Abstract: Transmission method of a message containing a program block that avoids the consequences of a possible malicious decryption of this message is proposed. This is achieved through a secure method to update software embedded in a security module, comprising formation of a first updating program block, determination of a target memory zone of said security module, determination, through said security module, of a pre-registered content in said target memory zone, formation of a second program block obtained by the mixing of all or a part of the pre-registered content with the first program block, transmission of the second program block to the security module, reception of the second block by the security module, reading of the target memory zone, obtaining and writing in the target memory zone of the first block by the inverse mixing of all or part of the second block and of the target memory zone content.

Abstract: Unit for secure processing access controlled audio/video data capable of receiving control messages(ECM) comprising at least one first control word (CW1) and first right execution parameters (C1), at least one second control word (CW2) and second right execution parameters (C2), said processing unit being connected to a first access control device (CA1), said processing unit is characterized in that it comprises: —means for verifying and applying the first right execution parameters (C1) in relation to the contents of a memory (M1) of said first access control device (CA1) and means for obtaining the first control word CW1, —a second access control device (CA2) integrated into the processing unit UT including means for verifying and applying the second right execution parameters (C2) in relation to the contents of a memory (M2) associated to said second access control device (CA2) and means for obtaining the second control word (CW2), —a deciphering module (MD) capable of deciphering, sequentially with the fi

Abstract: The invention refers to a method of updating a multi-operator reception system by administration (EMM) and updating messages between a subscriber management system and one or several decoders of pay television, being the functioning of the decoder dependent on the reception of administration (EMM) and updating messages of at least one preferential operator, this decoder having to pass into stand-by state under certain conditions. If the subscriber uses mostly an operator that does not require subscription rights, the decoder does not receive any more the necessary updating. To switch this decoder into the stand-by state, the method according to the invention carries out the following operations: switching of the reception to one or several preferential operators, receiving and processing of the messages of management of rights (EMM), determining of the end of a complete cycle of reception messages, switching to the stand-by state.

Abstract: A method that allows the optimization of the consumption of conditional access content in order to guarantee less vulnerable right messages involves three steps: the selection by the user of a content and the indication of this interest to said management center; the sending of a notification message containing or indicating the access authorisation message shortly before the broadcast of said content and storage of this authorisation message; and the sending of the content itself and the use of the data of the authorisation message in order to access the data of the content. There may be a fourth stage, namely the validation of the authorisation message by the user. This validation is executed in general at the time of the reception of the content or alternatively the user confirms their intention to purchase.

Abstract: This invention concerns a security module deactivation and reactivation method particularly intended for access control of conditional access data. These security modules include a plurality of registers (R1, R2, R3, Rn) containing values. The method includes the step of sending at least one management message (RUN-EMM) containing an executable code, this executable code being loaded into a memory of the security module and then executed. The execution of this code in particular can carry out the combination and/or the enciphering of the values of the registers, or render these values illegible. This method also allows the reactivation of the security modules that have been deactivated previously. In this case, the method includes the step of sending another message containing an executable code (RUN-EMM?1) for the reactivation of the modules, this executable code having an inverted function to that of the executable code used for the deactivation of the security modules.

Abstract: As television programs increases, it becomes necessary to find means for rapidly accessing the users' preferred programs. Furthermore, television programs are addressed to different types of users such as children and adults. The proposed system processes a program grid comprising at a higher level the whole information on programs and at a lower level, information specific to a users group as well as parameters defining a user profile. The parameters are divided into several sets of parameters, each set corresponding to a filter layer allowing selecting a category or categories of required information. The first layer, defining a global restrictive filter, is defined by an administrator of the system and the following layers, defining a filter specific to a users group and containing filtering short commands, are defined by at least one member of the users group.

Abstract: The present invention proposes a solution to prevent a program flow in a processing unit from being modified with respect to an intended program flow, thereby ensuring that important steps such as verifying or authenticating are not bypassed. The invention is particularly aimed at security modules within receiver/decoders in a pay-TV system and involves performing a set of predetermined operations during the processing of entitlement management messages and/or entitlement control messages, said operations being redundant with respect to the normal processing of said messages while leading to the calculation of keys which can then be used to verify that the intended program flow has been respected.

Abstract: This invention relates to a process for carrying out a transaction between a payment module and a security module connected to a user's unit, this process being characterized in that it comprises the following steps: entering an identifier representative of the transaction to be carried out by means of an input device; generating by the user's unit, a control message containing at least a representative code of said transaction and an identifier of the security module requiring the transaction; sending said control message to said payment module (PP); verifying in said payment module whether it is entitled to carry out the desired transaction; if the payment module is entitled to carry out this transaction, execution of the transaction, storage of the result of the transaction in said payment module and generation by the payment module, of a receipt relating to the desired transaction and to the related security module; sending said receipt to a management centre; sending an unlocking code to the security mod

Abstract: The object of the invention is a method of managing the display of event specifications with conditional access, particularly to display an electronic program guide for Pay-TV.

Abstract: The aim of the present invention is to propose a method to prevent the abusive use of conditional access data, in particular by means of clones of security modules whose security has been compromised.

Abstract: The present invention concerns the generation of a key necessary to decrypt audio/video contents by genuine decoding units. It concerns in particular a method to secure the reception of a broadcast content managed by a control center and encrypted by at least one content key, said content key or a data allowing to recover said content key being transmitted to the decoding units encrypted by a transmission key common to the decoding units, each decoding unit having at least one environment parameter known by the control center, said decoding unit receiving from the control center a first message common to all decoding units and comprising the encrypted transmission key and a second message, pertaining to said decoding unit and comprising correction data dedicated to said decoding unit, the decryption of the transmission key being made using the environment parameter and the correction data.

Abstract: The aim of this invention is to pair a security module with one or more host apparatuses in an environment in which the host module has no connection with the management centre.

Abstract: The aim of the present invention consists of reducing the switching time from one reception channel to another. In fact, this reduction will be particularly discernable since the number of different rights stored in a security module of a multimedia unit or decoder is high. When a user selects a service among those proposed by an electronic programs guide, an access control module explores a stored service information table in order to extract an access condition associated to the service. This access condition allows determining an index in a rights table stored in the access control module of a right that fulfils the access condition. The access control module transmits to the security module the index thus determined alone or accompanied by a control message. This index allows the security module to find quickly the right that it compares afterwards with the access condition included in the control message after decryption of the latter.

Abstract: An aim to reach may be on one hand, to allow the reading of a content stored by a digital video recorder from a decoder of the local network regardless of the time elapsed between storage and reading, and on the other hand to prevent the transfer or improper copying of the content stored from one network to another. An aim may be achieved by a method of an embodiment, for transmitting digital data in a local network including members constituted by at least one first multimedia unit having a content storage device and at least one second multimedia unit intended to restore the content. The first multimedia unit may be connected, on one hand, to a broadcasting server of encrypted digital audio/video data and on the other hand to the second multimedia unit, each member possessing a security module including a network key. The first multimedia unit receives and decrypts the encrypted data forming a content broadcasted by the broadcasting server and re-encrypts the content previously decrypted.

Abstract: A system includes a managing center transmitting a data stream encrypted by control words included in control messages. The data stream is received by at least one user unit linked to a security module identified by a unique address. The security module contains a credit which is deducted according to the consumption of data from the stream. The security module can deduct the credit of an amount related to a product or an amount related to a duration, this amount and/or this duration being defined in the control message or in a management message. The user transmits to the managing center an identifier identifying the unique address and a value code representing an amount of credit to reload, the managing center dealing with and checking the value code and transmitting an encrypted message having the unique address and the amount to reload the credit with, to the security module.

Abstract: The present invention relates to a method for creating and managing a local area network including at least one device for reproducing an encrypted data flow and a device for transmitting and re-encrypting all or part of said encrypted data, which devices include security modules. The method includes the steps of connecting a so-called master security module in one of the devices connected to the local area network, causing the master security module to generate a network key, securely transmitting the network key to one or more so-called user security modules, decrypting the data encrypted by the transmission and re-encryption device, re-encrypting the data with said device by means of a local key, transmitting the re-encrypted data to the reproduction device, and holding the reproduction device to perform decryption using the user security module associated therewith and provided with means for locating the local key.

Abstract: A method is used to restore the security of a secure assembly such as a chip card, after the contents of its second memory zone have been read by a third party. The method is for generating a security key implemented by a secure module comprising a central unit, a first conditional access memory zone and at least one second memory zone containing all or part of the user program. The method includes reading of all or part of the second memory zone, and generation of at least one root key based on all or part of the second zone data and on at least one item of secret information stored in the first memory zone.

Abstract: The present invention proposes a method for managing rights of subscribers to a pay-television system comprising an access control system to which are connected subscriber management systems each managed by an operator and a plurality of subscriber decoders, said decoders each being equipped with a security module containing the rights for each subscriber allowing him the decryption of encrypted digital data of a stream broadcasted by at least one operator, during a modification of the rights carried out by an operator in the security module of a subscriber, the control access system receives data identifying a subscriber with modification commands of rights of said subscriber coming from a subscriber management system of an operator, generates a management message containing the modified rights and transmits said message to the security module of the subscriber via the stream containing the encrypted data, said method comprising the step of verification of the modifications according the properties and the a

Abstract: Example embodiments are directed to a digital audio/video (AV) data processing unit and a method of controlling access to the digital AV data. The processing unit of AV digital data includes a deciphering unit of the AV data, a decompression unit, an input/output interface of the processed AV data and communication device towards a security module. The deciphering and decompression units respectively include an encryption unit and a decryption unit, each having at least one personal key and a common encryption key. Deciphering the AV data using the control words and re-encrypting the deciphered AV data occurs only after a successful verification of the control word and the common key. After temporary storage, the re-encrypted AV data cannot be decrypted by the decryption unit unless the common key has been positively verified by the security module by way of a random number generated by the decryption unit.

Abstract: A method to secure a prepaid device for access to audio/video content having the possibility of reimbursement of the unused balance upon presentation of the aforementioned device to a control center by managing an account value in the prepaid device, the prepaid device including an identifier unique to each device and a control value, the method comprising: receiving of a request to modify the account value by an amount; calculating a new account value by modifying the account value by the amount, determining a number of steps, the number of steps being determined according to a function expressing the modification of the new account value relative to the account value; and modifying the control value by executing at least one one-way function on said control value a number of times equal to the number of steps.