Abstract: A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.

Abstract: A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.

Abstract: A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.

Abstract: A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.

Abstract: A surveillance system connectable to a network, comprising a communication module and a management module; said system being configured to, during an initialization phase: a. intercept a first message being sent to a first device; b. intercept a second message said second message being a response from the first device to the first message; c. calculate a time interval between the interception of the first message and the second message; d. repeat the steps a. to c. to determine further time intervals; e. determine a distribution of said time intervals; f. store the distribution and during a surveillance phase, intercept a third message said message being sent to the first device; intercept a fourth message said fourth message being a response to the third message; calculate a new time interval between the interception of the third and fourth messages; and verify that the new time interval is within the distribution.

Abstract: The present invention provides a security module having a communication interface being capable of operating according to any from a selection from a plurality of predetermined operation modes or communication protocols. The security module further comprises a voltage detector to detect the voltage on the module's power supply connection. Depending on the value of the detected voltage or to which of a plurality of predetermined voltage ranges the detected voltage may be categorized, the security module is made to function according to one from the plurality of predetermined communication protocols.

Abstract: A user's access to software applications installed on a device is limited by evaluating the context in which the user requests access to the application and determining, based on the context analysis, whether or not the user is to be given access to the application. When it is determined that the user requesting access is not a primary authorized user, the primary authorized user may be notified of the attempt to access the application.

Abstract: The present invention provides a security module having a communication interface being capable of operating according to any from a selection from a plurality of predetermined operation modes or communication protocols. The security module further comprises a voltage detector to detect the voltage on the module's power supply connection. Depending on the value of the detected voltage or to which of a plurality of predetermined voltage ranges the detected voltage may be categorized, the security module is made to function according to one from the plurality of predetermined communication protocols. According to an embodiment of the present invention the plurality of communication protocols require that the security module operate at a plurality of different frequencies.

Abstract: The present invention provides a security module having a communication interface being capable of operating according to any from a selection from a plurality of predetermined operation modes or communication protocols. The security module further comprises a voltage detector to detect the voltage on the module's power supply connection. Depending on the value of the detected voltage or to which of a plurality of predetermined voltage ranges the detected voltage may be categorized, the security module is made to function according to one from the plurality of predetermined communication protocols.

Abstract: The present invention provides a security module having a communication interface being capable of operating according to any from a selection from a plurality of predetermined operation modes or communication protocols. The security module further comprises a voltage detector to detect the voltage on the module's power supply connection. Depending on the value of the detected voltage or to which of a plurality of predetermined voltage ranges the detected voltage may be categorized, the security module is made to function according to one from the plurality of predetermined communication protocols. According to an embodiment of the present invention the plurality of communication protocols require that the security module operate at a plurality of different frequencies.

Abstract: A user's access to software applications installed on a device is limited by evaluating the context in which the user requests access to the application and determining, based on the context analysis, whether or not the user is to be given access to the application. When it is determined that the user requesting access is not a primary authorized user, the primary authorized user may be notified of the attempt to access the application.

Abstract: The present invention provides a security module having a communication interface being capable of operating according to any from a selection from a plurality of predetermined operation modes or communication protocols. The security module further comprises a voltage detector to detect the voltage on the module's power supply connection. Depending on the value of the detected voltage or to which of a plurality of predetermined voltage ranges the detected voltage may be categorized, the security module is made to function according to one from the plurality of predetermined communication protocols. According to an embodiment of the present invention the plurality of communication protocols require that the security module operate at a plurality of different frequencies.

Abstract: The present invention provides a security module having a communication interface being capable of operating according to any from a selection from a plurality of predetermined operation modes or communication protocols. The security module further comprises a voltage detector to detect the voltage on the module's power supply connection. Depending on the value of the detected voltage or to which of a plurality of predetermined voltage ranges the detected voltage may be categorized, the security module is made to function according to one from the plurality of predetermined communication protocols.

Abstract: The present invention provides a security module having a communication interface being capable of operating according to any from a selection from a plurality of predetermined operation modes or communication protocols. The security module further comprises a voltage detector to detect the voltage on the module's power supply connection. Depending on the value of the detected voltage or to which of a plurality of predetermined voltage ranges the detected voltage may be categorized, the security module is made to function according to one from the plurality of predetermined communication protocols.

Abstract: A method based on access conditions verification performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message encapsulates a second part including another control message. The processing unit for carrying out the method comprises a first conditional access device connected to a second conditional access device provided with a descrambler and a secured processor or secured hardware logic. The control message and the second part are each encrypted and accompanied by respectively first and second authentication data. The first conditional access device decrypts and verifies integrity of the control message, verifies the first access conditions and transmits the second part to the second access control device. The second conditional access device decrypts and verifies integrity of the second part and further verifies the second access conditions, and releases and loads the control word into the descrambler.

Abstract: A method for verifying access conditions performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message includes a first part including first access conditions and a second part structured as a control message including at least second access conditions and a control word. A first conditional access device is configured for decrypting the control message with a common key specific to units having a first conditional access device and verifying the authenticity of said message. When the verification succeeds, the second part and a second right is transmitted to a second conditional access device, which decrypts the second part with a common key specific to units having a second conditional access device and verifies the authenticity of said second part and the second access conditions in relation to the second right encrypted by a personal key embedded therein.

Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device (10) is a security module containing a first encrypting key, said private key (PAKV) of a pair of asymmetric encrypting keys. The second device is a receiver (11) comprising at least one second encrypting key, said public key (PAKB) of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key (13). The first device (10) generates a first random number (A), which is encrypted by said private key (PAKV), then transmitted to the second device (11), in which it is decrypted by means of the public key (PAKB). The second device (11) generates a second random number (B), which is encrypted by said public key (PAKB), then transmitted to the first device (10), in which it is decrypted by means of the private key (PAKV).

Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device is a security module containing a first encrypting key, said private key of a pair of asymmetric encrypting keys. The second device is a receiver comprising at least one second encrypting key, said public key of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key. The first device generates a first random number, which is encrypted by said private key, then transmitted to the second device, in which it is decrypted by means of the public key. The second device generates a second random number, which is encrypted by said public key, then transmitted to the first device, in which it is decrypted by means of the private key. A session key, used for safe data exchange, is generated by a combination of the symmetric key and the random numbers generated and received by each of the devices.

Abstract: A method for updating operating data in a security module associated to a user unit for processing digital data broadcast in a transport stream, said unit being connected to a conditional access system transmitting, in said transport stream, to the security module a first stream comprising management messages includes: broadcasting a second stream of operating data patch messages, adding to the first stream of management messages, a trigger message to direct the security module to a conditional access system transmitting a second stream transporting suitable operating data patch messages if a current version of the operating data in the security module requires an update, updating the operating data of the concerned security module with the operating data patch messages from the second stream, directing the security module towards the conditional access system transmitting another stream based on an identifier of the conditional access system in the security module.

Abstract: For updating shared databases on a subscriber network, a managing center sends messages addressed to each of these bases. When one requires to address a great number of databases, the time to accede to each of them increases considerably considered the necessity to repeat the information to ensure the good reception of messages. Instead of addressing by name each database, it is proposed to transmit criteria in which a certain number of databases recognize themselves and apply a selective updating on these bases.