公开(公告)号：US07725740B2

公开(公告)日：2010-05-25

申请号：US10848014

申请日：2004-05-19

申请人： Henri Kudelski ,  Serge Gaumain

发明人： Henri Kudelski ,  Serge Gaumain

IPC分类号： G06F11/30 ,  G06F12/14

CPC分类号： G07F7/1008 ,  G06Q20/341 ,  G06Q20/40975 ,  G07F7/1016

摘要： A method is used to restore the security of a secure assembly such as a chip card, after the contents of its second memory zone have been read by a third party. The method is for generating a security key implemented by a secure module comprising a central unit, a first conditional access memory zone and at least one second memory zone containing all or part of the user program. The method includes reading of all or part of the second memory zone, and generation of at least one root key based on all or part of the second zone data and on at least one item of secret information stored in the first memory zone.

摘要翻译： 在其第二存储区的内容已被第三方读取之后，使用一种方法来恢复诸如芯片卡之类的安全组件的安全性。 该方法用于生成由包括中央单元，第一条件访问存储区和包含用户程序的全部或部分的至少一个第二存储区的安全模块实现的安全密钥。 该方法包括读取第二存储区的全部或部分，以及基于所有或部分第二区数据以及存储在第一存储区中的至少一个秘密信息项生成至少一个根密钥。

公开(公告)号：US08874488B2

公开(公告)日：2014-10-28

申请号：US12528552

申请日：2008-02-26

申请人： Henri Kudelski

发明人： Henri Kudelski

IPC分类号： G06Q99/00 ,  G07F7/10 ,  G06Q20/06 ,  G06Q20/34 ,  G06Q20/36 ,  G06Q20/40 ,  G07F7/08 ,  H04N7/16 ,  H04N21/418 ,  H04N21/4185 ,  H04N21/4405 ,  H04N21/442 ,  H04N21/4623 ,  H04N21/478 ,  H04N21/658 ,  G06Q20/38

CPC分类号： G07F7/1008 ,  G06Q20/06 ,  G06Q20/341 ,  G06Q20/363 ,  G06Q20/382 ,  G06Q20/3823 ,  G06Q20/40 ,  G07F7/082 ,  G07F7/0866 ,  G07F7/0873 ,  H04N7/163 ,  H04N21/4181 ,  H04N21/4185 ,  H04N21/4405 ,  H04N21/44222 ,  H04N21/4623 ,  H04N21/47815 ,  H04N21/6582

摘要： This invention relates to a process for carrying out a transaction between a payment module and a security module connected to a user's unit, this process being characterized in that it comprises the following steps: entering an identifier representative of the transaction to be carried out by means of an input device; generating by the user's unit, a control message containing at least a representative code of said transaction and an identifier of the security module requiring the transaction; sending said control message to said payment module (PP); verifying in said payment module whether it is entitled to carry out the desired transaction; if the payment module is entitled to carry out this transaction, execution of the transaction, storage of the result of the transaction in said payment module and generation by the payment module, of a receipt relating to the desired transaction and to the related security module; sending said receipt to a management center; sending an unlocking code to the security module (SC) by the management center; registering the transaction in said security module.

摘要翻译： 本发明涉及一种用于在支付模块和连接到用户单元的安全模块之间执行交易的过程，该过程的特征在于，其包括以下步骤：输入代表将通过手段执行的交易的标识符 的输入设备; 由用户单元生成至少包含所述交易的代表代码的控制消息和需要交易的安全模块的标识符; 将所述控制消息发送到所述支付模块（PP）; 在所述支付模块中验证是否有权执行所需的交易; 如果支付模块有权执行该交易，交易的执行，在所述支付模块中的交易结果的存储和由支付模块的产生，与期望的交易相关的收据和相关的安全模块; 将该收据发送到管理中心; 由管理中心向安全模块（SC）发送解锁码; 在所述安全模块中注册所述交易。

公开(公告)号：US07486793B2

公开(公告)日：2009-02-03

申请号：US10259752

申请日：2002-09-30

申请人： Jimmy Cochard ,  Henri Kudelski ,  Marco Sasselli

发明人： Jimmy Cochard ,  Henri Kudelski ,  Marco Sasselli

IPC分类号： H04N7/167

CPC分类号： H04N7/162 ,  H04N21/26606 ,  H04N21/4185 ,  H04N21/4623 ,  H04N21/8456

摘要： The objective of the present invention is to propose an accounting method of the consumption of transmitted services per time unit to a decoder in a system implementing a content encrypted by control words, the latter being modified according to a period named crypto-period.This method consists in verifying if the time-current (TC) is comprised in a time variable (Rdate) representative of the authorisation time of use of the service and, if this is the case, decrypting and returning the control words to the decoder, and if it is not the case, debiting an amount (CT) corresponding to a time of use (AT) and recharging the time variable (Rdate) with a corresponding time.

摘要翻译： 本发明的目的是提出一种在实施由控制字加密的内容的系统中，解码器将每个时间单位的发送服务的消费计费方法，后者根据称为密码周期的周期进行修改。 该方法包括验证时间电流（TC）是否包含在表示服务使用授权时间的时间变量（Rdate）中，如果是这种情况，则将控制字解密并返回到解码器， 如果不是这种情况，则对应于使用时间（AT）的金额（CT）和相应时间的时间变量（Rdate）充值。

公开(公告)号：US20080250444A1

公开(公告)日：2008-10-09

申请号：US12064427

申请日：2006-08-08

申请人： Frederic Thomas ,  Sebastien Robyr ,  Henri Kudelski ,  Guy Moreillon ,  Philippe Desarzens

发明人： Frederic Thomas ,  Sebastien Robyr ,  Henri Kudelski ,  Guy Moreillon ,  Philippe Desarzens

IPC分类号： H04N7/16

CPC分类号： G11B20/0021 ,  G11B20/00086 ,  H04N5/913 ,  H04N7/162 ,  H04N21/26606 ,  H04N21/4325 ,  H04N21/4334 ,  H04N21/4623 ,  H04N21/4627 ,  H04N21/8455 ,  H04N2005/91364

摘要： A method allows a broadcasted conditional access content accessible at the time of transmission to be also accessible at a later time thanks to intermediate storage on a hard disk of a user unit. The processing method includes the steps of receiving at the user unit a data stream encrypted by at least one control word, at least one control message stream containing the control words, forming an index file, each index comprising an identifier of a control message formed by the extraction of data associated to the control messages and an identifier of the part of the content to which the control message is applied; and, at the time of the deferred processing of the content, extracting at least one part of the control messages and resynchronizing the content with the control messages by the use of the index file, the identifier of the control message allowing the selection of the current control message from a set of control messages at the time of the exploitation of the content identified by the identifier of the part of the content related to this control message.

摘要翻译： 一种方法允许在传输时可访问的广播条件访问内容也可以在稍后的时间被访问，这归功于用户单元的硬盘上的中间存储。 处理方法包括以下步骤：在用户单元处接收由至少一个控制字加密的数据流，至少一个包含控制字的控制消息流，形成索引文件，每个索引包括由 提取与控制消息相关联的数据以及应用控制消息的内容的一部分的标识符; 并且在所述内容的延迟处理时，通过使用所述索引文件来提取所述控制消息的至少一部分并且与所述控制消息重新同步所述内容，所述控制消息的标识符允许选择所述当前 在利用由与该控制消息相关的内容的部分的标识符标识的内容时，来自一组控制消息的控制消息。

公开(公告)号：US20060023876A1

公开(公告)日：2006-02-02

申请号：US11074688

申请日：2005-03-09

申请人： Rached Ksontini ,  Henri Kudelski

发明人： Rached Ksontini ,  Henri Kudelski

IPC分类号： H04L9/28

CPC分类号： H04N7/167 ,  H04N7/1675 ,  H04N21/26606 ,  H04N21/4405 ,  H04N21/4623

摘要： The aim of this invention is to propose a solution to prevent the modification of access conditions to an encrypted multimedia content. This aim is achieved by a method to secure an event with control words (CW), the use of this event by user units being subjected to access conditions (AC), said method comprising the following steps: generation of a pseudo-random number (RNG), formation of a control block (CB) by the association of the pseudo-random number (RNG) and the access conditions (AC), calculation of the control word (CW) by the application of a unidirectional function (F) on the control block (CB), use of the control word (CW) to encrypt the event, transmission of the control block (CB) to the user units.

摘要翻译： 本发明的目的是提出一种解决方案，以防止对加密的多媒体内容的访问条件的修改。 该目的通过一种利用控制字（CW）来保护事件的方法来实现，该用户单元受到访问条件（AC）的使用，所述方法包括以下步骤：产生伪随机数（ RNG），通过伪随机数（RNG）和访问条件（AC）的关联来形成控制块（CB），通过应用单向函数（F）对控制字（CW）的计算 控制块（CB），使用控制字（CW）加密事件，将控制块（CB）发送给用户单元。

公开(公告)号：US20060005262A1

公开(公告)日：2006-01-05

申请号：US11212904

申请日：2005-08-29

申请人： Henri Kudelski ,  Olivier Brique ,  Christian Wirz ,  Patrick Hauert

发明人： Henri Kudelski ,  Olivier Brique ,  Christian Wirz ,  Patrick Hauert

IPC分类号： G06F17/30

CPC分类号： G07F7/1008 ,  G06Q20/341 ,  G06Q20/35765 ,  H04N7/163 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4623

摘要： This invention concerns a security module deactivation and reactivation method particularly intended for access control of conditional access data. These security modules include a plurality of registers (R1, R2, R3, Rn) containing values. The method includes the step of sending at least one management message (RUN-EMM) containing an executable code, this executable code being loaded into a memory of the security module and then executed. The execution of this code in particular can carry out the combination and/or the enciphering of the values of the registers, or render these values illegible. This method also allows the reactivation of the security modules that have been deactivated previously. In this case, the method includes the step of sending another message containing an executable code (RUN-EMM−1) for the reactivation of the modules, this executable code having an inverted function to that of the executable code used for the deactivation of the security modules.

摘要翻译： 本发明涉及特别用于条件访问数据的访问控制的安全模块去激活和重新激活方法。 这些安全模块包括包含值的多个寄存器（R 1，R 2，R 3，R n）。 该方法包括发送包含可执行代码的至少一个管理消息（RUN-EMM）的步骤，该可执行代码被加载到安全模块的存储器中然后被执行。 特别地，该代码的执行可以执行寄存器的值的组合和/或加密，或者使这些值难以辨认。 该方法还允许重新启用先前已被停用的安全模块。 在这种情况下，该方法包括发送包含用于重新激活模块的可执行代码（RUN-EMM ^{-1 ）的另一消息的步骤，该可执行代码具有与可执行文件相反的功能 用于停用安全模块的代码。}

公开(公告)号：US20050188398A1

公开(公告)日：2005-08-25

申请号：US10850107

申请日：2004-05-21

申请人： Henri Kudelski ,  Corinne Buhan ,  Guy Moreillon

发明人： Henri Kudelski ,  Corinne Buhan ,  Guy Moreillon

IPC分类号： H04N7/167 ,  H04N7/173 ,  H04N7/16

CPC分类号： H04N21/26606 ,  H04N7/1675 ,  H04N7/17318 ,  H04N21/43615 ,  H04N21/4623

摘要： This invention relates to a management method for conditional access data processing by at least two decoders associated to a subscriber. These decoders include activation/deactivation means for conditional access data processing and local communication means structured to allow communication between the subscribers' decoders. This process comprises a reception step, by a first decoder's local communication means (10), of at least one message originating from at least a second decoder (STB) associated to said subscriber. Then, it comprises a step to determine the minimum number of different decoders of said subscriber from which said first decoder must receive messages, and a comparison step between on one hand the number of different decoders from which said first decoder has received a message and on the other hand the minimum number of decoders from which said first decoder must receive a message. Conditional access data processing by said first decoder (STB) is deactivated if the latter has not received messages from the required number of different decoders. The invention also concerns a decoder that allows the implementation of the method according to the invention and characterized in that it includes local communication means (10) structured to transmit messages to other decoders and to receive messages originating from said other decoders, and processing means for messages received by said local communication means (10).

摘要翻译： 本发明涉及一种用于由至少两个与用户相关联的解码器进行条件访问数据处理的管理方法。 这些解码器包括用于条件访问数据处理的激活/去激活装置和被构造为允许用户解码器之间的通信的本地通信装置。 该过程包括由第一解码器的本地通信装置（10）接收来自与所述用户相关联的至少第二解码器（STB）的消息的接收步骤。 然后，它包括确定所述第一解码器必须从其接收消息的所述订户的最小数量的不同解码器的步骤，以及一方面所述第一解码器已从其接收到消息的不同解码器的数量和对 另一方面，所述第一解码器必须接收消息的解码器的最小数量。 如果后者没有从所需数量的不同解码器接收到消息，则所述第一解码器（STB）的条件访问数据处理被去激活。 本发明还涉及一种允许实现根据本发明的方法的解码器，其特征在于，其包括被构造成向其他解码器发送消息并接收源自所述其他解码器的消息的本地通信装置（10），以及用于 由所述本地通信装置（10）接收的消息。

公开(公告)号：US08683224B2

公开(公告)日：2014-03-25

申请号：US12801891

申请日：2010-06-30

申请人： Marco Macchetti ,  Henri Kudelski

发明人： Marco Macchetti ,  Henri Kudelski

IPC分类号： G06F21/00

CPC分类号： G06F21/125

摘要： The present invention provides a solution to the problem of guaranteeing the integrity of software programs by encrypting all or part of each instruction of a program using a key based on all or part of one or a plurality of previous instructions, thus resulting in a different encryption key per instruction. The invention is applicable to software programs whose structures are not necessarily tree-like in nature and is also applicable when the program includes loops, jumps, calls or breaks etc. The invention allows for an exception to be flagged when an encrypted instruction is wrongly decrypted. There is no need for the first instruction to be in clear, since the instruction key may be appropriately initialized as required. The invention can be realized in software or entirely in hardware thereby eliminating the possibility of a third party intercepting a decrypted instruction or a decryption key.

摘要翻译： 本发明通过使用基于一个或多个先前指令的全部或部分的密钥加密程序的每个指令的全部或部分来提供软件程序的完整性的问题的解决方案，从而导致不同的加密 按指令键。 本发明适用于其结构本质上不一定是树状的软件程序，并且当程序包括循环，跳转，调用或中断等时也是适用的。本发明允许在加密指令被错误地解密时被标记的异常 。 不需要第一条指令清楚，因为指令键可以根据需要进行适当的初始化。 本发明可以以软件或完全在硬件中实现，从而消除了第三方拦截解密指令或解密密钥的可能性。

公开(公告)号：US20120189121A1

公开(公告)日：2012-07-26

申请号：US13014654

申请日：2011-01-26

申请人： Gregory Duval ,  Henri Kudelski

发明人： Gregory Duval ,  Henri Kudelski

IPC分类号： H04L9/28

CPC分类号： H04L9/0869 ,  H04L9/065 ,  H04L9/088 ,  H04L9/0891 ,  H04L63/0435 ,  H04L63/062 ,  H04L63/068 ,  H04L2209/601 ,  H04L2463/062 ,  H04N21/2347 ,  H04N21/26613 ,  H04N21/4405 ,  H04N21/4623

摘要： Systems and methods for performing cascading dynamic crypto periods are disclosed. In embodiments, a control word and a set of functions is transmitted between a head-end and recipient devices at the beginning of a crypto period. The crypto period is divided into a discrete number of sub-crypto periods. The control word used to encrypt and decrypt the broadcast content is changed during each sub-crypto period. At the end of the first sub-crypto period, a derived control word is generated by passing the original control word to a function in the set of functions in order to generate a derived control word at the first transition between sub-crypto periods. The derived control word is used for encryption and decryption of the broadcasted content during the second sub-crypto period. Upon transitioning to the third sub-control-period, the derived control word is input into another function to produce a second derived control word.

摘要翻译： 公开了用于执行级联动态密码周期的系统和方法。 在实施例中，在密码周期开始时，在头端和接收方设备之间传输控制字和一组功能。 密码周期被分为离散数量的子密码周期。 用于加密和解密广播内容的控制字在每个子加密期间被改变。 在第一子密码周期结束时，通过将原始控制字传递给该组函数中的函数来产生导出的控制字，以便在子密码周期之间的第一次转换时生成导出的控制字。 导出的控制字用于在第二子加密期间的广播内容的加密和解密。 在转换到第三子控制周期时，导出的控制字被输入到另一个函数中以产生第二导出控制字。

公开(公告)号：US20110099387A1

公开(公告)日：2011-04-28

申请号：US12737244

申请日：2009-07-27

申请人： Fabien Gremaud ,  Henri Kudelski

发明人： Fabien Gremaud ,  Henri Kudelski

IPC分类号： G06F12/14

CPC分类号： G06F12/1408 ,  G06F12/1009

摘要： A system and a method are disclosed for enforcing a predetermined mapping of addresses in a physical address space to addresses in a virtual address space in a data processing system including a processor in the virtual address space and a memory in a physical address space. During the compilation and linking of an application to be run on the data processing system, in at least one embodiment, the mapping table is generated linking the virtual addresses to physical addresses. This mapping table is kept secret. A second mapping table is generated using a cryptographic function of the physical address with the virtual address as a key to link virtual addresses to intermediate addresses. The second mapping table is loaded into the memory management unit. The data processing system further includes cryptographic hardware to convert the intermediate address to the physical address using the inverse of the cryptographic function which was used to calculate the intermediate address.

摘要翻译： 公开了一种系统和方法，用于将物理地址空间中的地址的预定映射强制到包括虚拟地址空间中的处理器和物理地址空间中的存储器的数据处理系统中的虚拟地址空间中的地址。 在要在数据处理系统上运行的应用的编译和链接期间，在至少一个实施例中，生成将虚拟地址链接到物理地址的映射表。 此映射表保密。 使用具有虚拟地址的物理地址的加密功能作为将虚拟地址链接到中间地址的密钥来生成第二映射表。 第二个映射表被加载到存储器管理单元中。 数据处理系统还包括使用用于计算中间地址的加密函数的倒数将中间地址转换为物理地址的密码硬件。