Abstract: Systems and methods for implementing a Transport I/O system are described. Network encrypted content may be received by a device. The device may provide the network encrypted content to a secure processor, such as, for example, a smart card. The secure processor obtains a network control word that may be used to decrypt the network encrypted content. The secure processor may decrypt the network encrypted content to produce clear content. In embodiments, the secure processor may then use a local control word to generate locally encrypted content specific to the device. The device may then receive the locally encrypted content from the secure processor and proceed to decrypt the locally encrypted content using a shared local encryption key. The Transport I/O system ensures the protection of the network control word by maintaining the network control word on the secure processor.

Abstract: Systems and methods for implementing a Transport I/O system are described. Network encrypted content may be received by a device. The device may provide the network encrypted content to a secure processor, such as, for example, a smart card. The secure processor obtains a network control word that may be used to decrypt the network encrypted content. The secure processor may decrypt the network encrypted content to produce clear content. In embodiments, the secure processor may then use a local control word to generate locally encrypted content specific to the device. The device may then receive the locally encrypted content from the secure processor and proceed to decrypt the locally encrypted content using a shared local encryption key. The Transport I/O system ensures the protection of the network control word by maintaining the network control word on the secure processor.

Abstract: Systems and methods for implementing a Transport I/O system are described. Network encrypted content may be received by a device. The device may provide the network encrypted content to a secure processor, such as, for example, a smart card. The secure processor obtains a network control word that may be used to decrypt the network encrypted content. The secure processor may decrypt the network encrypted content to produce clear content, in embodiments, the secure processor may then use a local control word to generate locally encrypted content specific to the device. The device may then receive the locally encrypted content from the secure processor and proceed to decrypt the locally encrypted content using a shared local encryption key. The Transport I/O system ensures the protection of the network control word by maintaining the network control word on the secure processor.

Abstract: The present disclosure relates to systems and methods for assembling and extracting command and control data. In embodiments of the present disclosure, the command and control data is segmented and inserted into multiple packet headers. The header packets are identified by flags such as “First portion,” “Middle portion,” “Last portion,” or “Null Byte.” When a receiver extracts the command and control data from the headers, it tracks the flags associated with the headers. The command and control data is saved to buffer in association with its associated flag. The receiver uses the flags to determine when all command and control data headers have been received. The command and control data is then reconstructed and used to decrypt audio visual content.

Abstract: Systems and method are disclosed for performing profiling on a secure device. In embodiments, a plurality of counters are established. Each counter may be related to a different type of message. When the secure device receives and/or processes a message, it determines the type of message and adjusts a counter related to the determined message type. A ratio may be computed between the different counters. When the ratio deviates from a threshold, the secure device may be performing illegitimate operations, and one or more countermeasures are deployed against the illegitimate secure device.

Abstract: Systems and methods for implementing a Transport I/O system are described. Network encrypted content may be received by a device. The device may provide the network encrypted content to a secure processor, such as, for example, a smart card. The secure processor obtains a network control word that may be used to decrypt the network encrypted content. The secure processor may decrypt the network encrypted content to produce clear content. In embodiments, the secure processor may then use a local control word to generate locally encrypted content specific to the device. The device may then receive the locally encrypted content from the secure processor and proceed to decrypt the locally encrypted content using a shared local encryption key. The Transport I/O system ensures the protection of the network control word by maintaining the network control word on the secure processor.

Abstract: Systems and methods for performing cascading dynamic crypto periods are disclosed. In embodiments, a control word and a set of functions is transmitted between a head-end and recipient devices at the beginning of a crypto period. The crypto period is divided into a discrete number of sub-crypto periods. The control word used to encrypt and decrypt the broadcast content is changed during each sub-crypto period. At the end of the first sub-crypto period, a derived control word is generated by passing the original control word to a function in the set of functions in order to generate a derived control word at the first transition between sub-crypto periods. The derived control word is used for encryption and decryption of the broadcasted content during the second sub-crypto period. Upon transitioning to the third sub-control-period, the derived control word is input into another function to produce a second derived control word.

Abstract: Systems and methods are disclosed for performing anti-piracy countermeasures in order to prevent unauthorized access of protected content. A conditional access system may be modified to include a counter. The counter is incremented every time the conditional access system receives a request that is a potential indication of pirate activity. The counter may also be decremented every time the conditional access system receives a request indicative of legitimate activity. If the conditional access system receives a management message containing a key required to access content keys, the conditional access system cheeks the counter. If the counter is below a threshold value, the conditional access system obtains the key. However, if the counter is above the threshold value, the conditional access system disregards the key contained in the management message, thereby losing access to protected content.

Abstract: Systems and methods for performing cascading dynamic crypto periods are disclosed. In embodiments, a control word and a set of functions is transmitted between a head-end and recipient devices at the beginning of a crypto period. The crypto period is divided into a discrete number of sub-crypto periods. The control word used to encrypt and decrypt the broadcast content is changed during each sub-crypto period. At the end of the first sub-crypto period, a derived control word is generated by passing the original control word to a function in the set of functions in order to generate a derived control word at the first transition between sub-crypto periods. The derived control word is used for encryption and decryption of the broadcasted content during the second sub-crypto period. Upon transitioning to the third sub-control-period, the derived control word is input into another function to produce a second derived control word.

Abstract: A method for management of access means to conditional access data may include: initiating, from a security module of a multimedia unit, a verification of the next renewal date of the access means, which are associated to time information and are controlled by a management centre; determining, in the security module, the next renewal date of the access means; if the next renewal date of the access means is closer than a preset duration, then sending a request from the security module to the multimedia unit that requests the renewal of the access means; sending the request for renewal of the access means from the multimedia unit to the management centre; verifying by the management centre, if the multimedia unit is authorized to renew the access means; and in the case of a positive response, sending of an access means renewal message to the multimedia unit.

Abstract: The aim of this invention is to be able to recover specific information of a security module when it has been replaced by a new module in a user unit connected to a broadcasting network.

Abstract: The present invention proposes a method for managing rights of subscribers to a pay-television system comprising an access control system to which are connected subscriber management systems each managed by an operator and a plurality of subscriber decoders, said decoders each being equipped with a security module containing the rights for each subscriber allowing him the decryption of encrypted digital data of a stream broadcasted by at least one operator, during a modification of the rights carried out by an operator in the security module of a subscriber, the control access system receives data identifying a subscriber with modification commands of rights of said subscriber coming from a subscriber management system of an operator, generates a management message containing the modified rights and transmits said message to the security module of the subscriber via the stream containing the encrypted data, said method comprising the step of verification of the modifications according the properties and the a

Abstract: The present invention relates to a management messages transmission method by a management center intended to a plurality of multimedia units. Each unit has a security module (SC) comprising at least one global encryption key used in relation with an encryption module. This method is characterized in that it consists of dividing the totality of the security modules allowing access to encrypted data originating from a determined provider into at least two groups (GR1, GR2), a first group of security modules having a first configuration of the security elements and a second group of security modules having a second configuration of the security elements, the first configuration being different from the second configuration.

Abstract: This invention relates to an access means management method of to conditional access data, this data being broadcasted to at least one multimedia unit. The access means being controlled by a management centre, and these access means being associated to a time information. The multimedia unit comprises at least one security module in which the access means to data are stored. It also includes remote communication means with the management centre and local communication means with said security module.

Abstract: The aim of this invention is to be able to recover specific information of a security module when it has been replaced by a new module in a user unit connected to a broadcasting network.

Abstract: The present invention proposes a method for managing rights of subscribers to a pay-television system comprising an access control system to which are connected subscriber management systems each managed by an operator and a plurality of subscriber decoders, said decoders each being equipped with a security module containing the rights for each subscriber allowing him the decryption of encrypted digital data of a stream broadcasted by at least one operator, during a modification of the rights carried out by an operator in the security module of a subscriber, the control access system receives data identifying a subscriber with modification commands of rights of said subscriber coming from a subscriber management system of an operator, generates a management message containing the modified rights and transmits said message to the security module of the subscriber via the stream containing the encrypted data, said method comprising the step of verification of the modifications according the properties and the a

Abstract: A method is proposed to update access rights to conditional access data. In this method, the group number in which the access rights must be updated is first determined, and then all the security modules connected to this group are determined. Subsequently, according to the embodiment chosen, either an encrypting key for each of the modules with the access rights that must be updated is determined, or a subscriber key (KAB) common to all the security modules of a determined group with rights to be updated is determined. The rights are then encrypted with the corresponding key. The authorization messages (EMM) containing said encrypted access rights and an identifier of the security modules for which they are destined are sent. These rights are then received and decrypted in the security modules corresponding to said identifiers.