Chipset function activation method and chipset

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to cryptography. A chipset function activation method includes: receiving at least one of the following elements: a segmentation key, a general purpose key and a global cryptographic algorithm selector; transmitting at least two of the following elements: an initial value, the obtained segmentation key, the general purpose key and the global cryptographic algorithm selector to a computation module, wherein the initial value, the obtained segmentation key, the general purpose key and the global cryptographic algorithm selector are provided by at least two different organisations; generating in the computation module a temporary key using one of the following elements: at least one cryptographic algorithm of the computation module and at least two elements selected from a group including the initial value, the segmentation key, the general purpose key and the global cryptographic algorithm selector; receiving an activation message using the computation module; receiving an authentication code of said message using the computation module, wherein said message authentication code is calculated using the temporary key; authenticating said received message using the message authentication code and the temporary key; if the received message is authentic, activating the corresponding chipset function; if the received message is not authentic, prohibiting activation of said corresponding chipset function.

EFFECT: effective chipset protection.

11 cl, 1 dwg

 

The technical field to which the invention relates.

The present invention relates to a method of activating the chipset including at least a memory and a computing module that is responsible for cryptographic operations. It also applies to protected the chipset that implements this method.

The chipset may, for example, be used in the user equipment, designed to provide permission to access conditional access, such as content for pay-TV. It can be used basically in any device in which an important issue is the protection of the chipset.

The level of technology

The chipset used in the present invention, is a set of electronic circuits that allow the processor to control the data exchange between the various components of the device or user equipment. The objective of the operations performed at the level of the chipset is to prevent all major attacks consisting in the analysis of metabolic signals in order to detect the keys related to a specific device or user equipment. In this regard, the key chip is not available outside of a chip.

Some existing protected chip unique key is inserted in the chip during its manufacture. The key chip can be stored in memory, chipset and have a hard C is the code, so the key was impossible to modify fraudulently. Additional keys can also be calculated on such key chipset so that, on the one hand, the hard-coded key chipset could not be modified, and, on the other hand, you could get different keys, modifying the calculation of this key. The key calculation may be carried out by concatenation, encryption, or any other combination of key chipset and numbers, which may or may not be random.

All keys, which are then inserted into the chipset or device, in one way or another dependent on the primary key of the chipset. As an example of television conditional access rights that are used to control access to the encrypted content, encrypted by the key decoder related to this decoder. This key decoder is passed to the desired decoder encrypted with the original key chipset. Thus, if the original key chipset is compromised, the key decoder will also be compromised as the content itself.

Primary key cannot be changed during the lifetime of a chip. This is important in the case when the key chipset is introduced in a completely safe environment. If the key of a chip is injected under conditions of strict security, the security of Chi is set and the user equipment cannot be guaranteed. Because the key of a chip cannot be changed if the original key is not fully protected, to improve the security will then be impossible.

Primary key is always entered in the manufacture of a chip. However, this switch should be activated only if special conditions, in particular in relation to the configuration of the chipset. In practice, directly after production of the chip or in the process of manufacturing the chip must pass the test configuration to verify whether the configuration of the specified requirements, in particular requirements relating to safety issues. These test configuration performed by the manufacturer, which is the only one who can control them. Thus, it is possible that primary key will be activated, even if not all of the test configuration were successful. Failure to comply with all requirements may be the result of fraud or error and can lead to security violations. Anyway, the solution to prevent inappropriate activation key, if not all tests have been passed, no. In this case, the security of user equipment cannot be guaranteed.

Because in the secure chip sets related to the prior art, the test configuration is tion can be performed only by the manufacturer either the tests are successful and preset functions are activated or chipset does not pass the test, while the corresponding functions are not activated. After completion of the manufacturing process to add a new function cannot be used.

In U.S. patent No. 5,883,956 described a secure processing unit (SPU, secure processing unit), which provides dynamic configuration of features after the chip was installed in the device, when the specified device is located at the customer premises. The trusted center reconfigures the configuration of the secure processing module using the table of features and digital signature. This matrix is formed on the head-end station and is subjected to a hashing to obtain a compressed form of the message. A compressed form of the message is encrypted using the secret key of the secure processing module to obtain the signature. Matrix and the digital signature are transmitted to the appropriate secure processing module. In module SPU compressed form of the message is decrypted using the secret key of the trusted center.

In this secure device secret key necessary for communication between the parent station and the secure processing module. This secret key is introduced into the SPU module in the manufacture of or extract from the key input p and the manufacturer. Thus, if this key is compromised, the rights may also be violated.

Therefore, the solution described in U.S. patent No. 5,883,956, provides a means to add or remove rights or functions in the chipset, but the safety of the operations performed by the chipset, depends on the security of the original key. This primary key specifies one organization, usually the manufacturer of the chipset, which can specify the key, even if not all requirements are fulfilled. Because only one organization sets the key, which receive all other keys, no other organization can check and confirm that all requirements are fulfilled.

Publication WO 2006/091304 relates to a system and method of the preparation and submission of at least one chip keys or rights, independent from geographic region and time zone. This method is used to provide the functions of the termination of communication. These keys or the right depending on the original key, which is contained in the corresponding chipset. Thus, if the original key is compromised, the security of the entire chip will also be disturbed.

Disclosure of inventions

One of the objectives of the present invention is to offer a secure chip, which can be guaranteed the fulfillment of all requirements before activating the chipset.

The other is the first task of the invention consists in the activation of additional functions after the stages of manufacture of a chip. However, these additional functions are activated only under specific conditions.

Another objective of the present invention is the ability to change the key of the chipset, if it turns out that this key chipset hacked.

The task of the present invention are solved by using method of activating the chipset including at least a memory and a calculation engine, which is responsible for cryptographic operations, and the memory contains at least the initial value, and the computing module contains at least one cryptographic algorithm, and the method includes the following steps:

- take at least one of the following elements: key segmentation (SK), the key General application (GK) and the global cryptographic algorithm selector (GCAS);

- transmit at least two of the following elements: the initial value of the received key segmentation (SK), the key General application (GK) and the global cryptographic algorithm selector (GCAS), the calculation engine, and the initial value of the received key segmentation, the key is of General application and the global cryptographic algorithm selector feature at least two different organizations;

- generate module computing a temporary key (SKtemp) using one of the following ele is having: at least one cryptographic algorithm of the calculation engine and at least two elements selected from the group that includes the initial value (Sd), key segmentation (SK), the key General application (GK) and the global cryptographic algorithm selector (GCAS);

- accept message about activation module computing;

- accept authentication code specified message using the computing module (CM), with the specified message authentication code (MAC) calculated using a temporary key (SKtemp);

- verifies the authenticity of the received message specified using message authentication codes (MAC) and temporal key (SKtemp);

- if the received message is authentic, activate the appropriate function (F1, F2, F3) chipset;

- if the received message is not authentic, prohibit activation of the specified corresponding function of the chipset.

The task of the present invention are also solved by using a chipset including at least a memory and a calculation engine, which is responsible for cryptographic operations, and the memory contains at least the initial value, and the computing module contains at least one cryptographic algorithm, and the chipset consists of the following components:

means receiving at least one of the following elements: key segmentation (SK), key General application (GK) or global cryptographic algorithm selector (GCAS);

- funds transfer, at least two of the following elements: the initial value of the received key segmentation (SK), key General application (GK) and the global cryptographic algorithm selector (GCAS), the calculation engine, and the initial value of the received key segmentation, the key is of General application and the global cryptographic algorithm selector feature at least two different organizations;

means generating module computing temporal key (SKtemp) using one of the following elements: at least one cryptographic algorithm of the calculation engine and at least two elements selected from the group that includes the initial value (Sd), key segmentation (SK), the key General application (GK) and the global cryptographic algorithm selector (GCAS);

- funds receive activation messages using calculation engine;

means receiving authentication code specified message using the computing module (CM), with the specified message authentication code (MAC) calculated using a temporary key (SKtemp);

- a means to verify the authenticity of the specified received message using the authentication code soo is the airflow (MAC) and temporal key (SK temp);

- means of activation of the corresponding functions (F1, F2, F3) chipset, if the received message is authentic;

- the means of prohibiting activation of the specified corresponding function of the chipset, if the received message is not authentic.

Thanks to the method and apparatus of the present invention, one organization in particular, the manufacturer is not required to activate a function of the chipset. This means that the security of a chip may be violated as a result of fraudulent actions on the part of the manufacturer or errors in the final test.

The method of the present invention also enables key replacement chipset hacking the specified key. This provides a high degree of flexibility when using these chipsets.

In addition, you can offer a chipset with an inactive binding function, which can be activated not at the production stage, as in the prior art, and later, at the stage of personalization. This provides a double check of the requirements to activate, with one check is performed at the production stage, and the second in the activation process.

In addition, the chipset may have only a few functions or only one function that is activated after personalization. Additional functionone activate later when the motherboard is already installed in the device and used.

Brief description of drawings

The present invention and its advantages will be better understood referring to the following accompanying drawings and detailed description of a specific variant implementation.

In FIG.1 shows the diagram of a method of the present invention.

The implementation of the invention

According to the present invention chipset contains at least the memory and the computing module CM. In the manufacture chipset memory receives a unique identification number (Sd). This identification number may or may not be a secret.

The evaluation module CM chipset contains at least one cryptographic algorithm. According to a preferred variant implementation of this algorithm is proprietary (internal). However, you can also use well-known cryptographic algorithms such as 3DES, AES, RSA. In FIG.1 module calculations are shown using three algorithms, GCA1, and GCA2 GCA3.

After fabrication of the chip is its personalization carried out, usually by an organization other than the manufacturer. In the process of personalization chipset receives the key segmentation SK. He may also receive, at least, the key General application of the GK or the global cryptographic algorithm selector GCAS. So the m way the chipset contains at least a unique identification number that can be used as initial values and at least one of these elements as key segmentation, the key is of General application and the global cryptographic algorithm selector.

At least two of a number of elements such as a unique identification number, key segmentation, the key is of General application and the global cryptographic algorithm selector is passed to the cryptographic module CM. When the global cryptographic algorithm selector is not passed to the cryptographic module uses the default algorithm. Unique identification number can be used as initial values with one of the other items that are transmitted to the calculation engine. The algorithm, which is contained in the cryptographic module used in the future to generate a temporary key SKtemp.

The initial value, or unique identification number is usually well-known manufacturer of the chipset. Key segmentation well-known manufacturer of STB (Set Top Box, set-top-boxes), and cryptography(-s) algorithm(s) contained (re) in the calculation engine, known to be declared to the provider of security services. Thus, neither the manufacturer nor the organization performing the persons who mobilization, don't know all the secrets.

As is clear from the above, for the formation of a temporary key a few essential pieces of information. These pieces of information are distributed among several organizations, such as the manufacturer, the organization responsible for personalization, and service provider security. They can be summarized in one malicious party only with great difficulty. This provides a high degree of security devices from fraud and error.

According to one of specific embodiments, the binding function of the chipset is inactive until then, until it receives the activation message. Processing activation messages requires the use of a temporary key SKtemp, which was formed as described above. The activation message is formed, for example, in the control center, and is intended for a specific chipset. This message may or may not be encrypted. This activation message is associated with the authentication code of the message, with the specified code is calculated by using the temporary key, which is known to the control center. The calculation of the message authentication codes using the temporary key may be an encryption or any other suitable operation code of the SMTP authentic the AI message and the temporary key. After the message is received by the chipset it is processed for the purpose of decryption, if necessary, and receive message authentication codes. The message can contain at least two parts. One part refers to the operation that must be made in the case of compliance with certain conditions. Another part may contain conditions AC (activation condition, the condition of activation), which must be completed before beginning operations. The message may also contain other additional parts. In one of the examples of conditions will activate the last check is performed, if a temporary key SKtemp is already in the chipset. Key segmentation SK is not saved if the temporary key is already in the chipset.

Message authentication code is calculated by using the temporary key SKtemp. This message authentication code is processed in the module calculations to provide message authentication codes in an easy to use form, then you validate the authenticity of a message. If the message is authentic, the chip checks whether conditions AC contained in the message. If so, the operation is contained in the message and associated with the list of conditions. According to one of specific embodiments, the first function is to activate a mandatory function of the chipset and e is the bringing into the state, allowing the use. After a single use temporary key SKtempcan be deleted.

It is possible that the message contains no conditions. In this case, only the authentication result determines whether the function is activated. If the authentication result is negative, or the conditions are not met, the corresponding function is not activated. Depending on the specific type of implementation may be other consequences.

When using the chipset can provide this chipset additional functions F1, F2, F3. As in the previous case, the chipset convey the message, while the message authentication code is calculated by using the temporary key SKtemp. This message also contains, at least, the operation and the list of conditions AC. Message authentication code is used to verify the authenticity of a specific message. Conditions are also checked and, in case of their implementation, is this operation. This operation may include, for example, activation of the new features of the chipset.

If conditions are not met, at least to activate the new function will not be permitted. Failure conditions may have other consequences. For example, if some conditions are not met, all or part of the functions of the chipset can be deactivated.

For each novoafonskiy, be activated, you can send one message with a single set of conditions. In addition, different sets of conditions may be contained in a single message and to be associated with the same or different operations.

According to the present invention, the key can be entered in a secure way, not only in the manufacture of a chip, but later on in the process its settings. This provides a greater degree of flexibility and security, as tests may be performed twice, with different organizations.

In a chip according to the present invention it is possible to change the key of the chipset. Thus, if the key is compromised, the chipset, however, can be used after changing the key.

According to the method of the present invention, the service provider security can fully control the process and, in particular, may determine that the configuration of the chipset meets the necessary functions. This provides a high degree of protection against errors and fraudulent manipulation.

You can offer the chipset, which required function is inactive as long as he will not get an authentic message about activation. This authentic message is created and transmitted to the control center associated with the service provider security. Thus, the chipset must meet trebovaniyam at the stage of manufacture, and at the stage of activation. Since the production and activation is typically done by different organizations, the degree of protection increases.

1. The activation function of the chipset including at least a memory and a calculation engine, which is responsible for cryptographic operations, and the memory contains at least the initial value, and the computing module contains at least one cryptographic algorithm, comprising the following steps:
- take at least one of the following elements: key segmentation (SK), the key General application (GK) and the global cryptographic algorithm selector (GCAS);
- transmit at least two of the following elements: the initial value of the received key segmentation (SK), the key General application (GK) and the global cryptographic algorithm selector (GCAS), the calculation engine, and the initial value of the received key segmentation, the key is of General application and the global cryptographic algorithm selector feature at least two different organizations;
- generate module computing a temporary key (SKtemp) using one of the following elements: at least one cryptographic algorithm of the calculation engine and at least two elements selected from the group that includes the initial value (Sd), to the JCH segmentation (SK), key General application (GK) and the global cryptographic algorithm selector (GCAS);
- accept message about activation module computing;
- accept authentication code specified message using the computing module (CM), with the specified message authentication code (MAC) calculated using a temporary key (SKtemp);
- verifies the authenticity of the received message specified using message authentication codes (MAC) and temporal key (SKtemp);
- if the received message is authentic, activate the appropriate function (F1, F2, F3) chipset;
- if the received message is not authentic, prohibit activation of the specified corresponding function of the chipset.

2. The method according to p. 1, wherein the activation message contains at least one activation condition (AC), and the method includes the following steps:
- check whether at least one activation condition contained in this message;
- if at least one activation condition is fulfilled, activate the appropriate function (F1, F2, F3) chipset;
- if at least one of the specified activation conditions are not met, prohibit activation of the specified corresponding function of the chipset.

3. The method according to p. 2, characterized in that the activation (AU) stereotropism, is there a temporary key (SKtempin the chipset, and the key segmentation (SK) is not saved if the temporary key is already in the chipset.

4. The method according to p. 1, wherein the initial value (Sd) introduced in the manufacture of a chip.

5. The method according to p. 1, characterized in that the key segmentation (SK) is introduced at the stage of personalization chipset.

6. The method according to p. 1, characterized in that at least one of the specified cryptographic algorithms contained in the chipset, is an internal algorithm.

7. The method according to p. 1, wherein the computing module (CM) contains several algorithms, and the chipset receives an instruction indicating which algorithm should be used to generate a temporary key (SKtemp).

8. The method according to p. 1, characterized in that at least one function of the chipset remains inactive until the activation message is received and processed.

9. The method according to p. 1, wherein the temporary key (SKtemp) is removed after a single use.

10. The method according to p. 1, wherein the activation message is encrypted.

11. A chipset including at least a memory and a calculation engine, which is responsible for cryptographic operations, and the memory contains at least the initial value, and the computing module contains, at IU is e, one cryptographic algorithm, and the chipset also includes the following components:
means receiving at least one of the following elements: key segmentation (SK), key General application (GK) and the global cryptographic algorithm selector (GCAS);
- funds transfer, at least two of the following elements: the initial value of the received key segmentation (SK), key General application (GK) and the global cryptographic algorithm selector (GCAS), the calculation engine, and the initial value of the received key segmentation, the key is of General application and the global cryptographic algorithm selector feature at least two different organizations;
means generating module computing temporal key (SKtemp) using one of the following elements: at least one cryptographic algorithm of the calculation engine and at least two elements selected from the group that includes the initial value (Sd), key segmentation (SK), the key General application (GK) and the global cryptographic algorithm selector (GCAS);
- funds receive activation messages using calculation engine;
means receiving authentication code specified message using the computing module (CM), with the specified message authentication code (MAC) of vechicle is carried out using a temporary key (SK temp);
- a means to verify the authenticity of the specified received messages using message authentication codes (MAC) and temporal key (SKtemp);
- means of activation of the corresponding functions (F1, F2, F3) chipset, if the received message is authentic;
- the means of prohibiting activation of the specified corresponding function of the chipset, if the received message is not authentic.



 

Same patents:

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to information decryption methods. The method comprises steps of, in response to the absence in any of the terminals of one or more control words CWc for decrypting one or more multimedia content cryptoperiods, transmitting through said terminal to a control word server a request containing a cryptogram(s) of said one or more absent control words, and in response, transmitting by the control word server to said terminal said one or more absent control words, wherein the control word server selectively determines for each terminal the number of additional control words CWs intended for transmission to the terminal depending on the probability of compromising the protection of said additional control words, and besides the absent control words CWc, transmitting to said terminal said determined number of additional control words CWs, which enables the terminal to decrypt additional multimedia content cryptoperiods in addition to cryptoperiods decrypted using the requested absent control words CWc.

EFFECT: ensuring secure transmission of control words.

10 cl, 6 dwg

FIELD: radio engineering, communication.

SUBSTANCE: apparatus comprises: a unit which stores a key used for encrypting or decrypting data; a unit which receives a key transmission request including a key-dividing number via a wireless signal from an operation terminal; a unit which acquires a key transmission request from the wireless signal received by the reception section; a unit which determines a security level when transmitting the key to the operation terminal, as a transmission security level; a unit which determines a transmission power in accordance with the transmission security level determined by the security level determination unit and the key-dividing number included in the key transmission request acquired by the key transmission request acquisition unit; a unit which acquires each key fragment by dividing the key stored in the storage unit into the key-dividing number; and a unit which transmits the each key fragment acquired by the key acquisition unit using the transmission power determined by the transmission power determination unit, via a wireless signal to the operation terminal.

EFFECT: safer data transmission.

15 cl, 9 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to a network operation method. A network comprises a node and a system control device. A system control device comprises a root key material which is a set of functions, each having a degree of complexity α, and a node is provided with a portion of key material of a node having a degree of complexity α extracted from the root key material. The system control device generates a portion of key material for an external user with a degree of complexity α from the root key material and generates an access identifier. The system control device generates access key material with a degree of complexity less than α from the portion of key material for the external user and generates a node identifier. The system control device provides the external user with a portion of access key material and the node identifier. The external user extracts a key from the portion of access key material and sends to the node said key and access identifier. The node calculates a key from the access identifier and the portion of node key material and compares the key sent by the external user and the key calculated by the node in order to identify the external user.

EFFECT: improved security.

14 cl, 4 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to methods of providing secure communication in a network. The method comprises: an administration device provided with root keying materials, and steps of: generating, by the administration device based on the root keying materials, parts of keying material of a first node containing a certain number of sub-elements, and parts of keying material of the first node, assembled for generating a first terminated key, the administration device selects a subset of sub-elements of the first parts of the keying material, wherein the number of selected sub-elements is less than or equal to the total number of sub-elements of the first parts of the keying material, and the selected sub-elements form partial parts of the keying material of the first node or a symmetrical key generation mechanism, the first node generates, based on the symmetrical key generation mechanism of the first node and on a second node identifier, a first key used to provide secure communication with a second node.

EFFECT: more secure data transmission in a network.

6 cl, 7 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering and specifically to means of secure communication in a network. The method relates to secure transmission of information from a first node (N1) to a second node (N2) in a network, the first node comprising a first node keying material (KM(ID1)), the second node comprising a second node keying material (KM(ID2)), wherein the keying materials of the first node and of the second node comprise each a plurality of shared keying root parts formed by segments of the shared keying root parts. A communication network, having at least two communication devices, carries out said method.

EFFECT: safer communication by dividing keys into segments for predistributed keying material according to a variable distribution.

13 cl, 5 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of controlling access to a set of channels using a receiver/decoder comprising a security module (SC), each channel being encrypted by a specific channel control word (CW1, CW2), each channel having a channel identifier and transmitting access control messages ECM containing at least the current channel control word and the channel access conditions. The method comprises the following steps: tuning to a first channel having a first channel identifier (ID1); transmitting the ID1 to the SC; receiving first access control messages ECM1 containing a first control word (CW1); transmitting the first access control messages ECM1 to the SC; decrypting the first access control messages ECM1 and verifying the channel access conditions; if the access conditions are met; transmitting the CW1 to the receiver/decoder; storing of the CW1 and the ID1 in the SC; tuning to a second channel having a second channel identifier ID2; transmitting the ID2 to the SC; calculating, by the SC, the second control word (CW2) by performing the following steps: calculating a root control word (RK) with an inverse cryptographic function F-1 using the CW1 and the ID1; calculating the CW2 with the cryptographic function F using the RK and the ID2; transmitting the CW2 to the receiver/decoder.

EFFECT: reducing channel switching time when a user selects another channel.

9 cl, 3 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to distribution of a cryptographic secret key between a transmitting side and a receiving side. An apparatus for secure reception and transmission of data comprises a key generation controller and a unit for providing the number of iterations.

EFFECT: facilitating automatic control of security and latency for generating a cryptographic secret key by setting a number of iterations, based on which the number of messages to be exchanged while generating the cryptographic secret key is controlled.

11 cl, 17 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to a wireless communication device. The device includes: a plurality of communication modules for transmission, which are adapted to modulate and transmit a transmission object signal; the communication modules for transmission include at least one communication module for transmission in which a modulation method is employed, which is different from the modulation method employed in another communication module(s) for transmission.

EFFECT: transmitting a signal appropriately even with low carrier frequency stability.

20 cl, 78 dwg

FIELD: radio engineering, communication.

SUBSTANCE: network component having a processor connected to memory and configured to exchange security information using a plurality of attributes in a management entity (ME) in an optical network unit (ONU) via an ONU management control interface (OMCI) channel, wherein the ME supports a plurality of security functions that protect upstream transmissions between the ONU and an optical line terminal (OLT). Also included is an apparatus having an ONU configured to connect to an OLT and having an OMCI ME, wherein the OMCI ME has a plurality of attributes that support a plurality of security features for upstream transmissions between the ONU and the OLT, and wherein the attributes are transmitted via an OMCI channel between the ONU and the OLT and provide the security features for the ONU and the OLT.

EFFECT: high security of data transmission in PON systems.

20 cl, 5 dwg, 6 tbl

FIELD: radio engineering, communication.

SUBSTANCE: quantum cryptographic system not only enables to detect any attempts at intruding into a communication channel, but also guarantees unconditional secrecy of transmitted cryptographic keys under the condition that an error at a receiving station in primary keys does not exceed a certain critical value. The method involves generating polarisation states at a receiving/transmitting station for a series of classic synchronising laser pulses using a polarisation controller in one arm of an interferometer and a polarisation controller at the output of the interferometer, which facilitate interference balancing of the interferometer; after reflection from a mirror in a transformation station, a series of single-photon states is detected at the transmitting/receiving station and the obtained photocount statistics are used to calculate the permissible error, which is then compared with a certain error threshold to obtain a cryptographic key known only at the transmitting/receiving and transformation stations.

EFFECT: wider range of possible distortions of polarisation of laser and single-photon pulses when transmitting keys between transmitting/receiving and transformation stations, in which is guaranteed the secrecy of cryptographic keys and the lifting of the condition of using a special Faraday mirror.

2 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to a method for transitioning security context from a UTRAN/GERAN-based serving network to an E-UTRAN-based serving network. The technical result is providing transitioning of security context from a serving network of a first type to a serving network of a second type. In the method, a remote station generates first and second session keys in accordance with security context using a count (COUNT) and first security context root key associated with a UTRAN/GERAN-based serving network. The remote station receives a first message from the E-UTRAN-based serving network. The first message signals to the remote station to generate a second security context root key for use with the E-UTRAN-based serving network. The remote station generates, in response to the first message, a second security context root key from the first enhanced security context root key using the first and second session keys as inputs.

EFFECT: remote station protects wireless communication on the E-UTRAN-based serving network based on the second security context root key.

9 cl, 10 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to interruption of frame transmission. An embodiment may include circuitry to permit interruption, in part, of a first frame from a sender to an intended recipient for transmitting, in part, a payload of a second frame from the sender to the intended recipient, and/or processing, in part, one or more incoming flow control notifications. The payload may be transmitted, at least in part, to the intended recipient in one or more frame fragments.

EFFECT: reducing time delays and amount of buffer memory when transmitting traffic.

22 cl, 7 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to communication engineering. The system comprises: a skin package server for storing skin package data; a client for sending a general request to the skin package server periodically, obtaining the information associated with the newly added skin package, initiating a downloading request to the skin package server to download the skin package data according to the user selection, and changing the interface skin in accordance with the downloaded skin package data.

EFFECT: obtaining a newly added skin package on a skin package server in time and conveniently changing skin without restarting the application.

10 cl, 5 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to communication systems with a plurality of communication session components, e.g. voice #1, video #2 (face-to-face of users) and video #3 (demonstration video) component. In a multimedia communication session with multiple multimedia data components, e.g., in an IP multimedia subsystem, one or more multimedia data components can be transmitted from one access network to another access network and maintain continuity of the entire communication session regardless of that. For this purpose, each session is identified, followed by the identification of the multimedia data component intended for transmission. The identity of the identified session and component are forwarded to one or more elements within the communication network for transmitting the multimedia data component.

EFFECT: providing a system for the reliable transmission of communication session components in order to maintain the communication session continuity.

37 cl, 13 dwg

FIELD: radio engineering, communication.

SUBSTANCE: provided are mechanisms to identify a request to establish a packet switched network connection as a request for a LIPA context. Once identified a local gateway associated with user equipment (UE) or with a subscriber-deployed base station is identified, and a packet context is established to support LIPA traffic for the UE. Additional mechanisms support UE mobility from one base station to anther, including identifying and terminating inactive LIPA contexts. Further, UE is described that can recognise and facilitate the establishment of a LIPA context for executing applications in the UE.

EFFECT: establishing network connection with subscriber-deployed base station based on an Internet protocol.

13 cl, 17 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to emergency user notification systems. The system contains a CPU, RAM, networking interface. The CPU supports receiving positioning data related to an event and preset information about time interval. The positioning data is used to identify the preset area of geographic interest, which can be influenced by the said event. The CPU also supports trend profile generation using activity data, containing information recorded during the previous communication session with wireless network. The profile of the trend, related to each of multiple mobile devices within the communication network bounds, can also be researched by CPU. The latter also can determine the chance of that certain mobile device will be within the predefined geographic area within the predefined time period. Finally, the CPU supports sending notifications to mobile devices.

EFFECT: result is determination of identification data for the mobile device that are likely to be within the event activity area during the predefined time period.

20 cl, 3 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to apparatus for processing user identity information in a GPON system. The method comprises steps of: an optical line terminal OLT determining that a length of a string of user identity information used for an SIP session exceeds a threshold; the optical line terminal OLT constructing an optical network terminal management and control interface OMCI message, wherein the OMCI message carries the user identity information used for the SIP session; the optical line terminal OLT sending the OMCI message to an optical network unit ONU or an optical network terminal ONT; and the optical network unit ONU or the optical network terminal ONT acquiring the user identity information from the OMCI message.

EFFECT: more secure data transmission by changing the extremely long user identity information.

10 cl, 6 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method of distributing content comprises steps where: an IPTV service control function module requests to transmit media content in the IPTV media function module to the user equipment; the IPTV media function module transmits the media content to the user equipment; and the user equipment stores the media content into its own memory and selects media content stored in memory for reproduction, or selects in interactive mode using a function module for selecting services of the corresponding media content stored in memory for reproduction.

EFFECT: providing a content distribution service in an NGN network and providing a user with selection of content stored in user equipment for viewing a television program recommended by a service provider without a user equipment initiation request.

14 cl, 7 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to communication systems. A free space allocation unit preferentially sets space which can be allocated without dividing one RLC-SDU of free space of a MAC-PDU as allocation space of the RLC-SDU. An RLC-PDU creation unit creates an RLC-PDU by adding an appropriate header of an RLC layer to the RLC-SDU output from an RLC-SDU buffer unit or a retransmission buffer unit. A radio resource information acquisition unit outputs free space information to the free space allocation unit of an RLC processing unit with the highest priority among RLC processing units not notified of the free space information of the MAC-PDU. A MAC-PDU creation unit multiplexes the RLC-PDU according to the allocation space notified from the free space allocation unit of each RLC processing unit.

EFFECT: improved efficiency of transmitting data and performing reliable QoS control.

5 cl, 10 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention discloses a method and a system for dispatching an uplink message in gigabit passive optical networks (GPON). The method includes the following steps: configuring a private managed entity for an 802.1p entity, and defining a mapping relationship between a priority queue and a priority of an uplink message in the private managed entity (S100); the 802.1p entity scheduling an uplink message from a user terminal, mapping the uplink message to a corresponding GEM port, and creating a corresponding priority queue according to the mapping relationship between the priority queue and the priority of the uplink message defined in the private managed entity (S101). In the present invention, the uplink messages mapped to the GEM ports in the GPON system can be flexibly scheduled using an N:M bridge-mapping service model, which is a beneficial extension to the existing mode for dispatching an uplink message in the GPON system.

EFFECT: enabling one GEM port to determine the number of priority queues to be created when mapping uplink messages with different P-bits.

10 cl, 6 dwg

FIELD: radio engineering, communication.

SUBSTANCE: method of evaluating effectiveness of information-process action on a communication network includes ranking all elements of the communication network and determining weight coefficients of each element of the communication network, fixing information-process action on structural elements thereof, using the obtained data to create a model of the communication network, simulating information-process action thereon and preemptively reconfiguring the communication network. The method includes, based on the calculated model of the communication network constructing an active communication network once an intruder has acted on the communication network, evaluating the calculated model of the communication network, based on the evaluation of the action of the intruder on the communication network, adding statistical data on possible intrusion on the communication network and action of the intruder on the communication network.

EFFECT: high accuracy of evaluating intrusion of a communication network topology by an intruder and high security of a communication network in case of information-process action on the structural elements thereof.

8 dwg

Up!