Abstract: A method for updating the firmware of a security module allowing it to “jump” towards a dedicated separate patch message stream thanks to a trigger messages stream broadcasted in a main stream of management messages. The trigger messages comprise version information allowing establishing whether the security module is up-to-date, and an identifier indicating to the security module the suitable patch stream. If the current version of the firmware of the security module is inferior to the patch version, the security module is directed towards the stream of patch messages designated by the identifier included in the trigger messages. Once the update of the firmware is complete, the security module is again directed towards the main stream. This return can be carried out automatically, namely with a switch message comprising an identifier of the first stream.

Abstract: A method for verifying access conditions performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message includes a first part including first access conditions and a second part structured as a control message including at least second access conditions and a control word. A first conditional access device is configured for decrypting the control message with a common key specific to units having a first conditional access device and verifying the authenticity of said message. When the verification succeeds, the second part and a second right is transmitted to a second conditional access device, which decrypts the second part with a common key specific to units having a second conditional access device and verifies the authenticity of said second part and the second access conditions in relation to the second right encrypted by a personal key embedded therein.

Abstract: Example embodiments are directed to a duration computing method in a security module inserted into an apparatus including an internal clock. The apparatus may receive a digital data stream encrypted via control words contained in a control message ECM. The method may include receiving data coming from the internal clock of the apparatus including a current temporal information, storing the data representing the current temporal information in the security module, receiving the control message ECM to decrypt at least one control word, reading previous data representing a previous temporal information at a moment of processing the previous control message ECM, and processing the control message ECM when the current temporal information is temporally ahead of the previous temporal information.

Abstract: A method is disclosed for access control to conditional access data in a multimedia unit comprising at least one security module. This process includes: reception by the multimedia unit of a control message ECM containing at least one control word cw; transmission of this message ECM to said security module, this control message being associated to a message decryption right; determination of a validity date of the ECM control message decryption rights associated to said security module; determination of the present date; comparison of the present date with the expiration date of the decryption rights and determination of whether the present date is prior to the expiration date. In the affirmative case, decryption of the control message ECM and sending of the control word cw to the multimedia unit occurs In the negative case, reading of a value contained in a counter of the security module and comparison of this value occurs, to determine whether this value is comprised within a range authorizing decryption.

Abstract: A method based on access conditions verification performed by two conditional access devices consecutively on a control message before releasing a control word to a descrambler. The control message encapsulates a second part including another control message. The processing unit for carrying out the method comprises a first conditional access device connected to a second conditional access device provided with a descrambler and a secured processor or secured hardware logic. The control message and the second part are each encrypted and accompanied by respectively first and second authentication data. The first conditional access device decrypts and verifies integrity of the control message, verifies the first access conditions and transmits the second part to the second access control device. The second conditional access device decrypts and verifies integrity of the second part and further verifies the second access conditions, and releases and loads the control word into the descrambler.

Abstract: This invention concerns a security module deactivation and reactivation method particularly intended for access control of conditional access data. These security modules include a plurality of registers (R1, R2, R3, Rn) containing values. The method includes the step of sending at least one management message (RUN-EMM) containing an executable code, this executable code being loaded into a memory of the security module and then executed. The execution of this code in particular can carry out the combination and/or the enciphering of the values of the registers, or render these values illegible. This method also allows the reactivation of the security modules that have been deactivated previously. In this case, the method includes the step of sending another message containing an executable code (RUN-EMM?1) for the reactivation of the modules, this executable code having an inverted function to that of the executable code used for the deactivation of the security modules.

Abstract: The object of the invention is a method of managing the display of event specifications with conditional access, particularly to display an electronic program guide for Pay-TV.

Abstract: The aim of this invention is to be able to recover specific information of a security module when it has been replaced by a new module in a user unit connected to a broadcasting network.

Abstract: A method for updating the firmware of a security module allowing it to “jump” towards a dedicated separate patch message stream thanks to a trigger messages stream broadcasted in a main stream of management messages. The trigger messages comprise version information allowing establishing whether the security module is up-to-date, and an identifier indicating to the security module the suitable patch stream. If the current version of the firmware of the security module is inferior to the patch version, the security module is directed towards the stream of patch messages designated by the identifier included in the trigger messages. Once the update of the firmware is complete, the security module is again directed towards the main stream. This return can be carried out automatically, namely with a switch message comprising an identifier of the first stream.

Abstract: This invention concerns a safe data exchange method between two devices locally connected to one another. In a preferred embodiment, the first device (10) is a security module containing a first encrypting key, said private key (PAKV) of a pair of asymmetric encrypting keys. The second device is a receiver (11) comprising at least one second encrypting key, said public key (PAKB) of said pair of asymmetric encrypting keys. Furthermore each of the devices comprises a symmetrical key (13). The first device (10) generates a first random number (A), which is encrypted by said private key (PAKV), then transmitted to the second device (11), in which it is decrypted by means of the public key (PAKB). The second device (11) generates a second random number (B), which is encrypted by said public key (PAKB), then transmitted to the first device (10), in which it is decrypted by means of the private key (PAKV).

Abstract: A method is disclosed for access control to conditional access data in a multimedia unit comprising at least one security module. This process includes: reception by the multimedia unit of a control message ECM containing at least one control word cw; transmission of this message ECM to said security module, this control message being associated to a message decryption right; determination of a validity date of the ECM control message decryption rights associated to said security module; determination of the present date; comparison of the present date with the expiration date of the decryption rights and determination of whether the present date is prior to the expiration date. Iin the affirmative case, decryption of the control message ECM and sending of the control word cw to the multimedia unit occurs In the negative case, reading of a value contained in a counter of the security module and comparison of this value occurs, to determine whether this value is comprised within a range authorizing decryption.

Abstract: The aim of this invention is to be able to recover specific information of a security module when it has been replaced by a new module in a user unit connected to a broadcasting network.

Abstract: This invention concerns a security module deactivation and reactivation method particularly intended for access control of conditional access data. These security modules include a plurality of registers (R1, R2, R3, Rn) containing values. The method includes the step of sending at least one management message (RUN-EMM) containing an executable code, this executable code being loaded into a memory of the security module and then executed. The execution of this code in particular can carry out the combination and/or the enciphering of the values of the registers, or render these values illegible. This method also allows the reactivation of the security modules that have been deactivated previously. In this case, the method includes the step of sending another message containing an executable code (RUN-EMM?1) for the reactivation of the modules, this executable code having an inverted function to that of the executable code used for the deactivation of the security modules.

Abstract: The aim of this invention is to assure the portability of an electronic certificate and the security of the private key which are part of the certificate X509. In fact, it is important that this certificate is not used for purposes uncontrolled by the holder, such as identity usurpation, the authorization of non-desired transactions or the reproduction of transactions (replay). This aim is reached by a storage and transporting method for an electronic certificate, said certificate having an authority section for the issuing authority, a holder section for the holder of the certificate and a signature section determined by the issuing authority, characterized in that all or part of the holder section is contained in a removable security module and that at least the authority section is contained in a host computer.

Abstract: The aim of this invention is to propose a method to supply a control of the validity duration of a right registered in a security module in absolute terms by means of a management of the different received parameters allowing the determination of an expiry date and time.

Abstract: For this reason, the present invention proposes to allow the development of a first security based on a first key towards a second security based on a second key, this operation being carried out in an environment unprotected by said open transmission, guaranteeing the same security level as if this operation was carried out locally in the place belonging to the system manager.