Conditional access data decryption system

FIELD: information encryption.

SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.

EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.

12 cl, 2 dwg

 

The technical field

The present invention relates to systems and decrypt data with conditional access.

The level of technology

Systems of this type are used in particular in the field of digital pay-TV. In such systems is used to transfer the digital data stream on TV in an encrypted form that allows you to control the use of these data and to set the conditions of such use. The specified encryption is performed using the control words that are replaced at certain intervals of time (usually from 5 to 30 seconds, can be used longer intervals) to prevent any attempts to retrieve these control words.

Since the receiver must decrypt the stream is encrypted using the specified control words, these control words are sent to the specified subscriber receiving device separately from the flow through the control message (ECM), in turn encrypted using a private key of the system of information transmission from the transmitting center in the security module of the subscriber device. In fact, the security operations are performed in the module protection (SC module), which usually is a smart card that is secured. This module can be the AK interchangeable and integrated in the receiving device.

In the process of decrypting the ECM messages, SC-module checks the availability of access permissions to the given stream. These powers are provided by the authorization messages (EMM messages)by means of which the loading of these powers in the security module (SC module). There may be other ways, for example, the transmission of the decryption keys.

Hereinafter the term "event" will mean the content, audiodelay (e.g., MP3 format) or data (e.g., game program), encrypted (encrypted) by a known method using control words, each event may be encrypted using one or more control words, each of which has a certain limited period.

Charging using these events in real time is based on the principle of subscription, one-time purchase event or payment by quanta of time.

The subscription allows you to grant permissions to use one or more channels through which are passed the event, and provides the subscriber with the ability to receive these events in decrypted form, if in his protection module contains the appropriate authority.

On the other hand, it is possible to define the powers, sootnosenie particular event, for example, a particular movie or a football match. The subscriber can purchase these powers (for example, to buy them), and access to the specified content will be monitored specifically those powers. This method is known as "pay per view" (pay-per-view, PPV).

Finally, when paying by quanta of time you use the credit, which is stored in the module protection (SC module) and debited in accordance with the actual consumption of the service data of the subscriber. In this case, the debit a specified credit for one quantum is, for example, every minute, regardless of channel or event. At the same time in different technical implementations can be used to change the length of the time interval corresponding to a given quantum of charging, the magnitude of the quantum of charging or both of these parameters, whereby to be adapted to account for the type of the passed event.

The control message (ECM message contains not only the control word, but also the conditions for this control word required for transmission back to the receiver/decoder. When the decryption of the control words is made whether the powers of the relevant specified in the message to the conditions of access protection module.

The control word is returned to the subscriber device only in that case, the AE, if the comparison gives a positive result. The indicated control word contained in the control message (ECM message, encrypted using key transfer.

Download powers in the protection module is, as a rule, by means of authorization messages (EMM messages)that in order to protect, as a rule, in turn encrypted using another key, called the authorization key (RK-key).

In a known implementation broadcast pay-TV, decryption of the content at a particular point in time requires the following three elements:

- event data is encrypted using one or more control word (control word CW);

control messages (ECM messages containing the control words (CW) and the conditions of access conditions, AC);

- the appropriate authority stored in the module protection (SC module) and used for checking these terms of access.

Any of the above systems decryption currently includes the device relatively large dimensions. This device connects to a target device control or view, for example, TV via cable. The possibility of easy relocation is not provided. Thus, the subscriber can not simply remove your decoder, connect it to another body is izuru and use their individual powers. In addition, existing systems have only a few plants have a line of feedback to transmit information from the decoder to the dispatching center. In addition, units with line feedback, as a rule, do not have convenient communication interface with the specified transmitting center. In fact, the line of feedback are used for communication between the decoder and the sending centre, but not between the subscriber and the centre. So easy and quick receive the individual mandate is difficult. In addition, all known systems used streams containing data, control messages, and messages authorization from a single source, which controls only subscription to its own services, and does not provide any options to subscribe to services from other sources.

Communication with the transmitting center was improved in systems capable of loading individual powers. This type of system is described in U.S. patent 5,901,339. This document describes a system that includes several centers broadcast data encrypted or events intended to convey these events on the target device, for example, a television or other display device. These events are associated on the one hand, with a unique identification number and, on the other the second side, code decryption. The system also includes a download center, which is transmitted identification number of each event associated with a specific code decryption, to pass this event on broadcast channels. If the user wants to acquire the authority to decrypt a particular encrypted event, it binds to the download center via a communication device, such as a telephone, and reports the identification number of the event which he wishes to purchase. Download center passes the decryption for this event at the communication device. In turn, the boot device transmits the code to the decoder of the user. Thus, during transmission of the event on broadcast TV decoder already has the code decryption, and can decrypt and demonstration of this event.

This system has a certain set of constraints. In particular, the code decryption is sent at the user's request, so it is inconvenient to use multiple codes for the same event. In addition, this code should remain constant throughout the transmission of the specified event. This fact is a disadvantage from the point of view of security. For comparison, there are systems that use a change of control words used for encryption and Gasimova the Oia events at intervals in the range from 2 to 30 seconds.

In the system described in U.S. patent 5,901,339, several centers broadcast associated with a single download center. This implies, in particular, that the cryptographic means all broadcasts must be in the same download center that is not the optimal solution from the point of view of security.

This system has other disadvantages associated with security. On the one hand, the transmission code decryption from the download center in the decoder of the user is performed through a telephone line via a telephone without the use of remedies. This means that there is a relatively simple possibility of unauthorized receipt of this code and its use in combination with another decoder. On the other hand, the download center does not have any information about the decoder, the requesting code decryption, and therefore, there is a possibility to use this code on any decoder. This means that after the legal acquisition code decrypt this code can be easily transferred to other decoders to prevent unauthorized decryption of events or data.

In the document "EBU Technical Review winter 1995, No. 266), entitled "Functional model of a system with conditional access", describes other what their options conditional access systems, intended, in particular, for the implementation of pay-TV; in these systems use a two-level decryption, namely, providing security on the ground level through the use of control messages (ECM messages) and security at the second level using the authorization messages (EMM messages). System with conditional access in accordance with one of these options is designed for use with several broadcast data with conditional access. In particular, the described system includes a system control authority, which handles the creation and transfer of authorization messages (EMM messages), and authorization control, which carries out the creation of the control words used to encrypt data transmitted by the Central broadcast.

All of the examples presented and described in this document, each center broadcast is rigidly connected with the system control authority. You cannot join a single distribution center with multiple systems management authority. In the system according to this document, the use of one or more service providers completely transparent to the user. In fact, the latter is not able to select one of several is the space of a few suppliers, but only the service provided by one or more providers.

The described system does not resolve the problem simply moving decoder and acquisition of individual powers, as well as the communication problem between the user and the control center.

Disclosure of inventions

The problem to which the present invention is directed, is to offer a way to address the shortcomings of previous systems of the prior art and the creation of a system implemented with a simple move, and use this system in combination with almost any the appropriate target device. In addition, this system simplifies the management of access privileges at the Central level broadcast and implements more flexibility for the user, and it guarantees optimal security, and data received by the user and intended for a specific decoder cannot be used in another decoder.

In accordance with the invention the solution of this problem is achieved by applying system decrypt data with conditional access, and this system includes the following components:

center broadcast, intended for the transmission of data encrypted using at least real the control word;

at least one control center that is designed to transmit individual messages used to manage access to encrypted data;

- the target device, designed to convert these encrypted data into a form suitable for use;

decoder that is designed to decrypt at least part of the encrypted data and located between the center of the broadcast and the target device;

characterized in that

the decoder includes a receiving module and a decryption of the encrypted data and the control module are authorized to access this data, and these modules are physically different devices, the receiving module is connected to the target device, and the control module communicates with the receiving module;

the control module includes a protection module, which has a unique identification number and data, ensuring implementation of the secure connection between the specified control center and the security module, with the specified protection module checks the content of individual messages and depending on this content allows or denies the decryption of the control words (words);

the receiving module receives the encrypted data transmitted by the center is yokohoseale transmission, through the first communication line, and the control module receives individual messages received via the control center on the second line.

List of figures

Other features and advantages of the present invention will become apparent from the following descriptions with reference to the accompanying drawings, which illustrate a variant embodiment of the invention, without introducing any limitations. In the drawings:

- figure 1 shows the General structure of the system in accordance with the first embodiment of the present invention;

- figure 2 presents the second variant implementation of the present invention.

The implementation of the invention

According to the above drawings, the system in accordance with the present invention mainly includes: center 10 broadcast, designed to transfer encrypted data; at least one control center 11, for transmitting the authorization messages (EMM messages) and the implementation of management authorized to access the encrypted data; the target device 12, designed to convert these encrypted data into a form suitable for use; the decoder 13 that is designed to decrypt at least part of the encrypted data.

Center 10 broadcast of zashifrovan the x data may be conventional device, the connection which is available on cable or satellite channel. This center sends the encrypted data. The nature of these data, of course, depends upon how you use them. Next, it is assumed that the data used in the television system with conditional access. Therefore, these data represent the content of the ARTICLE, i.e. the image and sound. Specialist in the art it is clear that we can refer to other data specific to that particular application. These data, or at least some of them, are encrypted using a control word; such encrypted data is marked as cw (ST).

In accordance with the first embodiment, the control word cw is transmitted by the center 10 broadcast in encrypted form simultaneously with the transmission of encrypted data. In accordance with another embodiment, the broadcast transmission of these control words cw may be performed by control center 11, because the encryption control messages (ECM messages containing the control words cw is specific to each centre 11 management method depending on the Protocol.

The term "individual reported the e" means the authorization message (EMM message) in the case when a control message (ECM messages) are not specific, and the data access control is performed by these individual messages, i.e. access is determined by the powers specified in these messages. The control word cw is extracted from this message is sent to the module 14 can receive and decrypt the data, usually in encrypted form, so that the control words cw could not be copied and transferred to another user.

Center 11 management or, more generally, the centers 11 control, manage access permissions to the data. A possible variant in which each of these centres 11 controls a particular type of power, in particular the subscription, access to individual powers, other combinations of channels. For this purpose, these centers 11 management also carry the broadcast of the corresponding EMM messages intended for reception by respective decoders.

The target device 12, of course, also supports the processing of transmitted data. In this case, television with conditional access target device is a TV.

The decoder 13 includes a module 14 can receive and decrypt the data and the control module 15 are authorized to access the data. Module design 15 management authority provides for its easy movement. It is quite expedient implementation based mobile phone. Module 15 of the control authority also includes the module 16 protection (SC module). The specified module 14 reception and decryption may include standardized means of communication with management module that enables communication module 14 can receive and decrypt with any control module.

Better protection module 16 may include memory area related to the various control centers. In the case of use of a mobile telephone, the telephone operator can hold the memory areas, which are activated in the settings for each control center 11. As these parameters can be used, for example, the decryption key of the EMM messages, identification of the subscriber in accordance with the system that is specific to a control center, or even a loan.

If different operators do not want to embed your protection in common module, you can use design with connectors, allowing you to easily change the security module or simultaneous use of several such modules; this method can be applied for reasons of flexibility of use. These modes which can be a smart card in combination with an appropriate reading device in the control module, or have a more compact form that allows you to use multiple modules 16 protection at the same time. In this case, each chip will control the powers coming from one of the centers of 11 control.

You can also use cards or other media that contains multiple circuits, each of them controls the powers coming from one of the centers of 11 management. This type of module 16 protection are presented in figure 2.

Module 16 protection, or each of the modules 16 protection (if there are multiple modules), contains a unique identification number (UA-a) and the data control center 11, interacts with this module (modules) 16 protection with the appropriate authority. This means that to receive and decrypt the EMM messages transmitted from the center 11 of the control module 16 protection must first be loaded with data related to the control center 11. Data control center 11 represents, for example, the encryption key or code to create the encryption key and are intended to establish a secure connection between the center 11 of the control and protection module 16. In accordance with one of the preferred embodiments, the EMM messages are sent to the module 16 protection in encrypted form, the encryption performance is by using the key, associated with the appropriate control center, and a unique identification number (UA-number) of the protection module. Thus, the module 16 protection of the EMM message cannot be used in another module 16 protection. In addition, the external module 16 protection, not having the data control center 11, may not use the EMM message, because it is not able to decrypt the specified EMM message.

Module 15 of the control authority preferably includes a reader, a smart card designed to work with a credit card or card 17 pre-payment. This is the implementation of control payment upon request events. In addition, this scheme allows to use the module 15 of the control authority as an electronic wallet. This card 17 is shown in figure 2.

According to one of embodiments, which assumes the use of multiple centers 11 control data transmitted to the module 14 can receive and decrypt, use the following method: to the specified encrypted data is added descriptive information that allows the user to contact the appropriate center 11 management. This descriptive information is passed from module 14 can receive and decrypt in module 15 of the control authority and is displayed on the specified mo is ule 15. The user can select the control center 11 and to initiate communication with him, if its module 16 security supports security functions required to communicate with the control center 11. This descriptive information includes a description of a video or audio product and, in addition, the phone number or address on the Internet. This address is used for communication, i.e. sending individual messages with the purpose of obtaining power or keys needed to access encrypted data.

Module 14 reception and decryption can be directly embedded in the target device 12 (TV). In this case, to interpret the data related to this type of television, you need to have the module 15 of the control authority and powers corresponding to the desired event. The specified event can thus be viewed on any suitably equipped TV. This alternative implementation is schematically shown in figure 2. In accordance with another preferred embodiment, it can be used the unit in a separate housing, which is connected to the TV via a connecting cable or directly to the connector on the TV. This allows you to easily use the present invention in combination with existing TV sets.

The system according to the accordance with the invention operates as follows.

As mentioned above, the content of the ARTICLE is transmitted to the center 10 broadcast encrypted data. At the same time this is the first center provides the control word (s) cw, which are used to encrypt data. If the user wishes to use the data conditional access systems, for example, to view some event, for example, a film or a football match, access to which is determined by the powers, he must acquire the appropriate authority. The latter can be provided through the card 17 prepaid in module 15 of the control authority, or to load this module using means of communication between the module 15 management authority and one of the centers of 11 control, control access permissions.

To obtain the EMM messages, allowing to decrypt the control words cw that is required to decrypt the data and further demonstration event, the module 14 can receive and decrypt establishes communication with one of the centers of 11 management. As mentioned above, the module 14 can receive and decrypt can be a mobile phone. In this case, the connection is established by dialing the telephone number belonging to the centre 10 broadcast encrypted data. Select the event for which the user wishes to purchase the rights, proizvoditsa using pre-recorded "menu", each menu item is associated with a specific number on the keypad of a mobile phone. Download the EMM messages corresponding to the selected event occurs after pressing the confirm key on the telephone keypad. Specified of the EMM message is preferably encrypted using a key associated simultaneously with a unique identification number (UA-number) module 16 protection and data control center 11.

Module 14 can receive and decrypt connects to a TV, for example, is connected to the output of the last or is directly integrated in the TV.

In accordance with the first embodiment, the module 14 can receive and decrypt receives data ARTICLE, encrypted using a control word cw, the control words cw, from the first center 10 broadcast encrypted data. He also receives the EMM message received from one of the centers of 11 management. Module 14 can receive and decrypt transmits the control word cw in module 15 of the control authority. This transmission can be performed, for example, by infrared radiation or radio waves. The specified module 15 of the control authority verifies the legitimacy of the acquisition of the powers corresponding to the selected event. If legitimacy is confirmed, the ECM messages are processed in fashion is Le 16 protection to extract the control words cw. These control words cw are transmitted with a periodicity corresponding to the periodicity in the data encryption module 14 can receive and decrypt which includes the control word cw used to decrypt the data and further demonstration events in viewable form.

In accordance with the second embodiment, schematically shown in figure 2, the stream containing the encrypted data, the ECM messages and EMM messages accepted by the module 15 of the control authority. This thread is processed, as described above, and the decrypted data is transmitted to the receiving device in an unencrypted form.

The described system allows you to create easily portable decoders that can be used in combination with any TV. When the module 14 can receive and decrypt built into the TV, to gain access to the event is enough to have the module 15 of the control authority. This eliminates the restrictions inconvenient for users. In addition, the absence of binding centers 11 management, performing message transmission authorization to the centers 10 broadcast encrypted data, expands the choice offered to the user, and facilitates the use of conditional access systems.

The decryption of the control words cw are made in module 15 the Board powers then these control words are transmitted to the module 14 can receive and decrypt, so the connection between the two modules should preferably be protected. There are different procedures create the binding, commonly used for communication between the security module and the decoder. In this case, these procedures are used for communication between the module 14 and reception and decryption module 15 of the control authority. An example of this type of connection is described in the patent document WO 02/052515.

To ensure that the control words cw will not be passed to other modules of the reception and decryption, as well as in the scheme with two levels, i.e. in the case of individual ECM message center 11 management may require the presentation of an encryption key specific to that module 14 can receive and decrypt. This key is directly encoded in the module 14 can receive and decrypt and unique for each module.

If the ECM messages containing the control words cw are sent through the control center 11 or similar case, when the event is encrypted using a single key that is sent to the module 16 protection control center 11, the center 11 management performs additional encryption of the specified control word cw using a unique key module 14 can receive and decrypt, which then directly encryption, system-specific communication between the center 11 of the control and protection module 16, for transmission of the control word cw module 16 protection module 15 of the control authority. Thus, if the ESM message will be intercepted outside the security module, the received control word is unsuitable for use in another module receiving and decryption, because it is encrypted using a unique key module, the owner of which has acquired the authority to review the legitimate way.

In accordance with one variant of implementation, the communication between the module 15 of the control authority and control center 11 is a protected connection type to point-to-point. Therefore, it is possible to transmit commands corresponding to certain images and events passed by the center 10 broadcast encrypted data. This function is used to send commands through the control module or answers to questions.

In one embodiment, the application passed to the decoder the images are real images related to casino games such as roulette or Black Jack, and the owner of the module 15 of the control powers of this type can play games interactively and in real time, wherever he was. The remedies implemented for use in the field in the parent access to the data transmitted, can be used in the above area. In this embodiment, application of a casino associated with the center 11 of the control to determine the identity of the owner of the module 15 of the control authority, or, at least, that the owner of the solvent. Center 11 provides that the owner of the loan and reports this information to the casino.

1. System decrypt data with conditional access, which includes the following components:

center (10) broadcast encrypted data intended for broadcast data encrypted by using at least one control word (cw);

at least one center (11) control designed to broadcast personal messages (ECM messages, EMM messages)used for management access to the encrypted data;

the target device (12), designed to convert these encrypted data into a form suitable for use;

decoder (13)that is designed to decrypt at least part of the encrypted data, and located between the center (10) broadcast encrypted data and the target device (12), characterized in that

decoder (13) includes a module (14) receiving and Gasimova the Oia encrypted data, and the module (15) management authority to access this data, and these modules are physically different, the module (14) receive and decrypt connected to a target device (12)and a module (15) the management authority is configured to communicate with the module (14) reception and decryption;

module (15) management authority includes the module (16) protection, containing a unique identification number (UA-a) and the data that provides the implementation of a secure connection between the specified center (11) of the control module (16) protection, and the specified module (16) protection checks the content of individual messages (ECM messages, EMM messages) and depending on the specified content allows or denies the decryption of the control words (words) (cw);

module (14) receive and decrypt receives the encrypted data transmitted by the center (10) broadcast encrypted data, the first communication line, and the module (15) the control authority accepts private messages (ECM messages, EMM messages)coming through the center (11) control the second communication line;

module (15) management authority contains data about each of the centers (11) the management authority in connection with which there is in these modules.

2. The system according to claim 1, characterized in that the IDE between the module (14) receiving and decrypting module (15) privilege management is carried out through the waves.

3. The system according to claim 1, characterized in that the module (15) the management authority is a mobile phone.

4. The system according to claim 3, characterized in that the module (16) protection has the functions of identification required to use the telephone, and at least one memory relating to a specific center (11) of the administration and the memory contains security settings for receiving messages authorization (EMM messages) from the specified center (11) of the control.

5. The system according to claim 1, characterized in that the center (10) broadcast encrypted data broadcasts control messages (ECM messages containing a control word or words (cw), as well as the fact that individual messages from a center (11) management represents the authorization message (EMM messages).

6. The system according to claim 1, characterized in that the center (11) control broadcasts personal messages containing a control word or words (cw)and the module (16) protection module (15) the control authority has the means of determining whether the message for processing by the specified module (16) protection, and means of transmitting specified in the control word (cw) in the module (14) receive and decrypt.

7. The system according to claim 6, characterized the eat, what module (14) receive and decrypt contains a unique decryption key used for the processing of the control word (cw), and this key is used to encrypt the control words (cw) in the centre (11) control before sending them to the module (15) management authority.

8. The system according to claim 1, comprising at least two centers (11) control, characterized in that the module (16) protection module (15) management authority contains security settings for receiving messages authorization (EMM messages)coming from different centers (11) of the control.

9. System according to one of claims 1 to 8, and the center (10) broadcast encrypted data transfers descriptive information about the encrypted data, wherein the data contains characteristics that are required for communication with the center (11) control that implements the specified authorization data, the data is transferred to the module (15) the control authority, as specified module (15) the control authority performs communication with the desired center (11) management with the purpose of obtaining authorization message (EMM messages).

10. System according to one of claims 1 to 8, characterized in that the module (14) receiving and decoding built into the target device (12).

11. The system according to claim 1, characterized in that the module (14) receiving and desif the Finance includes standardized means of communication with the module (15) management authority that enables communication module (14) receiving and decoding with multiple modules (15) management authority.

12. System according to one of claims 1 to 8, 11, characterized in that the module (15) the control authority has the means to generate the key used to establish a reference to the module (14) reception and decryption, and the specified key is used for encryption and decryption of at least the control word (words) (cw)transmitted to the module (15) management authority and later in the module (14) receive and decrypt.

Priority items:

27.09.2002 according to claims 1-3, 10;

14.12.2002 on claims 4 to 9, 11, 12.



 

Same patents:

FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.

SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.

EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.

5 cl, 1 dwg

FIELD: receivers/decoders of services, provided in conditional access mode, in particular, receivers having storage block (memorization device), such as a hard drive.

SUBSTANCE: method is claimed for storing an event, encrypted with usage of at least one control word (CW) in receiver/decoder (STB), connected to safety block (SC), where at least one control word and access privileges for aforementioned event are contained in access control messages (ECM-messages), method includes following operations: recording of encrypted event, and also of at least one ECM-message in storage block; transmission of at least one ECM-message into safety block (SC), verification of the fact that safety block (SC) contains access privileges for aforementioned event, generation of receipt (Q), which contains data related to management of event in reproduction mode, where receipt (Q) contains signature (SGN), generated on basis of the whole ECM-message or its part with usage of secret key (K) contained in safety block (SC) and specific for every safety block, where during later consumption of event the authenticity of the receipt (Q) is verified in prioritized manner compared to conventional access privileges, stored in safety block (SC), storage of aforementioned receipt (Q) in storage block.

EFFECT: provision of method for storing an event.

6 cl, 3 dwg

FIELD: cryptographic protocols, in particular, efficient encoding at content level.

SUBSTANCE: method is provided for generation of digital data with cryptographic protection, encoding content and composed into messages. Encoding of at least a part of the message is performed and encoded messages are provided in form of output signal in format, allowing the interface of server service to compose a message in form of at least one packet, including at least one header and useful load, where at least one header includes information, which allows the service interface in the client to assemble each message for decoding application using useful load of packets. Each message is divided onto the first and at least one additional section of the message. At least one of the message sections is encoded in such a way that it may be decoded independently from other message sections. Assembly of encrypted message is performed by addition of resynchronization marker, separating the message section from adjacent message section and including precise information about synchronization, at least for additional sections of the message.

EFFECT: synchronized decoding process in case of data loss.

14 cl, 8 dwg

FIELD: copy/access protection.

SUBSTANCE: audio/video stream processing system includes module for inputting audio/video stream, which receives audio/video stream, containing field of information about audio/video content, including first copy control information, and audio/video content field, including second copy control information; reading module which extracts first and second copy control information from received audio/video stream and determines whether first copy control information is modified; and module for decoding audio/video stream, which processes received audio/video stream in accordance to predetermined criteria, if first copy control information is modified.

EFFECT: protection of content, prevented unsanctioned processing of content.

15 cl, 8 dwg

FIELD: engineering of systems for loading and reproducing protective unit of content.

SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.

EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.

3 cl, 4 dwg

FIELD: digital audio and video technologies.

SUBSTANCE: device for storing information is made with possible receipt of data carrier, decoder is made with possible receipt of compressed encoded signals from data carrier and transmitting signals to decrypter. Decrypter is made with possible decryption of compressed encoded data encrypted data and transmitting these to decompressor. Decompressor is made with possible receipt of compressed encoded signals from decrypter and decompression of compressed encoded signals to reproduce the image.

EFFECT: higher precision, higher efficiency.

3 cl, 17 dwg

FIELD: broadcasting systems.

SUBSTANCE: method includes broadcasting of message, including text portion intended to reach user, while said message is transferred in form of conditional access message.

EFFECT: broader functional capabilities.

5 cl, 7 dwg

FIELD: television.

SUBSTANCE: device converts signals to digital video information. Compression device is made in such a way, that it receives digital video data, coming from source data generator, and compresses digital images. Encoding device receives compressed digital video data coming from compression device and encodes compressed digital video data. Recording device stores encoded compressed digital audio data at data carrier.

EFFECT: higher data transfer speed.

3 cl, 17 dwg

FIELD: access control systems.

SUBSTANCE: proposed signal processing method involves reception of digital input signal incorporating first component of scrambled signal and second component of scrambled signal; binding of input signal with detachable intelligent card unit for processing first scrambled signal component and generation of first descrambled signal which is internal with respect to intelligent card unit and for processing second scrambled signal component in case of response to first descrambled signal to generate second descrambled signal and to integrate first scrambled signal component of input signal and second descrambled signal so as to produce output signal; reception of output signal from intelligent card unit and processing of second descrambled signal to shape signal adapted for display.

EFFECT: improved control of access.

1 cl, 9 dwg

The invention relates to an electronic audiovisual processing

FIELD: access control systems.

SUBSTANCE: proposed signal processing method involves reception of digital input signal incorporating first component of scrambled signal and second component of scrambled signal; binding of input signal with detachable intelligent card unit for processing first scrambled signal component and generation of first descrambled signal which is internal with respect to intelligent card unit and for processing second scrambled signal component in case of response to first descrambled signal to generate second descrambled signal and to integrate first scrambled signal component of input signal and second descrambled signal so as to produce output signal; reception of output signal from intelligent card unit and processing of second descrambled signal to shape signal adapted for display.

EFFECT: improved control of access.

1 cl, 9 dwg

FIELD: television.

SUBSTANCE: device converts signals to digital video information. Compression device is made in such a way, that it receives digital video data, coming from source data generator, and compresses digital images. Encoding device receives compressed digital video data coming from compression device and encodes compressed digital video data. Recording device stores encoded compressed digital audio data at data carrier.

EFFECT: higher data transfer speed.

3 cl, 17 dwg

FIELD: broadcasting systems.

SUBSTANCE: method includes broadcasting of message, including text portion intended to reach user, while said message is transferred in form of conditional access message.

EFFECT: broader functional capabilities.

5 cl, 7 dwg

FIELD: digital audio and video technologies.

SUBSTANCE: device for storing information is made with possible receipt of data carrier, decoder is made with possible receipt of compressed encoded signals from data carrier and transmitting signals to decrypter. Decrypter is made with possible decryption of compressed encoded data encrypted data and transmitting these to decompressor. Decompressor is made with possible receipt of compressed encoded signals from decrypter and decompression of compressed encoded signals to reproduce the image.

EFFECT: higher precision, higher efficiency.

3 cl, 17 dwg

FIELD: engineering of systems for loading and reproducing protective unit of content.

SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.

EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.

3 cl, 4 dwg

FIELD: copy/access protection.

SUBSTANCE: audio/video stream processing system includes module for inputting audio/video stream, which receives audio/video stream, containing field of information about audio/video content, including first copy control information, and audio/video content field, including second copy control information; reading module which extracts first and second copy control information from received audio/video stream and determines whether first copy control information is modified; and module for decoding audio/video stream, which processes received audio/video stream in accordance to predetermined criteria, if first copy control information is modified.

EFFECT: protection of content, prevented unsanctioned processing of content.

15 cl, 8 dwg

FIELD: cryptographic protocols, in particular, efficient encoding at content level.

SUBSTANCE: method is provided for generation of digital data with cryptographic protection, encoding content and composed into messages. Encoding of at least a part of the message is performed and encoded messages are provided in form of output signal in format, allowing the interface of server service to compose a message in form of at least one packet, including at least one header and useful load, where at least one header includes information, which allows the service interface in the client to assemble each message for decoding application using useful load of packets. Each message is divided onto the first and at least one additional section of the message. At least one of the message sections is encoded in such a way that it may be decoded independently from other message sections. Assembly of encrypted message is performed by addition of resynchronization marker, separating the message section from adjacent message section and including precise information about synchronization, at least for additional sections of the message.

EFFECT: synchronized decoding process in case of data loss.

14 cl, 8 dwg

FIELD: receivers/decoders of services, provided in conditional access mode, in particular, receivers having storage block (memorization device), such as a hard drive.

SUBSTANCE: method is claimed for storing an event, encrypted with usage of at least one control word (CW) in receiver/decoder (STB), connected to safety block (SC), where at least one control word and access privileges for aforementioned event are contained in access control messages (ECM-messages), method includes following operations: recording of encrypted event, and also of at least one ECM-message in storage block; transmission of at least one ECM-message into safety block (SC), verification of the fact that safety block (SC) contains access privileges for aforementioned event, generation of receipt (Q), which contains data related to management of event in reproduction mode, where receipt (Q) contains signature (SGN), generated on basis of the whole ECM-message or its part with usage of secret key (K) contained in safety block (SC) and specific for every safety block, where during later consumption of event the authenticity of the receipt (Q) is verified in prioritized manner compared to conventional access privileges, stored in safety block (SC), storage of aforementioned receipt (Q) in storage block.

EFFECT: provision of method for storing an event.

6 cl, 3 dwg

FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.

SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.

EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.

5 cl, 1 dwg

FIELD: information encryption.

SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.

EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.

12 cl, 2 dwg

Up!