Patents by Inventor Henri Kudelski
Henri Kudelski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8347114Abstract: A system and a method are disclosed for enforcing a predetermined mapping of addresses in a physical address space to addresses in a virtual address space in a data processing system including a processor in the virtual address space and a memory in a physical address space. During the compilation and linking of an application to be run on the data processing system, in at least one embodiment, the mapping table is generated linking the virtual addresses to physical addresses. This mapping table is kept secret. A second mapping table is generated using a cryptographic function of the physical address with the virtual address as a key to link virtual addresses to intermediate addresses. The second mapping table is loaded into the memory management unit. The data processing system further includes cryptographic hardware to convert the intermediate address to the physical address using the inverse of the cryptographic function which was used to calculate the intermediate address.Type: GrantFiled: July 27, 2009Date of Patent: January 1, 2013Assignee: Nagravision S.A.Inventors: Fabien Gremaud, Henri Kudelski
-
Publication number: 20120189121Abstract: Systems and methods for performing cascading dynamic crypto periods are disclosed. In embodiments, a control word and a set of functions is transmitted between a head-end and recipient devices at the beginning of a crypto period. The crypto period is divided into a discrete number of sub-crypto periods. The control word used to encrypt and decrypt the broadcast content is changed during each sub-crypto period. At the end of the first sub-crypto period, a derived control word is generated by passing the original control word to a function in the set of functions in order to generate a derived control word at the first transition between sub-crypto periods. The derived control word is used for encryption and decryption of the broadcasted content during the second sub-crypto period. Upon transitioning to the third sub-control-period, the derived control word is input into another function to produce a second derived control word.Type: ApplicationFiled: January 26, 2011Publication date: July 26, 2012Applicant: NAGRASTAR LLCInventors: Gregory Duval, Henri Kudelski
-
Patent number: 8036387Abstract: This invention relates to a method for the transmission of management data to at least one multimedia unit or a group of multimedia units. This method is characterized in that said management data is sent in the form of at least one authorization message encrypted by means of at least one synchronization key (SK), the sending of said at least one authorization message being repeated cyclically and intended for said multimedia unit or said group of multimedia units, and in that the synchronization key is modified at least during each cycle.Type: GrantFiled: February 12, 2007Date of Patent: October 11, 2011Assignee: Nagra Vision S.A.Inventors: Henri Kudelski, Joël Conus
-
Publication number: 20110131389Abstract: A method for updating, in the background, data stored in physical memories without affecting the current operations performed by the microprocessor. When the update is completely terminated, the application switches from an old version to a new version. This switching occurs by a reconfiguration of the page table during which a first sub-tree structure of pointers accessing the old version of data stored in memories is replaced by a second sub-tree structure of pointers thus allowing access to the new version of data. This update method prevents incoherent transitory states of the system as the latter works with the previous data version until the installation of the new version becomes usable. In the case of an interruption to the update process, the application can always reinitialize the update since the old version of data can be reactivated by returning to the previous configuration of the page table.Type: ApplicationFiled: July 23, 2009Publication date: June 2, 2011Applicant: NAGRAVISION SAInventors: Fabien Gremaud, Henri Kudelski
-
Publication number: 20110099387Abstract: A system and a method are disclosed for enforcing a predetermined mapping of addresses in a physical address space to addresses in a virtual address space in a data processing system including a processor in the virtual address space and a memory in a physical address space. During the compilation and linking of an application to be run on the data processing system, in at least one embodiment, the mapping table is generated linking the virtual addresses to physical addresses. This mapping table is kept secret. A second mapping table is generated using a cryptographic function of the physical address with the virtual address as a key to link virtual addresses to intermediate addresses. The second mapping table is loaded into the memory management unit. The data processing system further includes cryptographic hardware to convert the intermediate address to the physical address using the inverse of the cryptographic function which was used to calculate the intermediate address.Type: ApplicationFiled: July 27, 2009Publication date: April 28, 2011Inventors: Fabien Gremaud, Henri Kudelski
-
Patent number: 7908491Abstract: The invention concerns a method for controlling access to encrypted data by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on (STB) the encrypted data.Type: GrantFiled: July 6, 2006Date of Patent: March 15, 2011Assignee: NagraCard S.A.Inventors: Henri Kudelski, Jimmy Cochard
-
Patent number: 7890770Abstract: This invention concerns a security module deactivation and reactivation method particularly intended for access control of conditional access data. These security modules include a plurality of registers (R1, R2, R3, Rn) containing values. The method includes the step of sending at least one management message (RUN-EMM) containing an executable code, this executable code being loaded into a memory of the security module and then executed. The execution of this code in particular can carry out the combination and/or the enciphering of the values of the registers, or render these values illegible. This method also allows the reactivation of the security modules that have been deactivated previously. In this case, the method includes the step of sending another message containing an executable code (RUN-EMM?1) for the reactivation of the modules, this executable code having an inverted function to that of the executable code used for the deactivation of the security modules.Type: GrantFiled: August 29, 2005Date of Patent: February 15, 2011Assignee: Nagravision S.A.Inventors: Henri Kudelski, Olivier Brique, Christian Wirz, Patrick Hauert
-
Publication number: 20110022854Abstract: The present invention provides a solution to the problem of guaranteeing the integrity of software programmes by encrypting all or part of each instruction of a programme using a key based on all or part of one or a plurality of previous instructions, thus resulting in a different encryption key per instruction. The invention is applicable to software programmes whose structures are not necessarily tree-like in nature and is also applicable when the programme includes loops, jumps, calls or breaks etc. The invention allows for an exception to be flagged when an encrypted instruction is wrongly decrypted. There is no need for the first instruction to be in clear, since the instruction key may be appropriately initialised as required. The invention can be realised in software or entirely in hardware thereby eliminating the possibility of a third party intercepting a decrypted instruction or a decryption key.Type: ApplicationFiled: June 30, 2010Publication date: January 27, 2011Inventors: Marco Macchetti, Henri Kudelski
-
Publication number: 20100293098Abstract: This invention relates to a process for carrying out a transaction between a payment module and a security module connected to a user's unit, this process being characterized in that it comprises the following steps: entering an identifier representative of the transaction to be carried out by means of an input device; generating by the user's unit, a control message containing at least a representative code of said transaction and an identifier of the security module requiring the transaction; sending said control message to said payment module (PP); verifying in said payment module whether it is entitled to carry out the desired transaction; if the payment module is entitled to carry out this transaction, execution of the transaction, storage of the result of the transaction in said payment module and generation by the payment module, of a receipt relating to the desired transaction and to the related security module; sending said receipt to a management centre; sending an unlocking code to the security modType: ApplicationFiled: February 26, 2008Publication date: November 18, 2010Applicant: NAGRAVISION S.A.Inventor: Henri Kudelski
-
Patent number: 7725740Abstract: A method is used to restore the security of a secure assembly such as a chip card, after the contents of its second memory zone have been read by a third party. The method is for generating a security key implemented by a secure module comprising a central unit, a first conditional access memory zone and at least one second memory zone containing all or part of the user program. The method includes reading of all or part of the second memory zone, and generation of at least one root key based on all or part of the second zone data and on at least one item of secret information stored in the first memory zone.Type: GrantFiled: May 19, 2004Date of Patent: May 25, 2010Assignee: Nagravision S.A.Inventors: Henri Kudelski, Serge Gaumain
-
Publication number: 20100088229Abstract: A method to secure a prepaid device for access to audio/video content having the possibility of reimbursement of the unused balance upon presentation of the aforementioned device to a control center by managing an account value in the prepaid device, the prepaid device including an identifier unique to each device and a control value, the method comprising: receiving of a request to modify the account value by an amount; calculating a new account value by modifying the account value by the amount, determining a number of steps, the number of steps being determined according to a function expressing the modification of the new account value relative to the account value; and modifying the control value by executing at least one one-way function on said control value a number of times equal to the number of steps.Type: ApplicationFiled: October 2, 2009Publication date: April 8, 2010Applicant: NAGRAVISION S.A.Inventor: Henri KUDELSKI
-
Publication number: 20090254996Abstract: The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterised in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.Type: ApplicationFiled: March 27, 2009Publication date: October 8, 2009Applicant: Nagravision S.A.Inventors: Joel Conus, Luca Gradassi, Rached Ksontini, Henri Kudelski
-
Patent number: 7502473Abstract: One embodiment of the invention relates to a management method for conditional access data processing by at least three decoders associated to a subscriber. These decoders include activation/deactivation means for conditional access data processing and local communication means structured to allow communication between the subscribers' decoders. This method comprises a reception step, a determination step, and a comparison step. In addition conditional access data processing by said first decoder (STB) is deactivated if the latter has not received messages from the required number of different decoders. Another embodiment of the invention relates to a decoder that allows the implementation of the method according to the invention and characterized in that it includes local communication means (10) structured to transmit messages to other decoders and to receive messages originating from said other decoders, and processing means for messages received by said local communication means (10).Type: GrantFiled: May 21, 2004Date of Patent: March 10, 2009Assignee: Nagravision S.A.Inventors: Henri Kudelski, Corinne Le Buhan, Guy Moreillon
-
Patent number: 7487349Abstract: A method is for protecting an encrypted content, by use of at least one encryption key. The method includes generation of a temporary encryption key, encryption by the temporary key of a value allowing the determination of the encryption keys of the content, transmission of the encrypted value to a multimedia unit, and encryption and transmission of at least two cryptograms including the temporary key encrypted by an authorization key. The first cryptogram is encrypted by a first authorization key pertaining to a first security module and the second cryptogram is encrypted by a second authorization key pertaining to a group of security modules whose first security module is excluded.Type: GrantFiled: April 23, 2004Date of Patent: February 3, 2009Assignee: NagraCard S.A.Inventors: Rached Ksontini, Henri Kudelski, Cédric Groux
-
Patent number: 7486793Abstract: The objective of the present invention is to propose an accounting method of the consumption of transmitted services per time unit to a decoder in a system implementing a content encrypted by control words, the latter being modified according to a period named crypto-period. This method consists in verifying if the time-current (TC) is comprised in a time variable (Rdate) representative of the authorisation time of use of the service and, if this is the case, decrypting and returning the control words to the decoder, and if it is not the case, debiting an amount (CT) corresponding to a time of use (AT) and recharging the time variable (Rdate) with a corresponding time.Type: GrantFiled: September 30, 2002Date of Patent: February 3, 2009Assignee: NagraCard S.A.Inventors: Jimmy Cochard, Henri Kudelski, Marco Sasselli
-
Publication number: 20080250444Abstract: A method allows a broadcasted conditional access content accessible at the time of transmission to be also accessible at a later time thanks to intermediate storage on a hard disk of a user unit.Type: ApplicationFiled: August 8, 2006Publication date: October 9, 2008Applicant: NAGRAVISION S.A.Inventors: Frederic Thomas, Sebastien Robyr, Henri Kudelski, Guy Moreillon, Philippe Desarzens
-
Publication number: 20070195950Abstract: This invention relates to a method for the transmission of management data to at least one multimedia unit or a group of multimedia units. This method is characterised in that said management data is sent in the form of at least one authorisation message encrypted by means of at least one synchronisation key (SK), the sending of said at least one authorisation message being repeated cyclically and intended for said multimedia unit or said group of multimedia units, and in that the synchronisation key is modified at least during each cycle.Type: ApplicationFiled: February 12, 2007Publication date: August 23, 2007Inventors: Henri Kudelski, Joel Conus
-
Publication number: 20070174617Abstract: A method for updating the firmware of a security module allowing it to “jump” towards a dedicated separate patch message stream thanks to a trigger messages stream broadcasted in a main stream of management messages. The trigger messages comprise version information allowing establishing whether the security module is up-to-date, and an identifier indicating to the security module the suitable patch stream. If the current version of the firmware of the security module is inferior to the patch version, the security module is directed towards the stream of patch messages designated by the identifier included in the trigger messages. Once the update of the firmware is complete, the security module is again directed towards the main stream. This return can be carried out automatically, namely with a switch message comprising an identifier of the first stream.Type: ApplicationFiled: January 23, 2007Publication date: July 26, 2007Inventors: Xavier Carrel, Olivier Brique, Henri Kudelski, Nicolas Fisher
-
Publication number: 20060083371Abstract: The present invention relates to a management messages transmission method by a management center intended to a plurality of multimedia units. Each unit has a security module (SC) comprising at least one global encryption key used in relation with an encryption module. This method is characterized in that it consists of dividing the totality of the security modules allowing access to encrypted data originating from a determined provider into at least two groups (GR1, GR2), a first group of security modules having a first configuration of the security elements and a second group of security modules having a second configuration of the security elements, the first configuration being different from the second configuration.Type: ApplicationFiled: October 12, 2005Publication date: April 20, 2006Inventors: Gregory Duval, Jimmy Cochard, Henri Kudelski, Paul-Jean Cagnard, Patrick Hauert
-
Publication number: 20060023876Abstract: The aim of this invention is to propose a solution to prevent the modification of access conditions to an encrypted multimedia content. This aim is achieved by a method to secure an event with control words (CW), the use of this event by user units being subjected to access conditions (AC), said method comprising the following steps: generation of a pseudo-random number (RNG), formation of a control block (CB) by the association of the pseudo-random number (RNG) and the access conditions (AC), calculation of the control word (CW) by the application of a unidirectional function (F) on the control block (CB), use of the control word (CW) to encrypt the event, transmission of the control block (CB) to the user units.Type: ApplicationFiled: March 9, 2005Publication date: February 2, 2006Inventors: Rached Ksontini, Henri Kudelski