Abstract: The aim of the present invention is to provide a secure system-on-chip for processing data, this system-on-chip having at least a central processing unit, an input and an output channel, an encryption/decryption engine and a memory. The system-on-chip having real-time working conditions while receiving and sending data, having an autonomous supervision module which is preprogrammed with normal working conditions definitions of at least the input and/or output data flow to enable or disable the input/output channel according to the comparison on the real-time working conditions and the normal working conditions definitions.

Abstract: The invention concerns a method for controlling access to encrypted data by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on (STB) the encrypted data.

Abstract: Proposed are a method and a system for management of resources of portable resource modules, each connected to a communication terminal, which modules comprise electronic memory units and are designed in particular as chipcards. A first resource management instruction comprising a module identification is transmitted to a resource management center. A second resource management instruction is transmitted from the resource management center via a communication network to the resource module identified through the module identification. In the particular resource module, resources are made ready or released by a resource control mechanism corresponding to the received second resource management instruction. A resource management confirmation is transmitted by the particular resource module via the communication network to the resource management center, and in the resource management center information about the resources made ready or released is stored assigned to the module identification.

Abstract: At the moment of the diffusion of Pay-TV with multi-channel signals, each channel is associated to authorization messages (ECM) which allow to decrypt this channel according to the rights of the subscriber. When changing channel, a very short time is accepted before one has determined these new rights in relation with the new channel. The heavy encrypting algorithms are thus excluded. To avoid this drawback, to decrypt a channel, a system is proposed using the combination of the authorization information for a channel (ECM), and thus encrypted by a fast algorithm, with authorization information (MECM) for a group of channels. These latter are encrypted by a high security algorithm and are thus slower to decrypt.

Abstract: Proposed are a method and a system for management of resources of portable resource modules, each connected to a communication terminal, which modules comprise electronic memory units and are designed in particular as chipcards. A first resource management instruction comprising a module identification is transmitted to a resource management centre. A second resource management instruction is transmitted from the resource management centre via a communication network to the resource module identified through the module identification. In the particular resource module, resources are made ready or released by a resource control mechanism corresponding to the received second resource management instruction. A resource management confirmation is transmitted by the particular resource module via the communication network to the resource management centre, and in the resource management centre information about the resources made ready or released is stored assigned to the module identification.

Abstract: Proposed are a method and a system for management of resources of portable resource modules (1, 1?), each connected to a communication terminal (2, 2?, 2?), which modules comprise electronic memory units (11) and are designed in particular as chipcards. A first resource management instruction comprising a module identification is transmitted to a resource management centre (4). A second resource management instruction is transmitted from the resource management centre (4) via a communication network (3) to the resource module (1) identified through the module identification. In the particular resource module (1), resources are made ready or released by a resource control mechanism (111) corresponding to the received second resource management instruction.

Abstract: The objective of the present invention is to propose an accounting method of the consumption of transmitted services per time unit to a decoder in a system implementing a content encrypted by control words, the latter being modified according to a period named crypto-period. This method consists in verifying if the time-current (TC) is comprised in a time variable (Rdate) representative of the authorisation time of use of the service and, if this is the case, decrypting and returning the control words to the decoder, and if it is not the case, debiting an amount (CT) corresponding to a time of use (AT) and recharging the time variable (Rdate) with a corresponding time.

Abstract: The objective of the present invention is to propose a method to prevent that the decryption of a keys file of a group of data stored in a storing unit (DB) of a decoder (STB), the latter comprising a security module (SM), allows many bad intentioned users to benefit illegally from this product. This method consists in extracting from an encrypted data flux the data to send towards the storing unit (DB) and to re-encrypt the data before transferring them to the storing unit (DB) by at least one specific key (K1, K2).

Abstract: A method is for protecting an encrypted content, by use of at least one encryption key. The method includes generation of a temporary encryption key, encryption by the temporary key of a value allowing the determination of the encryption keys of the content, transmission of the encrypted value to a multimedia unit, and encryption and transmission of at least two cryptograms including the temporary key encrypted by an authorization key. The first cryptogram is encrypted by a first authorization key pertaining to a first security module and the second cryptogram is encrypted by a second authorization key pertaining to a group of security modules whose first security module is excluded.

Abstract: The aim of the present invention is to provide a security module capable of supporting the different functions of the latest and the previous generations, by avoiding any possible attack due to this adaptability. This aim is attained by a security module comprising first communication means to a host device, first storage means (MEM0) and first decryption means (ENC0), characterized in that it includes a state module (SM) and second communication means (COM1) and physical activation or deactivation means (TSB) of said second means, such activation or deactivation being managed by the state module (SM).

Abstract: The aim of this invention is to propose a flexible solution to the risk represented by the interception of data by an unauthorized party during the transmission of said data between a broadcast center and a specialized decryption/decompression circuit such as is used in a Pay-TV decoder. This aim is achieved by a data transmission method involving a broadcast center or diffusion center, a management center and a multimedia unit, the latter comprising at least one unique key and a security module having a transport key.

Abstract: The invention concerns a method for controlling access to encrypted data by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on (STB) the encrypted data.

Abstract: The aim of this invention is to improve in an optimal way the security of smart cards to prevent the fraudulent control of a cryptographic processor(s) by means of external signals that interfere with the normal development of the tasks of a processor(s).

Abstract: The aim of this invention is to propose a method to manage the security of the set composed by an equipment, a security module and applications in order to limit the risk related to the fact that a security module could be fraudulently used by applications executed on a type of equipment and/or of software version that does not entirely fulfill the established security criteria.

Abstract: The aim of the present invention is to provide a secure system-on-chip for processing data, this system-on-chip comprising at least a central processing unit, an input and an output channel, an encryption/decryption engine and a memory, said system-on-chip having real-time working conditions while receiving and sending data, wherein it comprises an autonomous supervision module which is preprogrammed with normal working conditions definitions of at least the input and/or output data flow, and means to enable or disable the input and/or output channel according to the comparison on the real-time working conditions and the normal working conditions definitions.

Abstract: A secure system-on-chip for processing data comprises at least a central processing unit, an input and an output channel, an encryption/decryption engine and a memory, wherein said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprises an output decryption module to decrypt all outgoing data, said central processing unit receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said central processing unit reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purposes and outputting the decrypted result via the output channel.

Abstract: The aim of the present invention is to provide a secure system-on-chip for processing data, this system-on-chip comprising at least a central processing unit, an input and an output channel, an encryption/decryption engine and a memory, characterized in that, said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprising an output decryption module to decrypt all outgoing data, said central processing unit receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said central processing unit reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purpose and exiting the decrypted result via the output channel.

Abstract: A method for storing of a plurality of data blocks in a digital rewritable memory of semiconductors controlled by a memory manager and includes the steps of: randomly determining an available area; and storing the data block in the area determined in the determining step. This method of data storage is preferably applied to chip cards and to similar electronic modules. It prevents the reproduction of the functionalities of the card after an analysis of the contents of the memory. Furthermore, it assures a better distribution of the wearing of the memory.

Abstract: The present invention proposes an encryption/decryption method able to resist against various attack strategies such as Simple Power Analysis, Timing Analysis or Differential Power Analysis. The method is carried out by a plurality of encryption/decryption modules arranged in series, wherein an encryption/decryption module, different from the first module, starts encryption/decryption operations as soon as said module receives a part of the results of encryption/decryption operations from the immediately preceding encryption/decryption module.

Abstract: The aim of this invention is to provide a method to allocate resources on a security module of a portable apparatus such as a telephone, taking into account the security imperatives of the different intervening parties, such as the operator and application suppliers.