Method of controlling decoders of at least one group of decoders having access to audiovisual data

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to a broadcast encryption method. The technical result is achieved through a method of controlling decoders of at least one group of decoders, having access to audiovisual data, wherein the method comprises the following steps: at a step when the decoder should become a member of a group: obtaining and storing keys relating to a certain position in the group according to the broadcast encryption scheme; obtaining and storing current group access data containing at least the current group access key which is common for said group at the step of accessing the audiovisual data: using the current group access data for direct or indirect access to audiovisual data, at the step of updating the current group access key: transmitting a first group message containing at least the next group access data containing at least the next group access key encrypted such that only uncancelled decoders can gain access thereto, wherein said group message is further encrypted by the current group access key (CGK); updating the current group access key using the next group access key.

EFFECT: high efficiency of controlling access to broadcast content for a large number of subscribers by controlling access only based on keys.

5 cl, 4 dwg

 

The technical field to which the invention relates.

The present invention relates to a method for broadcast encryption, i.e., the way of organizing the distribution of keys to groups of users so that you can effectively manage the connection, renewal and revocation of access rights of one of the members of the group.

Considered in this document, the problem is how to effectively control access to broadcast content for a large number of subscribers, using only one-way flow of broadcast data as a communication channel using access control based only on the keys.

The level of technology

A natural solution to this problem is to encrypt the managed resource (e.g., TV channel) by using the unique key and the provision of this key only to those subscribers who have paid for this service.

This approach works successfully as long as the subscriber decides to cancel your subscription, then the key must be removed from the terminal of the user.

It is essentially impossible to implement in practice, because in order to achieve some performance send the message about the cancellation of each subscriber with to invalidate your subscription required bandwidth W is Reena, proportional to the amount of labelled subscribers, as well as high repetition rate, which further increases the bandwidth requirements to such an extent, when it becomes simply impossible.

In addition, a malicious user can always filter these messages or make a copy of the key and continue to use it after cancellation of your subscription.

Thus, to exclude the subscriber must cancel access rights key and to use instead a new key. However, we need to pass the new key to all remaining subscribers to those who have paid service, you still have access after the change of keys.

Members of the scientific community in the field of broadcast encryption is working to address this problem. However, current schemes for broadcast encryption does not meet the requirements of pay TV or in connection with a linear increase in the length of ciphertexts with the growth in the number of revoked users [2], or due to the fact that the decryption keys are linearly dependent on the number of users in the system [1].

The problem is to find a way of sending the same message about updating keys to all subscribers except those who have cancelled their subscription, usually representing a small percentage of the total to the number.

To send individual messages to each subscriber on the broadcast channel will be required frequency band with a width proportional to the number of subscribers, which will quickly become too wide for practical implementation.

Therefore, it is necessary to use some form of global communication. This message may contain address information, which indicates to the receiver whether it is a legitimate recipient of the message. However, the level of protection this message necessarily created with a secret key that is shared by all subscribers, and thus, any terminal is able to decrypt it and extract the new key is transmitted in a message, no matter addressed whether a given subscriber. This means that, ultimately, the terminal is a trusted device, which will not use this key if not has it right, that is unacceptable, because the terminal is not a trusted device.

It should be noted that the present invention should not be considered as a new method for broadcast encryption. Instead, the present invention provides a new version of dynamic use any method for broadcast encryption without changing the keys related to a specific way broadcast is about encryption. Dynamic means that the receivers with revoked privileges (revoked receivers) leave, and new receivers join the subset of allowed receivers without rekeying the entire group of subscribers of the system of broadcast encryption. In fact, the present invention provides efficient use of the static scheme BE (Broadcast Encryption broadcast encryption) by ascribing the same position in the scheme BE multiple receivers over time (but not more than one receiver at any given time). Thus, the present invention is applicable to all modes of broadcast encryption, known to specialists, as well as future proposals.

[4] In this work we propose new efficient designs for broadcast encryption with the public key, which simultaneously possess the following properties: apply receivers are stateless; encryption protected from fraud for an arbitrarily large number of fraudulent actions of the users, while in the standard model adopted strict security measures; new users can join dynamically, i.e. without modification of the user decryption keys or size ciphertexts and with little change in key sirawan who I am or without such changes.

In this paper, the authors propose a new method for broadcast encryption stateless based on bilinear maps. However, the size of ciphertexts (or the size of the encryption key) linearly depends on the number of revoked receivers, and increases with each revocation of access rights, which is unacceptable for some industrial applications, such as pay TV. It should be noted that our new method can be used in addition to the proposed scheme to reduce the size of the ciphertext and (or) to avoid the problem of key exchange.

[5] WO 2007/138204 A1. This PCT application for the method proposed in [4]).

[6] In this scientific article, the authors propose a new scheme covering subsets based on hash chains, which reduces bandwidth (ciphertexts) 0(R*log(N/R)) to O(R), when compared with the scheme of the complete subtree of [2]. This is achieved by 0(M)-calls one-way function, where N represents the total number of receivers. However, as this scheme is stateless, then, after the receiver leaves the group, it must either continuously removed from future communications with the corresponding increase in the size of the ciphertexts, or some way to change the keys of all authorized receivers. Our solution allows is to eliminate this problem and, essentially, can be used in addition to the scheme proposed by Wang et al., to re-use the keys of the receiver, who left the band for a new receiver without having to change keys.

[7] this paper proposed two schemes for broadcast encryption with the public key. Scheme 1 represents a variant of the circuit of the dynamic broadcast encryption, the proposed Delerablee et al. The computational cost and the size of the (public) encryption key is more efficient compared to the original scheme. The authors note that, using the encryption key in the original scheme, they can more effectively encrypt the message, without using a part of the encryption key. Ensure that all users could obtain this advantage, they introduce a "dummy key" similar to the decryption key. Scheme 2 is an extension of figure 1 used to obtain authenticated schema dynamic broadcast encryption, which allows the receiver to verify the manufacturer of broadcast content. In Scheme 2, they apply the scheme of obtaining the signature proposed by Barreto et al. Scheme 2 is the first scheme, which achieved provable security against broadcast encryption and signing with common parameters and keys. This research is article contains technical improvement schemes, proposed Delerablee Cecile [4], with respect to the storage of keys, but it still does not solve the problem of linear increase in bandwidth depending on the number of revoked receivers.

[8] US 2004/114762. This patent describes a mechanism for rekeying, typical of the way SD (Subset Difference, a difference of subsets) of [2]. In the original scheme, the key difference was obtained by applying a one-way function to the unique key of the receiver, which was obtained using the method of SD. In this new method is proposed to apply a one-way function to the unique key of the receiver together with the current key content. Thus, the key difference varies from one revocation of access rights to the other. Experts agree that the use of one-way function to the message together with the key (in this case, the secret key is a key content) by using fashion the secret suffix vulnerable to attack, as is well known from the prior art (Bart Preneel, Paul C. van Oorschot: MDx-MAC and Building Fast MACs from Hash Functions. CRYPTO 1995). We suggested a different solution, since it does not require and does not use the shift key scheme BE, but uses instead any scheme BE (probably including this one) to exclude cancelled receivers from automatic updates group access key, and the keys to open the canopy and as a consequence, allows the new receiver to derive the position of the previous receiver. Our solution is completely independent of schemes for broadcast encryption and much more protected with a cryptographic point of view.

[9] FR 2850822 A1. This patent describes a mechanism for revocation of access rights, through which messages EMM revocation of access rights Revocation EMM (Entitlement Management Message, the authorization message subscribers)), together with messages ECM (Entitlement Control Message, the message access control) to prevent filtering of these messages by the receiver. Our solution eliminates the problem of filtering messages EMM revocation of access rights, using positive addressing: filtering messages EMM always leads to failure to provide service due to failure of the update operation of the keys in the receiver. Therefore, the combination of messages EMM revocation of access rights and messages ECM described in the above document, is not required and is not used in our system.

Disclosure of inventions

The aim of the present invention is to provide a method that provides flexible control group of decoders that have conditional access to audiovisual content.

Accordingly, we propose a method of handling multiple decoders, it is affected access to broadcast data, each decoder is temporarily assigned to a certain position in the group of decoders that share a common schema broadcast encryption allows you to cancel access rights of at least one decoder group by passing messages addressed to the group, and the method includes the following steps:

a) at the stage when the decoder must become a member of a group:

- choose the available position in the group, allocate this position decoder and mark the item as unavailable;

- transmit the message to the decoder keys pertaining to the specified position in the group according to the scheme for broadcast encryption, and data CGD (current group access data, the current data group, containing at least the current key CGK (current group access key, the current group access key), the total for the specified group, and the message is encrypted with a key that is unique to the decoder;

b) at the stage of access to audiovisual data in the decoder:

- use the current data group access (CGD) for direct or indirect access to broadcast data;

c) at the stage of revocation of access rights, at least one decoder and selectively update the current group access key (CGK) for a group:

- sending a global message, addressed the group and with whom containing a series, at least, the data NGAD (next group access data, the following data group access) that contains at least the key NGAK (next group access key, the next group access key), encrypted using the scheme for broadcast encryption so that only annulirovano decoders will be able to decrypt it, with the specified group message is additionally encrypted by the current group access key (CGK) and describes the position of the specified void decoder as released, and

- seannalewanyj decoders decode the message using the current group access key, optionally decrypts the result using the key broadcast encryption-related positions in the group, and retain the following data group access, in particular, update the next group access key, and

- cancelled decoder decrypting the message using the current group access key, then get a negative result of the decryption key broadcast encryption-related positions in the group, and, thus, receive a negative result update the following data group access, in particular the next group access key.

d) at the stage of re-use position, released earlier cancelled by the decoder:

p> - make the specified next group access key, the current group access key;

- mark previously released position in the group as available.

- start the process from step (a).

The essence of the present invention is to encrypt a message about the update not only in accordance with the keys available for seannalewanyj decoders, but using the current group access key. Consequently cancelled the decoder will not be able to decrypt the next group access key due to the fact that the encryption scheme takes into account the presence of annulirovano decoder, even if at this time cancelled the decoder has a current group access key.

When the following message, when the group key access additional updates, it is no longer necessary to apply an encryption scheme, taking into account the presence seannalewanyj decoders, but simply applies the encryption group key, even if the group key is known revoked decoder. An additional layer of encryption using the current group access key (which was not available cancelled the decoder until the key has been updated), prohibits access to cancelled decoder.

Due to coupling group access key, when cancelled, the decoder does not update the ing group access key, there is no need to worry about cancelled decoders during subsequent updates of the group access key. After this position is cancelled decoder in the group can be quickly reassigned to a new group member, which allows to maintain the efficiency of the scheme for broadcast encryption throughout the life of the system and actually make this scheme feasible even with very large number of decoders.

Brief description of drawings

The present invention will be easier to understand with the help of the attached drawings.

In FIG.1 shows a tree with a broadcast encryption.

In FIG.2 shows a variant with terminal T2.

In FIG.3 shows a variant with the exception of the terminal.

In FIG.4 shows the coupling group key.

The implementation of the invention

This application contains two parts, clutch group key and the distribution of keys, providing an effective mechanism to cancel access rights (cancellation).

When you want to update group access key, the message containing the new group key access pass to the decoders of this group. The message is transmitted in the broadcasting mode, so all decoders, not even belong to this group can accept the message, and the encryption allows you to determine which decoders can really accept the th new group access key.

Consider as an example the group consisting of 256 decoders, in which two decoder must be cancelled. Each decoder contains at least the main group key and the private key. The new group access key is encrypted using the current group access key, and key, available only in those decoders that have not been cancelled.

A simple example of using a trivial schema broadcast coding may lie in the creation, first of all, the cryptogram containing the new group access key and encrypted by the current group access key. This cryptogram (ciphertext) is then encrypted using the private key of the decoder. Next message contains 254 cryptogram, each of which is encrypted with a personal key seannalewanyj decoders. Of course, applicable also to reverse the way in which the new group access key is first encrypted using the private key of annulirovano decoder, and then using the current group access key.

For the next group key update access, the so-called additional next group access key, even if revoked decoders still contain the main group key and its private key, the following message will be containing the ü additional next group access key, only encrypted master key and the next group access key. Since revoked decoders could not access the next group access key, this additional next group access key is not available for data decoders, even if they have the main group key.

According to another example, additional next group access key is encrypted just the next group access key.

The second part of the invention consists in the proposal of the scheme, which significantly reduces the size of the message when it is necessary to make the revocation of access rights. You can imagine the group consisting of 5000 decoders, only one of which is subject to cancellation. In the example above, the next group access key must be duplicated 4999 times, each time connecting it with a personal key seannalewanyj decoders.

In FIG. 4 depicts the process of revocation of access rights. In the upper part shows the audiovisual product (which may be a single channel or group of channels), sequentially encrypted using key K1, K2IR3. It should be noted that this key (K1, K2or K3) can be used to decrypt directly audiovisual products is the same or as a decryption key, to decrypt the message (ECM) containing the keys for decrypting audiovisual product.

In the example shown in FIG. 4, during the first period of time decoders T1, T2, T3 and THAT are part of the group. Group access key C1is the current, when a message arrives K1C2containing the next group access key C2and the key K1to access audiovisual product. In fact, the key product of K1will come sooner than will be used for decryption of the product. The decoders will save the current product key, K1and, at the time of receipt of the next product key, K2he will be ready for use in the switching time of the product with K1for K2.

During the second period of time the group access key C3pass neonomianism decoders. It decoders T1, T2 and T4. Message K2C3is encrypted by the current group access key C2and the keys related to neonomianism decoders T1, T2 and T4. The decoder T3, with the current group access key C2cannot decrypt this message and to access group access key C3.

During the third period of time a message containing the next group access key C4can be simply encrypted with the current group CL is the Choma access C 3. Position in the group, formerly owned by the decoder T3, may be reassigned to the decoder T30) by passing a current group access key, C3and the key or key previously provided to the decoder T3. This remapping can be done only after the group access key C3will be active, i.e., after sending the message, K2C3.

The group organized management system, and each position in the group is associated with a status position. This status can take three States, namely "free", "assigned", and "transitional". When you create a group of all items marked as "free". When a position is assigned to one of the decoders-group members, it is marked as "assigned". As soon as the decoder leaves the group, the position is marked as "transient". This state indicates that this position was used before, and reassign this position should be given special attention. This position can be reassigned immediately after the group key update access to the decoders of this group, except for this particular decoder. The time between the cancellation of the access rights of this decoder and the change group access key for all other decoders is the so-called period of "quarantine". At the end of the quarantine period, poses the function actually becomes "free" and can be re-used.

Management system database of the control center checks the status of the transitional positions and determines that group access key is no longer present in the cancelled decoder, assigned to this position. In this case, the item status can be changed with the "transition" to "free".

If the regular scan of the database is not performed, the status of a particular position is determined when the group you must enter a new decoder. In this regard, if the position is in a "transitional" state, additional validation is performed to determine the results of the quarantine period.

The update message group access key is formed data group access (CGD), which include at least a group access key (CGK). This key can be used to decrypt messages access control entitlement message, ECM) - related services, has access to this group of decoders. As a result, the group access key is used to implement the mechanism of adhesion and access to services.

According to another variant implementation of the data group access contain the session key SK (session key). This session key SK will be used to gain access to the services and decrypt messages access control (ECM) associated with these services.

According to the other variant implementation, when the data group access group containing the access key, taken and stored in seannalewanyj decoders, decoders transmit another message containing the session key SK. Then this message is encrypted group key access, resulting in only annulirovano decoders can desirability and to obtain the session key SK.

Distribution of personal keys

Although the group access key can be distributed in accordance with any scheme for broadcast encryption, as described above, now the present invention will be described an efficient way to distribute keys for the efficient formation of the messages revocation of access rights. The main property of an ideal system broadcast encryption for the purposes of the present invention can be summarized as follows:

if we assume that each terminal in the system is equipped with a unique set of secret keys, the server, knowing the secret keys of each terminal can encrypt a single message in a way that is both efficient (small messages) and can decrypt the message is allowed, but not removed (cancelled) terminal, even if all cancelled terminals collude among themselves.

The proposed scheme

This document discusses a specific diagram illustrating the principle of operation of the present invention. It is described in [3], however it should be noted that, due to insufficient resistance to malicious agreement is not recommended for use in practice, so it is given here in view of its simplicity, to illustrate.

We will adopt the following conventions:

- n is the total number of terminals in the circuit broadcast encryption;

- r - the number of terminals cancelled in the encrypted message;

- log - logarithm base 2;

- K is the size in bytes of the keys to the system (as adopted here, the value is 128 bits=16 bytes)

Then:

each terminal must save (log(n)+1)·k bytes keyset;

- the maximum size of an encrypted message: n/8+K+ (payload) bytes;

terminal should perform no more than r· (log(n)-1) cryptographic operations to extract the encryption key from the message.

Description

The mechanism works with a set consisting of n=2mterminals. The binary tree of keys is constructed, as shown in FIG.1 for a given set, using a one-way function in order to obtain the key of each branch on the key of the node above it.

The function f(K,n) is an open-sided options is Yu (for example, primitive hash function) that receives the key for its two parameters.

Each terminal is assigned a leaf key, as described above, however, this key is not transmitted to the terminal; instead, each terminal is provided with a key to all other terminals in the group, or means for calculating them. For example, as shown in FIG. 2, the keys provided to the terminal T2are the keys K10, K3and K2.

Using the K3terminal T2can compute the key K7and K8and using the K2he can compute the key K11- K14with the help of K5and K6.

By joining the group, each terminal is actually log2(n) keys, as well as an additional group key KG is used for addressing messages to all the decoders of the group.

Then any message you want to send the group or subset of the group, is encrypted as follows:

- if the message is intended for all terminals in the group, it is encrypted group key KGthat is known throughout the terminals.

- if the message is intended for a subset of terminals in the group, the key is formed by combining the hash keys assigned to each excluded the terminal, the message is encrypted with this key: K=Hash(Ka, KB,...,K z).

For example, if the terminal T0and T6excluded, the keys K7and K13together are hashed to compute the key, and the message is encrypted.

Since the terminal T0and T6unknown corresponding keys, they can't calculate the final key, while all other terminals in the group can calculate these keys and, thus, to access the contents of the message.

The resulting encrypted message is essentially the same size as the original, only filling insignificant information and use of the session key slightly increase its length.

In addition to the actual message you want to add some signal information to the receiving terminals knew excluded if they and how to calculate the keys. This is done using a bitmap in which each bit corresponds to a terminal and indicates whether this terminal in the number of recipients of information. Under certain conditions, the bit map can be compressed.

Restrictions

You must use some mechanism to achieve addressable many, amounting to tens of millions, while maintaining the minimum number of cancelled terminals (and, thereby, maintaining acceptable is Irina bandwidth).

The first goal can be easily achieved by splitting the set into a number of subsets of a suitable size and control every subset of an independent set.

The second goal more difficult to achieve without special mechanism to control many cancelled terminals. To resolve this problem, it is suggested the following mechanism for the control of dynamic groups.

Manage dynamic groups

Principle

Use the following principle.

Content put up for sale by the package, typically, by grouping a certain number of services in the form of independent products. Sales unit and, thus, the management unit is the product.

For each product the number of terminals, subscription for this product, is subdivided into a number of groups for which is generated independent system broadcast encryption (for example, using methods well known in the prior art). The number of groups in proportion to the actual number of subscribers of this product (quantity, divided by the group size) and not the total number of terminals.

After subscribing, product terminal in one of the groups associated with the product (if necessary, create a new group), is assigned to the slot. University is a unique set of keys, corresponding to this slot, transmit to the terminal with a message addressed to that particular terminal. Also provides the additional key, the group key access, the use of which is described below.

- For each group of terminals of each product regularly (e.g. every day) is formed by a PA message (Positive Addressing positive addressing). This RA message contains all the keys needed to access the content of the product in the next period (for example, next week or month). This RA message is encrypted using primitive broadcast encryption for this group of terminals and optionally encrypted over the group access key.

- After you cancel the subscription by the user terminal is recorded in the revocation list of the terminals to the corresponding group (product-specific). In the following RA message to the terminal, the access rights are revoked, can decrypt the first encryption level using group access key, but they are unable to decipher the underlying message through the operation of schemes for broadcast encryption. As a result, these terminals cannot extract the key content for the next control period and, therefore, cannot access the content. In addition, they is there to retrieve the next group access key, which is covered by broadcast encryption, and therefore virtually completely excluded from this group.

As soon as the last group access key provided by the revoked terminal is replaced with a new, slot cancelled terminal can be assigned to the new subscriber terminal.

The principle of operation is illustrated by the scheme shown in FIG. 4.

Tnindicates the terminal, solid arrows indicate the available addressable terminal is able to access the message in the middle tier of the scheme. This message is a message of RA, addressing a subset of the set of terminals with schemes for broadcast encryption, containing the keys services Knand encrypted over the group access key Cn.

Advantages

The use of dynamic groups provides three major advantages.

The first advantage is that the number of messages EMM RA generated for any product is directly proportional to the number of subscribers of this product, and not the total number of subscribers. So if any product is purchased by a minority of subscribers, bandwidth RA, which must be maintained, remains small.

The second advantage is that many receivers, any addressable reported the eat EMM RA, extremely homogeneous: indeed, all the receivers have purchased this product, and only a small part of them annulled the rights to it. From this it follows that the address bit field that indicates which of the receivers in the group RA revoked permissions, essentially formed by the bits set to "1" and therefore may be subjected to compression. A simple and efficient compression algorithm will provide a compression ratio 1/14 for cancellation coefficient is 0% 1/6 for the coefficient of cancellation 2% and, nevertheless, 1/3 for the coefficient of cancellation 5%.

The third advantage is that the slots in the group are applied cyclically: when the terminal is excluded from the group, his slot is remapped to the new terminal, maintaining the number of cancelled slots in the group minimal (no more than 2%-3% in the ideal case).

A fourth advantage is that you can apply the methods of broadcast encryption as already known in the art, and new, even more increasing the efficiency (bandwidth, storage of keys terminal and (or) the complexity of the encryption/decryption) of the entire system.

All this, taken together, provides a very efficient use of bandwidth broadcast range.

Reference materials

[1] Dan Boneh, Craig Gentry, Brent Waters: Collusion Resistant Broadcast Encryption ith Short Ciphertexts and Private Keys. CRYPTO 2005

[2] Dalit Naor, Moni Naor, Jeffery Lotspiech: Revocation and Tracing Schemes for Stateless Receivers. CRYPTO 2001

[3] OMA DRM v2.0 Extensions for Broadcast Support, OMA-TS-DRM_XBS-V1_0-20081209-C. pdf, Chapter C. 17

[4] Cecile Delerablee et al. "Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption keys, Pairing 2007

[5] WO 2007/138204 A1 (France Telecom, Delerablee Cecile) "Cryptographic Method with Integrated Encryption and Revocation, System, Device and Programs for Implementing this Method"

[6] Pan Wang et al. "Storage-Efficient Stateless Group Key Revocation", ISC 2004

[7] Masafumi Kusakawa et al. "Efficient Dynamic Broadcast Encryption and Its Extension to Authenticated Dynamic Broadcast Encryption", CANS 2008

[8] US 2004/114762 (General Instrument Corp., Alexander Medvinsky) "Subset Difference Method for Multi-Cast Rekeying"

[9] FR 2 850 822 A1 (CANAL PLUS TECHNOLIES [FR]) "Systeme de television a peage, precede de revocation dans un tel systeme, et decodeur cartes a puces associes, et message transmis a un tel decodeur".

1. Way to manage multiple decoders having access to broadcast data, each decoder is temporarily assigned to a certain position in the group of decoders that share a common schema broadcast encryption allows you to cancel access rights of at least one decoder group by passing messages addressed to the group, including the following steps:
a) at the stage when the decoder must become a member of the group:
- choose the available position in the group, allocate this position decoder and mark the item as unavailable;
- transmit the message to the decoder keys pertaining to the specified position in the group according to the scheme for broadcast encryption as well as the current data group access, containing at least the current group access key, the total for the specified group in the specified message encrypted with a key that is unique to the decoder;
b) at the stage of access to audiovisual data in the decoder:
- use the current data group access for direct or indirect access to broadcast data;
c) at the stage of revocation of access rights, at least one decoder and selectively update the current group access key for the group:
- sending a global message addressed to the group and contain at least the following data group access, containing at least a next group access key, encrypted using the scheme for broadcast encryption so that only annulirovano decoders will be able to decrypt it, with the specified group message optionally encrypt the current group access key, and describe the position of the specified void decoder as released, and
- seannalewanyj decoders decode the message using the current group access key, optionally decrypts the result using the key broadcast encryption-related positions in the group, and retain the following given the group access in particular, update the next group access key, and
- cancelled decoder decrypting the message using the current group access key, then get a negative result of the decryption key broadcast encryption-related positions in the group, and, thus, receive a negative result update the following data group access, in particular the next group access key;
d) at the stage of re-use position, released earlier cancelled by the decoder:
- make the specified next group access key, the current group access key;
- mark previously released position in the group as available;
- start the process from step (a).

2. The method according to p. 1, wherein the data group access also contain the session key used for direct or indirect access to audiovisual data relating to this group.

3. The method according to p. 1, characterized in that the transmit second group message containing the session key, with the specified group message encrypted by the current group access key, and the session key is used for direct or indirect access to audiovisual data relating to this group.

4. The method according to p. 1, characterized in that the selection position available beginning is only the position next to the already selected position to consistently concentrate all used positions.

5. The method according to p. 1, characterized in that the selection of available positions starting from a position located between the two already selected positions to consistently concentrate all used positions.



 

Same patents:

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. The invention can be implemented in a conditional access content broadcast system where it is desirable to identify and take measures against receiving equipment, applied when sharing control words. Owing to the requirement that receiving equipment used in the system transmits to a transmission station a conditional access content message at a precisely defined time, the invention provides a method through which a server identifies receiving equipment participating in the sharing of control words and prevents said receiver from further accessing said content.

EFFECT: effective protection of transmitted content.

12 cl, 2 dwg

FIELD: physics, computer engineering.

SUBSTANCE: method of securing transmission of multimedia content or a control word between a security processor and a terminal comprises steps of pre-recording multiple secret codes Ci1 into a terminal, each secret code Ci1 enabling to decode the multimedia content or control word encoded by a corresponding session key SKi, obtained by encoding a SK_root key using a parameter Pi, wherein one of the parameters Pi is a parameter Pc; the terminal receives (122) the parameter Pc in a message, also containing multimedia content or a control word to be decoded by the security processor, and from the set of recorded secret codes, a secret code Cc1 is selected (132) to be used as a function of the parameter Pc or another parameter contained in the same message.

EFFECT: improved security.

11 cl, 6 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to a device and method for secure transmission to various personal user devices of recorded copies of a multicast audiovisual program and legal use of the recoded audiovisual program being guaranteed by an innovative approach using data scrambling and marking techniques. The technical result is achieved by an apparatus and a method which includes the following steps: calculating a first mark as a function of a unique identifier of a receiving user device or an external secure device; calculating on said receiving user device a first marked audiovisual stream from said secure stream as a function of said first mark and the said complementary stream; transmitting said secure stream from said receiving device to a second device; calculating a second mark as a function of a unique identifier of a second device, an external secure device or a user using said second device; calculating on the said second user device a second marked audiovisual stream from said secure stream received from said receiving device as a function of the second mark.

EFFECT: providing identification of hacking attempts by marking content with a unique mark for each consumer device.

15 cl, 8 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of controlling access to a set of channels using a receiver/decoder comprising a security module (SC), each channel being encrypted by a specific channel control word (CW1, CW2), each channel having a channel identifier and transmitting access control messages ECM containing at least the current channel control word and the channel access conditions. The method comprises the following steps: tuning to a first channel having a first channel identifier (ID1); transmitting the ID1 to the SC; receiving first access control messages ECM1 containing a first control word (CW1); transmitting the first access control messages ECM1 to the SC; decrypting the first access control messages ECM1 and verifying the channel access conditions; if the access conditions are met; transmitting the CW1 to the receiver/decoder; storing of the CW1 and the ID1 in the SC; tuning to a second channel having a second channel identifier ID2; transmitting the ID2 to the SC; calculating, by the SC, the second control word (CW2) by performing the following steps: calculating a root control word (RK) with an inverse cryptographic function F-1 using the CW1 and the ID1; calculating the CW2 with the cryptographic function F using the RK and the ID2; transmitting the CW2 to the receiver/decoder.

EFFECT: reducing channel switching time when a user selects another channel.

9 cl, 3 dwg

FIELD: information technology.

SUBSTANCE: disclosed is a content download system comprises: a content supplying device, a content receiving device, a download apparatus designed to download encrypted content and playing control data necessary for playing said content from said content supplying device according to user operations; obtaining apparatus to confirm the existence of a license which includes a key for decrypting said encrypted content based on said playing control data when playing said downloaded content, and to obtain said license according to the confirmation result; and playing apparatus to play said encrypted content using said obtained license. Playing control metafile describes <content_title>, <drm_server_uri>, <license_id>, <license_type>, <license_description>, <user_confirmation>, <user_messsage>, and <price>. In the case when multiple licenses are set for a single content, the items <license_id> through <price> describe only the number of set licenses.

EFFECT: design of a system which provides different content downloading service modes.

17 cl, 45 dwg

FIELD: information technologies.

SUBSTANCE: method of a conversion system operation to manage digital rights to grant a license to a client's device corresponding to coded content consists in the following. The first content of the first type of digital rights content and the first license corresponding to the first content are converted to manage digital rights in order to generate the second content of the second type of digital rights content and the second license corresponding to the second content. A license request is received, corresponding to the second content distributed by means of superdistribution to a third party. The second license corresponding to the second content distributed by means of superdistribution is requested from a server corresponding to the second management of digital rights. The second license corresponding to the second content distributed by means of superdistribution is received and sent to a third party.

EFFECT: expansion of functional resources due to development of a license granting mechanism for appropriate content distributed by means of superdistribution.

17 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: invention proposes a method for processing a transport stream (TS) received as an input TS in a processing device (SDR), the transport stream comprising a plurality of elementary streams (ES), each ES being a set of TS packets having the same Packet IDentifier (PID), at least one of these ES being time-sliced so as to be sent in bursts, timing information indicating within a burst the time to the beginning of the next burst, applying a filtering operation to the input TS so as to filter out from the input TS part or all of one or more time- sliced ES; modifying the bursts scheduling of the input transport stream so as to generate a DVB-H compliant output TS from the filtered input TS.

EFFECT: providing a technology which, based on centralising the created TS, creates and synchronously distributes specific local TS to each specific cell of a single-frequency network (SFN).

16 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: first user can support one or more content "portals", which can be accessed by at least a subset of members of an online community. Access to content of any portal can be based on the level of confidentiality of the portal and the level of confidentiality, for example, access parametres provided to a person. The level of confidentiality and linking the content can be hierarchical and/or non-overlapping. That way, a user can transparently exchange data with several uses simultaneously independent of their context or level of confidentiality while preserving the confidentiality boundaries of each portal.

EFFECT: enabling a user to assign or set varying levels of confidentiality for their information or content in order to control access to such information by other users.

18 cl, 13 dwg

FIELD: information technologies.

SUBSTANCE: method includes the following stages: receipt of the first control message (ECM1), containing at least one control word (CW) and time score (TS); receipt of the second control message (ECM2), following the first control message (ECM1), besides, the second control message contains at least one control word (CW) and time score (TS); detection of duration of time period, corresponding to difference between time scores (TS) of two serial messages ECM1, ECM2; increasing counter of errors (CE) in case specified duration of time period is less than previously set duration (CP); reducing counter of errors (CE) in case specified duration of time period equals or exceeds specified previously set duration; return of control word (CW) into module of processing (STB) as waiting time expires, which depends on value of counter of errors (CE).

EFFECT: prevention of access to coded content in case of fraudulent use of decoders.

16 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: invention relates to method of control of access to data (CT) coded by means of control words (CW) received by protection module in control messages (ECM) and returned to module of coded data processing. Control messages (ECM) contain at least the first control word (CW1) and the second control word (CW2), at the same time each of specified control words provides access to coded data (CT) during the specified period of time called cryptoperiod (CP). Method includes the following actions: transfer of coded data into at least one module of processing; and transfer of control messages (ECM) into specified processing module, besides, control messages (ECM) contain at least two specified control words (CW1, CW2) and are sent to processing module after transfer of data coded by means of the first control word (CW1) and prior to transfer of data coded by means of the second control word (CW2), time shift between transfer into module of processing of data coded by means of the first control word (CW1) and transfer of control message (ECM), containing the first control word (CW1) and the second control word (CW2), makes more than 75% of cryptoperiod.

EFFECT: prevents access to coded content with fraudulent use of two decoders with only one module of protection.

4 cl, 4 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. The invention can be implemented in a conditional access content broadcast system where it is desirable to identify and take measures against receiving equipment, applied when sharing control words. Owing to the requirement that receiving equipment used in the system transmits to a transmission station a conditional access content message at a precisely defined time, the invention provides a method through which a server identifies receiving equipment participating in the sharing of control words and prevents said receiver from further accessing said content.

EFFECT: effective protection of transmitted content.

12 cl, 2 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to cryptography. A chipset function activation method includes: receiving at least one of the following elements: a segmentation key, a general purpose key and a global cryptographic algorithm selector; transmitting at least two of the following elements: an initial value, the obtained segmentation key, the general purpose key and the global cryptographic algorithm selector to a computation module, wherein the initial value, the obtained segmentation key, the general purpose key and the global cryptographic algorithm selector are provided by at least two different organisations; generating in the computation module a temporary key using one of the following elements: at least one cryptographic algorithm of the computation module and at least two elements selected from a group including the initial value, the segmentation key, the general purpose key and the global cryptographic algorithm selector; receiving an activation message using the computation module; receiving an authentication code of said message using the computation module, wherein said message authentication code is calculated using the temporary key; authenticating said received message using the message authentication code and the temporary key; if the received message is authentic, activating the corresponding chipset function; if the received message is not authentic, prohibiting activation of said corresponding chipset function.

EFFECT: effective chipset protection.

11 cl, 1 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to information decryption methods. The method comprises steps of, in response to the absence in any of the terminals of one or more control words CWc for decrypting one or more multimedia content cryptoperiods, transmitting through said terminal to a control word server a request containing a cryptogram(s) of said one or more absent control words, and in response, transmitting by the control word server to said terminal said one or more absent control words, wherein the control word server selectively determines for each terminal the number of additional control words CWs intended for transmission to the terminal depending on the probability of compromising the protection of said additional control words, and besides the absent control words CWc, transmitting to said terminal said determined number of additional control words CWs, which enables the terminal to decrypt additional multimedia content cryptoperiods in addition to cryptoperiods decrypted using the requested absent control words CWc.

EFFECT: ensuring secure transmission of control words.

10 cl, 6 dwg

FIELD: radio engineering, communication.

SUBSTANCE: apparatus comprises: a unit which stores a key used for encrypting or decrypting data; a unit which receives a key transmission request including a key-dividing number via a wireless signal from an operation terminal; a unit which acquires a key transmission request from the wireless signal received by the reception section; a unit which determines a security level when transmitting the key to the operation terminal, as a transmission security level; a unit which determines a transmission power in accordance with the transmission security level determined by the security level determination unit and the key-dividing number included in the key transmission request acquired by the key transmission request acquisition unit; a unit which acquires each key fragment by dividing the key stored in the storage unit into the key-dividing number; and a unit which transmits the each key fragment acquired by the key acquisition unit using the transmission power determined by the transmission power determination unit, via a wireless signal to the operation terminal.

EFFECT: safer data transmission.

15 cl, 9 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to a network operation method. A network comprises a node and a system control device. A system control device comprises a root key material which is a set of functions, each having a degree of complexity α, and a node is provided with a portion of key material of a node having a degree of complexity α extracted from the root key material. The system control device generates a portion of key material for an external user with a degree of complexity α from the root key material and generates an access identifier. The system control device generates access key material with a degree of complexity less than α from the portion of key material for the external user and generates a node identifier. The system control device provides the external user with a portion of access key material and the node identifier. The external user extracts a key from the portion of access key material and sends to the node said key and access identifier. The node calculates a key from the access identifier and the portion of node key material and compares the key sent by the external user and the key calculated by the node in order to identify the external user.

EFFECT: improved security.

14 cl, 4 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to methods of providing secure communication in a network. The method comprises: an administration device provided with root keying materials, and steps of: generating, by the administration device based on the root keying materials, parts of keying material of a first node containing a certain number of sub-elements, and parts of keying material of the first node, assembled for generating a first terminated key, the administration device selects a subset of sub-elements of the first parts of the keying material, wherein the number of selected sub-elements is less than or equal to the total number of sub-elements of the first parts of the keying material, and the selected sub-elements form partial parts of the keying material of the first node or a symmetrical key generation mechanism, the first node generates, based on the symmetrical key generation mechanism of the first node and on a second node identifier, a first key used to provide secure communication with a second node.

EFFECT: more secure data transmission in a network.

6 cl, 7 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering and specifically to means of secure communication in a network. The method relates to secure transmission of information from a first node (N1) to a second node (N2) in a network, the first node comprising a first node keying material (KM(ID1)), the second node comprising a second node keying material (KM(ID2)), wherein the keying materials of the first node and of the second node comprise each a plurality of shared keying root parts formed by segments of the shared keying root parts. A communication network, having at least two communication devices, carries out said method.

EFFECT: safer communication by dividing keys into segments for predistributed keying material according to a variable distribution.

13 cl, 5 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering. A method of controlling access to a set of channels using a receiver/decoder comprising a security module (SC), each channel being encrypted by a specific channel control word (CW1, CW2), each channel having a channel identifier and transmitting access control messages ECM containing at least the current channel control word and the channel access conditions. The method comprises the following steps: tuning to a first channel having a first channel identifier (ID1); transmitting the ID1 to the SC; receiving first access control messages ECM1 containing a first control word (CW1); transmitting the first access control messages ECM1 to the SC; decrypting the first access control messages ECM1 and verifying the channel access conditions; if the access conditions are met; transmitting the CW1 to the receiver/decoder; storing of the CW1 and the ID1 in the SC; tuning to a second channel having a second channel identifier ID2; transmitting the ID2 to the SC; calculating, by the SC, the second control word (CW2) by performing the following steps: calculating a root control word (RK) with an inverse cryptographic function F-1 using the CW1 and the ID1; calculating the CW2 with the cryptographic function F using the RK and the ID2; transmitting the CW2 to the receiver/decoder.

EFFECT: reducing channel switching time when a user selects another channel.

9 cl, 3 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to distribution of a cryptographic secret key between a transmitting side and a receiving side. An apparatus for secure reception and transmission of data comprises a key generation controller and a unit for providing the number of iterations.

EFFECT: facilitating automatic control of security and latency for generating a cryptographic secret key by setting a number of iterations, based on which the number of messages to be exchanged while generating the cryptographic secret key is controlled.

11 cl, 17 dwg

FIELD: radio engineering, communication.

SUBSTANCE: invention relates to a wireless communication device. The device includes: a plurality of communication modules for transmission, which are adapted to modulate and transmit a transmission object signal; the communication modules for transmission include at least one communication module for transmission in which a modulation method is employed, which is different from the modulation method employed in another communication module(s) for transmission.

EFFECT: transmitting a signal appropriately even with low carrier frequency stability.

20 cl, 78 dwg

FIELD: communication systems.

SUBSTANCE: system has receiver, transmitter, processing element, connected to receiver and transmitter and controlling receiver and transmitter, digital rights module, connected to processing elements and controlling operation of communication device in digital rights environment on domain basis, while digital rights module of communication device together with dispenser of domains of digital rights environment on domain basis is made with possible selective addition of communication device to domain, owning one or several communication devices, which together use a cryptographic key.

EFFECT: possible selective retrieval and decoding of digital content on basis of membership in a domain.

10 cl, 11 dwg

Up!