Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device (10) is a security module containing a first encrypting key, said private key (PAKV) of a pair of asymmetric encrypting keys. The second device is a receiver (11) comprising at least one second encrypting key, said public key (PAKB) of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key (13). The first device (10) generates a first random number (A), which is encrypted by said private key (PAKV), then transmitted to the second device (11), in which it is decrypted by means of the public key (PAKB). The second device (11) generates a second random number (B), which is encrypted by said public key (PAKB), then transmitted to the first device (10), in which it is decrypted by means of the private key (PAKV).

Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device is a security module containing a first encrypting key, said private key of a pair of asymmetric encrypting keys. The second device is a receiver comprising at least one second encrypting key, said public key of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key. The first device generates a first random number, which is encrypted by said private key, then transmitted to the second device, in which it is decrypted by means of the public key. The second device generates a second random number, which is encrypted by said public key, then transmitted to the first device, in which it is decrypted by means of the private key. A session key, used for safe data exchange, is generated by a combination of the symmetric key and the random numbers generated and received by each of the devices.

Abstract: For updating shared databases on a subscriber network, a managing center sends messages addressed to each of these bases. When one requires to address a great number of databases, the time to accede to each of them increases considerably considered the necessity to repeat the information to ensure the good reception of messages. Instead of addressing by name each database, it is proposed to transmit criteria in which a certain number of databases recognize themselves and apply a selective updating on these bases.

Abstract: A process is provided for enabling the generation of valid secure numbers during a given period, these secure numbers having an optimal security level, while preserving the possibility for creating additional numbers or increasing the security level in accordance with the requirements. In at least one embodiment, the method permits the generation of as many secure numbers as are required, while having a maximum security level, which reduces the risks of sending a random number allowing the assignment of entitlements or a credit. The contradictory parameters for the quantity of generated numbers and security can be corrected at any time.

Abstract: The objective of the present invention is a storage method in a decoder of an event encrypted by control words that guarantees the access to this event at whichever moment, even if certain keys of the system have changed for security reasons. This objective is achieved by a storage method of an event encrypted by control words in a reception and decryption unit connected to a security unit, said control words and the necessary rights being contained in management messages encrypted by system keys, comprising storing the encrypted event as well as the control messages in the storage unit, and storing in the storage unit the system keys encrypted by a predefined local key stored in the security unit.

Abstract: In a pay television system, the choice and the confirmation of an impulse purchase are performed by the user on presentation, by means of a screen, of a grid of programmes. The selection by this user of a particular programme of his choice from the grid is subsequently confirmed in the system by an entitlement management message, this message being specific to an impulse purchase. In order to authorize the immediate screening of the selected transmission, the entitlement management message specific to an impulse purchase is contained in the data tied to the presentation of the grid.

Abstract: The invention refers to a method of updating a multi-operator reception system by administration (EMM) and updating messages between a subscriber management system and one or several decoders of pay television, being the functioning of the decoder dependent on the reception of administration (EMM) and updating messages of at least one preferential operator, this decoder having to pass into stand-by state under certain conditions. If the subscriber uses mostly an operator that does not require subscription rights, the decoder does not receive any more the necessary updating. To switch this decoder into the stand-by state, the method according to the invention carries out the following operations: switching of the reception to one or several preferential operators, receiving and processing of the messages of management of rights (EMM), determining of the end of a complete cycle of reception messages, switching to the stand-by state.

Abstract: The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre.

Abstract: A system includes a managing center transmitting a data stream encrypted by control words included in control messages. The data stream is received by at least one user unit linked to a security module identified by a unique address. The security module contains a credit which is deducted according to the consumption of data from the stream. The security module can deduct the credit of an amount related to a product or an amount related to a duration, this amount and/or this duration being defined in the control message or in a management message. The user transmits to the managing center an identifier identifying the unique address and a value code representing an amount of credit to reload, the managing center dealing with and checking the value code and transmitting an encrypted message having the unique address and the amount to reload the credit with, to the security module.

Abstract: At the moment of the diffusion of Pay-TV with multi-channel signals, each channel is associated to authorization messages (ECM) which allow to decrypt this channel according to the rights of the subscriber. When changing channel, a very short time is accepted before one has determined these new rights in relation with the new channel. The heavy encrypting algorithms are thus excluded. To avoid this drawback, to decrypt a channel, a system is proposed using the combination of the authorization information for a channel (ECM), and thus encrypted by a fast algorithm, with authorization information (MECM) for a group of channels. These latter are encrypted by a high security algorithm and are thus slower to decrypt.

Abstract: System for controlling the transmission of information between a receiver and a security module, especially for a pay television system, in which the transmitted information is encrypted and decrypted by means of a unique encryption key stored, on the one hand, in the receiver and, on the other hand, in the security module.

Abstract: A process is provided for enabling the generation of valid secure numbers during a given period, these secure numbers having an optimal security level, while preserving the possibility for creating additional numbers or increasing the security level in accordance with the requirements. In at least one embodiment, the method permits the generation of as many secure numbers as are required, while having a maximum security level, which reduces the risks of sending a random number allowing the assignment of entitlements or a credit. The contradictory parameters for the quantity of generated numbers and security can be corrected at any time.

Abstract: The objective of the present invention is to propose an accounting method of the consumption of transmitted services per time unit to a decoder in a system implementing a content encrypted by control words, the latter being modified according to a period named crypto-period. This method consists in verifying if the time-current (TC) is comprised in a time variable (Rdate) representative of the authorisation time of use of the service and, if this is the case, decrypting and returning the control words to the decoder, and if it is not the case, debiting an amount (CT) corresponding to a time of use (AT) and recharging the time variable (Rdate) with a corresponding time.

Abstract: This invention proposes a method for securing updating software in a plurality of decoders based on the generation of a signature by means of a private asymmetrical key. The updating of a decoder is carried out by downloading, from a managing center, a data block including a patch and its signature, said block is stored in a RAM. The signature is decrypted with a current public key from a list contained in a first non-volatile memory of the decoder, then verified and in the case of correspondence, a command leads the installation of the patch in a second non-volatile Flash memory and the deactivation of the current key. The aim of this invention is to considerably reduce the impact of the discovery of a private key by mean of a systematic analysis of the working of the decoder software, or to notably increase the time and the means necessary for the process used to determine said private key.

Abstract: A method of production and distribution of asymetric public and private keys between a key generation centre and at least one user unit (DEC), the unit comprising a security module (SM), the method consisting in generating certificates comprising a public key and a private key in a first cryptographic unit (KPG), coding the private key by use of a service key in the first cryptographic unit (KPG) and storing the private key in a key memory (KPS), when sending the keys to a user unit, extracting the keys from the key memory (KPS), composing the certification with the public key, decoding the corresponding private key by use of the service key in a cryptographic security module and coding it with a transport key of the user.

Abstract: A method for storing an event encrypted by control words guarantees access to this event at any moment, even if identities of these events are modified between storage and the moment of viewing. The method is performed in a reception and decryption unit connected to a security unit, the control words and the necessary rights being contained in control messages the method comprising the steps of storing the encrypted event and associated control messages in the storage unit; transmitting the control messages to the security unit; verifying if the access rights to this event are contained in the security unit and, if so, calculating a receipt of all or part of the control message using a secret unique key contained in the security unit; and storing the receipt in the storage unit.

Abstract: The present invention proposes an encryption/decryption method able to resist against various attack strategies such as Simple Power Analysis, Timing Analysis or Differential Power Analysis. The method is carried out by a plurality of encryption/decryption modules arranged in series, wherein an encryption/decryption module, different from the first module, starts encryption/decryption operations as soon as said module receives a part of the results of encryption/decryption operations from the immediately preceding encryption/decryption module.

Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device (10) is a security module containing a first encrypting key, said private key (PAKV) of a pair of asymmetric encrypting keys. The second device is a receiver (11) comprising at least one second encrypting key, said public key (PAKB) of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key (13). The first device (10) generates a first random number (A), which is encrypted by said private key (PAKV), then transmitted to the second device (11), in which it is decrypted by means of the public key (PAKB). The second device (11) generates a second random number (B), which is encrypted by said public key (PAKB), then transmitted to the first device (10), in which it is decrypted by means of the private key (PAKV).

Abstract: The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre.

Abstract: Method and a device for guaranteeing the integrity and authenticity of data transmitted between a management center and one or several receiver units, wherein each receiver unit comprises a decoder (IRD) and a security unit (SC) and means for communicating (NET, REC) with the management center. The method consists in calculating a check information (Hx) representative of the result of a unidirectional and collision-free function, performed on all or part of the transmitted data and in transmitting the result to the management center for verification. The center will be able to inform the decoder concerning the authenticity of the data through return channels or through the main channel.