The method of loading data in a receiver/decoder and mpeg system broadcast mpeg to implement

 

(57) Abstract:

In the digital television system in which the TV set receives the TV signal via the receiver/decoder, for example, in the form of consoles, the receiver/decoder may be loaded and executed application. The application code is presented in the form of modules, and the module loading is preceded by a search module directory within a specified local address. The modules are signed, and the module directory is signed and encrypted so that for all modules comprising the application, to use a single encryption operation. In the ROM of the receiver/decoder is a large number of public encryption keys, so that applications can be generated by many different sources, and those sources do not need to know the encryption keys of each other. Provides a means for temporary storage of the encryption key in the memory of the receiver/decoder, so that the manufacturer of the receiver/decoder may check its functions. The signature of the catalog can be hidden in any position of the block of dummy data in the module directory. To be downloaded, the application can be tested using the bit array validation stored in the memory of the receiver/decode the K/MPEG decoder; such a receiver/decoder; and the system broadcast MPEG.

The emergence of systems transmit digital data intended primarily for signals of television broadcasting, in particular, but not exclusively, satellite television systems, has opened the possibility of using such systems for other purposes. One of them is to provide a user interactive mode.

One of the ways engineering is the application in the receiver/decoder, which is received television signal. The code for this application could be permanently stored in the receiver/decoder. However, this would be the limiting factor. Preferably, the receiver/decoder should be able to download the code for the desired application. Thus can be provided with greater flexibility, and the application can be updated without any user interaction.

In the MPEG system, application code can be downloaded in MPEG tables. However, there is a limit on the size of the piece of code that can be loaded using one of the MPEG tables. Moreover, if before the application can be executed, it must be loaded fully, eimet able to download the application as a set of modules. This, however, in turn, creates the problem of providing opportunity identification and selection of the MPEG bit stream of modules required for a given application. The first aspect of the present invention is aimed at solving this problem.

In accordance with the first aspect of the present invention proposes a method of loading in the receiver/decoder MPEG at least part of the application, containing the following:

split the application into multiple modules;

the format of each module in the form of a corresponding MPEG tables, and all tables have the same table identifier (TID) and the corresponding different extension table identifier (TID-extension), other than one predetermined TID-extension;

the generation of MPEG tables directory for modules that have the same mentioned TID and the above-mentioned predetermined TID-extension, this directory contains the names of each of the modules and the corresponding TID-extension;

cyclic broadcasting of MPEG tables and directory MPEG table modules in the MPEG bit stream; and in the receiver/decoder MPEG:

the reception of the MPEG bit stream;

download the MPEG table, which is referred to a predetermined TID-extension in order to download R>
loading at least one of MPEG tables of modules having the same TID as loaded MPEG table directory, and TID-extension determined from a downloaded MPEG tables directory.

Thus, an application is built from multiple modules, which can be downloaded, and, respectively, is performed, if necessary. The table can be easily identified because it has a special TID-extension, and once it's loaded, it allows the receiver/decoder to identify the table of modules corresponding TID-extensions.

Preferably the method includes the additional following operations: enable broadcast in MPEG table catalog identify its version; and

in the receiver/decoder:

determining whether the version currently being broadcast MPEG table directory is newer than the version currently loaded MPEG table directory and, if so, the repetition of loading operations MPEG tables catalog definition TID-extensions and download at least one of MPEG tables modules.

Thus, if the application should be modified, it can be determined automatically and will download an updated directory and any obnovleniya transmitted separately in the MPEG bit stream, each of MPEG sections contains in its predetermined portion of the identification of the provisions of this MPEG section in the above-mentioned MPEG table and the number of sections in the above-mentioned MPEG table.

In accordance with the second aspect of the present invention proposes a receiver/decoder MPEG to implement part of the method according to any of the preceding items, comprising:

a receiver for receiving the MPEG bit stream;

tool storage;

and a processor which is programmed so that initiates the loading of the storage medium from the received MPEG table, which has a predetermined ID extension to determine the content of MPEG tables catalog ID extensions MPEG tables module and initiates the loading of the storage medium at least one of MPEG tables of modules having the same TID as loaded MPEG table directory, and TID-extension determined from a downloaded MPEG tables directory.

Preferably the processing means is programmed to determine whether the version of the currently received MPEG table directory is newer than the version downloaded MPEG table directory, and, if so, to repeat the download of MPEG tables catalog definition TID-extensions and download the and at least one of the tables modules formatted as a set of separately transmitted sections, preferably the processor is programmed to initiate a boot loop MPEG sections in the storage medium as long as the processor will not be determined by identifying the position of the sections and specify the number of partitions loaded sections that all partitions are already loaded.

Preferably, the receiver/decoder contains a parallel port and/or serial port, made with the possibility of receiving the application, formatted in the form of at least one MPEG table, and in this case preferably uses the short format MPEG-2, while the long format MPEG-2 is preferably used for remote receive, for example, via satellite or cable.

This is especially useful when the manufacturer wishes to test specific functions of the receiver/decoder, because the application can be downloaded without the need to broadcast it via satellite television system.

In accordance with a third aspect of the present invention, a system broadcast MPEG, containing:

means for dividing the application to be loaded in the receiver/decoder MPEG, on the set all have the same TID and the corresponding various TID-extensions other than a pre-determined TID-extension;

means for generating MPEG tables directory for modules that have the same mentioned TID and the above-mentioned predetermined TID-extension, this directory contains for each module name of the module and the corresponding TID-extension;

means for generating MPEG tables directory for modules that have the same TID and the above-mentioned predetermined TID-extensions, this directory contains the names of each of the modules and the corresponding TID-extension;

means for cyclic broadcast MPEG tables and directory MPEG table modules in the MPEG bit stream.

Preferably, the system further comprises means to generate a version identifier for MPEG table directory, and in this system, a means of generating MPEG table catalog is made with the possibility of adding in MPEG table catalog generated identifier for the version.

Formatter modules can be configured to format at least one of MPEG tables of modules in the form of multiple MPEG sections, each of which contains in its predetermined portion of the identification of the provisions of this MPEG section in the above-mentioned MPEG table and decree who download unauthorized applications which may contain, for example, a virus. In accordance with this can be the concept of encryption and the use of signatures for at least part of the application code.

In accordance with the fourth aspect of the present invention proposes a method of downloading data in a receiver/decoder MPEG, containing the following:

generating a signature for the data to be loaded;

encryption of a signature using a secret key;

formatting be loading data, the encrypted signature and the identifier of the secret key in the form of MPEG tables;

broadcast MPEG table; and in the receiver/decoder:

welcome MPEG tables;

select one of the many public keys according to the key identifier in the received MPEG table;

decrypt the encrypted signature in the received MPEG table using the selected public key to obtain a decrypted signature;

generating a signature for the data in the received MPEG table;

and comparing the decrypted signature and the signature generated by the receiver/decoder for the received data.

Thus, the receiver/decoder can be used to download with an encrypted signature the other.

The method may further comprise a load operation in the receiver/decoder applications digitally signed, encrypted using the secret key with a predefined identifier, the execution of the application in the receiver/decoder to generate the reception by the receiver/decoder extra key, save an additional key in the RAM in the receiver/decoder. In this case, when the application runs, an additional switch may be provided to the receiver/decoder in place, for example, through a parallel port, serial port or reader smart card receiver/decoder. If the receiver/decoder is connected to the modem, the receiver/decoder preferably made so as to prevent the receipt of such additional key via modem.

These features allow the manufacturer may wish to test the receiver/decoder to load the key in the receiver/decoder.

The method may further comprise operations in the receiver/decoder, search protected area of memory of the receiver/decoder of the valid flag for the selected public key and ban or stop retrieving data e is constantly be in memory of the receiver/decoder, any of them can be selectively disabled, which may be necessary if, for example, when the secrecy of the secret key corresponding to a particular public key is compromised, or when two operators using the same keys, decide that they wish to have separate keys.

When the receiver/decoder is configured to download the applications digitally signed, encrypted using the secret key with a predefined key identifier, as described above, in the protected memory of the receiver/decoder a secret key with a predefined identifier of the key that has the flag validation, which can be changed in the mentioned application, as well as the possibility of receiving said additional key is determined depending on the status of this flag validation.

These additional features flag validating public keys can be provided regardless of the fourth aspect of the invention. Accordingly, in the fifth aspect of the present invention proposes a method of downloading data in a receiver/decoder MPEG, containing the following:

generating a signature of subject data loading the encrypted signature and the identifier of the secret key in the form of MPEG tables;

broadcast MPEG table; and in the receiver/decoder:

welcome MPEG tables;

search in the protected memory of the receiver/decoder flag validation for the selected public key corresponding to the identifier of the secret key that is specified in the received MPEG table; and, if the found flag is set:

decrypt the encrypted signature in the received MPEG table using a public key corresponding to the identifier of the secret key specified in the received MPEG table to obtain the decrypted signature;

generating a signature for the data in the received MPEG table; and comparing the decrypted signature and the signature generated at the receiver/decoder for the received data.

The methods of the fourth and fifth aspects of the present invention preferably additionally include the following: code generation admissibility to be loading data, which is encrypted together with the signature when performing encryption and decrypted together with the signature when performing decryption;

search for stored code validation in sedimenta validation.

Thus, the receiver/decoder may be configured to accept only certain applications or types of applications.

These additional features may be provided independently from the fourth and fifth aspects of the invention. In accordance with this sixth aspect of the present invention proposes a method of downloading data in a receiver/decoder MPEG, containing the following:

generating code validation to be loading data;

generating a signature to be loading data or parts thereof;

encryption code validation and signature using the secret key;

formatting be loading data and encrypted code validation and signature in the form of at least one MPEG tables;

broadcast this or each of the MPEG tables; and in the receiver/decoder:

acceptance of this or all MPEG tables;

decryption of the encrypted code validation and signature in the adopted(s) MPEG table(s) using the public key corresponding to the specified secret key;

search for stored code validation in protected memory of the receiver/decoder;

comparison Naydenov the data taken(oops) MPEG table(s) or referred to them;

and comparing the decrypted signature and the signature generated at the receiver/decoder for the received data.

Preferably the method further comprises the operation prohibition or termination load the data if the results of the comparison code validation code found validation and decrypted code validation do not coincide with each other.

In the fourth to sixth aspects of the present invention can be provided that the signature be loading data in encrypted block of data that contains other data, with some selected offset between the beginning of the data block and the beginning of the signature, and the encrypted data block is decrypted with the operation of decoding in the receiver/decoder, and optionally including operations in the receiver/decoder, a search of at least one of the offset stored in protected memory of the receiver/decoder, and extracting a signature from the decrypted data block using the one found offset from the start of the decrypted data block.

Thus, the signature may be hidden among the dummy data, which complicates the detection of the location under Holcim certain groups of receivers/decoders.

These features can be provided regardless of the aspects of the invention from the fourth to the sixth. In accordance with the above, in the seventh aspect of the present invention proposes a method of downloading data in a receiver/decoder MPEG, containing the following:

generating a signature to be loading data;

the inclusion of the signature and other data in the data block with a selected offset between the beginning of the data block and the beginning of the caption;

the encrypted data block using the secret key;

formatting be loading data and encrypted data block in the form of MPEG tables;

broadcast MPEG table; and in the receiver/decoder:

and receiving MPEG tables;

decryption of the encrypted data block in the received MPEG table using a public key corresponding to the mentioned secret key;

search at least one of the offset stored in protected memory of the receiver/decoder;

removing the signature from the decrypted data block using the found offset from the start of the decrypted data block;

generating a signature for the data in the received MPEG table; and

comparison of signatures extracted from d is In the case when the said protected memory area contains at least two such stored offset and, if the results of operations comparison of the extracted signature and the generated signature does not match, the method preferably includes the additional step of repeating the steps of searching, retrieval and comparison with other stored offsets.

At least some of the remaining data in the data block can be fictitious or random data, but, if so, preferably none of the fragments of the dummy data does not match the signature.

In aspects of the invention from the fourth to the seventh data can be loaded into multiple data units, and the method may include the following:

generating a signature module for each data module to be loaded;

formatting data in the form of MPEG tables modules;

generating catalog, including the ID of each MPEG table module and the corresponding signature, and the specified directory is the object of the operation of the signature generation according to any one of paragraphs.11-24; and in the receiver/decoder:

generating appropriate signature module for each of the modules in p the corresponding signature module, generated in the receiver/decoder.

Therefore, although the data that you want to download, consist of many modules for encrypting module requires only one process of encrypting; and only one process of decryption is required for verification of signatures.

These features can be provided regardless of the aspects of the invention from the fourth to the seventh. In accordance with the above, in the eighth aspect of the present invention proposes a method of loading multiple data modules in the receiver/decoder MPEG, containing the following:

generating a signature module for each module to be loaded data;

formatting data in the form of MPEG tables modules;

the generation of the directory containing the ID of each MPEG table module and the corresponding signature;

generating the signature directory for a directory;

encryption catalog signature using the secret key;

the format of the directory and the encrypted signature catalogue in the form of MPEG tables directory;

broadcast MPEG tables directory and modules; and at the receiver/decoder:

welcome MPEG tables directory and modules;

decoding zashifrovannaja secret key;

generating a signature for directory directory in the received MPEG table directory;

comparing the decrypted signature catalog and catalog signature generated at the receiver/decoder;

generating appropriate signature module for each module in the received MPEG table modules; and

comparing the signature of each module in the received MPEG table directory with the appropriate signature module, generated in the receiver/decoder.

Preferably the method further includes an operation prohibition or termination module load data if the signature of a module in the received MPEG table directory and a corresponding signature module, generated in the receiver/decoder for this module, do not coincide with each other.

The above method preferably also includes the operation of a prohibition or termination load the data, if the results of the comparison indicated or each of the decrypted signature and the generated signature do not match with each other.

In accordance with the ninth aspect of the present invention proposes a receiver/decoder MPEG to implement part of the method according to the fourth aspect of the invention, containing:

means for receiving MPEG tables;
; The

the processor, which is programmed in such a way as to select one of the stored public keys according to the key identifier in the received MPEG table; desirability encrypted signature in the received MPEG table using the selected public key to obtain a decrypted signature; generating a signature for the data in the received MPEG table; and comparing the decrypted signature and the signature generated at the receiver/decoder for the received data.

Preferably as a means of storing keys used ROM, and an identifier for each of the public keys can be defined by the physical location of the public key in the storage medium key.

The receiver/decoder may further comprise a region of a volatile memory, and in which the processing means is arranged to download the applications digitally signed, encrypted using the secret key with a predefined identifier, the execution of the application in the receiver/decoder to generate the reception by the receiver/decoder extra key, and save an additional key in the field energosafety such additional key which is available in the receiver/decoder in place, such as a parallel port, serial port or reader smart card receiver/decoder. Preferably volatile memory is provided by RAM. Again, if the receiver/decoder is connected to the modem, preferably, the receiver/decoder is made so that it could prevent the admission of such additional key via modem.

The receiver/decoder may further comprise a secure memory area for storing flag validation for each of at least some public keys, in which the processing means is programmed to search in a protected memory area of the flag validation for the selected public key, and also to prohibit or when data has finished loading if the found flag is not set.

The receiver/decoder may further comprise a secure memory area for storing flag validation for the secret key with predefined key identifier, and in which the processing means is configured to, when executing the above-mentioned application to modify this flag is CLASS="ptx2">

This last feature may be provided independently of the ninth aspect of the present invention. Accordingly, in the tenth aspect of the present invention proposes a receiver/decoder MPEG to implement part of the method according to p. 17, containing:

means for receiving MPEG tables;

means for storing a public key and identifier for the specified public key; and

protected memory area for storing flag validation public key; and

a processor that is programmed to search in protected memory of the receiver/decoder flag validation public key corresponding to the secret key specified in the received MPEG table, and, if the found flag is set, the decryption of the encrypted signature in the received MPEG table using a public key corresponding to the secret key specified in the received MPEG table, with the purpose of obtaining a decrypted signature, generating a signature for the data in the received MPEG table, and comparing the decrypted signature and the signature generated at the receiver/decoder for the received data.

Preferably, the memory for storing flag(s) check notesto such public keys, preferably, the memory for storing flag(s) validation arranged in the form of a bit array.

The receiver/decoder in the ninth or tenth aspect of the present invention may further comprise a secure memory area for storing code validation, and in which the processing means is programmed to decrypt the code validation in this adopted MPEG table, searching for stored code validation and comparison of the found code validation and decrypted code validation.

This last feature may be provided independently of the ninth and tenth aspect of the present invention. Accordingly, in the eleventh aspect of the present invention proposes a receiver/decoder MPEG, containing:

means for receiving MPEG tables;

means for storing a public key and identifier for the specified public key;

protected memory for storing code validation; and

the processor is programmed to decrypt encrypted code validation and signature in the received MPEG table using the stored public key, sooranna found code validation and decrypted code validation; generating a signature for the data in the received MPEG table or referred to it; and comparing the decrypted signature and the signature generated at the receiver/decoder for the received data.

Preferably the processing means is programmed to prevent or end load the data if found code validation and decrypted code validation do not coincide with each other.

Preferably, the memory for storing code validation is provided a rewritable non-volatile memory and is organized in the form of a bit array.

The receiver/decoder aspect of the present invention from the ninth through the eleventh may further comprise a secure memory area for storing at least one of displacement, and in which the processing means may be programmed to decrypt the encrypted data block in the received MPEG table, the search mentioned one stored offset in protected memory and extracting a signature from the decrypted data block using the found offset from the beginning of the decrypted data block.

This last feature may be provided independently of the aspects is proposed to use a receiver/decoder MPEG, comprising: means for receiving MPEG tables;

means for storing a public key and identifier for the specified public key;

protected memory area for storing at least one offset; and

a processor programmed to decrypt the encrypted data block in the received MPEG table using the stored public key corresponding to the secret key; searching stored mentioned offset in a protected region of memory; extracting a signature from the decrypted data block using the offset from the start of the decrypted data block; generating a signature for the data in the received MPEG table; and comparing the signature extracted from the decrypted data block, and the signature generated at the receiver/decoder for the received data.

Preferably, the memory for storing the offset is provided a rewritable non-volatile memory.

In the receiver/decoder aspect of the present invention from the ninth through the twelfth processor can be programmed to generate the appropriate signature module for each module in the received MPEG table of modules and comparing each signature LASS="ptx2">

This last feature may be provided independently of the aspects of the present invention from the ninth through the twelfth. Accordingly, in the thirteenth aspect of the present invention proposes a receiver/decoder MPEG, containing:

means for receiving MPEG tables directory and modules;

means for storing a public key and identifier for this public key; and a processor programmed to decrypt the encrypted signature directory in the received MPEG table directory using the stored public key corresponding to the secret key; generating a signature for directory directory in the received MPEG table directory; comparing the decrypted signature catalog and catalog signature generated by the receiver/decoder; generating appropriate signature module for each module in the received MPEG table module; and comparing each signature module in the received MPEG table directory, and appropriate signature module generated by the receiver/decoder.

Preferably the processing means is programmed to ban or crash module load data if the signature of a module in the received MPEG table directory and soo is edocfile in the receiver/decoder aspect of the present invention from the ninth through the thirteenth processor programmed to ban or completion of data loading, if one or each of the decrypted signature and the generated signature do not match with each other.

Now the preferred features of this invention will be described solely on the example using the attached drawings, in which:

in Fig.1 presents the General architecture of a digital television system;

in Fig.2 shows the architecture of an interactive system in a digital TV system with Fig.1;

in Fig. 3 shows a functional diagram of the interface of the receiver/decoder, which is part of the system shown in Fig.1 and 2;

in Fig. 4 shows a schematic representation of a remote control device used in a digital TV system);

Fig. 5 illustrates the location of files loaded into the receiver/decoder module;

Fig.6 illustrates the relationship between the components of the MPEG bit stream;

in Fig.7 shows how an application can be divided into modules/tables, which, in turn, can consist of sections;

Fig.8 illustrates the contents of the module directory;

Fig.9 illustrates in more detail part of the content module directory;

Fig. 10 illustrates a different area of memory in the receiver/decoder si is nomu the invention shown in Fig.1. The invention includes the conventional digital television system 2000, which uses the well-known compression system MPEG-2 to transmit compressed digital signals. In more detail, the device of the MPEG-2 2002 broadcast center receives a stream of digital signals (typically a stream of video signals). The compression device 2002 is connected to the multiplexer and scrambler 2004 using channel 2006. The 2004 multiplexer accepts multiple input signals, collects one or more load-bearing streams and transmits compressed digital signals in the transmitter 2008 center broadcast through the channel of 2010, which, of course, may be different, including telecommunications. The transmitter transmits 2008 electromagnetic signals through the channel ground-to-satellite 2012 for satellite repeater 2014, where it is processed by electronic means and broadcasting through the virtual channel satellite-to-ground 2016 on terrestrial receiver 2018, usually having the form of plates, belonging to the end user or rented them. The signals received by the receiver 2018, are transmitted in a combined receiver/decoder 2020, owned by the end user or rented by him, and is connected to the TV 2022 end user. The receiver/decoder 2020 decodes compressed MP is multiplexor 2004 and the receiver/decoder 2020 and is located partially in the broadcast center, and part of the decoder. It allows the end user to access the broadcast transmission of digital television from one or more broadcast operators. In the receiver/decoder 2020 can be installed smart card that can decode messages related to commercial proposals (one or more television programs that are sold by the broadcast network operator). Using a decoder and smart card user can buy transmission mode subscription or pay-per-view (PPV).

Interactive system 4000, also connected to the multiplexer 2004 and the receiver/decoder 2020 and is also located partially in the broadcast center, and part of the decoder allows the end user to interact with various applications via modem back channel 4002.

In Fig. 2 shows the General structure of the interactive television system 4000 digital television system 1000 in accordance with the present invention.

For example, the interactive system 4000 allows the end user to buy goods on display directories, view local news and weather maps on request and play games using your TV.

Interactive system a place, allowing the broadcast network operator to create, develop, debug, and test applications;

server applications and data 4006 in the broadcast center, coupled with the authoring tool, 4004, to provide the broadcast network operator the opportunity to prepare, authenticate and format of applications and data to send to the multiplexer and scrambler 2004 to insert it in carrying the MPEG-2 stream (usually in his private section) to be broadcast to the end user;

- the virtual machine that contains the subsystem real-time (RTE - Real Time Engine) 4008, which is an executable code installed in the receiver/decoder 2020, owned by the end user or rented by them, to provide the end user the opportunity to accept, authenticate, deploy, and load the application into the working memory of the decoder 2020 to perform. Subsystem 4008 also performs resident General purpose applications. Subsystem 4008 does not depend on the hardware and operating system; and

reverse modem channel 4002 between the receiver/decoder 2020 and application server, and data 4006 for signals indicating the server 4006 insert data and the I system works by using so-called applications that control the operation of the receiver/decoder and the various devices included in its composition. Applications presented in the subsystem 4008 as so-called "resource files". "Module" is a set of resource files and data. "The memory of the receiver/decoder is a storage space for the modules. Modules can be loaded into the receiver/decoder 2020 from carrying MPEG-2 stream.

To load data, use the physical interfaces of the receiver/decoder 2020. As shown in Fig.3, the decoder 2020 contains, for example, six boot device: tuner MPEG 4028, serial interface 4030, parallel interface 4032, modem 4034 and two card reader 4036.

In this description, the application is a piece of computer code to control the high-level functions of the receiver/decoder 2020. For example, when an end user positions the focus of the remote control device 2026 (shown in detail in Fig.4) on the button object that is visible on the TV screen 2022, and presses the confirm key, executes the sequence of instructions corresponding to this button.

The interactive application enables menu and executes the commands on sootnosenie. Applications can be either resident applications, i.e., stored in ROM (or FLASH memory, or other non-volatile memory of the receiver/decoder 2020, or transmitted by broadcast and loaded into RAM (or FLASH) decoder 2020.

Examples of applications are:

Application initialization. The receiver/decoder 2020 is equipped with the resident application initialization, which is an adaptable set of modules (more on this term is explained below) and allows the receiver/decoder 2020 to be immediately ready for operation in the environment of MPEG-2. This application provides basic functionality, which can be optionally modified by the broadcast network operator. It also provides the interface between the resident applications and downloaded applications.

- Start application. The application launcher allows you to run in the receiver/decoder 2020 any application, either downloaded or resident. This application runs as the bootstrap program is executed when receiving services in order to run the application. Start application is loaded into memory and therefore can be easily updated. It can be configured takia after boot or after pre-loading. In the case of pre-loading the application is loaded into memory 2024 and is activated by the application run as needed.

Guide programs. The manual is an interactive application that provides full information on the programs. For example, it may contain information of, say, about the program of telecasts for the week, provided by each channel of the package ("bouquet") channels of digital television. Press the remote control device 2026, the end user gets access to the extension screen with overlapping superimposed on the transmission, which shows currently on TV 2022. This extension screen is a viewer that provides information about the current and subsequent transmission of each channel of the digital TV bouquet. By clicking on the other button of the remote control device 2026, the end user accesses the application, which displays information about the program schedule for the week. The end user can also search and sort programs on common and individual Crete is iLounge PPV (PPV - Pay Per View, pay per viewed transmission). The application PPV is an interactive service available on every PPV channel bouquet digital TV conditional access system 3000. The end user can access the specified application using the TV menu or browser channels. In addition, this application starts automatically as soon as PPV channel is detected PPV broadcast. Then the end user can buy the current program or through its subsidiaries smartcard 3020, or by using the communications server 3022 (using a modem, phone and DTMF codes (codes touchtone), MINITEL, or in kind). This application can be resident in the ROM of the receiver/decoder 2020 or downloaded into memory of the receiver/decoder 2020.

- Download application in the PC. The end-user may request to download the computer software application download to PC.

The event viewer application log. The event viewer application log provides periodic broadcasting video with providing the user the ability to navigate using the buttons on the screen.

Application of a quiz. Attached is the TV 2022 issued several possible answers, and the user can select using the remote control 2026. The application of a quiz may inform the user that the correct answer or not, and can calculate typed by the user goggles.

Application of remote purchases. In one of the examples of application of the remote shopping offers goods for sale are transmitted to the receiver/decoder 2020 and then issued on the TV screen 2022. Using the remote control the user can choose to buy any specific product. The order for this product is passed through a reverse modem channel 4002 in the application server and data 4006 or in a separate system sales, telephone number which has been stored in the receiver/decoder may - with the instruction to debit the credit card account that is installed in one of the card readers 4036 receiver/decoder 2020.

Application of remote banking services. In one of the examples of application of the remote banking services, the user sets a card in one of the card readers 4036 receiver/decoder 2020. The receiver/decoder 2020 calls to the user using the phone number sapian the abortion practices of the funds which can be selected using the remote control device 2026, for example, to load on the phone line status report account, transfer funds from one account to the other, request cheque books, etc.

Application Internet browser. In one example application, an Internet browser instructions from a user, such as a request to view a web page with a specific URL is entered using a remote control device 2026, and they sent back the modem channel 4002 in the application server and data 4006. The corresponding web page is then included in the broadcast center broadcast data received by the receiver/decoder 2020 through the channel ground-to-satellite 2012, the 2014 relay and channel satellite-to-ground 2016, and then thrown on the TV screen 2022.

Applications stored in the memory cells of the receiver/decoder 2020 and are represented as resource files. Under the resource files, see the file libraries descriptions of graphical objects, library files, blocks, variables, files, sequences of commands, files, applications and data files.

Library files descriptions of graphical objects describe the screen, man-machine interf is. is ily command sequences describe the functional steps performed by the application. Application files provide the entry point for the application.

Applications prepared in this way, you can use the data files, such as library files, thumbnails, image files, font files, files, tables, colors and ASCII text files. The online application may also receive operational data, using the inputs and/or outputs.

Subsystem 4008 loads into memory only those resource files that are needed at this time. These resource files are read from the files of the libraries descriptions of graphical objects, files, command sequences and application files; the files of the libraries of blocks of variables stored in the memory after the procedure call module loading and remain there until until you made a special call to the procedure of unloading modules.

With reference to Fig.5 module 4010, such as the module of remote purchases, is a set of resource files and data, containing the following:

one application file 4012;

an indefinite number of library files descriptions of graphical objects 4014;

undefined kolkman 4018; and if necessary, data files 4020, such as library files, thumbnails, image files, font files, files, tables, colors and ASCII text files.

The idea of using modules 4010 together with the idea of download small snippets provide the ease of building applications. They can be loaded into the permanent flash memory decoder 2020 as resident software or veshatsa for the purpose of loading into memory decoder 2020 only if required by the user.

To load module 4010 of the carrier signal by loading a directory, available from the carrier signal. This directory is simply a list of names of modules 4010, which can be downloaded from the carrier signal. As soon as the catalog is loaded, the application can load one or more modules 4010. In the case of an MPEG stream directory is passed in one MPEG table. Next one module 4010 is transmitted in one MPEG table. In the case of modules that are broadcast in tuner MPEG 4028, used long MPEG-2 format with a long header and CRC. Also the situation with five

other interfaces (serial port 4030, parallel port 4032, modem 4034 and two reader ka is raised.

As shown in particular in Fig.6, and as is known, the bit stream of MPEG-2 includes a table access programs (PAT) 10 having a packet identifier (PID) of 0. PAT contains links to the PID tables distribution programs (RMT - Programme Map File) 12 number of programs. Each RMT contains links to PID streams audio MPEG tables 14 and MPEG tables 16 for this program. A package having a PID equal to 0, that is, the table access programs 10, provides an entry point for access to all MPEG information.

In order to download apps and data for them are determined by two new types of threads, and the corresponding RMT also contains links to the PID streams MPEG application tables 18 (or sections) and MPEG data tables 20 (or sections).

As shown in Fig.7, to download an application 22 specified application is divided into modules 24, each of which is formed MPEG-table, and some of the modules consist of one section 18, and some may consist of multiple sections 18. Typical section 18 has a header 26, which contains single-byte table identifier ("TID") 28, number of section 30 of this section in the table, the total number of sections 32 in the table and double-byte expand the table 24, have the same TID 28 and the same expansion of the TID 34. For specific applications all 22 table 24, the components of the application 22, have the same TID 28, but a different appropriate extensions TID.

For each application 22 there exists one MPEG table 24 shown in more detail in Fig.8, which is used as a directory. The table 40 contains the header 26, the data directory 42, key ID 44, an encrypted signature 46 and 38 CRC. From the above it follows that the table 40 is in title 26 of the same identifier TID 28 that other modules/tables 24 that make up the application. However, the table has a predetermined extension of the TID 34, is equal to 0, and all other modules 24 have non-zero extensions TID. The header also includes a table of directory 40 version number 48. Catalog data 42 for each of the remaining modules/tables 24, forming the application 22 includes 50 name of this module, the expansion of the TID 34 for this module and signature 52 of this module. Catalog data 42 may also include for each of the remaining modules/tables 24 the size of this module and the version number of the module.

Returning to Fig.6, during operation, PAT 10, RMT 12 and flow components table switches transliruetsya, has a corresponding predefined TID 28. To download the application in the receiver/decoder 2020 is loaded MPEG table that has a matching TID and expansion TID of 0. It is, thus, there is a table 40 for the desired application. Then the data directory are processed by the receiver/decoder to determine extensions TID 34 table of modules comprising the application, and then can be loaded any necessary table module having the same TID as the table directory, and expansion TID determined from the data directory.

The receiver/decoder 2020 is made with the ability to verify the table catalog to the presence of any updates. This can be accomplished by periodically re-loading the tables directory, for example, every 30 seconds, every minute or five minutes, and compare the version number of the new loaded table directory with the version number of the previously loaded table directory. If the number is a new version that is loaded later, the modules related to the preceding table, catalog, or any such modules, for which there are later versions, uninstalled, and downloading and installing plug-ins later. In aaanim TID applications expansion TID is 0, and the version number is one more than the version number of the currently loaded catalog. In accordance with this increment of the version number can be detected, and as soon as it is detected, load the directory and the application is updated, as described above. A detailed description of such a filter is contained in concurrently pending application (docket attorney PDC/ASB/19716). If the application needs to be removed, broadcast an empty directory with the following version number, but without specifying the directory any modules. In response to receiving such an empty directory, the receiver/decoder 2020 is programmed to uninstall the application.

Described in detail below using signing and encryption for grid applications.

As described above, the entry for each module in the catalog table 40 contains the signature of a module. The signature of a module is generated using a known algorithm for generating the MD5 signature based on the data in the corresponding table of the module.

In addition, the table 40 contains the encrypted signature 46, which is generated in a way that will be described below with reference to Fig.9. Forming the data block 54 size 64 bytes. The first byte 56 equal nresult bitmap validation application which will be described below. The last four bytes 62 are back. The remaining 48 bytes contain a 16-byte signature 64, which starts at offset, which takes values from 0 to 31 bytes after the first byte following the bit array validation 60. Dummy data 66 are inserted between the bit array validation application 60 and signature 64 and/or between signed 64 and backup 62 bytes. Signature 64 is obtained using a known algorithm for generating the MD5 signature based on catalog data 42 in the catalog table 40. Then, the block 54 is encrypted using known encryption algorithm and a secret key to obtain the encrypted signature and the bit array validation application 46. This data block 46 is included in the table 40, and as a key identifier 44 table 40 included a 1-byte identifier of the secret key that was used to encrypt the block.

As a result, the generation of the application and its translation include the following:

generate the application in multiple modules;

remembering for the application of a preset TID 28;

the purpose IME MPEG tables;

generating the MD5 signature 52 for each module;

generating data directory 42;

generating the MD5 signature 64 for a directory;

the choice of the bit array validation application 60;

the choice of offset;

generating unit 54;

the encryption unit 54 using encryption with the secret key;

the generation of MPEG tables catalog 40 with the assigned TID 28, zero expansion TID, directory data 42, the key identifier 44 and the encrypted signature 46;

translation table directory 40 and tables modules 24 or section 18.

The following describes the operation of the receiver/decoder 2020 while processing the signatures and decryption during load application. As shown in Fig.10, the receiver/decoder 2020 contains electrically erasable EPROM 68, the ROM 70 and RAM 72. Electrically erasable EPROM contains the protected area 74, which is used by the virtual machine, that can produce only virtual machine (but not a regular application). The protected area 74 contains a bit array validation key 76 size 16 or 256 bits, bit array validation application 78 64 bits and the bit offset array 80 of the 32 bits of the th array validation key or, in another implementation, 256 public key, and uses a 256-bit array validation key. Public keys are identified by their physical location in the ROM 70, or alternatively, they can be included in a reference table in which the identifier of a particular key will match the corresponding public key. Memory 72 may be used to store temporary key 84.

As mentioned above, when it is necessary to download the application first loads the table of the directory that contains the predefined TID for this application and zero expansion TID. Then from the table catalog retrieves the ID of the key 44 and the check bit array validation key 76 in the protected memory area 74 whether the bit corresponding to the extracted identifier of the key 44. If not, then download the application terminates. However, if the corresponding bit is set, the ROM 70 is chosen public key 82 corresponding to the extracted identifier of the key 44. Then to decrypt the encrypted block 46 in the catalog table 40 to obtain the block 54 is used selected obshhedostupnyjj application 60 and over its contents and the contents of the bit array validation application 78, stored in protected memory 74, the operation is performed AND. If the result of anding zero, then download the application terminates. However, if the result of anding nonzero, searches bit set offset contained in the bit array offset 80 protected memory 74, or, if more than one bit shift, searched every bit offset of the queue, and from the decoded block 54 is retrieved 16 bytes of data, starting with the found offset from the first byte after the bit array validation application 60. For one or each of the found offset these 16 bytes are considered as the signature is transmitted with the table 40. Signature catalog data 42 table directory 40 is calculated using a known process, MD5, and this calculated signature is compared with the signature extracted from the block 54. If the two signatures for one or each found the offsets do not match, the download application is terminated. However, if one of the signatures is suitable, the loading of the modules listed in the catalog data 42 can be made. As mentioned above, in order to load a specific module from catalog data 42 receive the extension of the m expansion TID. Loaded MPEG table module, the receiver/decoder 2020 calculates the signature of the loaded table with use of a known process, MD5 and then compares this calculated signature with the signature contained in the corresponding data element directory. If the signatures match, the module is accepted, if not the same - the module is rejected.

This way can be loaded all the modules in the application, and the application can be executed by the receiver/decoder.

After describing the characteristics of the load operation, commonly used in boot mode, let us now describe some features of the settings of the receiver/decoder 2020 and change its settings.

The receiver/decoder is programmed so that the protected memory area can be changed, but only by the application that is loaded using a special key identifier, such as a key 15, and a special bias, for example, zero bytes from the first byte after the bit array validation application 60. Need to change protected memory 74 may arise, for example, if two operators that used the same public key, decide to use razlicnosti key can be marked as invalid in the bit array validation key 76.

The receiver/decoder 2020 may be arranged so that one of said keys, for example key 15, was always available, and in this case, such a key is not required bits in the bit array validation key 76. Accordingly, this bit can be used for another purpose. In particular, it may be provided that the application, the authenticity of which shall be certified by a key 15, sets this particular bit to 1, and in this case, the receiver/decoder is programmed to allow loading into RAM 72 temporary key 84, but only via the serial interface 4030, parallel interface 4032 or one of the two card readers 4036. This feature can be used, for example, by the manufacturer of the receiver/decoder 2020, which may be provided for use by the application to allow the loading of the temporary key in the receiver/decoder 2020, so that he could be tested.

The above-described method of encryption and signature provide a number of important opportunities. In particular:

the application can be downloaded only when the receiver/decoder 2020 is stored public key corresponding to the key identifier 44 of the aircraft by use of a key just in case, if the bit array validation key 76 in memory of the receiver/decoder 2020 is set to allow the use of this key;

the application can be downloaded only when a set bit in the bit array offset 80 stored in the memory of the receiver/decoder 2020, corresponds to the offset used when generating the table directory;

the application can be downloaded only when the bit array validation application 78 in memory of the receiver/decoder 2020 is set so that the permitted load application;

the application can be downloaded only if the table has not been damaged after it was originally generated her signature;

each module of the application can be downloaded only if the corresponding table of the module has not been damaged after it was originally generated her signature;

only one encryption operation necessary to prepare the application to load, even if the application consists of several MPEG tables, and in the receiver/decoder to download the whole application requires only one decryption operation;

you can use multiple keys, so different by, for testing purposes.

It is obvious that the present invention has been described above solely as examples, and various modifications are possible within the present invention.

Each feature described in the description and (where appropriate) the claims and the figures can be provided independently or in a suitable combination.

In the above preferred embodiments of some of the tools of the invention are implemented using software. However, in experienced hands, of course, clear that any of these tools can be implemented in hardware. Further, it is clear that the functions performed by the hardware, computer software, and the like are performed on or with the use of electric and other similar signals.

Cross-reference is made to our jointly review all applications with the same filing date and entitled "signal Generation and broadcasting" (case number attorney PC/ASD/19707), "Smart card for use with a receiver of encrypted broadcast signals and the receiver (case number attorney PC/ASD/19708), "System for broadcasting and receiving system conditional on coder in the computer" (case number attorney PC/ASD/19711), "Transmission and reception of television programs and other data (case number attorney PC/ASD/19712), "Loading data" (case number attorney PC/ASD/19713), "the Organization of computer memory" (case number attorney PC/ASD/19714), "Development of a control system of television and radio" (case number attorney PC/ASD/19715), "removing the sections of data from a stream of broadcast data (the case number of the case attorney PC/ASD/19716), "Access control system" (case number attorney PC/ASD/19717), "data processing System" (case number attorney PC/ASD/19718), "System for broadcasting and receiving, as well as the receiver/decoder and a remote controller for it" (case number attorney PC/ASD/19720). The disclosure content of these documents is included here by reference. The list of applications includes the present invention.

1. The method of loading at least a portion of the application in the receiver/decoder MPEG, including the division of the application into multiple modules, characterized in that it contains the following: the format of each module in the form of a corresponding MPEG tables, and the tables have the same table identifier (TID) and the corresponding different extension table ID (ID extension) that is different from the one in advance is definitely the mentioned predetermined ID extension this directory contains for each module name of the module and the corresponding ID extension cyclic broadcast mentioned MPEG tables and directory MPEG table modules in the MPEG bit stream, and the receiver/decoder MPEG: reception of the above-mentioned MPEG bit stream, download the MPEG table, which is referred to a predetermined ID-extension in order to download MPEG table catalog, definition of the content mentioned MPEG tables catalog ID extensions MPEG tables, modules, and loading at least one of MPEG tables of modules having the same TID, that and downloaded MPEG table directory, and ID-extension determined from a downloaded MPEG tables directory.

2. The method according to p. 1, additionally comprising the following operations: enable broadcast in MPEG table catalog ID, version, and in the receiver/decoder: determining whether the version currently being broadcast MPEG table directory is newer than the version currently loaded MPEG table directory, and, if so, the repetition of loading operations MPEG table catalog, determine ID extensions, and download at least one of MPEG tables modules.

3. The method according to p. 1 or 2, in which at least one of use separately, each of the above-mentioned MPEG sections contains in its predetermined portion of the identifier of the provisions of this MPEG section in the above-mentioned MPEG table and specify the number of sections in the above-mentioned MPEG table.

4. The receiver/decoder for MPEG download MPEG bit stream at least part of the application includes a set of modules, each of which is formatted in the form of a corresponding MPEG tables, and the tables have the same table identifier (TID) and the corresponding different extension table identifier (TID-extension), other than one predetermined ID extensions, and referred to the MPEG bit stream includes an MPEG table catalog for the mentioned modules having the same TID and the above-mentioned predetermined TID-extension and containing, for each module, the name of this module and the corresponding TID-extension containing a receiver for receiving the above-mentioned MPEG bit stream and the storage medium, characterized in that it also contains a processor which is programmed in such a way as to initiate the download in the above-mentioned storage medium from the received MPEG table, which is referred to a predetermined ID extension to determine sredstvo storing at least one of MPEG tables modules having the same TID as loaded MPEG table directory, and ID-extension determined from a downloaded MPEG tables directory.

5. The receiver/decoder p. 4 for use in the method according to p. 2, in which the processing means is programmed so as to determine whether the version of the currently received MPEG table directory is newer than the version currently loaded MPEG table directory and, if so, to repeat the download of MPEG tables catalog definition TID-extensions and loading at least one of MPEG tables modules.

6. The receiver/decoder p. 4 or 5 for use in the method according to p. 3, in which the processing means is programmed in such a way as to initiate the cyclic loading of MPEG sections in the storage medium as long as the processor determines the identity of the provisions of the sections and specify the number of sections contained in the loaded sections that all partitions are already loaded.

7. The receiver/decoder according to any one of paragraphs. 4-6, optionally containing parallel port and/or serial port, configured to receive applications that are formatted as at least one MPEG table.

8. System) the creation of modules, characterized in that it includes means for formatting the mentioned modules are each in the form of a corresponding MPEG tables, and the tables have the same TID and TID corresponding to different extensions, different from the predetermined TID-extensions, means for generating MPEG table catalog for these modules with the same mentioned TID and the above-mentioned predetermined TID-extension, while the mentioned directory for each module contains the name of the module and the corresponding TID-extension, and means for cyclic broadcast mentioned MPEG tables and directory MPEG table modules in the MPEG bit stream.

9. The system under item 8, further containing a means for generating a version identifier for MPEG table directory, and in which the tool generate the MPEG table catalog is made with the possibility of adding in MPEG table catalog generated identifier for the version.

10. The system under item 8 or 9, in which the said means of formatting module configured to format at least one of MPEG tables of modules in the form of multiple MPEG sections, each of which in its predetermined part contains the ID gender/P> 11. The method of loading data in a receiver/decoder MPEG, including the generation of a signature for these data to be loaded, characterized in that it includes the following operations: encrypting said signature using a secret key, the format mentioned to be loading the data referred to the encrypted signature and the identifier of the secret key used to encrypt the mentioned signature, in the form of MPEG tables, broadcast mentioned MPEG table, and in the receiver/decoder: save multiple public keys, reception mentioned MPEG table, select one of the above-mentioned set of public keys, in accordance with said identifier of the secret key, contained in the above adopted MPEG table, decrypt the encrypted signature contained in a linked adopted MPEG table, using the selected public key to obtain a decrypted signature, generating a signature for the mentioned data contained in a linked adopted MPEG table, and comparing the decrypted signature and the signature generated by the receiver/decoder for the above-mentioned received data.

12. The method according to p. 11, further comprising a load operation in prory a predefined identifier, the execution of the said application in the receiver/decoder, to ensure reception by the receiver/decoder a temporary key, save the aforementioned temporary key in the area of volatile memory of the receiver/decoder.

13. The method according to p. 12, in which when performing the said application referred to the temporary key is provided to the receiver/decoder in place.

14. The method according to p. 13, in which the mentioned temporary key is provided to the receiver/decoder via the parallel port, serial port or reader smart card receiver/decoder.

15. The method according to any of paragraphs. 11-14, further comprising a receiver/decoder operations presence in protected memory of the receiver/decoder flag validation for the selected public key and ban or stop the download of such data if the found flag is not set.

16. The method according to any of paragraphs. 12-14, further comprising the operation in the receiver/decoder being in protected memory of the receiver/decoder flag validation for the selected public key and ban or stop the download of such data, if found is, is in protected memory of the receiver/decoder flag validation, which can be changed in the mentioned application, and can receive the mentioned temporary key is determined depending on the status of this flag validation.

17. The method according to any of paragraphs. 11-16, additionally comprising the following operations: generating code admissibility to be mentioned loading data, which is encrypted together with the signature when performing the above operations of encryption and decrypted together with the signature when performing the above operations, decryption, finding the saved code validation in protected memory of the receiver/decoder, a comparison of the found code validation and decrypted code validation.

18. The method according to p. 17, additionally containing an operation prohibition or termination of the download of such data if the results of the said comparison code validation mentioned found the code validation and decrypted code validation do not coincide with each other.

19. The method according to any of paragraphs. 11-18, in which the said signature is mentioned to be the and data and the beginning of the mentioned signature, and the encrypted data block is decrypted when performing the above operations of the decoding in the receiver/decoder, and additionally which includes operations in the receiver/decoder of finding at least one of the offset values stored in protected memory of the receiver/decoder, and extract the signature of the said decrypted data block using the one found an offset value from the beginning of the decrypted data block.

20. The method according to p. 19, which referred to the protected memory area contains at least two such stored offset value, and which, if the results of said comparisons mentioned the extracted signature and the generated signature does not match, includes the additional step of repeating the steps of finding, extracting, and comparison with another of the said stored offset values.

21. The method according to p. 19 or 20 in which the said data block includes, in addition to the above signature, fictitious, or arbitrary data.

22. The method according to any of paragraphs. 11-21, in which said data is loaded into multiple data units, comprising the following operations: generating system is ideal corresponding MPEG tables modules the generation of the directory containing the ID of each MPEG table module and the corresponding signature, and the mentioned directory is the object of the operation of the signature generation according to any one of paragraphs. 11-21, and in the receiver/decoder: generate the corresponding signature for each of the modules contained in the received MPEG table modules, and comparing each of the signatures for modules contained in the received MPEG table directory, with the appropriate signature for the module generated in the receiver/decoder.

23. The method according to p. 22, further comprising the operation of a prohibition or termination load this module mentioned data, if the signature for the referenced module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

24. The method according to any of paragraphs. 11-23, further comprising the operation of a ban or stop the download of such data if the results referred to(s) operation(s) of the comparison referred to the decrypted signature (or each of them) and said generated signature do not match with each other.

25. The method of loading data in a receiver/d is it includes the following operations: encrypting said signature using a secret key, formatting mentioned subject data is loaded, the encrypted signature and ID-mentioned secret key used to encrypt the mentioned signature, in the form of MPEG tables, broadcast mentioned MPEG table, and in the receiver/decoder: conservation in a protected area of memory set flags validation, each of which is intended for the corresponding public key, the reception mentioned MPEG table, being mentioned in protected memory of the receiver/decoder flag validation public key corresponding to the secret key, denoted by the identifier of the secret key contained in the received MPEG table, and if the flag is set: decrypt the encrypted signature contained in the received MPEG table, using the public key corresponding to the secret key, denoted by the identifier of the secret key contained in the received MPEG table to obtain the decrypted signature, generating a signature for the mentioned data contained in the received MPEG table, and comparing the decrypted signature and the signature generated at the receiver/decoder for the above-mentioned received data and for the said subject data loading which is encrypted together with the signature when performing the above operations of encryption and decrypted together with the signature when performing the above operations, decryption, finding the saved code validation in protected memory of the receiver/decoder, a comparison of the found code validation and decrypted code validation.

27. The method according to p. 26, optionally containing an operation prohibition or termination of the download of such data if the results of the said comparison code validation mentioned found the code validation and decrypted code validation do not coincide with each other.

28. The method according to any of paragraphs. 25-27, in which the said signature be mentioned loading data in encrypted block of data, with some selected offset between the beginning of the data block and the beginning of the said signature, and the encrypted data block is decrypted when performing the above operations of the decoding in the receiver/decoder, and optionally including operations in the receiver/decoder, finding at least one of the offset values stored in protected memory of the receiver/decalogo found the offset values from the beginning of the decrypted data block.

29. The method according to p. 28, which referred to the protected memory area contains at least two such stored offset value, and which, if the results of said comparisons mentioned the extracted signature and the generated signature does not match, includes the additional step of repeating the steps of finding, extracting, and comparison with another of the said stored offset values.

30. The method according to PP. 28 and 29, in which the said data block includes, in addition to the above signature, fictitious, or arbitrary data.

31. The method according to any of paragraphs. 25-30, in which said data is loaded into multiple data units, comprising the following operations: generating a signature for each data module to be loaded, the formatting of the above data in the form of MPEG tables modules, generating the directory containing the ID of each MPEG table module and the corresponding signature, and the mentioned directory is the object of the operation of the signature generation according to any one of paragraphs. 25-30, and in the receiver/decoder: generate the corresponding signature for each of the modules contained in pinata, with the appropriate signature for the module generated in the receiver/decoder.

32. The method according to p. 31, further comprising the operation of a prohibition or termination load this module mentioned data, if the signature for the referenced module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

33. The method according to any of paragraphs. 25-32, further comprising the operation of a ban or stop the download of such data if the results referred to(s) operation(s) of the comparison referred to the decrypted signature (or each of them) and said generated signature do not match with each other.

34. The method of loading data in a receiver/decoder MPEG, characterized in that it comprises the following operations: generating code validation to be mentioned loading data, generating a signature to be mentioned loading data or parts thereof, encryption mentioned code validation and signature using the secret key, the format mentioned to be loading data and encrypted code validation and signature is and validation in a protected memory area, the reception of each MPEG table, decrypt encrypted code validation and signature contained in the received MPEG table, using a public key corresponding to the mentioned secret key being stored mentioned code validation in said protected memory area of the receiver/decoder, a comparison of the found code validation and referred to the decrypted code validation, generation of signatures for the mentioned data contained in the received MPEG table, or the part thereof; and comparing the decrypted signature and the signature generated at the receiver/decoder for the above-mentioned received data.

35. The method according to p. 34, optionally containing an operation prohibition or termination of the download of such data if the results of the said comparison code validation mentioned found the code validation and decrypted code validation do not coincide with each other.

36. The method according to p. 34 or 35, in which the said signature be mentioned loading data in encrypted block of data, with some selected offset between the beginning of the data block and the beginning of priemnik/decoder, and additionally which includes operations in the receiver/decoder of finding at least one of the offset values stored in protected memory of the receiver/decoder, and extract the signature of the said decrypted data block using the one found an offset value from the beginning of the decrypted data block.

37. The method according to p. 36, which referred to the protected memory area contains at least two such stored offset value, and which, if the results of said comparisons mentioned the extracted signature and the generated signature does not match, includes the additional step of repeating the steps of finding, extracting, and comparison with another of the said stored offset values.

38. The method according to p. 36 or 37, in which the said data block includes, in addition to the above signature, fictitious, or arbitrary data.

39. The method according to any of paragraphs. 34-38, in which said data is loaded into multiple data units, comprising the following operations: generating a signature for each data module to be loaded, the formatting of the above-mentioned modules of the data in viable and appropriately signed, moreover, the mentioned directory is the object of the operation of the signature generation according to any one of paragraphs. 34-38, and in the receiver/decoder: generate the corresponding signature for each of the modules contained in the received MPEG table modules, and comparing each of the signatures for modules contained in the received MPEG table directory, with the appropriate signature for the module generated in the receiver/decoder.

40. The method according to p. 39, further comprising the operation of a prohibition or termination load this module mentioned data, if the signature for the referenced module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

41. The method according to any of paragraphs. 34-40, further comprising the operation of a ban or stop the download of such data if the results referred to(s) operation(s) of the comparison referred to the decrypted signature (or each of them) and said generated signature do not match with each other.

42. The method of loading data in a receiver/decoder MPEG, including the generation of a signature for the mentioned subject to data loading different teenies between the beginning of the data block and the beginning of the said signature encryption mentioned data block using the secret key, the format mentioned to be loading data and said encrypted data block in the form of MPEG tables, broadcast mentioned MPEG table, and in the receiver/decoder: conservation in protected memory of the receiver/decoder at least one of the offset values, the reception mentioned MPEG table undecipherable mentioned encrypted block of data contained in the received MPEG table, using a public key corresponding to the mentioned secret key, finding at least one of the offset values in said protected memory area of the receiver/decoder, removing the mentioned signature of the said decrypted data block using the found offset values from the beginning referred to the decrypted data block, generating a signature for the mentioned data contained in the received MPEG table, and comparing the signature extracted from the mentioned decrypted data block, and the signature generated at the receiver/decoder for the above-mentioned received data.

43. The method according to p. 42, which referred to the protected memory area contains at least two of the e extracted signature and the generated signature does not match, includes the additional step of repeating the steps of finding, extracting, and comparison with another of the said stored offset values.

44. The method according to p. 42 or 43, in which the said data block includes, in addition to the above signature, fictitious, or arbitrary data.

45. The method according to any of paragraphs. 42-44, in which said data is loaded into multiple data units, comprising the following operations: generating a signature for each data module to be loaded, the formatting of the above data in the form of MPEG tables modules, generating the directory containing the ID of each MPEG table module and the corresponding signature, and the mentioned directory is the object of the operation of the signature generation according to any one of paragraphs. 42-44, and in the receiver/decoder: generate the corresponding signature for each of the modules contained in the received MPEG table modules, and comparing each of the signatures for modules contained in the received MPEG table directory, with the appropriate signature for the module generated in the receiver/decoder.

46. The method according to p. 45, further comprising the operation of a prohibition or p is natoi MPEG catalog table, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

47. The method according to any of paragraphs. 42-46, further comprising the operation of a ban or stop the download of such data if the results referred to(s) operation(s) of the comparison referred to the decrypted signature (or every one) and referred to the generated signature do not match with each other.

48. How to load multiple modules of the data in the receiver/decoder MPEG, comprising the following operations: generating a signature for each data module to be loaded, the formatting of the above data in the form of MPEG tables modules, generating the directory containing the ID of each MPEG table module and the corresponding signature, and generating a signature for the catalog, characterized in that it also includes the following operations: encryption mentioned signature for the catalog using the secret key, the format of the directory and the encrypted signature for the catalog in the form of MPEG tables directory, broadcast mentioned MPEG tables directory and modules and in the receiver/decoder: reception mentioned MPEG tables directory and modules, decoding sago key corresponding to the aforementioned secret key, generating a signature for the mentioned directory contained in the received MPEG table catalogue, comparison mentioned decrypted signature for the catalog and sign up for the directory generated in the receiver/decoder, generating a corresponding signature for each of the modules contained in the received MPEG table modules, and comparing each of the signatures for modules contained in the received MPEG table directory, with the appropriate signature for the module generated in the receiver/decoder.

49. The method according to p. 48, further comprising the operation of a prohibition or termination load this module mentioned data, if the signature for the referenced module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

50. The method according to p. 48 or 49, further comprising the operation of a ban or stop the download of such data if the results referred to(s) operation(s) of the comparison referred to the decrypted signature (or each of them) and said generated signature do not match with each other.

51. When the existing loading data the encrypted signature data and the identifier of the secret key used to encrypt the mentioned signature containing means for receiving such MPEG tables, and means for storing the set of public keys and one ID for each of these public keys, characterized in that it also contains a processor which is programmed so as to select one of these saved public keys, in accordance with said identifier of the secret key contained in the received MPEG table, decrypt mentioned encrypted signature contained in the received MPEG table, using the selected public key, to obtain the decrypted signature to generate a signature for the mentioned data contained in the received MPEG table, and compare the decrypted signature and the signature generated at the receiver/decoder for the above-mentioned received data.

52. The receiver/decoder p. 51, which as mentioned, the means for storage of keys, you can use the ROM.

53. The receiver/decoder p. 51 or 52, in which the said identifier for each of the above-mentioned public key presented me/decoder PP. 51-53, for use in the method according to p. 14, further containing a certain area volatile memory, and in which the said means of processing executed with the option to download the applications digitally signed, encrypted using the secret key, with some pre-defined identifier, the execution of the said application to ensure reception by the receiver/decoder a temporary key, and save the aforementioned temporary key in the above mentioned fields volatile memory of the receiver/decoder.

55. The receiver/decoder according to p. 54, further containing means for receiving such a temporary key, which is provided to the receiver/decoder in place.

56. The receiver/decoder according to p. 55, which referred to the temporary key is available via the parallel port, serial port or reader smart card receiver/decoder.

57. The receiver/decoder according to any one of paragraphs. 54-56, in which the aforementioned volatile memory is provided by a RAM.

58. The receiver/decoder according to any one of paragraphs. 51-57 for use in the method according to p. 15, further containing a protected memory area for storage in which the said processing means is programmed so that to find mentioned in the protected memory area of the flag validation for such selected public key, and also to prohibit or stop the downloading of such data if the found flag is not set.

59. The receiver/decoder according to any one of paragraphs. 54-57 for use in the method according to p. 15, further containing a protected memory area for storing flag validation for each of at least some of these public keys, and in which the said processing means is programmed so that finding in the above-mentioned protected memory flag validation for such selected public key, and also to prohibit or stop the downloading of such data if the found flag is not set, and optionally containing a protected memory area for storing flag validation for the above-mentioned secret key, having referred to a pre-defined key identifier, and in which the said processing means is configured to change, when performing the above-mentioned application, this flag validation and resolution preserve above vremennogo memory for storing flag(s) validation for the key(s) is a rewritable nonvolatile memory.

61. The receiver/decoder according to any one of paragraphs. 58-60, in which the said memory for storing flag(s) validation for the key(s) when there are numerous such public keys, arranged in the form of a bit array.

62. The receiver/decoder according to any one of paragraphs. 57-61 for use in the method according to p. 34 additionally containing a protected memory area for storing code validation, and in which the processing means is programmed so that the decrypt code validation contained in such adopted MPEG table, find the mentioned stored code validation and to compare the received code validation and decrypted code validation.

63. The receiver/decoder according to p. 62, in which the processing means is programmed in such a way as to prevent or stop the downloading of such data if found mentioned code validation and decrypted code validation do not coincide with each other.

64. The receiver/decoder according to p. 62 or 63, in which the said memory for storing mentioned code validation is provided by a rewritable non-volatile is Otago code validation is organized in the form of a bit array.

66. The receiver/decoder according to any one of paragraphs. 51-65 for use in the method according to any of paragraphs. 19, 28, 36, optionally containing a protected memory area for storing at least one offset value, and in which the said processing means is programmed so that decrypt mentioned encrypted block of data contained in the received MPEG table, find one mentioned the stored offset value in said protected memory area and to extract the signature of the said decrypted data block using the found offset values from the beginning referred to the decrypted data block.

67. The receiver/decoder according to p. 66, in which in said protected memory stores at least two offset values, and said processor configured to implement, if referred to the extracted signature and the generated signature does not match, re-locate, retrieve and compare using the other of the said stored offset values.

68. The receiver/decoder according to any one of p. 66 or 67, in which the said memory for storing the offset value is provided by posledsktviya in the method according to any of paragraphs. 22, 31, 39, 45, in which the said processing means is programmed so as to generate a corresponding signature for each of the modules contained in said received MPEG table of modules and compare each signature for a module contained in a linked adopted MPEG catalog table, with the appropriate signature for the module generated by the receiver/decoder.

70. The receiver/decoder according to p. 69, in which the processing means is programmed in such a way as to prevent or to stop loading this module mentioned data if the signature for this module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

71. The receiver/decoder according to any one of paragraphs. 51-70, in which the said processing means is programmed in such a way as to prevent or stop the downloading of such data in the case, if the decrypted signature (or each of them) and said generated signature do not match with each other.

72. The receiver/decoder MPEG to load the data presented in the form of MPEG tables comprising mentioned panago for encrypting said signature containing means for receiving such MPEG tables, and means for storing the public key and the identity of the public key, characterized in that it also contains a protected memory area for storing flag validation for the above-mentioned public key, and a processor which is programmed so that find mentioned in protected memory of the receiver/decoder flag validation for the public key corresponding to the mentioned secret key, the ID of which is contained in the received MPEG table, and, if the found flag is set, decrypt mentioned encrypted signature contained in the received MPEG table, using the public key corresponding to the secret key, the ID of which is contained in the received MPEG table to obtain the decrypted signature to generate a signature for the mentioned data contained in the received MPEG table, and compare the decrypted signature and the signature generated at the receiver/decoder for the above-mentioned received data.

73. The receiver/decoder p. 72, in which the said memory for storing flag(s) validation for the which the said memory for storing flag(s) validation for the key(s) in case when there are numerous such public keys, arranged in the form of a bit array.

75. The receiver/decoder according to any one of paragraphs. 72-74 for use in the method according to p. 34 additionally containing a protected memory area for storing code validation, and in which the processing means is programmed so that the decrypt code validation contained in such adopted MPEG table, find the mentioned stored code validation and to compare the received code validation and decrypted code validation.

76. The receiver/decoder according to p. 75, in which the processing means is programmed in such a way as to prevent or stop the downloading of such data if found mentioned code validation and decrypted code validation do not coincide with each other.

77. The receiver/decoder according to p. 75 or 76, in which the said memory for storing mentioned code validation is provided by a rewritable nonvolatile memory.

78. The receiver/decoder according to any one of paragraphs. 75-77, in which the said memory for storing mentioned validation code is valid the Oia in the method according to any of paragraphs. 19, 28, 36 additionally containing a protected memory area for storing at least one offset value, and in which the said processing means is programmed so that decrypt mentioned encrypted block of data contained in the received MPEG table, find one mentioned the stored offset value in said protected memory area and to extract the signature of the said decrypted data block using the found offset values from the beginning referred to the decrypted data block.

80. The receiver/decoder p. 79, in which in said protected memory stores at least two offset values, and said processor configured to implement, if referred to the extracted signature and the generated signature does not match, re-locate, retrieve and compare using the other of the said stored offset values.

81. The receiver/decoder p. 79 or 80, in which the said memory for storing the offset value is provided by a rewritable nonvolatile memory.

82. The receiver/decoder according to any one of paragraphs. Da thus, to generate the corresponding signature for each of the modules contained in said received MPEG table of modules and compare each signature for a module contained in a linked adopted MPEG catalog table, with the appropriate signature for the module generated by the receiver/decoder.

83. The receiver/decoder p. 82, in which the processing means is programmed in such a way as to prevent or to stop loading this module mentioned data if the signature for this module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

84. The receiver/decoder according to any one of paragraphs. 72-83, in which the said processing means is programmed in such a way as to prevent or stop the downloading of such data in the case, if the decrypted signature (or each of them) and said generated signature do not match with each other.

85. The receiver/decoder MPEG to load the data presented in the form of MPEG tables comprising mentioned you want to download the data encrypted code validation, to check the ID of the secret key, used to encrypt the mentioned signature and code validation, containing means for receiving such MPEG tables, means for storing a public key and the identity of the public key, characterized in that it also contains a protected memory area, for storing code validation for validation data; and processing means which is programmed in such a way as to decrypt mentioned encrypted code validation and signature contained in such adopted MPEG table, using the stored public key corresponding to the mentioned secret key, to find in a protected area of memory referred stored code validation to compare the found code validation and decrypted code validation, generate the signature for the mentioned data contained in the received MPEG table, or referred to their parts, and compare the decrypted signature and the signature generated at the receiver/decoder for the above-mentioned received data.

86. The receiver/decoder according to p. 85, in which the processing means is programmed in such a way as to deny or terminate zag is overki admissibility do not coincide with each other.

87. The receiver/decoder according to p. 85 or 86, in which the said memory for storing mentioned code validation is provided by a rewritable nonvolatile memory.

88. The receiver/decoder according to any one of paragraphs. 85-87, in which the said memory for storing mentioned code validation is organized in the form of a bit array.

89. The receiver/decoder according to any one of paragraphs. 85-88 for use in the method according to any of paragraphs. 19, 28, 36, optionally containing a protected memory area for storing at least one offset value, and in which the said processing means is programmed so that decrypt mentioned encrypted block of data contained in the received MPEG table, find one mentioned the stored offset value in said protected memory area and to extract the signature of the said decrypted data block using the found offset values from the beginning referred to the decrypted data block.

90. The receiver/decoder p. 89, in which in said protected memory stores at least two offset values, and the above-mentioned processing is executed with vdut, re-locate, retrieve and compare using the other of the said stored offset values.

91. The receiver/decoder p. 89 or 90, in which the said memory for storing the offset value is provided by a rewritable nonvolatile memory.

92. The receiver/decoder according to any one of paragraphs. 85-91 for use in the method according to any of paragraphs. 22, 31, 39, 45, in which the said processing means is programmed so as to generate a corresponding signature for each of the modules contained in said received MPEG table of modules and compare each signature for a module contained in a linked adopted MPEG catalog table, with the appropriate signature for the module generated by the receiver/decoder.

93. The receiver/decoder p. 92, in which the processing means is programmed in such a way as to prevent or to stop loading this module mentioned data if the signature for this module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

94. The receiver/decoder according to any one of paragraphs. the recalls of such data in the case if the decrypted signature (or each of them) and said generated signature do not match with each other.

95. The receiver/decoder MPEG to load the data presented in the form of MPEG tables comprising mentioned you want to download data and encrypted data block, which includes the signature for these data, with some selected offset between the beginning of the above-mentioned data block and the beginning of the said signature containing means for receiving MPEG tables; and means for storing the public key and the identifier of the mentioned public key, characterized in that it further comprises a protected memory area for storing at least one offset value, the processing means which is programmed so that to decrypt mentioned encrypted block of data contained in the received MPEG table, mentioned using the stored public key corresponding to the aforementioned secret key, to find in a protected area of memory referred to the stored offset value to extract the mentioned signature from the decrypted data block using the obtained values of the offset from the beginning referred to Gasimova is the substance of the signature, extracted from the mentioned decrypted data block, and a signature generated at the receiver/decoder for the above-mentioned received data.

96. The receiver/decoder according to p. 95, in which in said protected memory stores at least two offset values, and said processor configured to implement, if referred to the extracted signature and the generated signature does not match, re-locate, retrieve and compare using the other of the said stored offset values.

97. The receiver/decoder according to p. 95 or 96, in which the said memory for storing the offset value is provided by a rewritable nonvolatile memory.

98. The receiver/decoder according to any one of paragraphs. 95-97 for use in the method according to any of paragraphs. 22, 31, 39, 45, in which the said processing means is programmed so as to generate a corresponding signature for each of the modules contained in said received MPEG table of modules and compare each signature for a module contained in a linked adopted MPEG catalog table, with the appropriate signature for the module generated by p the way, to prevent or to stop loading this module mentioned data if the signature for this module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

100. The receiver/decoder according to any one of paragraphs. 95-99, in which the said processing means is programmed in such a way as to prevent or stop the downloading of such data in the case, if the decrypted signature (or each of them) and said generated signature do not match with each other.

101. The receiver/decoder for MPEG download MPEG tables, including MPEG table of modules and MPEG table catalog for the aforementioned MPEG tables of modules, which includes the ID and signature for each MPEG table module, and a signature for the directory that is encrypted using a secret key that contains the means for the reception of MPEG tables directory and modules, means for storing a public key and the identity of the public key, characterized in that it also contains a processor which is programmed in such a way as to decrypt mentioned encrypted p public key, corresponding to the aforementioned secret key to generate a signature for the mentioned directory contained in the received MPEG table catalog, compare the decrypted signature for the catalog and the signature for the catalog generated by the receiver/decoder, to generate the corresponding signature for each of the modules contained in the received MPEG table modules, and compare each of these signatures contained in the received MPEG table directory, with the appropriate signature for the module generated by the receiver/decoder.

102. The receiver/decoder p. 101, in which the processing means is programmed in such a way as to prevent or to stop loading this module mentioned data if the signature for this module contained in the received MPEG table directory, and the corresponding signature generated for this module in the receiver/decoder, do not coincide with each other.

103. The receiver/decoder p. 101 or 102, in which the said processing means is programmed in such a way as to prevent or stop the downloading of such data in the case, if the decrypted signature (or each of them) and referred to the generated signature is not with

 

Same patents:

The invention relates to the field of broadcasting and reception, to the conditional access system for broadcast system, the device generating signals for use in said system

The invention relates to access control systems that contain smart card

The invention relates to data processing systems, storage devices and implementing specific programs using memory cards

The invention relates to a television technique and can be used to format the executable code and data that define interactive programs

The invention relates to methods of protection against videocapture

The invention relates to the field of radio and can be used in the cable television system (CATV) to ensure protection from unauthorized access (unauthorized access) subscriber special (paid) TV channels

The invention relates to the field of radio and, in particular, to devices for signal encoding in pay-TV systems, using both cable networks and broadcasting through radio channels

The invention relates to television technician

The invention relates to a television technique can be used in cable systems television commercial

FIELD: access control systems.

SUBSTANCE: proposed signal processing method involves reception of digital input signal incorporating first component of scrambled signal and second component of scrambled signal; binding of input signal with detachable intelligent card unit for processing first scrambled signal component and generation of first descrambled signal which is internal with respect to intelligent card unit and for processing second scrambled signal component in case of response to first descrambled signal to generate second descrambled signal and to integrate first scrambled signal component of input signal and second descrambled signal so as to produce output signal; reception of output signal from intelligent card unit and processing of second descrambled signal to shape signal adapted for display.

EFFECT: improved control of access.

1 cl, 9 dwg

FIELD: television.

SUBSTANCE: device converts signals to digital video information. Compression device is made in such a way, that it receives digital video data, coming from source data generator, and compresses digital images. Encoding device receives compressed digital video data coming from compression device and encodes compressed digital video data. Recording device stores encoded compressed digital audio data at data carrier.

EFFECT: higher data transfer speed.

3 cl, 17 dwg

FIELD: broadcasting systems.

SUBSTANCE: method includes broadcasting of message, including text portion intended to reach user, while said message is transferred in form of conditional access message.

EFFECT: broader functional capabilities.

5 cl, 7 dwg

FIELD: digital audio and video technologies.

SUBSTANCE: device for storing information is made with possible receipt of data carrier, decoder is made with possible receipt of compressed encoded signals from data carrier and transmitting signals to decrypter. Decrypter is made with possible decryption of compressed encoded data encrypted data and transmitting these to decompressor. Decompressor is made with possible receipt of compressed encoded signals from decrypter and decompression of compressed encoded signals to reproduce the image.

EFFECT: higher precision, higher efficiency.

3 cl, 17 dwg

FIELD: engineering of systems for loading and reproducing protective unit of content.

SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.

EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.

3 cl, 4 dwg

FIELD: copy/access protection.

SUBSTANCE: audio/video stream processing system includes module for inputting audio/video stream, which receives audio/video stream, containing field of information about audio/video content, including first copy control information, and audio/video content field, including second copy control information; reading module which extracts first and second copy control information from received audio/video stream and determines whether first copy control information is modified; and module for decoding audio/video stream, which processes received audio/video stream in accordance to predetermined criteria, if first copy control information is modified.

EFFECT: protection of content, prevented unsanctioned processing of content.

15 cl, 8 dwg

FIELD: cryptographic protocols, in particular, efficient encoding at content level.

SUBSTANCE: method is provided for generation of digital data with cryptographic protection, encoding content and composed into messages. Encoding of at least a part of the message is performed and encoded messages are provided in form of output signal in format, allowing the interface of server service to compose a message in form of at least one packet, including at least one header and useful load, where at least one header includes information, which allows the service interface in the client to assemble each message for decoding application using useful load of packets. Each message is divided onto the first and at least one additional section of the message. At least one of the message sections is encoded in such a way that it may be decoded independently from other message sections. Assembly of encrypted message is performed by addition of resynchronization marker, separating the message section from adjacent message section and including precise information about synchronization, at least for additional sections of the message.

EFFECT: synchronized decoding process in case of data loss.

14 cl, 8 dwg

FIELD: receivers/decoders of services, provided in conditional access mode, in particular, receivers having storage block (memorization device), such as a hard drive.

SUBSTANCE: method is claimed for storing an event, encrypted with usage of at least one control word (CW) in receiver/decoder (STB), connected to safety block (SC), where at least one control word and access privileges for aforementioned event are contained in access control messages (ECM-messages), method includes following operations: recording of encrypted event, and also of at least one ECM-message in storage block; transmission of at least one ECM-message into safety block (SC), verification of the fact that safety block (SC) contains access privileges for aforementioned event, generation of receipt (Q), which contains data related to management of event in reproduction mode, where receipt (Q) contains signature (SGN), generated on basis of the whole ECM-message or its part with usage of secret key (K) contained in safety block (SC) and specific for every safety block, where during later consumption of event the authenticity of the receipt (Q) is verified in prioritized manner compared to conventional access privileges, stored in safety block (SC), storage of aforementioned receipt (Q) in storage block.

EFFECT: provision of method for storing an event.

6 cl, 3 dwg

FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.

SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.

EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.

5 cl, 1 dwg

FIELD: information encryption.

SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.

EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.

12 cl, 2 dwg

Up!