Abstract: The invention relates to a method of operating a device for forwarding protected content to a client unit, the device comprising at least one decryption module for decrypting protected content received in the device and at least one re-encryption module for re-encrypting the content to generate re-encrypted content to be sent to the client unit. The method comprises the steps of: (i) the decryption module authenticates the re-encryption module using authentication data transmitted from the re-encryption module to the decryption module, and (ii) the decryption module forwards decrypted content to the re-encryption module upon having successfully authenticated the re-encryption module. Moreover, the invention relates to a corresponding device.

Abstract: The invention relates to a method for accessing protected content provided to a client device, wherein the client device decrypts the content using at least one control word provided by a server device. In the method, (i) the client device sends a request message to the server device, the request message including a nonce, and the client device stores the nonce; (ii) upon receipt of the request message, the server device generates a control word message based on the control word and the received nonce; (iii) upon receipt of the control word message, the client device determines the control word from the control word message and validates the control word message using the stored nonce; and (iv) the client device uses the control word to decrypt at least part of the content in response to a successful validation of the control word message. Moreover, the invention relates to a client device and a server device for carrying out the method.

Abstract: The invention relates to a device for decrypting protected content and for providing the decrypted content for playback. The device comprises one or more system software modules providing functions for facilitating the decryption of the protected content and at least one client software module assigned to a provider of protected content. The client software module is adapted to access functions of the system software modules in order to control the system software to decrypt the protected content of the provider. Moreover, the device is adapted to validate the system software and/or a further client software module and to prevent the decryption and/or provision of the protected content of the provider, if the system software and/or the further client software module are not validated successfully.

Abstract: The invention relates to a device for accessing protected content, the device comprising a secure module for accessing the protected content and a control unit external to the secure module for controlling access operations for the protected content. The device is configured to receive usage rights data for the protected content, the usage rights data including first and second usage rights data defining permissions for uses of the protected content, and the device is configured to enable a requested use of the protected content upon a check whether the use is permitted by usage rights data, the check being made in the secure module based on to the first usage rights data and the check being made in the control unit based on the second usage rights data. Moreover, the invention relates to a method for operating the device.

Abstract: The invention relates to a device for validating data using a root certificate, wherein a plurality of root certificates is stored in the device, each root certificate having a rank. The device is configured to receive revocation information indicating at least one revoked root certificate, to validate the revocation information using one of the root certificates stored in the device and to block the use of the revoked root certificate if the revocation information is successfully validated using a root certificate having a higher rank than the revoked root certificate. Moreover, the invention relates to a method for revoking a root certificate stored in a device.

Abstract: The invention relates to a device for decrypting protected content and for providing the decrypted content for playback, the device comprising a secure module for carrying out cryptographic operations including the decryption of the protected content using decryption information, and the device being configured to install therein at least one client software module assigned to a provider of protected content, the client software module being adapted to forward decryption information for decrypting the protected content of the provider to the secure module in an encrypted form. The secure module is adapted to store therein a public key assigned to the provider and to authenticate at least one link key provided by the content provider using the stored public key.

Abstract: The invention relates to a device for accessing protected content, the device comprising a secure module for accessing the protected content and a control unit external to the secure module for controlling access operations for the protected content. The device is configured to receive usage rights data for the protected content, the usage rights data including first and second usage rights data defining permissions for uses of the protected content, and the device is configured to enable a requested use of the protected content upon a check whether the use is permitted by usage rights data, the check being made in the secure module based on to the first usage rights data and the check being made in the control unit based on the second usage rights data. Moreover, the invention relates to a method for operating the device.

Abstract: The invention relates to a method for accessing protected content provided to a client device, wherein the client device decrypts the content using at least one control word provided by a server device. In the method, (i) the client device sends a request message to the server device, the request message including a nonce, and the client device stores the nonce; (ii) upon receipt of the request message, the server device generates a control word message based on the control word and the received nonce; (iii) upon receipt of the control word message, the client device determines the control word from the control word message and validates the control word message using the stored nonce; and (iv) the client device uses the control word to decrypt at least part of the content in response to a successful validation of the control word message. Moreover, the invention relates to a client device and a server device for carrying out the method.

Abstract: The invention relates to a method of operating a device for forwarding protected content to a client unit, the device comprising at least one decryption module for decrypting protected content received in the device and at least one re-encryption module for re-encrypting the content to generate re-encrypted content to be sent to the client unit. The method comprises the steps of: (i) the decryption module authenticates the re-encryption module using authentication data transmitted from the re-encryption module to the decryption module, and (ii) the decryption module forwards decrypted content to the re-encryption module upon having successfully authenticated the re-encryption module. Moreover, the invention relates to a corresponding device.

Abstract: The invention relates to a device for decrypting protected content and for providing the decrypted content for playback, the device comprising a secure module for carrying out cryptographic operations including the decryption of the protected content using decryption information, and the device being configured to install therein at least one client software module assigned to a provider of protected content, the client software module being adapted to forward decryption information for decrypting the protected content of the provider to the secure module in an encrypted form. The secure module is adapted to store therein a public key assigned to the provider and to authenticate at least one link key provided by the content provider using the stored public key.

Abstract: The invention relates to a device for validating data using a root certificate, wherein a plurality of root certificates is stored in the device, each root certificate having a rank. The device is configured to receive revocation information indicating at least one revoked root certificate, to validate the revocation information using one of the root certificates stored in the device and to block the use of the revoked root certificate if the revocation information is successfully validated using a root certificate having a higher rank than the revoked root certificate. Moreover, the invention relates to a method for revoking a root certificate stored in a device.

Abstract: The invention relates to a device for decrypting protected content and for providing the decrypted content for playback. The device comprises one or more system software modules providing functions for facilitating the decryption of the protected content and at least one client software module assigned to a provider of protected content. The client software module is adapted to access functions of the system software modules in order to control the system software to decrypt the protected content of the provider. Moreover, the device is adapted to validate the system software and/or a further client software module and to prevent the decryption and/or provision of the protected content of the provider, if the system software and/or the further client software module are not validated successfully.

Abstract: A method and a device for the routing of specific data, particularly of receiving rights, in a pay-TV terminal, the data being transmitted from a transmitter via a transmission medium to the pay-TV terminal, using mobile data carriers, particularly chipcards. The method and device are characterized in that the pay-TV terminal buffers the specific data and, once a specific mobile data carrier is in communication with the pay-TV terminal, the receiving rights belonging to this mobile data carrier are then routed to said mobile data carrier and stored.

Abstract: A method and device for relaying specific data, especially receiving rights, to a pay television terminal. The data originating from a transmitter is transmitted to the pay television terminal via a transmission medium with the application of mobile data carriers, especially chipcards. The pay television terminal temporarily stores specific data, and afterwards, a specific mobile data carrier is connected to the pay television terminal in a communicative manner. The receiving rights linked to said mobile data carriers are relayed and stored on the data carriers.