Abstract: Embodiments include a method and a system for signcrypting data based on elliptic curve cryptography. In a head-end system data is encrypted using a random point R and digitally signed using the random point R. Only the x-coordinate Rx of the random point R and only the signature component ssignature of the signature are added to the data after signcrypting the data. In a smartcard the signcrypted data is verified using the random point R and decrypted using the random point R.

Abstract: Embodiments include a method and system for monitoring usage of an encrypted broadcast service, such as an encrypted television program, in a secure client module such as a SIM card. An encrypted entitlement control message is received from a head-end system via the intermediary of a client device. A service identifier indicative of the encrypted broadcast service is obtained from the decrypted entitlement control message and, in dependence of the decrypted entitlement control message, status data being indicative of a status of the broadcast service is generated. The service identifier and the status data are stored in a memory of said secure client module and can be transmitted to an external server.

Abstract: Various embodiments of the invention provide a method for activating one or more secondary decoder devices in a home network. A head-end system activates a primary decoder device and initializes the secondary decoder devices. The primary decoder device activates the initialized secondary decoder device. The secondary decoder device is deactivated upon expiration of a timer value until reactivated by the primary decoder device.

Abstract: Embodiments of the invention include a conditional access system comprising a terminal and a smartcard, wherein the terminal comprises a user interface for interaction with an end-user, comprising an output for displaying first user interaction data and an input for generating second user interaction data in response to the first user interaction data; and a descrambler configured for descrambling scrambled content, and wherein the smartcard is configured for generating the first user interaction data and allowing, in dependence of the second user interaction data received from the user interface, the descrambler to descramble the scrambled content.

Abstract: The invention provides as smart card, a secured client with a smart card and a method for use in a smart card. The smart card is configured for counting ECMs associated to a particular portion of the content stream and storing loyalty points on the smart card. This enables e.g. counting of ECMs related to advertisements. Watching advertisements results in earning loyalty points that can be used to watch television programs for free.

Abstract: The invention provides a server system, client, method and program element for distributing content in a peer-to-peer network. The server system spits a file into segments and makes copies of the segments for clients to download. Each segment is encrypted with a unique encryption key and marked. Identifiers of encrypted segments are transmitted to clients such that each client receives a unique set of identifiers enabling the client to download a unique set of encrypted segments from other clients and/or from the server system.

Abstract: The invention provides an improved conditional access system with efficient bandwidth usage on the interface between a receiver and a conditional access module. The conditional access system has a receiver, a selection module, a conditional access module and possibly a terminal. The conditional access module has a first memory for storing service identifiers of services and transmits one or more service identifiers to the selection module. The selection module receives an input signal from the receiver and selects from the input signal those sub-signals as identified by the service identifiers and transmits the sub-signals to the conditional access module.

Abstract: A method of controlling descrambling of a plurality of program transport streams received by a receiver system comprises receiving a sequence of messages in a conditional access sub-system (9,10) comprised in said receiver system, each message being associated with one of a number of scrambled program transport streams and representing a request for returning information enabling the associated scrambled transport stream to be descrambled by at least one descrambler module (12) in the receiver system, determining whether messages received within a certain interval are associated with a number of different scrambled program transport streams, and denying at least one of the requests represented by the messages received in the certain interval, if the number of different scrambled program transport streams with which the messages are associated exceeds a pre-determined number.

Abstract: A method of external data storage in a system including a primary processing device, having a processor and a primary data storage unit, adapted to run application programs for processing active records in the processor and configured to store data belonging to active records in the primary data storage unit; and a secondary data storage system, accessible to the primary processing device, includes loading data belonging to an active record into the primary data storage unit and externalising the record by transferring at least a piece of data belonging to the record to the secondary data storage system for storage. The step of externalising a record includes the making of a call by an application program using data belonging to the record to an interface, arranged to transfer the piece of data to the secondary data storage system.

Abstract: A method of providing an encrypted data stream, includes obtaining a first data stream, partitioned into sections corresponding to key periods, each of a plurality of the key periods being associated with a respective value of a key, wherein each section corresponding to a key period associated with a value of the key includes at least one encrypted data unit decryptable using that associated key value, obtaining a sequence of key messages, at least some of which carry key information for obtaining at least one of the key values, obtaining a replacement data stream section, forming an encrypted output data stream, corresponding at least partially to the first data stream, by inserting the replacement data stream section so as to replace a corresponding part of the first data stream with a tail end of the replacement data stream section preceding at least part of a section of the first stream corresponding to a certain key period, and providing as output the encrypted output data stream in synchrony with an as

Abstract: A method of external data storage in a system including a primary processing device, having a processor and a primary data storage unit, adapted to run application programs for processing active records in the processor and configured to store data belonging to active records in the primary data storage unit; and a secondary data storage system, accessible to the primary processing device, includes loading data belonging to an active record into the primary data storage unit and externalizing the record by transferring at least a piece of data belonging to the record to the secondary data storage system for storage. The step of externalizing a record includes the making of a call by an application program using data belonging to the record to an interface, arranged to transfer the piece of data to the secondary data storage system.

Abstract: A method of generating cryptographically protected digital data encoding content and arranged into messages each message being decodable by a decoder application on a client terminal having a service interface to assemble each message for the decoder application are described. The method can include retrieving a message encrypting at least part of the message; and providing the encrypted messages as output in a format enabling a server service interface to arrange the message into at least one packet including at least one header and a payload. In an example, the encrypted message is assembled by adding a resynchronisation marker, separating a message section from an adjacent message section and including explicit synchronisation information, to at least the further message sections.

Abstract: A terminal for receiving and re-transmitting information, comprises a first network adapter for receiving a primary data stream in which the information has been encoded, encrypted according to a key scheme from a primary transmitter through a first network in a first format, an arrangement for receiving entitlement messages, enabling an authorized receiver to decrypt the encrypted data stream, and at least one further network adapter for connection to a secondary network. The terminal is configured to re-transmit at least part of the information in at least one secondary data stream in a second format, differing from the first format, through the second network to at least one secondary terminal connected to the secondary network. The terminal is configured to transmit the secondary data stream(s) encrypted according to the same key scheme and to forward received entitlement messages that enable an authorized receiver to decrypt the secondary data stream(s) to the secondary terminal(s).

Abstract: A system and method for providing encrypted data for use in a content player are described. The system comprises an encryption device for encrypting data using an encryption algorithm, and a protection device for providing security device data and for providing information on a protocol for communication between the content player and a secure device. The system also comprises a control device for providing protected contents containing the encrypted data and the secure device data. The protocol information and attribute data may be on the different parts inside the protected contents. The encrypted data can be transmitted or stored on a suitable medium. A system and method for decrypting encrypted data in a content player is also described. The system may comprise an input for receiving protected contents containing encrypted data, secure device data, information on a communication protocol, and attribute data on the different parts inside the protected contents.

Abstract: A system for time validation comprises a terminal (1) with means (7,7?) for tuning in to a number of different carrier frequencies (a-e), an authorisation device (6), e.g. a smart card, capable of communicating with the terminal (1) and means (2,5) to transmit time stamps, using a modulated signal having a carrier frequency, to the terminal (1). The authorisation device (6) comprises means (8) for selecting a carrier frequency to tune in to for retrieving a time stamp. A terminal (1) and authorisation device (6) are provided for use in the system. A computer program is suitable for loading into a programmable device, e.g. a smart card, to use it as an authorisation device (6) for use in such a system.

Abstract: A method of providing an encrypted data stream, includes obtaining a first data stream (17;41;63;78;92), partitioned into sections corresponding to key periods (18-22;45-48;71-74;80-84;96-99), each of a plurality of the key periods (18-22;45-48;71-74;80-84;96-99) being associated with a respective value of a key, wherein each section corresponding to a key period associated with a value of the key includes at least one encrypted data unit (10) decryptable using that associated key value, obtaining a sequence of key messages, at least some of which carry key information for obtaining at least one of the key values, obtaining a replacement data stream section (30-31; 42,43; 65,66; 85,86; 93,94), forming an encrypted output data stream (39; 44; 69; 88; 113), corresponding at least partially to the first data stream (17;41;63;78;92), by inserting the replacement data stream section so as to replace a corresponding part of the first data stream with a tail end of the replacement data stream section preceding

Abstract: A method of authorising conditional access to an encrypted digital data product, includes storing at least one set of entitlements in a secure device, each entitlement including a product identifier and expiry information, receiving entitlement control messages from a decoder system including a device for decrypting encrypted digital data products using control words, each entitlement control message including a product identifier, and in a first mode, returning at least one control word in response to an entitlement control message including a product identifier if the product identifier corresponds to a product identifier in a stored entitlement including expiry information indicating the entitlement to be valid, and, in a second mode, progressively adjusting a counter to a pre-determined value and returning at least one control word in response also to entitlement control messages including a product identifier if the product identifier corresponds to a product identifier in a stored entitlement including

Abstract: In a method for controlling the use of a program signal in a broadcast system, comprising one or more broadcasters and a number of receivers, at least a part of the receivers can be provided with a storage medium for storing program signals. The program signal comprises content signals of a first and a second type, wherein the second type of content signals is inserted in time slots in the first type of content signals. At least the first type of content signals is scrambled using control words as scrambling keys to obtain a scrambled program signal. The program signal is scrambled using control words as scrambling keys and the scrambled program signal is broadcasted together with entitlement control messages (ECM's) containing the control words in an encrypted manner using a second key. Decrypting means are provided at each receiver for retrieving the control words from the ECM's by decrypting the ECM's, wherein the control words are delivered by the decrypting means for descrambling the program signal.

Abstract: A method of providing a secure communication between first and second devices is described. The method includes encrypting a random key using an encryption key at a first device and transferring the encrypted random key to the second device for encryption of data communicated from the second device to the first device. The encrypted data received from the second device is decrypted using the random key. The method typically includes transferring a control word encrypted with an encryption key to the second device for decryption, and encryption using the random key. The encrypted control word received from the second device is then decrypted using the random key. The invention extends to a method of enabling a decoder, and to a decoder, to decode a data stream. It also extends, inter alia, to a method of authenticating an enabling device and to an enabling device.

Abstract: In a method for operating a conditional access system for broadcast applications, the conditional access system comprising a number of subscribers and each subscriber having a terminal including a conditional access module and a secure device for storing entitlements, a source signal is encrypted using a first key (CW). The encrypted source signal is broadcasted for receipt by the terminals, wherein entitlement control messages (ECM's) are sent to the secure devices, the ECM's comprising the first keys (CW) encrypted using a service key (PT). Entitlement management messages (EMM's) are sent to the secure devices providing the service key (PT) required to decrypt encrypted first keys (CW). A cracked secure device which is used in an unauthorized manner is traced by sending different keys required to obtain the first keys to different terminals or groups of terminals and monitoring the key information provided by a pirate.