Abstract: A method allows a broadcasted conditional access content accessible at the time of transmission to be also accessible at a later time thanks to intermediate storage on a hard disk of a user unit.

Abstract: Even if high speed are available between the router and the multimedia unit through the IP line (up to 24 Mbits/sec), this is still the bottleneck in term of data transfer. Indeed in practice the vast majority of IP users have access speed between 2 to 5 Mbits/sec and the development of other services (telephony, videoconference, push VOD, game) are bandwidth consuming. It is now an object of the invention to propose a solution to reduce the data flow between the router and the multimedia unit over IP line.

Abstract: A processing method of content intended for broadcasting is disclosed. The method includes, preceding broadcasting: encryption of the content by a plurality of control words, reservation of locations intended to receive a control message in the encrypted content, marking of each location with location information in the content, and storage of a key file comprising the control words. During broadcasting, the method includes: transmission of the encrypted content to a video server, transmission of the key file to a control message generator, broadcasting of the content encrypted by the video server, interception of the video server output by a replacement module, detection, by the replacement module, of location information of control messages in the stream of the broadcasted content, and application of the control messages at locations provided for this purpose by the replacement module.

Abstract: A method to fight against cloning attacks is disclosed. In an initialization phase, the user unit sends to the server a request comprising a unique identifier of the user unit, check data, an initial payload key and a request instruction encrypted with a payload key retrieved from a memory of the user unit. Each time the server receives a request; the request instruction is decrypted by a payload key retrieved from a memory according to the unique identifier of the user unit. The server then generates a derivation key to be used by the user unit to compute a new payload key and checks in the next incoming request from the same user unit if the payload key is an expected one. The server detects cloning attacks thanks to a status parameter at decryption of the request instruction with the expected payload key.

Abstract: For updating shared databases on a subscriber network, a managing center sends messages addressed to each of these bases. When one requires to address a great number of databases, the time to accede to each of them increases considerably considered the necessity to repeat the information to ensure the good reception of messages. Instead of addressing by name each database, it is proposed to transmit criteria in which a certain number of databases recognize themselves and apply a selective updating on these bases.

Abstract: The present invention provides a method and an apparatus for encrypting and decrypting digital information while imparting a high level of security on the encrypted digital information. A mixed-mode digital-analogue encryption and decryption technique is proposed, which minimizes the probability of an unintended recipient of the thus encrypted information being able to decrypt the information using known reverse engineering techniques.

Abstract: The aim of the present invention is to provide a secure system-on-chip for processing data, this system-on-chip comprising at least a central processing unit, an input and an output channel, an encryption/decryption engine and a memory, characterized in that, said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprising an output decryption module to decrypt all outgoing data, said central processing unit receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said central processing unit reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and requesting encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purpose and exiting the decrypted result via the output channel.

Abstract: A method for updating the firmware of a security module allowing it to “jump” towards a dedicated separate patch message stream thanks to a trigger messages stream broadcasted in a main stream of management messages. The trigger messages comprise version information allowing establishing whether the security module is up-to-date, and an identifier indicating to the security module the suitable patch stream. If the current version of the firmware of the security module is inferior to the patch version, the security module is directed towards the stream of patch messages designated by the identifier included in the trigger messages. Once the update of the firmware is complete, the security module is again directed towards the main stream. This return can be carried out automatically, namely with a switch message comprising an identifier of the first stream.

Abstract: A system and a method are disclosed for enforcing a predetermined mapping of addresses in a physical address space to addresses in a virtual address space in a data processing system including a processor in the virtual address space and a memory in a physical address space. During the compilation and linking of an application to be run on the data processing system, in at least one embodiment, the mapping table is generated linking the virtual addresses to physical addresses. This mapping table is kept secret. A second mapping table is generated using a cryptographic function of the physical address with the virtual address as a key to link virtual addresses to intermediate addresses. The second mapping table is loaded into the memory management unit. The data processing system further includes cryptographic hardware to convert the intermediate address to the physical address using the inverse of the cryptographic function which was used to calculate the intermediate address.

Abstract: The present invention aims at solving the financial revenue loss due to the presence of digital video recorders that allow skipping the commercial breaks.

Abstract: The present invention concerns the generation of a key necessary to decrypt audio/video contents by genuine decoding units. It concerns in particular a method to secure the reception of a broadcast content managed by a control center and encrypted by at least one content key, said content key or a data allowing to recover said content key being transmitted to the decoding units encrypted by a transmission key common to the decoding units, each decoding unit having at least one environment parameter known by the control center, said decoding unit receiving from the control center a first message common to all decoding units and comprising the encrypted transmission key and a second message, pertaining to said decoding unit and comprising correction data dedicated to said decoding unit, the decryption of the transmission key being made using the environment parameter and the correction data.

Abstract: The present invention relates in particular to a method for processing multimedia content memorised in the form of digital data in at least one multimedia unit. This method includes the following steps: reception of a program map table containing at least one indication of a proprietary type of data associated to a packet identification data (PID) as well a flag; reception of a matching table between the flag value and the real type of data; search for the flag values appearing in the program map table PMT received by the multimedia unit; search for the corresponding flag values in the matching table between the flag value and the real type of data; and modification of the program map table by replacing the indication of the proprietary type of data of the program map table with the corresponding real type of data of the matching table. The invention furthermore concerns a method for sending multimedia content in the form of digital data, as well as a multimedia unit for implementing these methods.

Abstract: A method for monitoring execution of a sequence of data processing program instructions in a security module associated to a multimedia unit connected to a managing center supplying control messages authorizing access to broadcast data streams. The security module comprises a processor for executing the instructions, a memory, and a monitoring module for analyzing the instructions before execution by the processor. The managing center comprises a security module emulator generating reference data sets by executing a sequence of instructions induced by data of a given control message in the program. The reference data sets are appended to control messages sent to the security module. The monitoring module analyzes a sequence of program instructions for determining a check data set which is compared with a reference data set received from the control messages. When the reference and check data sets match, the program continues executing. Otherwise, further control message processing stops.

Abstract: The present invention concerns the field of broadcast encryption method, i.e. a method to organize the distribution of keys into a group of users so that it is possible to manage the revocation of one member of the group in an efficient way. The proposed solution is a private encryption key ciphertext constant collusion-resistant broadcast encryption. The main idea behind the invention is to mix the notion of efficient tree-based key derivation (also called subset management) with individual and personalized key blinding thus achieving a full collusion-resistant broadcast encryption system. The key de-blinding is performed at the last moment thanks to a cryptographic technique called pairings (also known as bilinear maps) resulting in a global key commonly shared by all authorized (non-revoked) devices.

Abstract: An alternative scheme to the classical Boneh-Franklin scheme simplifies the generation and the use of the asymmetric keys. The alternative scheme takes advantage of the discovery that simpler calculations resulting in exponents of reduced size can be used as part of Boneh-Franklin type scheme. The alternative scheme thus provides a traceable encryption scheme which allows for fast, secure cryptographic calculations to be made while providing the necessary level of security required for reliable tracing capabilities to be achieved.

Abstract: The aim of the present invention is to propose a method for providing attribute-based encryption for conjunctive normal form (CNF) expressions, the said CNF expression comprising at least one clause over a set of attributes, the said method using a key generation engine, an encryption engine and a decryption engine.

Abstract: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.

Abstract: The method to reduce the bandwidth necessary for the renewal of subscription message is achieved using group messages in which each member of the group is associated with a bit of a bitmap. In order to have the maximum members in a group, the size dedicated for the bitmap is determined first by calculating the size remaining after putting the command and other necessary data into the message, and using an iterative process to determine whether the bitmap, once compressed, will fit this remaining size. The iterative process adds a new member into the group, thus increasing the bitmap size, then compresses the resulting bitmap and checks if the compressed bitmap will fit into the remaining size.

Abstract: The present invention proposes a system comprising a television decoding unit and a plurality of access modules, said access modules comprising wireless communication means with the television decoding unit, a memory comprising an identification of said module, said television decoding unit comprising means for detecting the presence and to receive the identification of an access module, means to apply a filter on events displayed on the television unit, said filter being defined with pre-defined filter category attached to the identification, and means to record the events consumption while the access module is detected by the television unit.

Abstract: A system to identify a user in relation with television services comprising eyeglasses worn by said user, said eyeglasses having a pair of flexible temples taking on the shape of a portion of the circumference of the user's head, a television receiver device comprising a server module communicating wirelessly with sensors arranged on the eyeglasses. The system is characterized in that each of the flexible temples of the eyeglasses incorporates at least one sensor configured for measuring a value of deflection caused by the temple bending around a portion of the circumference of the user's head, said value being unique for each user is transmitted as biometric to the server module configured for determining the identity of the user according to the measured value of the portion of the user's head circumference.