公开(公告)号：US20120257749A1

公开(公告)日：2012-10-11

申请号：US13524756

申请日：2012-06-15

申请人： Fabien GREMAUD ,  Olivier Brique

发明人： Fabien GREMAUD ,  Olivier Brique

IPC分类号： H04N7/167

CPC分类号： H04N21/4181 ,  H04N7/1675 ,  H04N21/4405 ,  H04N21/4623

摘要： A method for verifying access conditions performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message includes a first part including first access conditions and a second part structured as a control message including at least second access conditions and a control word. A first conditional access device is configured for decrypting the control message with a common key specific to units having a first conditional access device and verifying the authenticity of said message. When the verification succeeds, the second part and a second right is transmitted to a second conditional access device, which decrypts the second part with a common key specific to units having a second conditional access device and verifies the authenticity of said second part and the second access conditions in relation to the second right encrypted by a personal key embedded therein.

摘要翻译： 一种用于在将控制字释放到解扰器之前对控制消息连续地验证由两个条件访问设备执行的访问条件的方法。 控制消息包括包括第一访问条件的第一部分和被构造为包括至少第二访问条件和控制字的控制消息的第二部分。 第一条件访问设备被配置为用具有第一条件访问设备的单元特有的公共密钥来解密控制消息并且验证所述消息的真实性。 当验证成功时，第二部分和第二权利被传送到第二条件访问设备，第二条件访问设备用具有第二条件访问设备的单元特有的公共密钥对第二部分进行解密，并且验证所述第二部分的真实性， 通过嵌入其中的个人密钥加密的与第二权限相关的访问条件。

公开(公告)号：US08819434B2

公开(公告)日：2014-08-26

申请号：US12971876

申请日：2010-12-17

申请人： Fabien Gremaud ,  Olivier Brique

发明人： Fabien Gremaud ,  Olivier Brique

IPC分类号： H04L9/32

CPC分类号： H04N7/1675 ,  H04N21/4181 ,  H04N21/42623 ,  H04N21/4367 ,  H04N21/4405 ,  H04N21/4623

摘要： A method based on access conditions verification performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message encapsulates a second part including another control message. The processing unit for carrying out the method comprises a first conditional access device connected to a second conditional access device provided with a descrambler and a secured processor or secured hardware logic. The control message and the second part are each encrypted and accompanied by respectively first and second authentication data. The first conditional access device decrypts and verifies integrity of the control message, verifies the first access conditions and transmits the second part to the second access control device. The second conditional access device decrypts and verifies integrity of the second part and further verifies the second access conditions, and releases and loads the control word into the descrambler.

摘要翻译： 一种基于访问条件验证的方法，该方法在将控制字释放到解扰器之前连续地在控制消息上由两个条件访问设备执行。 控制消息封装包括另一个控制消息的第二部分。 用于执行该方法的处理单元包括连接到具有解扰器和安全处理器或安全硬件逻辑的第二条件访问设备的第一条件访问设备。 控制消息和第二部分分别被加密并且分别伴随着第一和第二认证数据。 第一条件访问设备解密并验证控制消息的完整性，验证第一访问条件并将第二部分发送到第二访问控制设备。 第二条件访问设备解密和验证第二部分的完整性，并进一步验证第二访问条件，并释放并将控制字加载到解扰器中。

公开(公告)号：US08782417B2

公开(公告)日：2014-07-15

申请号：US13524756

申请日：2012-06-15

申请人： Fabien Gremaud ,  Olivier Brique

发明人： Fabien Gremaud ,  Olivier Brique

IPC分类号： H04N7/167 ,  H04N21/418 ,  H04N21/4623

CPC分类号： H04N21/4181 ,  H04N7/1675 ,  H04N21/4405 ,  H04N21/4623

摘要： A method for verifying access conditions performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message includes a first part including first access conditions and a second part structured as a control message including at least second access conditions and a control word. A first conditional access device is configured for decrypting the control message with a common key specific to units having a first conditional access device and verifying the authenticity of said message. When the verification succeeds, the second part and a second right is transmitted to a second conditional access device, which decrypts the second part with a common key specific to units having a second conditional access device and verifies the authenticity of said second part and the second access conditions in relation to the second right encrypted by a personal key embedded therein.

摘要翻译： 一种用于在将控制字释放到解扰器之前对控制消息连续地验证两个条件访问设备执行的访问条件的方法。 控制消息包括包括第一访问条件的第一部分和被构造为包括至少第二访问条件和控制字的控制消息的第二部分。 第一条件访问设备被配置为用具有第一条件访问设备的单元特有的公共密钥来解密控制消息并且验证所述消息的真实性。 当验证成功时，第二部分和第二权利被传送到第二条件访问设备，第二条件访问设备用具有第二条件访问设备的单元特有的公共密钥对第二部分进行解密，并且验证所述第二部分的真实性， 通过嵌入其中的个人密钥加密的与第二权限相关的访问条件。

公开(公告)号：US20110154042A1

公开(公告)日：2011-06-23

申请号：US12971876

申请日：2010-12-17

申请人： Fabien GREMAUD ,  Olivier Brique

发明人： Fabien GREMAUD ,  Olivier Brique

IPC分类号： H04L9/32 ,  H04N7/167

CPC分类号： H04N7/1675 ,  H04N21/4181 ,  H04N21/42623 ,  H04N21/4367 ,  H04N21/4405 ,  H04N21/4623

摘要： A method based on access conditions verification performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message encapsulates a second part including another control message. The processing unit for carrying out the method comprises a first conditional access device connected to a second conditional access device provided with a descrambler and a secured processor or secured hardware logic. The control message and the second part are each encrypted and accompanied by respectively first and second authentication data. The first conditional access device decrypts and verifies integrity of the control message, verifies the first access conditions and transmits the second part to the second access control device. The second conditional access device decrypts and verifies integrity of the second part and further verifies the second access conditions, and releases and loads the control word into the descrambler.

摘要翻译： 一种基于访问条件验证的方法，该方法在将控制字释放到解扰器之前连续地在控制消息上由两个条件访问设备执行。 控制消息封装包括另一个控制消息的第二部分。 用于执行该方法的处理单元包括连接到具有解扰器和安全处理器或安全硬件逻辑的第二条件访问设备的第一条件访问设备。 控制消息和第二部分分别被加密并且分别伴随着第一和第二认证数据。 第一条件访问设备解密并验证控制消息的完整性，验证第一访问条件并将第二部分发送到第二访问控制设备。 第二条件访问设备解密和验证第二部分的完整性，并进一步验证第二访问条件，并释放并将控制字加载到解扰器中。

公开(公告)号：US08099778B2

公开(公告)日：2012-01-17

申请号：US11288223

申请日：2005-11-29

申请人： Nicolas Courtin ,  Olivier Brique ,  Jimmy Cochard ,  Christophe Gogniat

发明人： Nicolas Courtin ,  Olivier Brique ,  Jimmy Cochard ,  Christophe Gogniat

IPC分类号： G06F7/04 ,  G06F12/00

CPC分类号： H04N7/1675 ,  H04N21/4181 ,  H04N21/44236 ,  H04N21/4623 ,  H04N21/47211

摘要： A method is disclosed for access control to conditional access data in a multimedia unit comprising at least one security module. This process includes:reception by the multimedia unit of a control message ECM containing at least one control word cw; transmission of this message ECM to said security module, this control message being associated to a message decryption right; determination of a validity date of the ECM control message decryption rights associated to said security module; determination of the present date; comparison of the present date with the expiration date of the decryption rights and determination of whether the present date is prior to the expiration date. In the affirmative case, decryption of the control message ECM and sending of the control word cw to the multimedia unit occurs In the negative case, reading of a value contained in a counter of the security module and comparison of this value occurs, to determine whether this value is comprised within a range authorizing decryption. Further, in the affirmative case, modification of the value of the counter according to a pre-established rule, and decryption of the control message ECM and sending of the control word cw to the multimedia unit also occurs. Finally, in the negative case, access to the conditional access data is blocked.

摘要翻译： 公开了一种用于对包括至少一个安全模块的多媒体单元中的条件访问数据的访问控制的方法。 该过程包括：由多媒体单元接收包含至少一个控制字cw的控制消息ECM; 将该消息ECM发送到所述安全模块，该控制消息与消息解密权相关联; 确定与所述安全模块相关联的ECM控制消息解密权限的有效期; 确定现在日期; 将当前日期与解密权限的到期日期进行比较，并确定现在日期是否在到期日之前。 在肯定的情况下，控制消息ECM的解密和控制字cw发送到多媒体单元发生在否定情况下，发生安全模块的计数器中包含的值的读取和该值的比较，以确定是否 该值包含在授权解密的范围内。 此外，在肯定的情况下，根据预先确定的规则修改计数器的值，并且还发生控制消息ECM的解密和控制字cw发送到多媒体单元。 最后，在否定的情况下，对条件访问数据的访问被阻止。

公开(公告)号：US20060005262A1

公开(公告)日：2006-01-05

申请号：US11212904

申请日：2005-08-29

申请人： Henri Kudelski ,  Olivier Brique ,  Christian Wirz ,  Patrick Hauert

发明人： Henri Kudelski ,  Olivier Brique ,  Christian Wirz ,  Patrick Hauert

IPC分类号： G06F17/30

CPC分类号： G07F7/1008 ,  G06Q20/341 ,  G06Q20/35765 ,  H04N7/163 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4623

摘要： This invention concerns a security module deactivation and reactivation method particularly intended for access control of conditional access data. These security modules include a plurality of registers (R1, R2, R3, Rn) containing values. The method includes the step of sending at least one management message (RUN-EMM) containing an executable code, this executable code being loaded into a memory of the security module and then executed. The execution of this code in particular can carry out the combination and/or the enciphering of the values of the registers, or render these values illegible. This method also allows the reactivation of the security modules that have been deactivated previously. In this case, the method includes the step of sending another message containing an executable code (RUN-EMM−1) for the reactivation of the modules, this executable code having an inverted function to that of the executable code used for the deactivation of the security modules.

摘要翻译： 本发明涉及特别用于条件访问数据的访问控制的安全模块去激活和重新激活方法。 这些安全模块包括包含值的多个寄存器（R 1，R 2，R 3，R n）。 该方法包括发送包含可执行代码的至少一个管理消息（RUN-EMM）的步骤，该可执行代码被加载到安全模块的存储器中然后被执行。 特别地，该代码的执行可以执行寄存器的值的组合和/或加密，或者使这些值难以辨认。 该方法还允许重新启用先前已被停用的安全模块。 在这种情况下，该方法包括发送包含用于重新激活模块的可执行代码（RUN-EMM ^{-1 ）的另一消息的步骤，该可执行代码具有与可执行文件相反的功能 用于停用安全模块的代码。}

公开(公告)号：US20050086175A1

公开(公告)日：2005-04-21

申请号：US10504288

申请日：2003-02-07

申请人： Olivier Brique ,  Michael Hill ,  Jimmy Cochard ,  Stephane Joly

发明人： Olivier Brique ,  Michael Hill ,  Jimmy Cochard ,  Stephane Joly

IPC分类号： G06F1/00 ,  G06F9/00 ,  G06F21/34 ,  G06K17/00 ,  H04L9/08 ,  H04L9/10 ,  G06F17/60

CPC分类号： G06F21/34 ,  G06Q20/382

摘要： The aim of this invention is to assure the portability of an electronic certificate and the security of the private key which are part of the certificate X509. In fact, it is important that this certificate is not used for purposes uncontrolled by the holder, such as identity usurpation, the authorization of non-desired transactions or the reproduction of transactions (replay). This aim is reached by a storage and transporting method for an electronic certificate, said certificate having an authority section for the issuing authority, a holder section for the holder of the certificate and a signature section determined by the issuing authority, characterized in that all or part of the holder section is contained in a removable security module and that at least the authority section is contained in a host computer.

摘要翻译： 本发明的目的是确保作为证书X509的一部分的电子证书的可移植性和私钥的安全性。 事实上，重要的是，该证书不被用于持有人不受控制的目的，例如身份篡夺，不需要的交易的授权或交易的再现（重播）。 该目的通过电子证书的存储和运输方法达成，所述证书具有发证机关的授权部分，持证人持有人的证书持有人部分和由发行机构确定的签名部分，其特征在于，全部或 持有者部分的一部分包含在可拆卸安全模块中，并且至少该授权部分包含在主机中。

公开(公告)号：US20130103941A1

公开(公告)日：2013-04-25

申请号：US13711014

申请日：2012-12-11

申请人： Xavier Carrel ,  Olivier Brique ,  Henri Kudelski ,  Nicolas Fischer

发明人： Xavier Carrel ,  Olivier Brique ,  Henri Kudelski ,  Nicolas Fischer

IPC分类号： G06F21/62

CPC分类号： G06F21/62 ,  G06F21/12 ,  H04N7/163 ,  H04N7/165 ,  H04N7/1675 ,  H04N21/235 ,  H04N21/26291 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/435 ,  H04N21/4383 ,  H04N21/4623 ,  H04N21/6543 ,  H04N21/8166

摘要： A method for updating operating data in a security module associated to a user unit for processing digital data broadcast in a transport stream, said unit being connected to a conditional access system transmitting, in said transport stream, to the security module a first stream comprising management messages includes: broadcasting a second stream of operating data patch messages, adding to the first stream of management messages, a trigger message to direct the security module to a conditional access system transmitting a second stream transporting suitable operating data patch messages if a current version of the operating data in the security module requires an update, updating the operating data of the concerned security module with the operating data patch messages from the second stream, directing the security module towards the conditional access system transmitting another stream based on an identifier of the conditional access system in the security module.

摘要翻译： 一种用于更新与用户单元相关联的用于处理在传输流中广播的数字数据的安全模块中的操作数据的方法，所述单元连接到条件访问系统，所述条件访问系统在所述传输流中向安全模块传输包括管理 消息包括：广播第二流操作数据补丁消息，将管理消息的第一流添加到触发消息，以将安全模块引导到条件访问系统，该条件访问系统发送传输合适的操作数据补丁消息的第二流，如果当前版本的 安全模块中的操作数据需要更新，使用来自第二流的操作数据补丁消息来更新相关安全模块的操作数据，将安全模块指向基于条件的标识符的条件访问系统发送另一个流 访问系统在安全模块中。

公开(公告)号：US08364704B1

公开(公告)日：2013-01-29

申请号：US10049696

申请日：2000-09-06

申请人： Olivier Brique ,  Christophe Nicolas ,  Marco Sasselli

发明人： Olivier Brique ,  Christophe Nicolas ,  Marco Sasselli

IPC分类号： G06F17/30

CPC分类号： H04N21/4623 ,  G06F17/30575 ,  H04N7/165 ,  H04N21/26606 ,  H04N21/26613 ,  H04N21/47211 ,  H04N21/63345

摘要： For updating shared databases on a subscriber network, a managing center sends messages addressed to each of these bases. When one requires to address a great number of databases, the time to accede to each of them increases considerably considered the necessity to repeat the information to ensure the good reception of messages. Instead of addressing by name each database, it is proposed to transmit criteria in which a certain number of databases recognize themselves and apply a selective updating on these bases.

摘要翻译： 为了在订户网络上更新共享数据库，管理中心发送寻址到每个这些基地的消息。 当需要解决大量数据库时，加入其中的每个数据库的时间大大增加，认为有必要重复这些信息以确保良好的信息接收。 建议不要通过名称对每个数据库进行处理，而是提供一些标准，其中一定数量的数据库承认自己，并在这些基础上应用选择性更新。

公开(公告)号：US20070174617A1

公开(公告)日：2007-07-26

申请号：US11656468

申请日：2007-01-23

申请人： Xavier Carrel ,  Olivier Brique ,  Henri Kudelski ,  Nicolas Fisher

发明人： Xavier Carrel ,  Olivier Brique ,  Henri Kudelski ,  Nicolas Fisher

IPC分类号： H04L9/00

CPC分类号： G06F21/62 ,  G06F21/12 ,  H04N7/163 ,  H04N7/165 ,  H04N7/1675 ,  H04N21/235 ,  H04N21/26291 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/435 ,  H04N21/4383 ,  H04N21/4623 ,  H04N21/6543 ,  H04N21/8166

摘要： A method for updating the firmware of a security module allowing it to “jump” towards a dedicated separate patch message stream thanks to a trigger messages stream broadcasted in a main stream of management messages. The trigger messages comprise version information allowing establishing whether the security module is up-to-date, and an identifier indicating to the security module the suitable patch stream. If the current version of the firmware of the security module is inferior to the patch version, the security module is directed towards the stream of patch messages designated by the identifier included in the trigger messages. Once the update of the firmware is complete, the security module is again directed towards the main stream. This return can be carried out automatically, namely with a switch message comprising an identifier of the first stream.

摘要翻译： 一种用于更新安全模块的固件的方法，其允许其由于在主要管理消息流中广播的触发消息流而“跳转”到专用的单独补丁消息流。 触发消息包括允许确定安全模块是否是最新的版本信息，以及向安全模块指示适当的补丁流的标识符。 如果安全模块的固件的当前版本低于补丁版本，则安全模块指向由包括在触发消息中的标识符指定的补丁消息流。 一旦固件更新完成，安全模块将再次指向主流。 该返回可以自动执行，即具有包括第一流的标识符的切换消息。