公开(公告)号：US07487349B2

公开(公告)日：2009-02-03

申请号：US10830063

申请日：2004-04-23

申请人： Rached Ksontini ,  Henri Kudelski ,  Cédric Groux

发明人： Rached Ksontini ,  Henri Kudelski ,  Cédric Groux

IPC分类号： H04L9/12 ,  H04N7/167

CPC分类号： H04N7/1675 ,  H04L9/0822 ,  H04L9/0833 ,  H04L2209/60 ,  H04N21/2347 ,  H04N21/2585 ,  H04N21/26606 ,  H04N21/26613 ,  H04N21/4181 ,  H04N21/44236

摘要： A method is for protecting an encrypted content, by use of at least one encryption key. The method includes generation of a temporary encryption key, encryption by the temporary key of a value allowing the determination of the encryption keys of the content, transmission of the encrypted value to a multimedia unit, and encryption and transmission of at least two cryptograms including the temporary key encrypted by an authorization key. The first cryptogram is encrypted by a first authorization key pertaining to a first security module and the second cryptogram is encrypted by a second authorization key pertaining to a group of security modules whose first security module is excluded.

摘要翻译： 一种方法是通过使用至少一个加密密钥来保护加密的内容。 该方法包括生成临时加密密钥，通过临时密钥加密允许确定内容的加密密钥的值，将加密值传输到多媒体单元，以及加密和传输至少两个密码，包括 临时密钥由授权密钥加密。 通过与第一安全模块有关的第一授权密钥对第一密码进行加密，并且通过与排除其第一安全模块的一组安全模块相关的第二授权密钥对第二密码进行加密。

公开(公告)号：US20060023876A1

公开(公告)日：2006-02-02

申请号：US11074688

申请日：2005-03-09

申请人： Rached Ksontini ,  Henri Kudelski

发明人： Rached Ksontini ,  Henri Kudelski

IPC分类号： H04L9/28

CPC分类号： H04N7/167 ,  H04N7/1675 ,  H04N21/26606 ,  H04N21/4405 ,  H04N21/4623

摘要： The aim of this invention is to propose a solution to prevent the modification of access conditions to an encrypted multimedia content. This aim is achieved by a method to secure an event with control words (CW), the use of this event by user units being subjected to access conditions (AC), said method comprising the following steps: generation of a pseudo-random number (RNG), formation of a control block (CB) by the association of the pseudo-random number (RNG) and the access conditions (AC), calculation of the control word (CW) by the application of a unidirectional function (F) on the control block (CB), use of the control word (CW) to encrypt the event, transmission of the control block (CB) to the user units.

摘要翻译： 本发明的目的是提出一种解决方案，以防止对加密的多媒体内容的访问条件的修改。 该目的通过一种利用控制字（CW）来保护事件的方法来实现，该用户单元受到访问条件（AC）的使用，所述方法包括以下步骤：产生伪随机数（ RNG），通过伪随机数（RNG）和访问条件（AC）的关联来形成控制块（CB），通过应用单向函数（F）对控制字（CW）的计算 控制块（CB），使用控制字（CW）加密事件，将控制块（CB）发送给用户单元。

公开(公告)号：US20050238170A1

公开(公告)日：2005-10-27

申请号：US10830063

申请日：2004-04-23

申请人： Rached Ksontini ,  Henri Kudelski ,  Cedric Groux

发明人： Rached Ksontini ,  Henri Kudelski ,  Cedric Groux

IPC分类号： H04K1/00 ,  H04N7/167

CPC分类号： H04N7/1675 ,  H04L9/0822 ,  H04L9/0833 ,  H04L2209/60 ,  H04N21/2347 ,  H04N21/2585 ,  H04N21/26606 ,  H04N21/26613 ,  H04N21/4181 ,  H04N21/44236

摘要： A method is for protecting an encrypted content, by use of at least one encryption key. The method includes generation of a temporary encryption key, encryption by the temporary key of a value allowing the determination of the encryption keys of the content, transmission of the encrypted value to a multimedia unit, and encryption and transmission of at least two cryptograms including the temporary key encrypted by an authorization key. The first cryptogram is encrypted by a first authorization key pertaining to a first security module and the second cryptogram is encrypted by a second authorization key pertaining to a group of security modules whose first security module is excluded.

摘要翻译： 一种方法是通过使用至少一个加密密钥来保护加密的内容。 该方法包括生成临时加密密钥，通过临时密钥加密允许确定内容的加密密钥的值，将加密值传输到多媒体单元，以及加密和传输至少两个密码，包括 临时密钥由授权密钥加密。 通过与第一安全模块有关的第一授权密钥对第一密码进行加密，并且通过与排除其第一安全模块的一组安全模块相关的第二授权密钥对第二密码进行加密。

公开(公告)号：US08646097B2

公开(公告)日：2014-02-04

申请号：US12383787

申请日：2009-03-27

申请人： Joel Conus ,  Luca Gradassi ,  Rached Ksontini ,  Henri Kudelski

发明人： Joel Conus ,  Luca Gradassi ,  Rached Ksontini ,  Henri Kudelski

IPC分类号： G06F17/30

CPC分类号： H04N7/1675 ,  H04N7/163 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4623 ,  H04N21/8193

摘要： The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterized in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.

摘要翻译： 本发明的目的是限制作为安全模块的仿真器的安全漏洞的影响。 该目的由音频/视频数字条件访问数据的处理单元达到，由控制字加密，负责处理包含相对于控制字的至少一个密码和相对于控制字的一个指令的安全消息，其特征在于： 包括通过安全消息接收至少两个微程序的装置，由安全模块执行，所述安全模块包括存储至少两个微程序的装置和用于接收包含在安全消息中的指令的装置，用于选择由 所述指令用于执行所述微程序至少具有密码作为执行参数，该执行允许控制字的计算被发送回音频/视频处理单元。

公开(公告)号：US20090254996A1

公开(公告)日：2009-10-08

申请号：US12383787

申请日：2009-03-27

申请人： Joel Conus ,  Luca Gradassi ,  Rached Ksontini ,  Henri Kudelski

发明人： Joel Conus ,  Luca Gradassi ,  Rached Ksontini ,  Henri Kudelski

IPC分类号： G06F21/00 ,  H04L9/06

CPC分类号： H04N7/1675 ,  H04N7/163 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4623 ,  H04N21/8193

摘要： The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterised in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.

摘要翻译： 本发明的目的是限制作为安全模块的仿真器的安全漏洞的影响。 该目的由音频/视频数字条件访问数据的处理单元达到，由控制字加密，负责处理包含相对于控制字的至少一个密码和相对于控制字的一个指令的安全消息，其特征在于： 包括通过安全消息接收至少两个微程序的装置，由安全模块执行，所述安全模块包括存储至少两个微程序的装置和用于接收包含在安全消息中的指令的装置，用于选择由 所述指令用于执行所述微程序至少具有密码作为执行参数，该执行允许控制字的计算被发送回音频/视频处理单元。

公开(公告)号：US08874488B2

公开(公告)日：2014-10-28

申请号：US12528552

申请日：2008-02-26

申请人： Henri Kudelski

发明人： Henri Kudelski

IPC分类号： G06Q99/00 ,  G07F7/10 ,  G06Q20/06 ,  G06Q20/34 ,  G06Q20/36 ,  G06Q20/40 ,  G07F7/08 ,  H04N7/16 ,  H04N21/418 ,  H04N21/4185 ,  H04N21/4405 ,  H04N21/442 ,  H04N21/4623 ,  H04N21/478 ,  H04N21/658 ,  G06Q20/38

CPC分类号： G07F7/1008 ,  G06Q20/06 ,  G06Q20/341 ,  G06Q20/363 ,  G06Q20/382 ,  G06Q20/3823 ,  G06Q20/40 ,  G07F7/082 ,  G07F7/0866 ,  G07F7/0873 ,  H04N7/163 ,  H04N21/4181 ,  H04N21/4185 ,  H04N21/4405 ,  H04N21/44222 ,  H04N21/4623 ,  H04N21/47815 ,  H04N21/6582

摘要： This invention relates to a process for carrying out a transaction between a payment module and a security module connected to a user's unit, this process being characterized in that it comprises the following steps: entering an identifier representative of the transaction to be carried out by means of an input device; generating by the user's unit, a control message containing at least a representative code of said transaction and an identifier of the security module requiring the transaction; sending said control message to said payment module (PP); verifying in said payment module whether it is entitled to carry out the desired transaction; if the payment module is entitled to carry out this transaction, execution of the transaction, storage of the result of the transaction in said payment module and generation by the payment module, of a receipt relating to the desired transaction and to the related security module; sending said receipt to a management center; sending an unlocking code to the security module (SC) by the management center; registering the transaction in said security module.

摘要翻译： 本发明涉及一种用于在支付模块和连接到用户单元的安全模块之间执行交易的过程，该过程的特征在于，其包括以下步骤：输入代表将通过手段执行的交易的标识符 的输入设备; 由用户单元生成至少包含所述交易的代表代码的控制消息和需要交易的安全模块的标识符; 将所述控制消息发送到所述支付模块（PP）; 在所述支付模块中验证是否有权执行所需的交易; 如果支付模块有权执行该交易，交易的执行，在所述支付模块中的交易结果的存储和由支付模块的产生，与期望的交易相关的收据和相关的安全模块; 将该收据发送到管理中心; 由管理中心向安全模块（SC）发送解锁码; 在所述安全模块中注册所述交易。

公开(公告)号：US07486793B2

公开(公告)日：2009-02-03

申请号：US10259752

申请日：2002-09-30

申请人： Jimmy Cochard ,  Henri Kudelski ,  Marco Sasselli

发明人： Jimmy Cochard ,  Henri Kudelski ,  Marco Sasselli

IPC分类号： H04N7/167

CPC分类号： H04N7/162 ,  H04N21/26606 ,  H04N21/4185 ,  H04N21/4623 ,  H04N21/8456

摘要： The objective of the present invention is to propose an accounting method of the consumption of transmitted services per time unit to a decoder in a system implementing a content encrypted by control words, the latter being modified according to a period named crypto-period.This method consists in verifying if the time-current (TC) is comprised in a time variable (Rdate) representative of the authorisation time of use of the service and, if this is the case, decrypting and returning the control words to the decoder, and if it is not the case, debiting an amount (CT) corresponding to a time of use (AT) and recharging the time variable (Rdate) with a corresponding time.

摘要翻译： 本发明的目的是提出一种在实施由控制字加密的内容的系统中，解码器将每个时间单位的发送服务的消费计费方法，后者根据称为密码周期的周期进行修改。 该方法包括验证时间电流（TC）是否包含在表示服务使用授权时间的时间变量（Rdate）中，如果是这种情况，则将控制字解密并返回到解码器， 如果不是这种情况，则对应于使用时间（AT）的金额（CT）和相应时间的时间变量（Rdate）充值。

公开(公告)号：US20080250444A1

公开(公告)日：2008-10-09

申请号：US12064427

申请日：2006-08-08

申请人： Frederic Thomas ,  Sebastien Robyr ,  Henri Kudelski ,  Guy Moreillon ,  Philippe Desarzens

发明人： Frederic Thomas ,  Sebastien Robyr ,  Henri Kudelski ,  Guy Moreillon ,  Philippe Desarzens

IPC分类号： H04N7/16

CPC分类号： G11B20/0021 ,  G11B20/00086 ,  H04N5/913 ,  H04N7/162 ,  H04N21/26606 ,  H04N21/4325 ,  H04N21/4334 ,  H04N21/4623 ,  H04N21/4627 ,  H04N21/8455 ,  H04N2005/91364

摘要： A method allows a broadcasted conditional access content accessible at the time of transmission to be also accessible at a later time thanks to intermediate storage on a hard disk of a user unit. The processing method includes the steps of receiving at the user unit a data stream encrypted by at least one control word, at least one control message stream containing the control words, forming an index file, each index comprising an identifier of a control message formed by the extraction of data associated to the control messages and an identifier of the part of the content to which the control message is applied; and, at the time of the deferred processing of the content, extracting at least one part of the control messages and resynchronizing the content with the control messages by the use of the index file, the identifier of the control message allowing the selection of the current control message from a set of control messages at the time of the exploitation of the content identified by the identifier of the part of the content related to this control message.

摘要翻译： 一种方法允许在传输时可访问的广播条件访问内容也可以在稍后的时间被访问，这归功于用户单元的硬盘上的中间存储。 处理方法包括以下步骤：在用户单元处接收由至少一个控制字加密的数据流，至少一个包含控制字的控制消息流，形成索引文件，每个索引包括由 提取与控制消息相关联的数据以及应用控制消息的内容的一部分的标识符; 并且在所述内容的延迟处理时，通过使用所述索引文件来提取所述控制消息的至少一部分并且与所述控制消息重新同步所述内容，所述控制消息的标识符允许选择所述当前 在利用由与该控制消息相关的内容的部分的标识符标识的内容时，来自一组控制消息的控制消息。

公开(公告)号：US20060005262A1

公开(公告)日：2006-01-05

申请号：US11212904

申请日：2005-08-29

申请人： Henri Kudelski ,  Olivier Brique ,  Christian Wirz ,  Patrick Hauert

发明人： Henri Kudelski ,  Olivier Brique ,  Christian Wirz ,  Patrick Hauert

IPC分类号： G06F17/30

CPC分类号： G07F7/1008 ,  G06Q20/341 ,  G06Q20/35765 ,  H04N7/163 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/4623

摘要： This invention concerns a security module deactivation and reactivation method particularly intended for access control of conditional access data. These security modules include a plurality of registers (R1, R2, R3, Rn) containing values. The method includes the step of sending at least one management message (RUN-EMM) containing an executable code, this executable code being loaded into a memory of the security module and then executed. The execution of this code in particular can carry out the combination and/or the enciphering of the values of the registers, or render these values illegible. This method also allows the reactivation of the security modules that have been deactivated previously. In this case, the method includes the step of sending another message containing an executable code (RUN-EMM−1) for the reactivation of the modules, this executable code having an inverted function to that of the executable code used for the deactivation of the security modules.

摘要翻译： 本发明涉及特别用于条件访问数据的访问控制的安全模块去激活和重新激活方法。 这些安全模块包括包含值的多个寄存器（R 1，R 2，R 3，R n）。 该方法包括发送包含可执行代码的至少一个管理消息（RUN-EMM）的步骤，该可执行代码被加载到安全模块的存储器中然后被执行。 特别地，该代码的执行可以执行寄存器的值的组合和/或加密，或者使这些值难以辨认。 该方法还允许重新启用先前已被停用的安全模块。 在这种情况下，该方法包括发送包含用于重新激活模块的可执行代码（RUN-EMM ^{-1 ）的另一消息的步骤，该可执行代码具有与可执行文件相反的功能 用于停用安全模块的代码。}

公开(公告)号：US20050188398A1

公开(公告)日：2005-08-25

申请号：US10850107

申请日：2004-05-21

申请人： Henri Kudelski ,  Corinne Buhan ,  Guy Moreillon

发明人： Henri Kudelski ,  Corinne Buhan ,  Guy Moreillon

IPC分类号： H04N7/167 ,  H04N7/173 ,  H04N7/16

CPC分类号： H04N21/26606 ,  H04N7/1675 ,  H04N7/17318 ,  H04N21/43615 ,  H04N21/4623

摘要： This invention relates to a management method for conditional access data processing by at least two decoders associated to a subscriber. These decoders include activation/deactivation means for conditional access data processing and local communication means structured to allow communication between the subscribers' decoders. This process comprises a reception step, by a first decoder's local communication means (10), of at least one message originating from at least a second decoder (STB) associated to said subscriber. Then, it comprises a step to determine the minimum number of different decoders of said subscriber from which said first decoder must receive messages, and a comparison step between on one hand the number of different decoders from which said first decoder has received a message and on the other hand the minimum number of decoders from which said first decoder must receive a message. Conditional access data processing by said first decoder (STB) is deactivated if the latter has not received messages from the required number of different decoders. The invention also concerns a decoder that allows the implementation of the method according to the invention and characterized in that it includes local communication means (10) structured to transmit messages to other decoders and to receive messages originating from said other decoders, and processing means for messages received by said local communication means (10).

摘要翻译： 本发明涉及一种用于由至少两个与用户相关联的解码器进行条件访问数据处理的管理方法。 这些解码器包括用于条件访问数据处理的激活/去激活装置和被构造为允许用户解码器之间的通信的本地通信装置。 该过程包括由第一解码器的本地通信装置（10）接收来自与所述用户相关联的至少第二解码器（STB）的消息的接收步骤。 然后，它包括确定所述第一解码器必须从其接收消息的所述订户的最小数量的不同解码器的步骤，以及一方面所述第一解码器已从其接收到消息的不同解码器的数量和对 另一方面，所述第一解码器必须接收消息的解码器的最小数量。 如果后者没有从所需数量的不同解码器接收到消息，则所述第一解码器（STB）的条件访问数据处理被去激活。 本发明还涉及一种允许实现根据本发明的方法的解码器，其特征在于，其包括被构造成向其他解码器发送消息并接收源自所述其他解码器的消息的本地通信装置（10），以及用于 由所述本地通信装置（10）接收的消息。