Abstract: A method to force a multimedia unit to update an application for viewing broadcast conditional access content by linking said update to an update of the conditional access module firmware. The firmware update is initialized by means of version information transmitted in the content stream. In particular, this version information may be included in ECM or EMM messages or in services information tables in order to be processed by the conditional access module independently from the multimedia unit. The version information comprises of a minimum version and of an available maximum version. If the conditional access module detects that the current version of the firmware is inferior to the available maximum version, it transmits a message requesting an update of the application that initiates downloading a firmware updating from a management center. The update installation is carried out simultaneously in the conditional access module and in the multimedia unit.

Abstract: A method to reduce the bandwidth for the renewal of subscriptions includes: A) defining a maximum length for a message, B) defining a command for security modules, C) forming a message comprising the command, D) filling the message with a starting address and a range E) determining a remaining length in the message, F) defining a bitmap of variable length, G) starting at identification address equal to the starting address and initializing an index value and the bitmap length, H) updating the bitmap bit for the security module pertaining to the identification address to activate/deactivate the command, I) compressing the bitmap, J) when the compressed bitmap length is smaller than the remaining size in the message, updating the index value, the bitmap length and the identification address and re-executing the steps H to J, K) updating the range with the index value and filling the message with the bitmap.

Abstract: Example embodiments relate to a method for granting customers access to a product or a set of products. The method may include providing by the customer through a secured communication network, a code to a registration center, wherein the code being unique, transmitting the code from the registration center to an authorization center, retrieving the identifier of the product or the set products from the code, by requesting a data base or calculating the identifier, and transmitting, by the authorization center, an authorization code to the customer terminal, wherein the authorization code allows access to the product or the set of products.

Abstract: A method for conditional access to a digital data stream encrypted with at least one control word and broadcasted to at least one mobile device, said transmitter also transmitting a control message stream containing control words and access conditions, said mobile device being connected to a mobile communication network via a mobile access point, comprises: receiving the control message stream by the mobile device; determining a location identifier for the said mobile device by either the identifier of the mobile access point or the identifier of the broadcasting network transmitter; verifying access conditions contained in the control message, said access conditions comprising a reception condition related to a mobile access point identifier and/or an identifier of one broadcasting network transmitter; comparing the determined identifier with the identifier(s) contained in the access conditions; and authorizing or blocking the access to said data stream depending on the result of the comparison.

Abstract: Example embodiments relate to a method for receiving contractual conditions from a supplier of digital content, in order to verify and validate the contractual conditions at a time of preparation for diffusion of the digital content by a diffuser. The method may include validating broadcasting conditions of the digital content by using a diffuser having a first data set describing a structural configuration, a second data set describing operational conditions of the diffuser, and a third data set describing conditions defined by the supplier.

Abstract: The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterised in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.

Abstract: The aim of the present invention is to propose a very fast alternative mechanism to the traitor tracing algorithm introduced by Boneh and Franklin to trace private keys in a public-key cryptosystem. This invention concerns a method to trace traceable parts of original private keys in a public-key cryptosystem consisting of one public key and l corresponding private keys, a private key being formed by a traceable array of 2k elements forming a syndrome of a generalized Reed-Solomon code with parameters (l,l-2k) defined by the base points {right arrow over (?)}=(?1, . . . , ?l and a scaling vector {right arrow over (c)}=(c1, c2, . . . , ct), comprising the steps of: obtaining the traceable part {right arrow over (d)}=(d1, . . . , d2k)T of a rogue private key, applying a Berlekamp-Massey algorithm on the traceable part {right arrow over (d)}=(d1, . . .

Abstract: The aim of the present invention is to propose an alternative scheme to the classical Boneh-Franklin scheme in order to simplify the generation and the use of the asymmetric keys. According to the present invention, it is proposed a method to generate an i-th private key in a public key encryption scheme with traceable private keys formed by a public component ?(i) and a secret component ?i, according to a maximal coalition factor k, with all arithmetic operations performed within a multiplicative group Z/qZ where q is a prime number, said public component being defined as: ?(i)pl =(1, i mod q, i2 mod q, . . . , ik-1 mod q) and said secret component being defined as: ? i = ? r j ? ? j ? r j ? ? j ( i ) ? mod ? ? q where rj and ?j are random values in the group Z/Z.

Abstract: A method of operating by a second processing unit a content recorded by a first processing unit, said first and second processing units having a specific key being managed by a central server. The processing units have access to a removable storage memory intended to record a content ciphered by a content key accompanied by a file associated to the content. The content key is produced by means of a cascaded deciphering starting from the specific key of the first unit of at least two constants provided by the central server and a variable. The content is restored by the second processing unit by means of a cascaded deciphering starting from the specific key of the second unit by using the constants and the variable stored in the file accompanying the content and a transcoding key calculated by the central server.

Abstract: One embodiment of the invention relates to a management method for conditional access data processing by at least three decoders associated to a subscriber. These decoders include activation/deactivation means for conditional access data processing and local communication means structured to allow communication between the subscribers' decoders. This method comprises a reception step, a determination step, and a comparison step. In addition conditional access data processing by said first decoder (STB) is deactivated if the latter has not received messages from the required number of different decoders. Another embodiment of the invention relates to a decoder that allows the implementation of the method according to the invention and characterized in that it includes local communication means (10) structured to transmit messages to other decoders and to receive messages originating from said other decoders, and processing means for messages received by said local communication means (10).

Abstract: Example embodiments relate to a method of transmitting encrypted data between a local server connected to one or several local peripherals. The local server may include a security device in charge of acquiring a first right of use of the data. The method may include transmitting the encrypted data from the local server towards a peripheral, extracting from the first right a second right corresponding to the part necessary for the decryption of the data in the peripherals, encrypting by the security module the second right by a pairing key specific to the couple formed by the security module of the local server and the security module of the peripheral, transmitting the encrypted second right to the local peripheral, decrypting with the help of the pairing key the second right by the security device of the peripheral, and decrypting by the peripheral the data encrypted by the second right.

Abstract: This invention proposes a method for securing updating software in a plurality of decoders based on the generation of a signature by means of a private asymmetrical key. The updating of a decoder is carried out by downloading, from a managing center, a data block including a patch and its signature, said block is stored in a RAM. The signature is decrypted with a current public key from a list contained in a first non-volatile memory of the decoder, then verified and in the case of correspondence, a command leads the installation of the patch in a second non-volatile Flash memory and the deactivation of the current key. The aim of this invention is to considerably reduce the impact of the discovery of a private key by mean of a systematic analysis of the working of the decoder software, or to notably increase the time and the means necessary for the process used to determine said private key.

Abstract: A method allows a broadcasted conditional access content accessible at the time of transmission to be also accessible at a later time thanks to intermediate storage on a hard disk of a user unit.

Abstract: The present invention aims at solving the financial revenue loss due to the presence of digital video recorders that allow skipping the commercial breaks.

Abstract: The invention concerns a method for controlling access to encrypted data (CT) by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on the encrypted data. Said control messages (ECM) contain at least one first control word (CW1) and a second control word (CW2), said control words each allowing access to the encrypted data (CT) during a predetermined period called cryptoperiod (CP). Said method includes the following steps: sending said encrypted data to at least one operating unit; and sending control messages (ECM) to said control unit, such a control message (ECM) containing at least two specific control words (CW1, CW2) being sent to the operating unit after sending the data encrypted by said first control word (CW1) and before sending the data encrypted by said second control word (CW2).

Abstract: The objective of the present invention is to propose a method that allows preventing the use of more than one identical security module for the identification and use of resources administered by an operating centre. This objective is achieved by an anti-cloning method based on the memorization of the identification numbers of the user units connected to said security module. During a connection with an operating centre these numbers are transmitted and compared with the numbers of a previous transmission. Differences are accepted as long as new numbers are added to a list previously transmitted. The security module is declared invalid if the numbers previously memorized are not included in the transmitted numbers.

Abstract: Example embodiments relate to exchanging data between several computers or multimedia units through a public network while guaranteeing at the same time the confidentiality of these data. Specifically, the creation and use of a virtual private network (VPN) is disclosed. The virtual private network (VPN) may have a plurality of units connected to a public network, each unit having a security device which may have a unique number UA1. The method may include generating a right Dn associated to the unique number UAn, by the security device of a unit Un, transferring the right Dn to the security device of at least one second unit Um, encrypting the data sent by unit Un and the description of the Dn right by a encryption data key KS, and receiving the encrypted data by the second unit Um, wherein the encrypted data is presented to the security device of the second unit Um to verify if the right Dn is present, and if the right Dn is present, then decrypting the data by the encryption data key KS.

Abstract: A system and a method are for determining the origin of a signal received by a pay television subscriber in a given region. A system includes an encryption device located at a main operator, a transmission device adapted to transmit an encrypted video signal towards at least one local operator, and a decryption device at the local operator. The decryption device includes an identification device for replacing all or part of the decrypted video signal with an identification signal characterising the decryption device.

Abstract: A method for storing an event encrypted by control words guarantees access to this event at any moment, even if identities of these events are modified between storage and the moment of viewing. The method is performed in a reception and decryption unit connected to a security unit, the control words and the necessary rights being contained in control messages the method comprising the steps of storing the encrypted event and associated control messages in the storage unit; transmitting the control messages to the security unit; verifying if the access rights to this event are contained in the security unit and, if so, calculating a receipt of all or part of the control message using a secret unique key contained in the security unit; and storing the receipt in the storage unit.

Abstract: This invention concerns a system and a method of transmission and storage of audio/video data in encrypted form between a distribution centre and at least one exploitation module. Instead of transmitting the information allowing the decryption in parallel to said data, these information are regrouped in a decryption data file comprising equally the data that define the access conditions to said audio/video data. This file is stored independently from said data and can be used for either an immediate use or a deferred one.