Abstract: A secure system-on-chip for processing data, the system-on-chip comprising at least a central processing unit (CPU), an input and an output channel, an encryption/decryption engine and a memory, wherein, said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprising an output decryption module to decrypt all outgoing data, said CPU receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said CPU reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purpose and exiting the decrypted result via the output channel.

Abstract: Example embodiments relate to a security device having two communication interfaces sharing at least one pin, each interface being capable of operating according to either of two predetermined communication protocols. The security device may further include a frequency detector to detect the frequency of a clock signal on the shared pin. Depending on the value of the detected frequency, and to which of a plurality of predetermined frequency ranges the detected frequency pertains, the security device may function according to one of the two predetermined communication protocols, operating at two different frequencies.

Abstract: The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module. This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterized in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive an instruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.

Abstract: A method to enforce by a management center access rules for a broadcast product accessed by an access key, the management center managing a plurality of Boolean positive and negative attributes, comprising the steps: associating one positive Boolean attribute to a receiver entitled to the attribute and loading the same; associating one negative Boolean attribute to a receiver not entitled to the attribute and loading the same; defining at least a second broadcast encryption scheme for the negative Boolean attributes and associating each negative Boolean attribute corresponding decryption key material; expressing access conditions on a product as a Boolean expression by combining at least one positive Boolean attribute and at least one negative Boolean attribute by at least one Boolean conjunction or disjunction; generating and broadcasting at least one cryptogram to a receiver, encrypting the access key with the two combined broadcast encryption schemes according to the Boolean expression.

Abstract: A method of operating by a second processing unit a content recorded by a first processing unit, said first and second processing units having a specific key being managed by a central server. The processing units have access to a removable storage memory intended to record a content ciphered by a content key accompanied by a file associated to the content. The content key is produced by means of a cascaded deciphering starting from the specific key of the first unit of at least two constants provided by the central server and a variable. The content is restored by the second processing unit by means of a cascaded deciphering starting from the specific key of the second unit by using the constants and the variable stored in the file accompanying the content and a transcoding key calculated by the central server.

Abstract: A method for activating a function of a chipset comprising at least a memory and a calculation module in charge of cryptographic operations, the memory containing at least a seed and the calculation module containing at least one cryptographic algorithm, the method comprising the steps of: receiving at least one of a segmentation key, a global key and a global cryptographic algorithm selector; transmitting at least two items selected from the group consisting of the seed, the received segmentation key, the global key and the global cryptographic algorithm selector, to the calculation module, each of the items being provided by different entities; generating in the calculation module, a temporary key by using one of said at least one cryptographic algorithm of the calculation module and at least the two items; and verifying an authenticity of a received activation message using the temporary key and controlling activation based on the verification.

Abstract: A method for authenticating access to a secured chip SC by a test device TD, the test device storing at least one common key CK and one test key TK, the secured chip SC storing the same common key CK and a reference digest F(TK) resulting from a cryptographic function on the test key TK, the method comprising the steps of:—receiving, by the test device TD, a challenge R produced by the secured chip SC,—combining, by the test device TD, the received challenge R with the test key TK by applying a bidirectional mathematical operation (op), encrypting the result (TK op R) with the common key CK, obtaining a cryptogram CK(TK op R),—sending the cryptogram CK(TK op R) to the secured chip SC—decrypting, by the secured chip SC, the cryptogram CK(TK op R) with the common key CK, obtaining an image key TK? representing the test key TK by applying, with the challenge R, the reverse operation (op-1) of the mathematical operation (op) previously used by the test device TD,—calculating an expected digest F(TK?) of the image

Abstract: The present invention makes use of techniques such as those described by Boneh and Franklin to allow for the realization of a pseudo-asymmetric encryption scheme whereby one public encryption corresponds to a plurality of private decryption keys. This scheme therefore provides a solution to the problem of inefficient use of bandwidth in asymmetrical encryption schemes which inherently require that a plurality of encryptions of data be broadcast to a plurality of receivers. The invention further ensures that the advantage of traceability, typical found in asymmetric encryption schemes, is maintained due to the characteristic that each receiver uses a unique traceable decryption key. The traceability thus achieved by the present invention allows for the revocation of a security module which has been involved in the abusive use of conditional access data, particularly by means of clones of security modules whose security has been compromised.

Abstract: Unit for secure processing access controlled audio/video data capable of receiving control messages (ECM) comprising at least one first control word (CW1) and first right execution parameters (C1), at least one second control word (CW2) and second right execution parameters (C2), said processing unit being connected to a first access control device (CA1), said processing unit is characterized in that it comprises: —means for verifying and applying the first right execution parameters (C1) in relation to the contents of a memory (M1) of said first access control device (CA1) and means for obtaining the first control word CW1, —a second access control device (CA2) integrated into the processing unit UT including means for verifying and applying the second right execution parameters (C2) in relation to the contents of a memory (M2) associated to said second access control device (CA2) and means for obtaining the second control word (CW2), —a deciphering module (MD) capable of deciphering, sequentially with the f

Abstract: A method to manage members of a group of decoders having access to broadcast data, each group member sharing a common broadcast encryption scheme (BES) comprising the steps of, in a stage for a decoder to become a group member, receiving keys pertaining to the position in the group according to the BES, receiving a current group access data comprising a current group access key, and in a stage of accessing broadcast data, using the current group access data to access the broadcast data, and in a stage of renewing the current group access key, sending a first group message comprising at least a next group access key encrypted so that only non-revoked decoders can access it, said group message being further encrypted by the current group access key, updating the current group access key with the next group access key.

Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device (10) is a security module containing a first encrypting key, said private key (PAKV) of a pair of asymmetric encrypting keys. The second device is a receiver (11) comprising at least one second encrypting key, said public key (PAKB) of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key (13). The first device (10) generates a first random number (A), which is encrypted by said private key (PAKV), then transmitted to the second device (11), in which it is decrypted by means of the public key (PAKB). The second device (11) generates a second random number (B), which is encrypted by said public key (PAKB), then transmitted to the first device (10), in which it is decrypted by means of the private key (PAKV).

Abstract: The present invention proposes a solution to prevent a program flow in a processing unit from being modified with respect to an intended program flow, thereby ensuring that important steps such as verifying or authenticating are not bypassed. The invention is particularly aimed at security modules within receiver/decoders in a pay-TV system and involves performing a set of predetermined operations during the processing of entitlement management messages and/or entitlement control messages, said operations being redundant with respect to the normal processing of said messages while leading to the calculation of keys which can then be used to verify that the intended program flow has been respected.

Abstract: The present invention refers to the field of metadata enhancement system for broadcast televisions program, in particular to provide to the customer more information about a current, past or future broadcast. It concerns a method to enhance transmitted contents, said method starting from the metadata to populate a knowledge database. This method is based on a iterative process to fetch information from open Internet using as search criteria the result of the previous search. The data in the knowledge database are organized in data triple. According to one embodiment, the iterative process is stops when the returned data are related to another content. The knowledge database is then accessible for a user to obtain additional information about a content by sending a suitable request to the Query Server Module in charge of the knowledge database.

Abstract: The present invention provides a method for decrypting encrypted content transmitted from an operator to a plurality of users where said operator further provides security information allowing for the decryption of said content. The method has the advantage of satisfying the goal of providing the capability for detecting a fraudulent user who retransmits control words extracted from the security information to other users. The method provides for the achievement of the goal without incurring extra overhead in addition to the transmitted content and security information. The method makes use of control words which are based on multiple solutions provided by collisions in mathematical functions and involves the observation of choices of control words retransmitted by the fraudulent user.

Abstract: A method for updating, in the background, data stored in physical memories without affecting the current operations performed by the microprocessor. When the update is completely terminated, the application switches from an old version to a new version. This switching occurs by a reconfiguration of the page table during which a first sub-tree structure of pointers accessing the old version of data stored in memories is replaced by a second sub-tree structure of pointers thus allowing access to the new version of data. This update method prevents incoherent transitory states of the system as the latter works with the previous data version until the installation of the new version becomes usable. In the case of an interruption to the update process, the application can always reinitialize the update since the old version of data can be reactivated by returning to the previous configuration of the page table.

Abstract: A method to reduce bandwidth necessary for renewal of subscriptions for reception of broadcast services including: defining a plurality of sets of subscriber identification numbers, each set being associated with a product; splitting a set of subscriber identification numbers into groups of subscribers; searching for an available subscriber identification number related to the desired product at the time of initialization of a new subscriber; confirming that an inhibit duration has elapsed between the end of the previous subscription and the start of the new subscription; sending an initialization message to the new subscriber addressed with his unique identification address and containing the subscriber identification number of, and rights to, his product; preparing a group rights renewal message for the product to the group containing the subscriber identification number, this message comprising the group header containing this subscriber and a compressed bitmap allowing to individually address each of the

Abstract: A method to force a multimedia unit to update an application for viewing broadcast conditional access content by linking said update to an update of the conditional access module firmware. The firmware update is initialized by means of version information transmitted in the content stream. In particular, this version information may be included in ECM or EMM messages or in services information tables in order to be processed by the conditional access module independently from the multimedia unit. The version information comprises of a minimum version and of an available maximum version. If the conditional access module detects that the current version of the firmware is inferior to the available maximum version, it transmits a message requesting an update of the application that initiates downloading a firmware updating from a management center. The update installation is carried out simultaneously in the conditional access module and in the multimedia unit.