Abstract: The invention provides a system, a secure device and a method for authenticating dynamically a host device with a secure device without modifying hardware or basic functional software of the host device. An authentication engine implemented in the secure device allows detecting non-authorized host devices or illegal secure devices environment. The secure device is locally connected to the host device comprising at least one processor configured for handling a plurality of hardware or software parameters defining the functioning behavior of the host device. A memory associated to the processor stores a plurality of reference hardware and software parameters. The secure device monitors the behavior of the host device both in terms of hardware and software. After comparison with the reference parameters, the host device is considered as authentic or authorized only when the values of counters associated to the hardware and software parameters are within an acceptable.

Abstract: A first variant of the process includes receiving an encrypted stream representing a service, this stream comprising a data channel and an ECM channel; slicing the stream to send it in packets to a mobile receiver; extracting the control message channel of this stream; forming a block containing the data channel, compatible with the diffusion to the receiver; extracting from the sliced stream a control message and introducing the control message into the block, in order to form a packet. A second variant of the process includes receiving an encrypted stream, this stream comprising a data channel and an ECM channel; cutting the stream; forming a block from the stream, comprising the data channel and the ECM channel, compatible with the diffusion to receivers; determining identical messages of the ECM channel repeated in the block and eliminating identical repeated messages, while conserving at least one of the identical messages.

Abstract: Example embodiments are directed to a duration computing method in a security module inserted into an apparatus including an internal clock. The apparatus may receive a digital data stream encrypted via control words contained in a control message ECM. The method may include receiving data coming from the internal clock of the apparatus including a current temporal information, storing the data representing the current temporal information in the security module, receiving the control message ECM to decrypt at least one control word, reading previous data representing a previous temporal information at a moment of processing the previous control message ECM, and processing the control message ECM when the current temporal information is temporally ahead of the previous temporal information.

Abstract: The aim of the present invention is to propose a method and a device with the aim of avoiding problems which could ensue following the de-synchronization of a program counter during the execution of a program. This aim is achieved by a method for controlling the execution of a program involving separating the program into a number of blocks of instructions and adding an input control section and an output control section to each block. The control sections have conditions for entry to the block and conditions for exit from the block. This can be used to check the validity of the execution of a program by verifying the execution history of the program. Action can be taken in the case that any anomaly is found in the program execution compared to the expected execution.

Abstract: In order to limit the use of generic remote control devices, the invention relates to a system comprising a remote control device and a security device, both sharing a common key, algorithms or protocol specific to a pair formed by the remote control device and the security device. The remote control device comprises means to send wirelessly data to a receiver comprising the security device. The remote control device being paired with the security device is characterized in that data sent by the remote control device towards the receiver is specific to the pair formed by the remote control device and the security device, said remote control device comprising encryption means and a memory to store a specific key, said data being encrypted by the encryption means with the specific key, the security device comprising decryption means and a key corresponding to the specific key to decrypt the received data.

Abstract: A process is provided for enabling the generation of valid secure numbers during a given period, these secure numbers having an optimal security level, while preserving the possibility for creating additional numbers or increasing the security level in accordance with the requirements. In at least one embodiment, the method permits the generation of as many secure numbers as are required, while having a maximum security level, which reduces the risks of sending a random number allowing the assignment of entitlements or a credit. The contradictory parameters for the quantity of generated numbers and security can be corrected at any time.

Abstract: A method for sharing data and synchronizing broadcast data with additional information, the broadcast data and the additional information being provided by at least two distinct sources to a multimedia device. The method comprises steps of: receiving by a data extractor associated to the multimedia device broadcast data from a first source and extracting first metadata from the broadcast data, accessing by the multimedia device to additional information provided by a second source by using the first metadata and obtaining from the additional information second metadata and additional content data related to a content of the broadcast data, merging and synchronizing, by the multimedia device, the second metadata and the additional content data with the content of the broadcast data, and obtaining modified broadcast data.

Abstract: The present invention refers to the field of metadata enhancement system for broadcast televisions program, in particular to provide to the customer more information about a current, past or future broadcast. It concerns a method to enhance transmitted contents, said method starting from the metadata to populate a knowledge database. This method is based on a iterative process to fetch information from open Internet using as search criteria the result of the previous search. The data in the knowledge database are organized in data triple. According to one embodiment, the iterative process is stops when the returned data are related to another content. The knowledge database is then accessible for a user to obtain additional information about a content by sending a suitable request to the Query Server Module in charge of the knowledge database.

Abstract: The aim of the invention is to provide a solution to ensure that the content sent by the IRD is the content effectively displayed on the screen. It is then proposed a system to prevent manipulation of transmitted video data comprising an Integrated Receiver Decoder (IRD) receiving audio/video data, a display device (TV), said IRD comprising means to transmit an HDMI compliant audio/video stream toward the display device, characterized in that the system further comprises means to add an over-encryption layer to said HDMI/HDCP stream before reaching the display device and means to remove this added encryption layer so as to recover said HDMI/HDCP stream, before processing said HDMI/HDCP stream by said display device.

Abstract: The aim of the invention is to provide a solution to ensure that the content sent by the IRD is the content effectively displayed on the screen. It is then proposed a system to prevent manipulation of transmitted video data comprising an Integrated Receiver Decoder (IRD) receiving audio/video data, a display device (TV), said IRD comprising means to transmit an HDMI compliant audio/video data stream toward the display device. This system comprising: means to define a variable area at a location of the image displayed on the display device, means to store reference data corresponding to video data of said area which are sent to the display device.

Abstract: A method is disclosed for access control to conditional access data in a multimedia unit comprising at least one security module. This process includes: reception by the multimedia unit of a control message ECM containing at least one control word cw; transmission of this message ECM to said security module, this control message being associated to a message decryption right; determination of a validity date of the ECM control message decryption rights associated to said security module; determination of the present date; comparison of the present date with the expiration date of the decryption rights and determination of whether the present date is prior to the expiration date. In the affirmative case, decryption of the control message ECM and sending of the control word cw to the multimedia unit occurs In the negative case, reading of a value contained in a counter of the security module and comparison of this value occurs, to determine whether this value is comprised within a range authorizing decryption.

Abstract: A multifunction device for television set and a method to enhance video content provided to a display device of said television set. The multifunction device comprises an input for receiving audio/video data from an audio/video content data source, an output for outputting audio/video data to the display device, and communication means for accessing Internet or a local area network for collecting additional data. The multifunction device being connected and powered by a common interface of the display device further comprises image processing means configured for receiving first image data from the input, a converter configured for receiving additional data from Internet or a local area network and for converting said additional data into additional image data, an image merging module configured for combining said additional image data with all or part of the input first image data to obtain second image data to be forwarded to the output connected to the display device.

Abstract: The objective of the present invention is a storage method in a decoder of an event encrypted by control words that guarantees the access to this event at whichever moment, even if certain keys of the system have changed for security reasons. This objective is achieved by a storage method of an event encrypted by control words in a reception and decryption unit connected to a security unit, said control words and the necessary rights being contained in management messages encrypted by system keys, comprising storing the encrypted event as well as the control messages in the storage unit, and storing in the storage unit the system keys encrypted by a predefined local key stored in the security unit.

Abstract: The present invention provides a method for decrypting encrypted content transmitted from an operator to a plurality of users where said operator further provides security information allowing for the decryption of said content. The method has the advantage of satisfying the goal of providing the capability for detecting a fraudulent user who retransmits control words extracted from the security information to other users. The method provides for the achievement of the goal without incurring extra overhead in addition to the transmitted content and security information. The method makes use of control words which are based on multiple solutions provided by collisions in mathematical functions and involves the observation of choices of control words retransmitted by the fraudulent user.

Abstract: Example embodiments relate to a security device having two communication interfaces sharing at least one pin, each interface being capable of operating according to either of two predetermined communication protocols. The security device may further include a frequency detector to detect the frequency of a clock signal on the shared pin. Depending on the value of the detected frequency, and to which of a plurality of predetermined frequency ranges the detected frequency pertains, the security device may function according to one of the two predetermined communication protocols, operating at two different frequencies.

Abstract: Example embodiments are directed to a revocation lists management method, namely a verification method of a target device connected to a master device, the master device having means to receive a content transmitted by a broadcast centre via a data stream, the master device and the target device authenticating themselves by the exchange of a certificate having at least one certificate identifier. The method includes transmitting by broadcast a target device verification table containing a certificate identifier list, storing certificate identifier list in the master device, extracting a verification data associated to the content, the verification data including the activation or the deactivation of the verification of the target device. If the verification data includes the activation of the verification, the method includes verifying the certificate of the target device by the master device using at least one list stored to authorize or prohibit the exchanges of data with the target device.

Abstract: The invention aims to provide a method and a system on chip able to detect at once hardware and software errors to prevent manipulations for retrieving cryptographic keys, inserting or suppressing instructions to bypass security processes, modifying programs or memory content etc. The system on chip comprises a core including at least two processors, registers, and a data consistency check module. The core is connected to at least one set of memories containing zones for instructions of a first program and of a second program, said instructions being to be executed respectively by the first and second processor, which respectively produce and store result data into the registers and the memories.

Abstract: A method for managing the security of applications with a security module associated to an equipment connected to a network managed by a control server of an operator. The applications use resources as data or functions stored in the security module locally connected to the equipment. The method may include steps of receiving, analyzing and verifying, by the control server, identification data from the equipment and the security module, generating a cryptogram from the result of the verification of the identification data, transmitting the cryptogram to the security module of the equipment, and selectively activating or selectively deactivating by the security module at least one resource as data or functions of the security module by executing instructions included in the cryptogram and conditioning the functioning of an application according to criteria established by a supplier of the application or the operator or a user of the equipment.

Abstract: A method for management of access means to conditional access data may include: initiating, from a security module of a multimedia unit, a verification of the next renewal date of the access means, which are associated to time information and are controlled by a management centre; determining, in the security module, the next renewal date of the access means; if the next renewal date of the access means is closer than a preset duration, then sending a request from the security module to the multimedia unit that requests the renewal of the access means; sending the request for renewal of the access means from the multimedia unit to the management centre; verifying by the management centre, if the multimedia unit is authorized to renew the access means; and in the case of a positive response, sending of an access means renewal message to the multimedia unit.

Abstract: The invention concerns a method for controlling access to encrypted data (CT) by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on the encrypted data. Said control messages (ECM) contain at least one first control word (CW1) and a second control word (CW2), said control words each allowing access to the encrypted data (CT) during a predetermined period called cryptoperiod (CP). Said method includes the following steps: sending said encrypted data to at least one operating unit; and sending control messages (ECM) to said control unit, such a control message (ECM) containing at least two specific control words (CW1, CW2) being sent to the operating unit after sending the data encrypted by said first control word (CW1) and before sending the data encrypted by said second control word (CW2).