Scramblers device for digital transmission systems
The invention relates to scramblers device, in particular for digital television systems. The technical result is to simplify the management of data exchange between the multiplexer and access control systems, as well as increasing the complexity of the scrambling algorithm. The technical result is achieved by the fact that the proposed radically different solution, in accordance with which the individual scramblers device receives through a special entrance already arranged transport stream, which facilitates the management of exchange between all elements of the system by distributing functions between separated scramblase and multiplexing parts of the system. In addition, in this case scramblers device is not restricted, normal to combination devices multiplexer+scrambler". 2 C. and 12 C.p. f-crystals, 3 ill. The invention relates to scramblers device for digital transmission of audio-visual information, in particular, digital television system, and also to scramblase a system using such scramblers device.Transmission is scrambled or encrypted d information is broadcast to multiple subscribers each of which has a decoder or receiver/decoder, configured to diskriminirovaniya programme content for later viewing.The scrambled data is usually performed multiplexing device, which also provides the layout of the transmitted transport stream data. The multiplexer receives the digital video data, audio data and other digital data, and assembles a single stream of transport packets. Each packet in the transport stream typically has a predetermined length and contains a header and payload.The packet header includes a packet identifier, or PID that identifies the packet and matches the type of data (video data, audio data, etc. this package. The payload of the packet contains audio data, video data or any other data, such as application data performed by the receiver/decoder to provide additional functions, for example for generating reference programs, etc.Typically, the data payload scribblenauts using rapidly changing control word, which is randomly generated by the multiplexer. This control word is then pradervand data in the stream of transport packets. The ESM contains other information such as access rights, and it is itself encrypted with the corresponding encryption key before sending it.Encrypted ECM is usually formed by a separate access control system, owned by one particular channel or service provider. The access control system receives from multiplexer scramblers control word, inserts this control word in the ESM, encrypts the entire message ECM current encryption key and transmits the encrypted ECM back to the multiplexer. Then the multiplexer inserts the encrypted ECM in the transport stream, together with the scrambled data.Scrambled data and the encrypted ECM is sent to the receiver/decoder that has access to the equivalent of the encryption key (working key) to perform the interpretation of the ESM and to obtain the control word for diskriminirovaniya of data transferred. The working key is changed periodically, and the decoder belonging paid subscription user, you will usually get a work key for decoding the encrypted ECM this month, sent monthly reports to management rights (EMM - Entitlement Management is, is that the system can be extended with capability of simultaneous scrambling data in parallel for multiple access control systems. This may be necessary, for example, in the case where the content provider broadcasts for mixed fleet decoders, made at different times, with different characteristics, and so on, Each access control system receives control word used by the multiplexer at the moment, and then generates its own ECM, which is passed to the multiplexer for inclusion in the stream of transport packets. Such systems with "simultaneous" scrambling use the same control word for scrambling data.Although systems of this type are relatively simple to implement, the organization managing the exchange of data between the multiplexer and access control systems can be difficult. In addition, the security level is often limited by the complexity of the algorithm used by the multiplexer to generate scrambling control word.The purpose of the present invention in its various aspects and embodiments of the exercise is to overcome some scramblers device for digital transmission of audio-visual information, containing entrance arranged to receive the stream of transport packets from a physically separate multiplexer, scramblase unit for scrambling the received transport stream in accordance with an arbitrary control word and an output for transmitting a scrambled transport stream on a transmission medium for transmission, performed by providing the possibility of scrambling a stream of transport packets scramblers device independently of the operation of the multiplexer.In contrast to known prior art systems in which the data scrambling is performed by a multiplexer at the same time, when he multiplexes different data streams to form a single transport stream, the present invention offers a radically different solution, in accordance with which the individual scramblers device receives through a special entrance already arranged transport stream.This solution facilitates the management of data exchange between all elements of the system by distributing functions between separated scramblase and multiplexing parts of the system. In addition, because scramblers device not nakederica scrambling can be upgraded.Scramblase unit can be configured to perform scrambling of part or all of the payload of the selected packets of the transport stream packets. At a high level of scrambled transport stream may be scrambled, for example, the entire payload of this packet of a transport stream. In the alternative, may be scrambled only part of the payload of the packet.In addition to scramblers block scramblers the device may also contain a means of insertion of packages for data input transport packet in the transport stream. For example, scramblers device can be used for the introduction of packages containing scramblers control word encrypted ECM. Similarly, in the transport stream can enter data of other types, to ensure full use of available bandwidth, regardless of the limitations inherent in the output stream multiplexer.In one of the embodiments of the invention, the tool insert packages can be made with the possibility of introduction of the data packet in the transport stream by detecting the presence of "null" package and the replacement of such a package OYe contain any data. It is usually identified by the specific PID value.Scramblers device may further comprise means for filtering the packets to identify and copy in the memory part or all of a specified transport service. For example, the filter may be pre-programmed to identify, by value their PID, certain transport packets containing data subject to modification scrambler, such as tables, specific to each user, or similar data. Filtering can also be part of the package, for example, by analyzing the table identifier contained in the payload of the transport packet, and etc.Preferably scramblers the device may also contain a means of removal of packages to remove a predetermined package, for example, replacing the ID of this packet to the identifier of the null packet. For example, when the packet should be filtered by the value of its PID and replaced by the modified packet with the same PID value, it will be necessary to remove the original package with this PID to avoid generating multiple packets with the same PID. Then you want to remove the package, entered by means of the insertion of the packages.Preferably scramblers the device also includes a means of counting packages counting in the received transport stream data of the number of packets with some fixed value of PID. For example, the means of counting packets can be used to count the number in the data stream of empty packets in order to make it possible to calculate present in the transport stream space for insertion of packages ECM, etc. It can also be used to detect a specific package ID or calculate the frequency of transmission of a packet identifier.Preferably scramblers the device also includes means for remapping to change the value of the packet identifier assigned to certain specified package or group of packages. It can be used to avoid conflicts between the values of PID package insert and package already present in the transport stream, by changing the value of the PID that is not found in the input stream, or that are filtered.The above scramblers the device can operate in standalone neopolitano contains a Central control means for generating control words, transmitted in scramblers device and accept them for scrambled transport stream. Central control means can be implemented in a single personal computer (PC) or a PC acting as a Central management station, in combination with a second PC and a smart card to generate the control word.Preferably scramblers system further comprises one or more access control systems connected with the Central control means and configured to receive the control word that is passed to the Central control means, and transmitting back to the Central control means of encrypted messages, such as messages ECM containing the aforementioned control word.Such organization of the Central control means may coordinate the formation of the ESM many access control systems using the same control word, in accordance with the principle of "simultaneous" scrambling, and relay the ECM along with the corresponding control words on the scrambler for the synchronized introduction of these ECM in the transport stream and the transport scrambling the STV made with the possibility of certifying the authenticity of part or all of the data, transmitted from the Central control means for scramblers device, by generating a signature using a secret encryption key. In the case when using the encryption scheme with public and private keys, scramblers the device has the equivalent public key, allowing the scrambler to verify the origin of data. In particular, it should be confirmed the authenticity of all the control words transmitted on the scrambler to exclude the possibility of fraud control word through breaking the connection between the two devices.Can be also taken additional measures to ensure security, for example, can run all data to be encrypted using a symmetric algorithm, and Central control means and scramblers device have the necessary keys for encryption and decoding of messages.An implementation option above scramblase system has been described for the case of using one scrambling device, one of the Central control means and so on, But for reasons of reliability, it may be desirable to have at variante implementation of the system contains several scramblers devices and their associated Central control means, involved in the formation of a transport stream. In this implementation, the system can switch between the control means and skremblirovanie devices in case of failure or incorrect operation of the corresponding parts of the system.Preferably a single or each scramblers device in such a system is designed with the ability to work offline in case of disconnection from the Central control means, for example, by periodically save the settings its working configuration and/or the current value of the control word (or accept the default value of the control word).In the context of this application, the term "digital transmission of audio-visual information" refers to all systems for the transmission or broadcasting mainly audiovisual or multimedia digital data. Although the present invention is particularly applicable to broadcast digital TV system, the present invention can equally be used for scrambling data for multimedia applications, Internet, transmitted in the fixed telecommunication network, etc.,The term MPEG implies data standards razrabotai for standardization, and, in particular, the MPEG-2 standard developed for digital television applications and approved in the documents ISO 13818-1, ISO 13818-2, ISO 13818-3 or ISO 13818-4. In the context of the present patent application, the term covers all alternatives, modification or development of basic MPEG, applicable in the field of digital data transmission.Next will be described, solely as an illustrative example, several embodiments of the present invention with reference to the accompanying drawings, in which: Fig.1 shows the elements scramblase system in accordance with one embodiments of the present invention; Fig. 2 depicts scramblers device shown in Fig.1; Fig.3 shows another variant of implementation of the present invention.As shown in Fig.1, scramblers system for digital television system includes scramblers device (scrambler) 1, Central management station 2 and the generator control word 3. The generator control word 3 can be represented as shown in the drawing, a PC equipped with a reader for smart cards, are designed to work with a smart card containing the key shirovasti a block, rack-mounted, extra charge for installation in the control station 2, etc.,Input scrambling device 1 receives escrambiando transport packets from the multiplexer 4, and output scrambling device 1 is issued scrambled transport stream to the modulator 5, for its preparation before passing through the corresponding satellite or other transmission channel.The multiplexer 4 can be any conventional multiplexer, standards-compliant MPEG and capable of receiving digital information - video, audio, Teletext, etc. and form of these data unencrypted stream of transport packets. In a typical system, the MPEG video data, audio data and other data may be fed to a multiplexer in the form of a packetized elementary stream (PES - Packetised Elementary Stream). Other packetized data can be multiplexed in the transport stream.The output of multiplexer represent a sequence of transport packets having a header and a payload containing the PES or other data. Depending on the data supplied to the multiplexer, and the performance of the multiplexer stream p is any data.Other data types in the data stream supplied to the multiplexer, can be divided into sections. Additionally or alternatively, the data may also be sent to the multiplexer in the form of multiple tables or modules, for forming a completed application such tables are loaded and linked by the receiver/decoder at the other end of the transmission system. Like packages in a stream of transport packets of the table can be identified by using the values of table identifier, or TID.In the data stream, the data packets are identified by the identifiers of the package, or PID, and have one video PID, audio - other, etc., In the MPEG null packets have a fixed PID: h FFF. On the contrary, the PID value assigned to a particular type of data (audio data, video data and so on) can be defined by the provider of the content. More detailed information about the packet structure of MPEG transport stream, the PES format and partition your data into sections and tables, the reader can find in the international standards ISO 13818-1, ISO 13818-2, ISO 13818-3 or ISO 13818-4. These standards also specify the parameters of the physical interface level necessary to ensure compatible is(ASI Asynchronous Serial Interface). Possible and other communication channels or interfaces, such as SPI, LVDS, G703, etc.The modulator 5 may be a modulator of any conventional type, which can convert the digital stream of transport packets in a form suitable for transmission via telecommunication channels, such as satellite, cable, telephone, etc.,Scramblers device 1 is also connected to receive the ESM and the control word (CW), with the Central control station 2, which, in turn, is connected to the oscillator control word 3 and one or more conditional access systems 6, 7. The generator control word 3 is a PC, configured to generate a stream of arbitrary control word and is equipped with a reader smart card reader smart card containing the secret key to sign the data mentioned arbitrary control words generated in this way.The Central management station 2 can also be a PC or similar device and, in fact, can even be combined with the generator control word 3. In accordance with the principle of "simultaneous" encryption for multiple systems at the program access encrypts the control word and other data with its own encryption key, to compose a message ECM for broadcast to subscribers using the system access control.Therefore, the Central control station 2 is configured to transmit data to the said control word via the corresponding communication channel in conditional access systems 6, 7 which form an encrypted message ECM, which is transmitted back to a Central management station 2. The Central management station 2 then transmits the message to the ESM (in the form of one or more transport packets) and data corresponding control word via, for example, channel TCP/IP on scramblers device 1.To exclude the possibility of breaking the security of the communication channel and replace the data control word other data coming from outside the system, the data control word subscribe in the time of generating a secret key contained on a smart card associated with the generator 3, as described above. Scramblers device 1 has an equivalent public key, which can be used to authenticate the signed data, in accordance with known methods of authentication with secret/open keys. In that case, if the can refuse scrambling a stream of transport packets.Can also be done additional encryption of messages sent between a management station 2 and scramblers device 1, for example, by using a symmetric encryption scheme and a pair of secret keys that are stored in the Central control station and scramblers device.Below with reference to Fig.2 will be described in detail the structure shown in Fig. 1 scrambling device. As will be clear, some of the depicted elements are functional blocks of the decoder, which can be implemented either in hardware or in software form, or a combination of both.The device 1 receives via the inputs 10, 11 unencrypted transport stream generated by the multiplexer. In order to ensure a certain level of protection against problems in the communication channel between the multiplexer and scramblers device provides a redundant connection, as shown in the drawing, where the same transport stream is received at each of the inputs 10, 11. This connection can also be used for redundant data streams originating from different multiplexing of sources.The synchronized by a Central microprocessor 15 decoding and synchronizing elements 12, 13. Decoding and synchronizing elements check whether on the physical level of the input data stream (MPEG presence of synchronization information, the correct parameter ASI or other interface, etc). Synchronizing element restores byte synchronization of MPEG to ensure synchronous serial data processing. These elements are standard and are used, for example, in the blocks of the receiver/decoder corresponding to the MPEG standard, as one of the circuit elements of interpretation.In case of any errors in the stream received via one of the inputs, the microprocessor triggers the execution of the switching element 14 transition to the stream received via another entrance. As will be seen, taking into account the need to ensure continuity of data flow redundancy of this kind can also be applied at other levels scramblase system.As will be described below, the transport stream coming through the outlets 18, 19, is properly scrambled stream. However, in order to supply the device descrambling and unmodified signal, either for testing purposes or to bypass scramblase schemes in know, which allow you to simply skip through the device, the stream of transport packets (adopted from any of the inputs or through both inputs).As shown by the cross-connection 20, the channel input/output in bypass mode can be switched so that the flow passed through the inlet 10, is outputted via the 18, and the flow passed through the inlet 11, is outputted via the 19. Alternatively, by changing the configuration of the connection 20 log 10 can be connected to the output 19 and the inlet 11 to the outlet 18. Cross connection 20 may be implemented, for example, by using external wires entered in the device configuration, which may be, if necessary, changed. This cross-connection also allows to simplify the verification of individual data channels.The advantage of such embodiments is that the bypass mode is completely passive, so that the signal can pass through the device even if the break in the power supply. In the case of activation with relay bypass mode can be activated automatically when a failure occurs in the power supply.Below will be described the operation of such elements as the counter 21 PID, the PID filter 22, the removal unit 23 PID, block remapping Rfilter PID 22 and the counter 21 PID, known as the elements of the receiver/decoder, where they are used in operations demuxing and diskriminirovaniya performed on accepted traffic flow.Similarly, items such as scrambler 26, the insertion of the packages 25, block remapping PID 24 and removal unit 23 PID, known as elements of a conventional combined device multiplexer/scrambler. Although the effect of this for the specialist should not be difficult assembling and combining these elements should, however, be recognized that the particular combination and relative positions of these elements in relation to a separate external device, as described, is absolutely unique.The counter 21 PID, programmable microprocessor 15 can be used to verify the presence or absence of packets with the specified PID in the stream of transport packets, as well as to count the number of packets with this PID is available in this block the transport packets. In particular, the counter 21 PID can be used to count the number of null packets that are present in the transport stream (PID MPEG - h FFF), to assess the frequency with which can be inserted an additional is which specific package, such as package private data that should be modified or deleted by the device.In order to more fully analyze the data stream is applied to the block 22 PID filter and demultiplexer that allows you to filter the sequence of packets having a particular PID value and copy these packets in the memory 27. The block 22 of the filter can also be used to perform filtering at a lower level in a stream of transport packets, such as filtering sections and/or tables of data contained in the payload of the transport packet. As regular blocks filter used in the receiver/decoder, the filter 22 may be programmed to identify the IDs of the tables, values of extension IDs tables, data partitions, and so on,The configuration of the filter 22 is set by the microprocessor 15, which, in turn, connected through a network adapter 28 and the channel TCP/IP to a Central management station, as shown in Fig.1. Thus, the Central management station can choose which packets to filter the data stream.Selected or filtered packet of this flow data is copied by the filter 22 in the memory 27, the light is ing management station for further analysis or modification. The Central management station may decide, for example, to filter out certain packages of private data to some set value PID for modification, or may request a modification of the packages used to describe the content of the transport stream if the transport stream must be introduced a completely new package with a new PID.It is clear that the fact that some package was filtered and copied into memory, does not mean that this package has been physically removed from the transport stream. Accordingly, in the case when packets with a certain set value PID must be entered in the transport stream, you will need to delete the already existing packages that have this value in order to avoid conflict. To perform this operation block delete package made with the possibility of conversion packages to some set PID value in the null packets by, among other things, change the value of the PID of these packets to the PID value of zero package. In particular, in the case of the MPEG standard package, in the packet header must be made the following changes: PID installed in h FFF.Transport_ scrambling_ control (scrambled during transmission") fitted the load) is set to 0.The continuity counter is changed to 0 (optional).It is clear that the null packets of the transport stream is not read, since it is assumed that they do not contain a payload, and converted thereby packages for all destinations and goals are remote. In addition, as will be described, the insertion of the package 25 is actually made with the possibility of detecting all of the null packets and replace them with packages that are stored in memory for introduction into the transport stream.Additionally and in the same manner as removal unit 23 removes certain packages, transforming them into an empty packets by modifying the values of their PID, block remapping PID can be done with the ability to change any setpoint PID to the new value. This may be necessary in order to overcome the limitations of the multiplexer-source, which delivers the multiplexed transport stream on scramblers device, and/or in order to avoid conflicts on PID with the new packages, subject to introduction into the transport stream. For example, this block can be configured as follows: the Value of the input PID Remapped PID 0x20 - h h - h h - h h - h
Modifica PID, remain unchanged. As in the case of the removal unit, the configuration unit PID remapping in practice is determined by the Central control station. In that case, when the insertion of the packages 25 was programmed to the introduction of packets with PID value that is not present in the original transport stream, resetting the PID values may be unnecessary. On the contrary, in the case when it was discovered the likelihood of conflict, the block remapping PID will replace conflicting PID value in the original transport stream to the new value.Let us now turn to the insertion of the package 25. This unit is made with the possibility of inserting the transport packet stored in the memory 27, replacing any zero package, available in the transport stream. Unit 25 does not perform any changes or reorganizations in the PID values of the inserted packets. As mentioned above, possible conflicts PID resolved by block remapping PID 24 and the removal unit 23 PID.Packages can be introduced into the transport stream in several different ways:
1. Cyclic data insertion. This method can be applied, for example, for the introduction of static data tables. In this case, the packets are stored in the ocher is a mere image, moreover, the package is entered whenever a null packet. The scheduler uses the continuity counter (i.e., serial number) in the sequence of packets in order to ensure the correct numbering of the transmitted sequence.2. Synchronized insert the ESM. In this case, the messages ECM are taken from the management station with the data of the corresponding control word. Messages ECM are inserted as cyclic data synchronized with the operation of the scrambling performed by the scrambler 26, which uses the data control word.3. Once the data is inserted. In this case, the sequence of packets is inserted into the transport stream only once. The sequence is stored in memory in the normal queue FIFO type (first in first out), so the next queue, the packet is inserted when the next null packet. In this case, the continuity counter of the packets in the sequence can be pre-set before it is adopted scramblers device. Once the data is inserted can be used to enter data taken from the management station 2, or from other sources, such as generalguidelines management station 2 on scramblers device 1 when any of these ways, can be identified associated with it by the ID value, so that the Central management station may cancel or revoke an introduction to traffic flow a packet or sequence of packets.The stream of transport packets, modified and includes the required messages ECM, then fed to the scrambler 26. Scrambler 26 may be a digital scrambler, which are used in any conventional device multiplexer/scrambler". To perform the scrambling of the transported data (but not messages ECM) this scrambler is supplied with relevant information by the PID for the preparation of the groups of packets with PID values, indicating that these packages must be scrambled.The scrambling may be performed at the level of the transport stream, i.e., the scrambling of the entire payload of the transport packet, or (for example, for the data type of the audio data and video data) at the flow level PES, i.e., the scrambling of the payload of the PES packets contained within the transport packets. Any of these types of scrambling may be preferred, depending on the requirements of the service provider.Scrambler performs the scrambling data with the influencers of the word subscribe on the Central management station secret key, and control word and the signature are sent to the scrambler 1. Device 1 provided with a device for smart card readers that can read the smart card 29 containing the equivalent public key. At the same time the control word is passed to the scrambler 26, the microprocessor 15 verifies the signature using the public key, as shown in the drawing. If authenticity has not been confirmed, the scrambler 26 can be given the command to stop the scrambling or ignore the received control word.As mentioned above, the data transmitted between the Central control station and scramblers device can be optionally encrypted using a symmetric algorithm, and in this case the smart card 29 can also contain a key necessary for decoding transmitted data pre-authentication operation.In addition, in the case when scramblers the device is made capable of receiving data transmitted from other sources, independent from the Central management station (for example, source EMM), the network used to transmit messages from the Central control station on scramblers device can be fizicheskoi adapter 28 will include two separate network interface, moreover, the interface for receiving data from other sources will be of type "read only" to prevent reprogramming scrambling device sources external to scramblase system.As can be seen from the drawing, scramblers device 1 is also provided with outputs 30 and 31, which allows to obtain from scrambling device output, representing the "pure" transport stream. Unlike the output data produced through a bypass switches 16, 17, the outputs 30, 31 represent the transport stream after its modification by introduction and removal of packages, etc., but prior to scrambling. This output can be used to control the operation of the device and to monitor the "net" results of operations. In addition, the device may be equipped with a standard interface 32 type RS232, to query the microprocessor for testing purposes, to configure the network or to perform an insert operation (data transfer file) from the terminal.In Fig.3 shows another variant of implementation of the present invention, in which the number of elements of the system shown in Fig.1, duplicated, for arespectively the control unit (the control station) 2A and the generator control word 3A with backup scramblers device 1A.Part of access control systems involved in generating the ESM, also duplicated, and this is shown by the positions 6A, 7a. Audio, video and other signals can be fed back by the multiplexer 4A. In addition, this system can be supported by the second transmission channel to generate a transport stream MPEG. It is shown by a multiplexer 40 (and its backup multiplexer 40A), scramblers device 41 (and its backup scramblers device 41A) and the modulator 42.Manage different backup system elements can be organized with the help of the communication channel between the management stations 2, 2A and/or a communication channel with the supervisor or remote terminal, shown by line 43. In particular, provision may be made for periodic control signals "I'm alive" from station 2 to station 2A, and station 2A takes control of generating messages ECM and data control word in the event of any failure in these signals. Similarly scramblers device 1, 1a may be subject to management stations to ensure the transfer of functions from one to another in the event of a failure in one way or another scramblers device.In addition, each scramblers device and/or the value of the control word set intervals of time, so that device 1, 1a could continue to function in case of disconnection from the control stations 2, 2A and/or after an interruption in the power supply.Alternatively, the memory may be fixed beforehand specified configuration and the value of the control word, which will be used in case of disconnection and/or turned off.Configuration values may include information about the identifiers of the packets that the device must suppress, substitute, etc.
1. Scramblers device for digital transmission of audio-visual information containing input arranged to receive the stream of transport packets from a physically separate multiplexer, scramblase unit for scrambling the received transport stream in accordance with an arbitrary control word and an output for transmitting a scrambled transport stream on a transmission medium for transmission, performed by providing the possibility of scrambling a stream of transport packets scramblers device independently of the operation of the multiplexer.2. Scramblers device p. the load of the selected packets of the transport stream packets.3. Scramblers device under item 1 or 2, which further comprises means insert packages for data input transport packet in the transport stream.4. Scramblers the device according to p. 3, in which the tool insert packages made with the possibility of introduction of the data packet in the transport stream by detecting the presence of a null packet, and the substitution of such a package you want to insert the package.5. Scramblers device according to any one of the preceding paragraphs, which further comprises means for filtering the packets to identify and copy in the memory part or all of a specified transport service.6. Scramblers device according to any one of the preceding paragraphs, which further comprises a removal tool packages to remove the specified package or group of packages.7. Scramblers the device according to p. 6, in which the removal tool packages are designed to remove the package by replacing the identifier of the packet to the identifier of the null packet.8. Scramblers device according to any one of the preceding paragraphs, which further comprises means counting packages counting in the received transport stream is yousee device according to any one of the preceding paragraphs, which further comprises means for remapping to change the value of the packet identifier assigned to certain specified package or group of packages.10. Scramblers system containing scramblers device according to any one of the preceding paragraphs, and Central control means for generating a control word transmitted in scramblers device and accept them for scrambled transport stream.11. Scramblers system under item 10, which further comprises one or more access control systems connected with the Central control means and configured to receive the control word that is passed to the Central control means, and transmitting back to the Central control means of an encrypted message containing the aforementioned control word.12. Scramblers system under item 10 or 11, in which the Central control means is arranged to certifying the authenticity of all or part of the data transmitted from the Central control means for scramblers device, by generating a signature using a secret encryption key.13. Scramblers these Central control means, involved in the formation of a single transport stream.14. Scramblers system according to any one of paragraphs. 10-13, in which the only or every scramblers device is configured to save the settings its working configuration and/or the current value of the control word.
FIELD: access control systems.
SUBSTANCE: proposed signal processing method involves reception of digital input signal incorporating first component of scrambled signal and second component of scrambled signal; binding of input signal with detachable intelligent card unit for processing first scrambled signal component and generation of first descrambled signal which is internal with respect to intelligent card unit and for processing second scrambled signal component in case of response to first descrambled signal to generate second descrambled signal and to integrate first scrambled signal component of input signal and second descrambled signal so as to produce output signal; reception of output signal from intelligent card unit and processing of second descrambled signal to shape signal adapted for display.
EFFECT: improved control of access.
1 cl, 9 dwg
SUBSTANCE: device converts signals to digital video information. Compression device is made in such a way, that it receives digital video data, coming from source data generator, and compresses digital images. Encoding device receives compressed digital video data coming from compression device and encodes compressed digital video data. Recording device stores encoded compressed digital audio data at data carrier.
EFFECT: higher data transfer speed.
3 cl, 17 dwg
FIELD: broadcasting systems.
SUBSTANCE: method includes broadcasting of message, including text portion intended to reach user, while said message is transferred in form of conditional access message.
EFFECT: broader functional capabilities.
5 cl, 7 dwg
FIELD: digital audio and video technologies.
SUBSTANCE: device for storing information is made with possible receipt of data carrier, decoder is made with possible receipt of compressed encoded signals from data carrier and transmitting signals to decrypter. Decrypter is made with possible decryption of compressed encoded data encrypted data and transmitting these to decompressor. Decompressor is made with possible receipt of compressed encoded signals from decrypter and decompression of compressed encoded signals to reproduce the image.
EFFECT: higher precision, higher efficiency.
3 cl, 17 dwg
FIELD: engineering of systems for loading and reproducing protective unit of content.
SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.
EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.
3 cl, 4 dwg
FIELD: copy/access protection.
SUBSTANCE: audio/video stream processing system includes module for inputting audio/video stream, which receives audio/video stream, containing field of information about audio/video content, including first copy control information, and audio/video content field, including second copy control information; reading module which extracts first and second copy control information from received audio/video stream and determines whether first copy control information is modified; and module for decoding audio/video stream, which processes received audio/video stream in accordance to predetermined criteria, if first copy control information is modified.
EFFECT: protection of content, prevented unsanctioned processing of content.
15 cl, 8 dwg
FIELD: cryptographic protocols, in particular, efficient encoding at content level.
SUBSTANCE: method is provided for generation of digital data with cryptographic protection, encoding content and composed into messages. Encoding of at least a part of the message is performed and encoded messages are provided in form of output signal in format, allowing the interface of server service to compose a message in form of at least one packet, including at least one header and useful load, where at least one header includes information, which allows the service interface in the client to assemble each message for decoding application using useful load of packets. Each message is divided onto the first and at least one additional section of the message. At least one of the message sections is encoded in such a way that it may be decoded independently from other message sections. Assembly of encrypted message is performed by addition of resynchronization marker, separating the message section from adjacent message section and including precise information about synchronization, at least for additional sections of the message.
EFFECT: synchronized decoding process in case of data loss.
14 cl, 8 dwg
FIELD: receivers/decoders of services, provided in conditional access mode, in particular, receivers having storage block (memorization device), such as a hard drive.
SUBSTANCE: method is claimed for storing an event, encrypted with usage of at least one control word (CW) in receiver/decoder (STB), connected to safety block (SC), where at least one control word and access privileges for aforementioned event are contained in access control messages (ECM-messages), method includes following operations: recording of encrypted event, and also of at least one ECM-message in storage block; transmission of at least one ECM-message into safety block (SC), verification of the fact that safety block (SC) contains access privileges for aforementioned event, generation of receipt (Q), which contains data related to management of event in reproduction mode, where receipt (Q) contains signature (SGN), generated on basis of the whole ECM-message or its part with usage of secret key (K) contained in safety block (SC) and specific for every safety block, where during later consumption of event the authenticity of the receipt (Q) is verified in prioritized manner compared to conventional access privileges, stored in safety block (SC), storage of aforementioned receipt (Q) in storage block.
EFFECT: provision of method for storing an event.
6 cl, 3 dwg
FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.
SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.
EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.
5 cl, 1 dwg
FIELD: information encryption.
SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.
EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.
12 cl, 2 dwg