Method and system for secure transmission of audiovisual content

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. The invention can be implemented in a conditional access content broadcast system where it is desirable to identify and take measures against receiving equipment, applied when sharing control words. Owing to the requirement that receiving equipment used in the system transmits to a transmission station a conditional access content message at a precisely defined time, the invention provides a method through which a server identifies receiving equipment participating in the sharing of control words and prevents said receiver from further accessing said content.

EFFECT: effective protection of transmitted content.

12 cl, 2 dwg

 

The technical field to which the invention relates.

The present invention relates to the field of conditional access systems and, more specifically, to methods of transport security of the secret key for decoding the encrypted data.

The level of technology

In technical fields, such as digital television broadcasting, the transmission of audio and / or video data, and other similar areas where valuable content must be delivered to a given set of points, conditional access systems are typically used to enable access to the content only at these points, which are considered to be lawfully used by the access points, and in no other point. Under lawfully used by the access point usually refers to an item of equipment, permitted to take in and consume such content, usually using enumeration subscription fees in favor of the owner of this content.

Indeed, in the field of pay-TV content is typically encrypted using a control word before it is transmitted in broadcast mode the many potential viewers. Control words also passed in encrypted form as part of the secret message together with the encrypted content. Thanks to conditional access systems commonly used in industry only sees the NML, which have a suitable decoder and paid for the right to view the encrypted content will be given access to the control words, allowing them to decode the encrypted content.

Known from the prior art conditional access systems that allow you to transmit the encrypted content to a set of receivers equipped with security modules, use the following principles. The content is encrypted by the operator using control words at the headend. Control words encrypted with the transport key, forming secret messages, known as messages ECM (entitlement control message, the message access control). The encrypted content and messages ECM are passed in the data stream to a set of receivers. The receivers filter the data stream in order to retrieve messages ECM and the encrypted content.

The security modules of the receivers have access to transport or equal to the key and are then able to extract the control words received in messages ECM. However, before obtaining permission to decoding messages ECM checks to ensure that the security module really has the necessary permissions to decode the content. These rights usually get after payment. After payment b is l made rights are loaded directly into the security module using a different type of secret messages, known as message EMM (Entitlement Management Message, the authorization message subscribers). These messages can be received either on the broadcast channel with content, or through another channel. This second type of secret messages addressed to one or a group of security modules. Next, we see that broadcast the content from the conditional access consists, therefore, of three parts: the encrypted content using the control word, the encrypted control words to form messages ECM, decoded by the security modules, which have the necessary rights, and, third, the granting of rights and the treatment of such rights by using addressable messages EMM.

Security modules can be implemented in a variety of ways, for example, on the microprocessor Board, on payment card with an embedded microprocessor or in any electronic module in the form of an identification badge or key. Such modules usually are portable devices and removable from the receiver. The most common type of module has electrical contacts, however, there is a contactless version of the type ISO 14443. There is also another variant of implementation of the security module, to the which it is directly soldered on the inside of the receiver, as a variation of this alternative is IP connected to the socket or connector, such as a SIM module. Another embodiment is a security module that is built into the chip, which performs a different function, for example, in the module diskriminirovaniya or microprocessor-based decoder module. The security module may also be implemented using software.

The operators are very interested in preventing disclosure to third parties of secret keys stored in the security module, because their ability to earn income depends on whether there will be these keys secret. In addition, operators will face a sharp drop in income, if such keys will be shared entered into an agreement with third parties on a large scale that can be achieved through an extensive network such as the Internet, or by cloning the legitimate receivers/modules security in order to make unauthorized receivers/modules security. The security of the keys is due to the fact that the security modules are protected against unauthorized access. However, it is well known that from time to time there may be information leakage. When this happens, you need to change the keys used for encryption upravlyaushymoscow, but this would mean that you need to replace all the security modules or at least be able to securely enter a new key in the security module.

In the published patent application US US 2009/0016527 A1 relating to the same area described in the authentication receiving device by the transmitting device, wherein the transmitting device transmits a random number to the receiving device; the receiving device signs it with its private key, taken from an asymmetric key pair, and sends the signed random number back to the transmitting device; then, the transmitting device decodes the signed random number with the secret key of the receiver; if the result matches the original random number, the receiving device is authenticated. In the described invention, the counters are not used.

In international publication WO 2006/061837 A2 discovered a way to setup a secure communication line between two or more devices. The goal here is not so much in the authentication of the devices involved in the communication, as in the configuration of the encrypted communication session with a particular device after its discovery. After a second device detected by the first device, the second device sends to the first device, the string Yes the data associated with the second device and corresponding to any operating parameter of the second device, such as a unique row identifier. This line transmit data on the first communication channel. Then set up a second communication channel between the two devices and transfer data between two devices by a method determined in accordance with the received data string, thereby making the second channel is protected.

In the publication of a European patent application EP 1441525 A1 describes a system for obtaining services broadcast pay-TV, including the master terminal and the slave terminal associated with the host terminal. The slave terminal has access to the encrypted data received from the host terminal, only if the master terminal can transmit special data required to decode the protected data to the slave terminal within a specified time limit. In this case, the specified time limit is not connected and does not correspond to any particular slave terminal. Instead, the time limit due to the amount of time that would be required message transmitted from the master terminal to the slave on the condition that allowed slave devices are in close proximity to the leading. In other words, the head of the dependence from the specified time limit, you can make the terminals, which are located far enough from the host terminal, received no special data on time. This is useful in those areas where the customer is entitled to decode the data using any of the set of devices in the same room, using a preferential rate. If this set of devices to distribute on a number of remote points, the applicable fare will be higher. When using this method, you can ensure that the user who has been granted preferential tariff, will not attempt to decode the encrypted data on the remote device, setting the configuration of their system in such a way as to block access to devices located in remote locations, with the master.

In the published patent application US US 2008/0209232 A1 discloses a means of detecting when the security module is involved in the sharing control words. This document describes the use of timestamps together with the control words. Each time the control word is transmitted from the security module to the decoder (or a set of decoders in the case when there is a sharing control words), you calculate the time differences between successive time stamps. If the result of vechicle the Oia invariably many times in a row is less than the normal period encryption this suggests that the security module implements the sharing control words.

Disclosure of inventions

In the present invention proposes a method of secure transmission of content encrypted by control words, from the server to the receiver via a broadcast communication channel, with the specified receiver includes a security module, the decoding module and the slave time counter, the specified server includes the count of the reference time and the specified security module and the server are mutually connected via a reverse communication channel. The method includes the following steps: encrypts with the server control words using the key information; transmit in broadcast mode, the encrypted content and the encrypted control words on a broadcast communication channel from the server to the receiver; determine, using the server specified time of the call and the time window of the call, and above the call time and call box correspond to the receiver; control using the security module, the response time of the slave device specified by the slave time counter; transmit at least one test message from the security module to the server via a reverse communication channel, when the response time of the slave is equal to the time of the call to the slave, and the call of the Vedas is considered as the receive module based security, at least one defining parameter stored in the security module; receive a test message using the server in the reference time indicated by the meter reference time; checks with the server, at least, determining whether there is a difference between the reference time and the specified time of the call within the time window of the call; if the test gives a positive result, transmit a key message (a message containing the key) via a reverse communication channel from the server to the security module, with the specified key message contains key information, extract module security key information of the key messages, decode module security encrypted control word using the key information, decode module decodes the encrypted content using the control word.

Demanding that the security module has sent a request to the server within strict time frames to make possible the obtaining of the necessary keys to decode a control word, the method ensures that only legitimate security modules with the necessary means of initiating such a request, have access to the encrypted content. The method does not adversely in the action on the used frequency band and can be easily implemented, without replacement requirements of the user equipment or upgrade awkward keys in the user equipment. Furthermore, the method allows you to quickly and purposefully to apply penalties to users of security modules that participated in the sharing control words.

Brief description of drawings

The invention will be easier to understand due to the following detailed description and accompanying graphic materials, which are given as non-limiting examples of embodiments of the invention.

In FIG.1 shows a block diagram of a system in which you can implement a variant implementation of the present invention.

In FIG.2 shows a block diagram of a system in which you can implement another variant of implementation of the present invention.

The implementation of the invention

There is a need to ensure greater protection of conditional access systems, in which the decoding keys stored in the security module. Given the ease with which information can now be shared on the Internet, disclosure transport keys, for example, unscrupulous third parties may mean that a large number of users unauthorized equipment will be able to zakodirovatsia the ESM and, therefore, to decode the encrypted content, without paying for the rights to it, thereby depriving the owner of the encrypted content of the income that he could get otherwise.

Thus, the aim of the present invention is to propose means of secure transmission of secret keys, such as transport keys, security modules, which can confirm that you are entitled to receive them, instead of creating a security modules already loaded with security key. It also allows the operator to quickly and easily modify the keys used, for example, to encrypt messages ECM in full confidence that allowed the security modules will be able to track such modifications and thus to preserve the possibility of decoding the encrypted content, the use of which they are entitled.

The present invention can be implemented in the conditional access system, for example, similar to those commonly used in the field of pay-TV. In addition to providing the operator with tools to detect unauthorized receiving equipment, it also provides a means for the application of penalties to users of such equipment. The method proposed in the present invention, it has no negative effect on the used band of the hour is on and allows the operator to quickly and efficiently change the encryption keys, not applying penalties to users of the equipment.

In FIG.1 shows a block diagram of a system in which you can implement a variant implementation of the present invention. The operator transmits in broadcast mode content (AV), encrypted (AVE) by using a control word (CW) from the head-end station or server (SVR) to a set of receivers (RX) on the broadcast channel (SN). By the way, which is well known in the field of digital broadcasting conditional access server (SVR) to send a secret message (ECM) together with the encrypted content (AVE), allowing the receivers with the necessary keys to extract the control words (CW). The server (SVR) includes a time reference counter (CNTR), which is used for time tracking. The time specified by the reference counter of time, known as the reference time (TR).

The system includes a set of receivers, one of which is shown in FIG.1 (RX). The receiver (RX) comprises a security module (SM) and the decoding module (DECR). Module decode (DECR) configured to decode the received encrypted content (AVE) with the control words (CW), which is received in an encrypted form (ECM) from the security module (SM). In addition, the system includes a server or head-end station (SVR), which transmits in broadcast mode, the content of zashifrovan the St (AVE) by using the key information (K), and encrypted control words (ECM) on the set of receivers in a broadcast communication channel (SN). Each receiver (RX) is connected to the server (SVR) for bi-directional back channel or a reverse communication channel (CH2). To the receiver (RX) could accept the message, allowing him to extract key information (K) for decoding the control words (CW), it must first send a test message (V) to the server (SVR), which will give the server (SVR) to check whether the receiver (RX) is enabled. If the server (SVR) decides that the receiver (RX) is legitimate, it sends a key message (M) back to the receiver (RX) via a reverse communication channel (CH2) and, with the help of his security module (SM), the receiver extracts the required key information (K) used to identify the control words (CW), contained in a secret message (ECM) and, thus, to decode the encrypted content (AVE).

Note that the reverse communication channel may be any bi-directional communication channel, independent of the broadcast communication channel, such as the Internet. Reverse communication channel can be implemented using readily available technical means of WiFi (wireless fidelity, wireless access), ADSL (asymmetric digital subscriber line, asymmetric digital subscriber line) or GSM/3G (global sstem for mobile communications, global system for mobile communications/third generation mobile third generation mobile networks).

The validation procedure used by the server (SVR) based on the transmission receiver (RX) of your test messages (V) at a specific point in time. Indeed, to obtain a positive test result receiver (RX) must pass their test (V) in the given call time (TR). In practice, however, due to delays in the system, the message (V) can be obtained exactly in the specified call time (TR). Consequently, according to one of embodiments of the present invention, the window, known as the time window call (TW) is determined relative to a given call time (TR), and to obtain a positive test result message (V) must be received within this window (TW).

As described above, in the case of a positive test result to the server (SVR) transmits the key message (M), containing key information (K) for decoding the control words (CW), back to the receiver (RX). On the other hand, in case of negative result of the check, the server (SVR) can respond to the receiver (RX), prohibiting passing key information (X) in the key message (M) via a reverse communication channel (CH2) and, thereby, blocking decoding the broadcast information receiver (RX), n is at least within a short period of time, known as a specified period of exceptions access (EX). If the receiver (RX) will again try to respond to the server (SVR) and will do it again at the wrong time or within the expected timeframe, the server (SVR) can send additional blocking message, blocking decoding over a longer period of time, and so on, until, ultimately, the receiver (RX) will not be permanently deprived of the possibility to decode the broadcast information.

Here it should be noted that in case of negative result of the check is also possible that the server (SVR) was not sent to the receiver (RX) no response. In this case, instead of get the key, is able to block the ability to decode the subsequent parts of the broadcast information, the receiver can continue using the key information, which he used to decode the control words, until, until you expire a key or a specific law. At the end of this time the receiver will no longer be able to decode the control words. However, up to this point, the receiver has another opportunity to try to send a test message at the right time.

According to the described embodiment implementation of the present invention, the server (SVR) which incorporates both the reference counter (CNTR), it tracks the reference time (TR). The server, therefore, can check what the reference time (TR) receiver (RX) send your test message (V). The receiver (RX) comprises a driven counter (CNTRS), using it to track slave response time (TS), and has information about the specified call time (TR). Comparing the response time of the slave (TS) with the given call time (TR), receiver (RX) will know where you need to pass a test (V) to the server (SVR). The slave counter (CNTS) is preferably within a security module (SM), and the security module (SM) performs a comparison slave response time (TS) with the given call time (TR) and transmits a message (V) to the server (SVR).

According to different variants of implementation of the present invention, the receiver (RX) learns about the specified call time (TR) due to the messages received from the server (SVR), which is responsible for determining this value (TR). Value (TR) is usually passed in an encrypted format. This transmission can be carried out on the broadcast channel (SN) by incorporating values (TR) secret messages (ECM), which is transmitted in the broadcast mode together with the encrypted content (AVE), as described above. Otherwise, the encrypted set the call time (TR) can be passed with the help of another type of CE is specific messages known as the message EMM (Entitlement Management Message, the authorization message subscribers), which is also well known in the field of digital broadcasting conditional access. These messages (EMM) can be transmitted by the server (SVR) on the broadcast channel (SN) together with the encrypted content (AVE), while messages are addressable in the sense that they are intended for, at least, a reduced subset of the General set of security modules (SM) (receivers), and can even have an available address in the security module. Alternatively, via a reverse communication channel (CH2), you can send the specified call time (TR) on a separate security module (SM) (the receivers). Another possibility is that each security module (SM) contains a built-specified call time (TR) or a value that can be used to retrieve a specified time, the call is known to the server (SVR), i.e., installed by the manufacturer. It should be emphasized that even in the cases mentioned above, when the preset time of the call (TR) must be passed from the server (SVR) to the receiver (RX), this can be done with some values, you can get the specified call time (TR) and not to the specified call time (TR).

It should be noted that embodiments of the present invention preduster shall provide the ability to set different expected time of arrivals for different security modules. The server has the means to track, what is the expected time of receipt belongs to one or another security module. These means may include the use of tables to record times in accordance with the security modules, preferably using a unique address or any other unique identifying parameter to refer to one or another security module. From this it follows that, after receiving the test message, the server must be able to verify what the security module it is sent. Naturally, a test message also contains the unique address of the security module or any other unique identifying parameter associated with the security module. Otherwise, can be used in a mathematical calculation, when the security module and the server can compute the set time of the call, using the initial value in combination with the unique identification parameter, either physical or measured parameter related to the security module.

Synchronization of the slave counter (CNTS) with a reference counter (CNTR) can be performed by the server (SVR), update the reference counter (CNTR) in the security module (SM) with the current value of the reference counter (CNTR) by using messages ECM or EMM, the forehand is emyh on a broadcast communication channel (SN), or by using special messages transmitted via a reverse communication channel (CH2).

In another embodiment of the present invention, instead of using a time window call (TW), the receiver (RX) may simply require proof that he was aware of the time when it was expected to answer, for example, by including slave response time (TS) in a test (V). For example, when the slave counter (CNTS) reaches the time of the calling of the slave device (TC), the current time, slave (TS) can be included in the test message (V), possibly in encrypted form. In this case, the server (SVR) will only need to check whether the time of the slave (TS) specified call time (TR).

Another variant implementation of the present invention is illustrated in FIG. 2. In this embodiment, it is expected that the receiver (RX) will transmit a test message (V) the server specified in the call time (TR), but the message (V) must also include a first pseudorandom number (NS), which can also be verified by the server (SVR). The first pseudo-random number (NS) can be a number generated in the security module (SM) from the initial value obtained previously from the server (SVR). Therefore, the security module (SM) also includes a number generator (CALCS) to calculate the first pseudolus inogo number (NS). Any of the above methods of transfer of the specified call time (TR), for example, using messages ECM or EMM, can also be used to pass initial values to the security module (SM). The server (SVR) also includes means (CALCR) calculate the pseudo-random number and therefore can generate the second pseudo-random number (NR), which validates the first pseudo-random number (NS), obtained from the security module (SM).

Instead of using the initial value received from the server (SVR), to generate a first pseudo-random number (NS), the security module (SM) can use the value of a defining parameter (UA), which allows the server (SVR) to identify a specific security module (SM) or group of security modules. Some key parameters (UA) may represent a unique identifier of the security module or the value of a reserved register or a physical parameter, such as voltage at some point the security module (SM), or frequency, measured anywhere on the security module (SM). Another example of a defining parameter is the IP address. From this it follows that the test message sent by the security module on the server that will contain this parameter defines (UA), allowing the server to determine the QCD who was sent the message.

Thus, the present invention provides a secure means for transmitting in the broadcast mode, the encrypted content from the server to the receiver. The method proposed by the present invention, requires that the receiver passed a test message to the server in a specific, accurate and verifiable. To achieve this, the receiver must have access to allowed the slave counter, which can be synchronized with a reference counter on the server. A variant of this method also requires that the receiver consisted of a pseudorandom number in the verification message, which can be verified by the receiver.

1. How secure transmission of content encrypted by control words, from the server to the receiver via a broadcast communication channel, and the specified receiver includes a security module associated with the unique identification parameter, the decoding module and the slave time counter, and the specified server includes the count of the reference time, the security module and the server are mutually connected via a reverse communication channel, comprising the following steps:
- encrypts, by the server, the control words using the key information;
- transmit in broadcast mode, the encrypted content and the encrypted control words broadcast on the anal connection from the server to the receiver;
determine, by the server, set the call time and the time window of the call, and the specified time of the call and the time window of the call to match the receiver.
- controlled by the security module, the response time of the slave with the specified slave time counter;
- transmit at least one test message from the security module to the server via a reverse communication channel, when a response time of the slave is equal to the time of the call to the slave, and the call of the slave is received with the help of the security module based on the at least one unique identifying parameter;
receive, by the server, the validation message in the reference time indicated by the meter reference time;
- checked by the server, at least, is there a difference between the reference time and the specified time of the call within the time window of the call;
in case of a positive test result:
convey a key message via a reverse communication channel from the server to the security module, with the specified key message contains key information;
- remove, by means of the security module, the key information of the key messages;
- decode, by the security module, the encrypted control words using the key the information;
- decode, via the module decoding the encrypted content using the control word.

2. The method according to p. 1, wherein the verification message contains a unique identifying parameter.

3. The method according to p. 1, characterized in that it comprises the following steps: calculate, by means of the security module, the first pseudo-random number using at least the unique identification parameter; calculate, by the server, the second pseudo-random number using at least the unique identification parameter, while the validation message includes the first random number, and the step of scanning includes the matching between the first pseudo-random number and a second pseudo-random number.

4. The method according to p. 1, characterized in that the slave time counter synchronized with the time reference counter.

5. The method according to p. 4, characterized in that the synchronization is achieved through synchronization messages contained in the secret message, transmitted from a server to a security module on a broadcast communication channel.

6. The method according to p. 1, characterized in that the preset time of a call is passed from the server to the security module via a reverse communication channel.

7. The method according to p. 1, wherein the specified time is called before the Ute from the server to the security module comprising addressable secret message on a broadcast communication channel.

8. The method according to p. 1, characterized in that the preset time of a call is received with the help of the security module based on at least the unique identifier of the parameter.

9. The method according to p. 1, characterized in that in case of negative result of the verification perform the following additional steps: transmit a key message via a reverse communication channel from the server to the security module, with the specified key message contains prohibiting the key information, which blocks the decoding of the encrypted content, at least within a specified period of exceptions access; extract using a security module prohibiting the key information of the key messages.

10. The method according to p. 9, characterized in that the period of suspension of access varies as a function of the number of occurrence of a negative test result.

11. The method according to p. 1, characterized in that a reverse communication channel represents a connection to the Internet.

12. The system containing the receiver connected to the server as a broadcast communication channel, and a reverse communication channel, and the specified receiver includes a decoding module, a security module associated with a unique identifying parameter, and the slave time counter, and the specified server includes the count of the reference time is, while specified receiver configured to receive content that is encrypted using a control word, a broadcast communication channel, receiving the control words encrypted with the key information in a broadcast communication channel, and decoding the encrypted content using the control word, wherein the security module is configured to control slave response time specified slave time counter, and send test messages to the server via a reverse communication channel, when a response time of the slave's no time to call the slave obtained by the security module based on at least one unique identifying parameter, the server is configured to determine a specified time of the call and the time window of the call corresponding to the receiver, receiving the test message in the reference time indicated by the meter reference time; check whether the difference between the reference time and the specified time of the call within the time window of the call and the transmission of key messages containing the key information via a reverse communication channel to the security module, the security module configured to extract the key information from the key messages and decode the Finance encrypted control word using the key information.



 

Same patents:

FIELD: physics, computer engineering.

SUBSTANCE: method of securing transmission of multimedia content or a control word between a security processor and a terminal comprises steps of pre-recording multiple secret codes Ci1 into a terminal, each secret code Ci1 enabling to decode the multimedia content or control word encoded by a corresponding session key SKi, obtained by encoding a SK_root key using a parameter Pi, wherein one of the parameters Pi is a parameter Pc; the terminal receives (122) the parameter Pc in a message, also containing multimedia content or a control word to be decoded by the security processor, and from the set of recorded secret codes, a secret code Cc1 is selected (132) to be used as a function of the parameter Pc or another parameter contained in the same message.

EFFECT: improved security.

11 cl, 6 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to a device and method for secure transmission to various personal user devices of recorded copies of a multicast audiovisual program and legal use of the recoded audiovisual program being guaranteed by an innovative approach using data scrambling and marking techniques. The technical result is achieved by an apparatus and a method which includes the following steps: calculating a first mark as a function of a unique identifier of a receiving user device or an external secure device; calculating on said receiving user device a first marked audiovisual stream from said secure stream as a function of said first mark and the said complementary stream; transmitting said secure stream from said receiving device to a second device; calculating a second mark as a function of a unique identifier of a second device, an external secure device or a user using said second device; calculating on the said second user device a second marked audiovisual stream from said secure stream received from said receiving device as a function of the second mark.

EFFECT: providing identification of hacking attempts by marking content with a unique mark for each consumer device.

15 cl, 8 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of controlling access to a set of channels using a receiver/decoder comprising a security module (SC), each channel being encrypted by a specific channel control word (CW1, CW2), each channel having a channel identifier and transmitting access control messages ECM containing at least the current channel control word and the channel access conditions. The method comprises the following steps: tuning to a first channel having a first channel identifier (ID1); transmitting the ID1 to the SC; receiving first access control messages ECM1 containing a first control word (CW1); transmitting the first access control messages ECM1 to the SC; decrypting the first access control messages ECM1 and verifying the channel access conditions; if the access conditions are met; transmitting the CW1 to the receiver/decoder; storing of the CW1 and the ID1 in the SC; tuning to a second channel having a second channel identifier ID2; transmitting the ID2 to the SC; calculating, by the SC, the second control word (CW2) by performing the following steps: calculating a root control word (RK) with an inverse cryptographic function F-1 using the CW1 and the ID1; calculating the CW2 with the cryptographic function F using the RK and the ID2; transmitting the CW2 to the receiver/decoder.

EFFECT: reducing channel switching time when a user selects another channel.

9 cl, 3 dwg

FIELD: information technology.

SUBSTANCE: disclosed is a content download system comprises: a content supplying device, a content receiving device, a download apparatus designed to download encrypted content and playing control data necessary for playing said content from said content supplying device according to user operations; obtaining apparatus to confirm the existence of a license which includes a key for decrypting said encrypted content based on said playing control data when playing said downloaded content, and to obtain said license according to the confirmation result; and playing apparatus to play said encrypted content using said obtained license. Playing control metafile describes <content_title>, <drm_server_uri>, <license_id>, <license_type>, <license_description>, <user_confirmation>, <user_messsage>, and <price>. In the case when multiple licenses are set for a single content, the items <license_id> through <price> describe only the number of set licenses.

EFFECT: design of a system which provides different content downloading service modes.

17 cl, 45 dwg

FIELD: information technologies.

SUBSTANCE: method of a conversion system operation to manage digital rights to grant a license to a client's device corresponding to coded content consists in the following. The first content of the first type of digital rights content and the first license corresponding to the first content are converted to manage digital rights in order to generate the second content of the second type of digital rights content and the second license corresponding to the second content. A license request is received, corresponding to the second content distributed by means of superdistribution to a third party. The second license corresponding to the second content distributed by means of superdistribution is requested from a server corresponding to the second management of digital rights. The second license corresponding to the second content distributed by means of superdistribution is received and sent to a third party.

EFFECT: expansion of functional resources due to development of a license granting mechanism for appropriate content distributed by means of superdistribution.

17 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: invention proposes a method for processing a transport stream (TS) received as an input TS in a processing device (SDR), the transport stream comprising a plurality of elementary streams (ES), each ES being a set of TS packets having the same Packet IDentifier (PID), at least one of these ES being time-sliced so as to be sent in bursts, timing information indicating within a burst the time to the beginning of the next burst, applying a filtering operation to the input TS so as to filter out from the input TS part or all of one or more time- sliced ES; modifying the bursts scheduling of the input transport stream so as to generate a DVB-H compliant output TS from the filtered input TS.

EFFECT: providing a technology which, based on centralising the created TS, creates and synchronously distributes specific local TS to each specific cell of a single-frequency network (SFN).

16 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: first user can support one or more content "portals", which can be accessed by at least a subset of members of an online community. Access to content of any portal can be based on the level of confidentiality of the portal and the level of confidentiality, for example, access parametres provided to a person. The level of confidentiality and linking the content can be hierarchical and/or non-overlapping. That way, a user can transparently exchange data with several uses simultaneously independent of their context or level of confidentiality while preserving the confidentiality boundaries of each portal.

EFFECT: enabling a user to assign or set varying levels of confidentiality for their information or content in order to control access to such information by other users.

18 cl, 13 dwg

FIELD: information technologies.

SUBSTANCE: method includes the following stages: receipt of the first control message (ECM1), containing at least one control word (CW) and time score (TS); receipt of the second control message (ECM2), following the first control message (ECM1), besides, the second control message contains at least one control word (CW) and time score (TS); detection of duration of time period, corresponding to difference between time scores (TS) of two serial messages ECM1, ECM2; increasing counter of errors (CE) in case specified duration of time period is less than previously set duration (CP); reducing counter of errors (CE) in case specified duration of time period equals or exceeds specified previously set duration; return of control word (CW) into module of processing (STB) as waiting time expires, which depends on value of counter of errors (CE).

EFFECT: prevention of access to coded content in case of fraudulent use of decoders.

16 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: invention relates to method of control of access to data (CT) coded by means of control words (CW) received by protection module in control messages (ECM) and returned to module of coded data processing. Control messages (ECM) contain at least the first control word (CW1) and the second control word (CW2), at the same time each of specified control words provides access to coded data (CT) during the specified period of time called cryptoperiod (CP). Method includes the following actions: transfer of coded data into at least one module of processing; and transfer of control messages (ECM) into specified processing module, besides, control messages (ECM) contain at least two specified control words (CW1, CW2) and are sent to processing module after transfer of data coded by means of the first control word (CW1) and prior to transfer of data coded by means of the second control word (CW2), time shift between transfer into module of processing of data coded by means of the first control word (CW1) and transfer of control message (ECM), containing the first control word (CW1) and the second control word (CW2), makes more than 75% of cryptoperiod.

EFFECT: prevents access to coded content with fraudulent use of two decoders with only one module of protection.

4 cl, 4 dwg

FIELD: information technologies.

SUBSTANCE: device (3400) for processing of coded data flow (3401), comprising a decoding module (3402) to generate decoded data flow (3403) from coded data flow (3401), detection module (3404) for detection of information on position of at least one intra-coded frame in coded data flow (3403) and substitution module (3405) for substitution on the basis of detected information on position of coded data flow (3401) parts with according parts of decoded data flow (3403).

EFFECT: increased efficiency, speed of data flow processing by means of selective substitution of only that data in data flow, which is required for further use of data flow.

28 cl, 37 dwg

FIELD: physics.

SUBSTANCE: method of forming a digital watermark-certified electronic colour image includes, at the transmitting side, scaling digital image data to a standard size, applying discrete Fourier transform (DFT) to said data and determining the DFT amplitude and simultaneously recording the phase, selecting local areas of the amplitude spectrum such that the positions of said centres coincide with the positions of nonzero key K values, selecting maximum values of the amplitude spectrum in each local area and correcting said values under the condition of maintaining acceptable image quality, placing the corrected maximum values of the amplitude spectrum at the centre of each local area by replacing initial values of the amplitude spectrum at said positions, embedding an identification key in the image, performing an operation to restore amplitude symmetry and, using the phase stored earlier, performing inverse DFT to obtain digital data with an embedded watermark.

EFFECT: improved protection of an electronic image certified by a digital watermark of the creator of the image from deliberate violation and improved image quality.

4 cl, 4 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of coding coefficients associated with a block of video data during a video coding process, the method comprising determining statistics that indicate a probability of each of the X and Y coordinates comprising a given value, when a scanning order associated with the block comprises a first scanning order, wherein X and Y coordinates indicate a horizontal position and a vertical position, respectively, of the last non-zero coefficient within the block according to the scanning order, wherein the scanning order comprises one of a first scanning order and a second scanning order, which is different from the first scanning order; and coding the X and Y coordinates based on the statistics when the scanning order comprises a first scanning order, and interchanging the X and Y coordinates and coding the interchanged X and Y coordinates based on the statistics when the scanning order comprises a second scanning order.

EFFECT: high efficiency of coding the position of a last significant coefficient.

62 cl, 17 dwg

FIELD: information technology.

SUBSTANCE: method of compression of graphic file by fractal method using ring classification of segments, in which the graphic file is split into rank regions and domains, and for each rank region the domain and the corresponding affine transformation is found, that best approximates it to the appropriate rank region, and using the obtained values of the domain parameters, comprising their coordinates, the coefficients of the affine transformations, the values of brightness and contrast, the archive is formed, and classification of domains and rank regions are introduced, based on the allocation in them of the "rings" and the calculation of the mathematical expectation of pixel intensity of these "rings", which enables to reduce the complexity of the phase of correlation of the segments and to accelerate compression.

EFFECT: reduced time of compression of the graphic file by fractal method.

3 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to presentation of content recommendations. A computer-implemented system (100) for presenting content to a subscriber comprises: a detection component (104) for detecting an inactive subscriber in a session of a website portal; a tracking component (114) for tracking interaction of the inactive subscriber with the session content; and an analysis component (202) for analysing subscriber browsing behaviour, extrapolating subscriber experience level based on the analysis, and suggesting content as session content, wherein the subscriber experience level is extrapolated by tracking how often a subscriber selects Help and other menu categories; and a content component (116) for obtaining and presenting new content targeted to the inactive subscriber during the session based on the tracked interaction of the inactive subscriber with the session content, wherein the session content is new content as part of the session content based on the subscriber experience level.

EFFECT: providing dynamic tracking of information on a new or inactive user on a website and fast presentation of targeted content back to the user to maintain the interest of the user in the website.

13 cl, 9 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to an apparatus and a method of creating an electronic programme guide from programme information stored in an electronic programme guide database for a plurality of channels. The apparatus for creating an electronic programme guide from programme information stored in an electronic programme guide database for a plurality of channels comprises a control unit, a display unit, a time selection unit comprising a user input interface, a programme information search unit and a determining device. The control unit further includes a displayed information updating unit. An electronic programme guide displays elements relating to programmes accessible on a plurality of channels at a given moment in time. When the given time changes, the electronic programme guide updates elements corresponding to channels on which a programme which is accessible at a new time is different from a programme accessible at the previous time.

EFFECT: reduced amount of data required to update an electronic programme guide.

17 cl, 7 dwg

FIELD: physics, video.

SUBSTANCE: invention relates to means of storing and transporting encoded video data. The method includes assembling encoded video data into a video file fragment comprising sub-track fragments, which comprise a plurality of hierarchically related encoded video images of the encoded video data, arranged continuously in the decoding order within a corresponding sub-track fragment, wherein the hierarchically related encoded video images each correspond to a common hierarchical layer; outputting data; receiving a request in accordance with a streaming protocol which specifies the sub-track fragment. In the method, the request comprises a hypertext transfer protocol (HTTP) partial GET request which specifies a byte range corresponding to the sub-track fragment; outputting the hierarchically encoded video images of the sub-track fragment.

EFFECT: retrieving encoded images of a specific hierarchical layer in a video fragment using a single request.

44 cl, 9 dwg, 3 tbl

FIELD: physics.

SUBSTANCE: method comprises phases, during which video bit stream containing a sequence of image frames is received, the error occurrence is determined in the display frame segment, time distribution and spatial distribution of the named error is identified by means of the motion vector information and internal prediction relating a segment, affected by the error, the quality of video bit stream is assessed on the basis of the named error distribution.

EFFECT: improvement of accuracy of assessment at the expense of identification of error spatial distribution in the display frame segment.

18 cl, 16 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of encoding video which comprises determining a transformation unit, i.e., a data unit in which a current coding unit from among coding units is transformed, the coding units being data units in which a current video image is encoded, wherein the size of the transformation unit is determined independent of the size of at least one prediction unit which is a data unit in the current coding unit; transforming data of the current coding unit based on the transformation unit to encode the data of the current coding unit; and outputting the encoded data of the current coding unit, encoding mode information which indicates an encoding mode of the encoded data of the current coding unit, and transformation index information which indicates a structure of the transformation unit, as a bit stream.

EFFECT: high rate of encoding and decoding data.

15 cl, 23 dwg, 1 tbl

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to media content information processing. The method comprises: providing (S1) a pseudo-identifier of a media codec used to encode said media content; providing (S2) additional processing information which defines a post-decoding instruction for processing the decoded media content obtained by decoding said encoded media content; and joint organisation (S3) of said pseudo-identifier and said additional processing information in a file in order to stop decoding said encoded media content by a conventional media terminal which does not recognise said pseudo-identifier, and enable decoding of said encoded media content using said media codec and post-decoding processing of said decoded media content using said additional processing information by a media terminal which recognises said pseudo-identifier.

EFFECT: high efficiency of processing data.

20 cl, 13 dwg

FIELD: information technologies.

SUBSTANCE: method includes reception of a query of a code stream by a transformation device, analysis of the query of code stream, obtaining information of video parameters and coding format, detection of whether the analysed and received information is same with the appropriate information in information of code stream description, if specified information differs - establishment of a value of a set of parameters, corresponding to analysed and received information of parameters of video and coding format, sending the established value to the receiving end, end of the session of interaction with the receiving end.

EFFECT: elimination of video stream code decoding errors during reproduction of a video stream.

10 cl, 6 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to cryptography. A chipset function activation method includes: receiving at least one of the following elements: a segmentation key, a general purpose key and a global cryptographic algorithm selector; transmitting at least two of the following elements: an initial value, the obtained segmentation key, the general purpose key and the global cryptographic algorithm selector to a computation module, wherein the initial value, the obtained segmentation key, the general purpose key and the global cryptographic algorithm selector are provided by at least two different organisations; generating in the computation module a temporary key using one of the following elements: at least one cryptographic algorithm of the computation module and at least two elements selected from a group including the initial value, the segmentation key, the general purpose key and the global cryptographic algorithm selector; receiving an activation message using the computation module; receiving an authentication code of said message using the computation module, wherein said message authentication code is calculated using the temporary key; authenticating said received message using the message authentication code and the temporary key; if the received message is authentic, activating the corresponding chipset function; if the received message is not authentic, prohibiting activation of said corresponding chipset function.

EFFECT: effective chipset protection.

11 cl, 1 dwg

Up!