Abstract: A data stream contains content data that can be decrypted using control words. ECM messages that are included in the stream and contain the control words that is required for decrypting nearby content data. EMM messages contain management information for entitling selected stream receiving devices to decrypt content data from the data stream using control words from ECM messages. Further management information is included in at least some of the ECM messages. The secure device detects The further management information when the control words are supplied and tests whether the further management information is targeted at the stream receiving device (12). If so the secure device indefinitely disables subsequent decryption of at least part of the stream in the stream receiving device (12). In one embodiment, the further management information is targeted by means of a specified condition on entitlement information stored in the secure device.

Abstract: Device (120), smart card (300) and method for selectively supplying access to a service (202) encrypted using a control word. A service (202) is received with an entitlement control message (ECM) (203) comprising authorization data and a specifier of a validity period of the authorization data. The service is decrypted only if the ECM (203) is found valid. The service (202) can be stored on a storage medium such as a DVD. An ECM transcoding module (211) obtains the authorization data from the ECM (203) supplies to writing means (215) a device-specific ECM comprising the authorization data. The device-specific ECM may be encrypted with a key specific to the device (120) and/or comprise an identifier for the device (120).

Abstract: In a system that transmits frames of data as a stream of packets, packet header information is augmented with localizing data that serves to distinguish frame header information and frame data of each frame within the stream of packets. The localizing data facilitates encryption of the frame data at the packet level without encrypting the frame header information, and subsequent decryption of the encrypted data within the stream of data.

Abstract: A transmitter provides receivers conditional access to data transmitted via a network. A content encryptor is used to encrypt the data under control of a same authorization key before it is transmitted to all receivers. The transmitter has a storage with a plurality of device keys. A further encryptor is used for producing a key block with a plurality of entries, where each entry is associated with a respective one of the device keys. At least some of the entries contain a representation of the authorization key encrypted with the associated device key. The transmitter transmits the same key block to all receivers. The receiver has a subset of the device keys. A first decryptor is used to retrieve the authorization key by decrypting at least one entry of the key block that is associated with one of the device keys of the receiver. A second decryptor is used for decrypting the data under control of the authorization key.