECM2) 所述第二消息包括至少一个控制字(CW)和时间戳(TS),确定对应于两个连续控制消息(ECM1,ECM2)的时间戳(TS)之间的差的持续时间,如果所述持续时间是 小于预定义的持续时间(CP),递增错误计数器(CE),并且如果所述持续时间不小于所述预定义的持续时间,则递减所述错误计数器(CE),将控制字(CW)返回到操作单元 )等待时间取决于错误计数器(CE)的值。
-
公开(公告)号:US07890770B2
公开(公告)日:2011-02-15
申请号:US11212904
申请日:2005-08-29
申请人: Henri Kudelski , Olivier Brique , Christian Wirz , Patrick Hauert
发明人: Henri Kudelski , Olivier Brique , Christian Wirz , Patrick Hauert
CPC分类号: G07F7/1008 , G06Q20/341 , G06Q20/35765 , H04N7/163 , H04N21/26606 , H04N21/4181 , H04N21/4623
摘要: This invention concerns a security module deactivation and reactivation method particularly intended for access control of conditional access data. These security modules include a plurality of registers (R1, R2, R3, Rn) containing values. The method includes the step of sending at least one management message (RUN-EMM) containing an executable code, this executable code being loaded into a memory of the security module and then executed. The execution of this code in particular can carry out the combination and/or the enciphering of the values of the registers, or render these values illegible.This method also allows the reactivation of the security modules that have been deactivated previously. In this case, the method includes the step of sending another message containing an executable code (RUN-EMM−1) for the reactivation of the modules, this executable code having an inverted function to that of the executable code used for the deactivation of the security modules.
摘要翻译: 本发明涉及特别用于条件访问数据的访问控制的安全模块去激活和重新激活方法。 这些安全模块包括多个包含值的寄存器(R1,R2,R3,Rn)。 该方法包括发送包含可执行代码的至少一个管理消息(RUN-EMM)的步骤,该可执行代码被加载到安全模块的存储器中然后被执行。 特别地,该代码的执行可以执行寄存器的值的组合和/或加密,或者使这些值难以辨认。 该方法还允许重新启用先前已被停用的安全模块。 在这种情况下,该方法包括发送包含用于重新激活模块的可执行代码(RUN-EMM-1)的另一消息的步骤,该可执行代码具有与用于停用该模块的可执行代码相反的功能 安全模块
-
29.发明申请PROCESS FOR CARRYING OUT A TRANSACTION BETWEEN A PAYMENT MODULE AND A SECURITY MODULE 有权在付款模块和安全模块之间进行交易的过程公开(公告)号:US20100293098A1
公开(公告)日:2010-11-18
申请号:US12528552
申请日:2008-02-26
申请人: Henri Kudelski
发明人: Henri Kudelski
CPC分类号: G07F7/1008 , G06Q20/06 , G06Q20/341 , G06Q20/363 , G06Q20/382 , G06Q20/3823 , G06Q20/40 , G07F7/082 , G07F7/0866 , G07F7/0873 , H04N7/163 , H04N21/4181 , H04N21/4185 , H04N21/4405 , H04N21/44222 , H04N21/4623 , H04N21/47815 , H04N21/6582
摘要: This invention relates to a process for carrying out a transaction between a payment module and a security module connected to a user's unit, this process being characterized in that it comprises the following steps: entering an identifier representative of the transaction to be carried out by means of an input device; generating by the user's unit, a control message containing at least a representative code of said transaction and an identifier of the security module requiring the transaction; sending said control message to said payment module (PP); verifying in said payment module whether it is entitled to carry out the desired transaction; if the payment module is entitled to carry out this transaction, execution of the transaction, storage of the result of the transaction in said payment module and generation by the payment module, of a receipt relating to the desired transaction and to the related security module; sending said receipt to a management centre; sending an unlocking code to the security module (SC) by the management centre; registering the transaction in said security module.
摘要翻译: 本发明涉及一种用于在支付模块和连接到用户单元的安全模块之间执行交易的过程,该过程的特征在于,其包括以下步骤:输入代表将通过手段执行的交易的标识符 的输入设备; 由用户单元生成至少包含所述交易的代表代码的控制消息和需要交易的安全模块的标识符; 将所述控制消息发送到所述支付模块(PP); 在所述支付模块中验证是否有权执行所需的交易; 如果支付模块有权执行该交易,交易的执行,在所述支付模块中的交易结果的存储和由支付模块的产生,与期望的交易相关的收据和相关的安全模块; 将该收据发送到管理中心; 由管理中心向安全模块(SC)发送解锁码; 在所述安全模块中注册所述交易。
-
公开(公告)号:US20100088229A1
公开(公告)日:2010-04-08
申请号:US12572804
申请日:2009-10-02
申请人: Henri KUDELSKI
发明人: Henri KUDELSKI
CPC分类号: G07F7/0866 , G06F21/64 , G06Q20/105 , G06Q20/28 , G06Q20/341 , G06Q20/363 , H04N21/2543 , H04N21/4181 , H04N21/44236 , H04N21/47211
摘要: A method to secure a prepaid device for access to audio/video content having the possibility of reimbursement of the unused balance upon presentation of the aforementioned device to a control center by managing an account value in the prepaid device, the prepaid device including an identifier unique to each device and a control value, the method comprising: receiving of a request to modify the account value by an amount; calculating a new account value by modifying the account value by the amount, determining a number of steps, the number of steps being determined according to a function expressing the modification of the new account value relative to the account value; and modifying the control value by executing at least one one-way function on said control value a number of times equal to the number of steps.
摘要翻译: 一种用于保护用于访问音频/视频内容的预付费设备的方法,所述音频/视频内容具有通过管理预付费设备中的帐户价值而将前述设备呈现给控制中心的可能性来偿还未使用的余额,所述预付费设备包括标识符唯一 对每个设备和控制值,所述方法包括:接收修改所述帐户值的请求量; 通过根据表示对所述帐户价值的新账户价值的修改的函数来确定所述金额,确定步骤数量,确定的步骤数量来计算新帐户值; 以及通过对所述控制值执行等于所述步数的次数的至少一个单向函数来修改所述控制值。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.012 秒)
