Abstract: A method of operating by a second processing unit a content recorded by a first processing unit, said first and second processing units having a specific key being managed by a central server. The processing units have access to a removable storage memory intended to record a content ciphered by a content key accompanied by a file associated to the content. The content key is produced by means of a cascaded deciphering starting from the specific key of the first unit of at least two constants provided by the central server and a variable. The content is restored by the second processing unit by means of a cascaded deciphering starting from the specific key of the second unit by using the constants and the variable stored in the file accompanying the content and a transcoding key calculated by the central server.

Abstract: One embodiment of the invention relates to a management method for conditional access data processing by at least three decoders associated to a subscriber. These decoders include activation/deactivation means for conditional access data processing and local communication means structured to allow communication between the subscribers' decoders. This method comprises a reception step, a determination step, and a comparison step. In addition conditional access data processing by said first decoder (STB) is deactivated if the latter has not received messages from the required number of different decoders. Another embodiment of the invention relates to a decoder that allows the implementation of the method according to the invention and characterized in that it includes local communication means (10) structured to transmit messages to other decoders and to receive messages originating from said other decoders, and processing means for messages received by said local communication means (10).

Abstract: Example embodiments relate to a method of transmitting encrypted data between a local server connected to one or several local peripherals. The local server may include a security device in charge of acquiring a first right of use of the data. The method may include transmitting the encrypted data from the local server towards a peripheral, extracting from the first right a second right corresponding to the part necessary for the decryption of the data in the peripherals, encrypting by the security module the second right by a pairing key specific to the couple formed by the security module of the local server and the security module of the peripheral, transmitting the encrypted second right to the local peripheral, decrypting with the help of the pairing key the second right by the security device of the peripheral, and decrypting by the peripheral the data encrypted by the second right.

Abstract: This invention proposes a method for securing updating software in a plurality of decoders based on the generation of a signature by means of a private asymmetrical key. The updating of a decoder is carried out by downloading, from a managing center, a data block including a patch and its signature, said block is stored in a RAM. The signature is decrypted with a current public key from a list contained in a first non-volatile memory of the decoder, then verified and in the case of correspondence, a command leads the installation of the patch in a second non-volatile Flash memory and the deactivation of the current key. The aim of this invention is to considerably reduce the impact of the discovery of a private key by mean of a systematic analysis of the working of the decoder software, or to notably increase the time and the means necessary for the process used to determine said private key.

Abstract: The objective of the present invention is to propose a method that allows preventing the use of more than one identical security module for the identification and use of resources administered by an operating centre. This objective is achieved by an anti-cloning method based on the memorization of the identification numbers of the user units connected to said security module. During a connection with an operating centre these numbers are transmitted and compared with the numbers of a previous transmission. Differences are accepted as long as new numbers are added to a list previously transmitted. The security module is declared invalid if the numbers previously memorized are not included in the transmitted numbers.

Abstract: Example embodiments relate to exchanging data between several computers or multimedia units through a public network while guaranteeing at the same time the confidentiality of these data. Specifically, the creation and use of a virtual private network (VPN) is disclosed. The virtual private network (VPN) may have a plurality of units connected to a public network, each unit having a security device which may have a unique number UA1. The method may include generating a right Dn associated to the unique number UAn, by the security device of a unit Un, transferring the right Dn to the security device of at least one second unit Um, encrypting the data sent by unit Un and the description of the Dn right by a encryption data key KS, and receiving the encrypted data by the second unit Um, wherein the encrypted data is presented to the security device of the second unit Um to verify if the right Dn is present, and if the right Dn is present, then decrypting the data by the encryption data key KS.

Abstract: A system and a method are for determining the origin of a signal received by a pay television subscriber in a given region. A system includes an encryption device located at a main operator, a transmission device adapted to transmit an encrypted video signal towards at least one local operator, and a decryption device at the local operator. The decryption device includes an identification device for replacing all or part of the decrypted video signal with an identification signal characterising the decryption device.

Abstract: A method for storing an event encrypted by control words guarantees access to this event at any moment, even if identities of these events are modified between storage and the moment of viewing. The method is performed in a reception and decryption unit connected to a security unit, the control words and the necessary rights being contained in control messages the method comprising the steps of storing the encrypted event and associated control messages in the storage unit; transmitting the control messages to the security unit; verifying if the access rights to this event are contained in the security unit and, if so, calculating a receipt of all or part of the control message using a secret unique key contained in the security unit; and storing the receipt in the storage unit.

Abstract: This invention concerns a system and a method of transmission and storage of audio/video data in encrypted form between a distribution centre and at least one exploitation module. Instead of transmitting the information allowing the decryption in parallel to said data, these information are regrouped in a decryption data file comprising equally the data that define the access conditions to said audio/video data. This file is stored independently from said data and can be used for either an immediate use or a deferred one.

Abstract: The object of the present invention is intended to solve the problem of the broadcasting of conditional access data where certain parts must be accessible either for technical reasons or for commercial reasons.

Abstract: A method for encrypting a compressed video stream comprising independent data blocks and differential data blocks includes the steps of encrypting the independent data blocks with a different level of encryption than that used for the differential data blocks. In one embodiment, the differential data blocks are unencrypted. The method allows the reception of a compressed data stream using powerful algorithms on terminals having small cryptographic capacities.

Abstract: This invention relates to a conditional access data decryption system, in particular used in the domain of digital pay television. This system includes a diffusion centre (10) arranged to diffuse data encrypted by control-words (cw), at least one management centre (11) arranged to diffuse personal messages (ECM, EMM) related to the management of access means to encrypted data, an operating device (12) intended to render usable said encrypted data, and a decoder (13) arranged to decrypt at least one part of the encrypted data. This decoder is placed between the diffusion centre (10) and the operating device (12). This decoder (13) comprises a module (14) for the reception and decryption of encrypted data and a module (15) for the management of access rights to this data. The reception module (14) is connected or integrated into the operating device (12) and the management module (15) is arranged to communicate with the reception module.

Abstract: Method and a device for guaranteeing the integrity and authenticity of data transmitted between a management center and one or several receiver units, wherein each receiver unit comprises a decoder (IRD) and a security unit (SC) and means for communicating (NET, REC) with the management center. The method consists in calculating a check information (Hx) representative of the result of a unidirectional and collision-free function, performed on all or part of the transmitted data and in transmitting the result to the management center for verification. The center will be able to inform the decoder concerning the authenticity of the data through return channels or through the main channel.