Method of authorisation duration management in security module

FIELD: physics, communications.

SUBSTANCE: invention concerns security modules actuated at device receiving encoded digital data; claimed method is particularly intended for transfer of data on date and current time to security module, and for decoding authorisation management based on validity period for data received or stored by indicated device. Method of authorisation duration control in security module installed in device with internal clock, where the device received digital data flow encoded with reference words included in authorisation reference messages, involves the following stages: data from internal device clock, including information on current time, are receiver over security module; information on current time is stored in security module; authorisation reference message requiring decoding of at least on reference word is received over security module; information on previous time when previous authorisation reference message was processed is read; authorisation reference message is processed if time indicated in current time information is ahead of time indicated in previous time information.

EFFECT: enhanced safety of data transfer.

10 cl, 1 dwg

 

The technical field to which the invention relates.

The present invention relates to the field of the protection modules are connected to the device receiving the encrypted digital data. In particular, the method according to the invention is designed to transfer data about the date and the current time in the security module, and to control the power to decrypt based on the period of validity of the data being received on the specified device or stored.

The level of technology

This method is used, for example, in the field of digital video recorders used for the reception and preservation of pay television programs.

Digital video recorder (hereinafter referred to as PVR (Personal Video Recorder, personal video recorder), is a receiver/decoder for a pay TV with built-in hard drive allows you to store encrypted digital audio and video for viewing at a later time.

PVR, as the VCR tape such as VHS (Video Home System, the standard for analog recording on videotape), also equipped with functions for fast rewind forward and backward. These functions allow, for example, find some consistency among the data recorded on the hard disk, or to return to the beginning of the recorded program after the first viewing.

With the wounded digital audio/video data are encrypted using a control word (control words, CW), which are contained in the control messages ECM (Entitlement Control Message, the control message authority)is transmitted together with the encrypted audio/video data. This combination of audio/video data and the ESM forth in the description of the invention is called content. Module access control or protection module having the form of a removable smart card or integrated into the PVR, contains the user is granted the powers necessary to decrypt the audio/video data.

At the conclusion of the content stored on the hard disk, the decoder performs the decryption of the specified content using the message management authority EMM (Entitlement Management Message, the message management authority), recorded in the module protection, and these messages contain the keys needed to decrypt the ECM containing the control words (CW), which, in turn, are used to decrypt the content.

A digital data stream transmitted by the control center on the PVR, is encryption that allows you to control the use of this thread and to determine the conditions of such use. Control word (CW)used for encryption, alternate intervals of time (usually from 5 to 30 seconds) to prevent any unauthorized attempts to retrieve these control words.

PVR/decoder is to implement the decryption of the encrypted stream using the specified control words, what they are transferred as part of the control messages (ECM) and is encrypted using key transfer, specific to this system.

In the process of decryption control messages (ECM) checks the availability of authority to access the content in the module protection. These powers are defined in accordance with message management authority (EMM), through which the loading of these powers in the security module.

Charging the use of the encrypted content in the General case is based on the principle of subscription, one-time or occasional purchases the content of television programs or paid quanta of time.

The subscription allows you to define the privileges associated with the one or more broadcast channels, which are transferring this content, and allows the user to view it in an unencrypted form, if appropriate permissions are in his protection module.

On the other hand, you can define permissions associated with a particular content, such as movie, sports event or other program. User can buy this content, and access will be controlled specifically those powers. This method is known as "pay per view" (pay-per-view, PPV).

When you pay on time quanta is used cred is t, which is stored in the module protection and debited in accordance with the actual consumption of the service data of the subscriber. In this case, the debit this credit one quantum is, for example, every minute, regardless of channel or viewing content. At the same time in different technical implementations may be changing the quantum of the charging duration of the time interval corresponding to a given quantum of charging, its value, or both, whereby adaptation is charging to the type of the transmitted content.

Each control message (ECM) contains not only the control word (CW), but also the conditions for this control word required for transmission back to the PVR. When the decryption of the control words being checked availability of the powers specified in the relevant message to the access conditions, the module protection. The control word is returned in PVR only if the comparison gives a positive result. The indicated control word contained in the control message (ECM), in the General case also encrypted using key transfer.

Thus, to decrypt the digital stream audio/video data transmitted at a particular time, the following three elements:

the control message (s) (ECM), which is (are) contained in the control word (CW) and access conditions;

- the appropriate authority stored in the module protection and used for checking these terms of access.

Access condition associated with the authority, may include the duration, i.e. the period during which it is possible to decrypt the content using the control word. After expiration of this period the condition of access to the control words necessary for decrypting the content becomes invalid, and further decryption is impossible.

To use the parameters of time or duration as conditions of access requires a reliable reference clock. The expiry of the validity period of the authority shall be monitored as an absolute time (in contrast to the relative duration). For example, the validity of the authority on 24-hour access to content, which is encrypted and stored on the hard disk, starting at the point corresponding to a specific date and time, and ends the next day at the same time. Thus, for these powers is not sufficient to provide the access duration, equal to 24 hours, because it stetsasonic reconfigure hours allows you to "move" the current date by one day, and, thus, to obtain permanent powers with a duration of 24 hours.

Data on the current date and time enter the security module from the internal clock PVR, also nazyvaemyh RTC (Real Time Clock, real time clock), which are powered from the battery, allowing them to operate when the device is turned off.

In order to view the content, the authority for which has expired, this watch can be set to the date and time is less than current values. Thus, it is possible unauthorized extension of the powers of the amended terms of access protection module through manipulation of the clock PVR.

Thus, the question arises of creating such powers in the module protection, transmitted through the authorization messages (EMM), which would begin at some point and would end after a certain period of validity. In most cases, the PVR has no feedback channel with the control center, so regular parcel data about the current date and time in the protection module in a secure way directly from the control center is not possible.

Another aspect of the problem lies in the fact that the security module has protected memory, but has no real-time clock, so the definition is ealey duration, for example 24 hours, with its own means. Thus, if the user is authorized to access the service (or film) within 24 hours, the security module remains dependent on external data and only on this basis can determine the expiration of this period.

Disclosure of inventions

The problem to which the present invention is directed, is to create a method to control the duration of action of the powers stored in the module protection, in absolute units, through management accept other options to determine the date and the expiration time.

Another object of the invention is to prevent the creation of authority in the module protection before or after a predetermined date or time.

In accordance with the invention the solution of this problem is achieved by use of the method of controlling the duration of action of the powers in the protection module installed in the device having an internal clock, and the specified device accepts digital data stream encrypted by control words in the control message (ECM), and this method includes the following steps:

- receive data coming from the internal clock of the device and contains information about the current time;

- save current the data, representing information about the current time in the module protection;

- reception of the control message (ECM), which requires the decryption of at least one control word;

- read the previous data, representing information about the previous time, in which we processed the previous control message (ECM);

- handling of control messages (ECM), if the time specified in the current data, ahead of time, specified in the previous data.

Thus, the method according to the invention ensures that the decryption of the message ECM is carried out only when there ahead of time.

List of figures

Other features and advantages of the present invention will become apparent from the following descriptions with reference to the accompanying drawing, which illustrates an example embodiment of the invention, without introducing any limitations. The drawing shows a system for implementing the method according to the invention.

The implementation of the invention

The time information is considered as any form of a counter whose value does not necessarily correspond to the date and/or time. The main objective is to provide information on actual time increasing in protection module for determining a pre-specified duration.

As a researcher who as the device in question can be applied to a digital television decoder, digital VCR, PVR or even personal computer.

The time and date generated by the decoder does not need to correspond to commonly used values. For example, Swatch Beat offers a unit time, obtained by dividing 24 hours by 1000. The decoder generates pulses (or signals time) with a constant period of 3 seconds. These signals are transmitted to and counted by the decoder, which generates its own timing information available in this system. The current value of this parameter is thus higher than the previous values, which allows to detect the shift time values increase. The current value is stored in memory; after you have received a new value, the current value is replaced with the new value, but only if new information about the time value exceeds the current time information. Thus, each pulse decoder determines the current time data and transmits these data to the security module. The contents of the current memory is replaced with the new data.

In addition, the time information may be stored in the form of representation (compression) or cryptogram provided that it is possible detection of a shift in the direction of increasing (increasing the value previously determined the military numbers or bits, changing certain prefixes or suffixes, etc).

If the device is connected with the control center as in the case of digital video recorder (PVR), the control center may transmit information about the current time on the air to the update rate of the internal clock of the decoder.

According to a preferred variant of the method according to the invention can be used in digital video recorders to receive pay digital television; PVR should have a real time clock (RTC).

According to a variant implementation of the process of reception by the protection module new information about time is an additional check that the value of time in the received data exceeds the time value in data taken previously, regardless of when the decryption of the control words. In fact, the frequency of transmission of the message containing the time information from the decoder is specific to this decoder. This additional condition ensures continuous increasing time values.

PVR occasionally connects to the control center, which receives a digital stream of audio/video data encrypted by control words, concluded in the control message (ECM)that accompany the specified audio/video data. These control messages also contain is the information about the time, which is protected as it passes the encryption in the control center.

In the module the protection of stored credentials intended for checking the access conditions contained in the control message (ECM) together with the control words.

Powers stored in the module protection, allow decryption of messages ECM only if the current time information representing the date and time on the clock PVR, by value exceeds the previous time data. If the internal clock PVR rotated at an earlier time, this condition is not met. In fact, the decryption control messages (ECM), stored on the hard disk, in this case cannot occur without the existence of actual authority. Update the value of hours is possible only when connecting PVR with the control center and is made by a broadcast of messages ECM containing time information representing the actual date and time.

Under option exercise date and time in PVR are transmitted to the security module after passing through encryption using a session key to prevent any modification of their values. It also checks to avoid installing a new fictitious values.

The drawing shows a PVR, equipped with the hard disk DD and having inner and the indoor clock RTC. Removable security module SM provides the powers necessary for decryption of the stream of audio/video data from the management center CG, and for decrypting the content stored on the hard disk drive DD. In addition to the duration of the term of authority of the security module SM contains the date/time of the beginning of period received from RTC hours.

PVR is used, on the one hand, as a decoder, the transmitted stream audio/video, real-time, and, on the other hand, as the device records data for later viewing.

In the first mode, use mode called real-time control message (ECM)containing access conditions and the time information, are in themselves sufficient to manage permissions based on duration, as each control message (ECM) already contains data about the time that allow us to determine the duration of authority.

In the second mode, when the content is recorded in the transmission and viewed later contained in the control message (ECM), the time information is ignored; in this case, to calculate the duration of action of the powers used time data coming from the decoder PVR.

The current time stored in the module protection, it is used for the calculation of the duration of action of the powers, provided when purchasing program; the management of this purchase is done through the authorization messages (EMM). According to a variant implementation can be used as the reception of EMM messages in real-time directly from the stream) or the use of these messages is stored in the storage device. In the first case, it is optimal to use the time information contained in these messages, as this information is considered protected because it comes directly from control center. It should be noted that the protection module will check that the value of this date, equal to the value of the last known date, or exceeds it, in spite of the said apparent security.

In the second case, the stored authorization message (EMM) cannot be used to update the internal clock of the security module, and to calculate the duration of action of the authority is the last known date.

Control messages (ECM)used in the method according to the invention, contain information about the time in addition to describing the type of content and corresponding to the key words. During the immediate receiving stream containing control messages (ECM), the time information is used to determine the current time./p>

Determining a time offset that allows you to perform the decryption of the control words is set by the difference between the current data about the time based on the clock of the decoder, and time information representing the time of the last operation of the decryption of the control words. This difference cannot simply be equal (or almost equal) to the period of the change of control words. In practice, should be taken into account that in fast this period is multiplied, for example, 10.

In this example, therefore, we define this difference as 1/10 of the period of the change of control words.

This difference determines the expansion rate of the real period of validity. For example, if the period of change of the control word is set to 10 seconds, and the relationship between the motor speed and the speed of the normal view is 10, the minimum value of the difference is equal to 10 seconds divided by 10, i.e 1 second. Therefore, the protection module allows decryption of the new control word provided that the time according to him, one second ahead of the time of decryption of the last control word.

Potential fraud in this case is the transfer of information in the security module with a lower frequency. This can be realized by installation of a quartz resonator with a low cha is the Thoth internal clock PVR. The protection module is not able to distinguish initially fast browsing speed from the normal speed in the process of decryption of messages ECM. In this case, the duration of the authorization is multiplied by 10, i.e, for example, provided for a period of 1 day would be "stretched" for 10 days.

It should be noted that this eliminates the possibility of using quick view, since the period of the change of control words is below the minimum of the difference values.

This disadvantage can be considered as valid, because the user needs to purchase the authority at least once. In addition, during the subsequent legal purchase is for replacement of old time information stored in the module protection, the new time information representing the date/time specified in the purchase. Thus, unauthorized extended powers immediately expire and the value of this type of fraud remains, therefore, rather limited.

The protection module may receive information about the mode, which is a PVR, and accordingly the minimum duration of the period between two operations of the decryption of the control words. In fast, this is for a duration of one second, and as usual this is for a duration of 10 seconds. So about the time, potential scammer will change their actions not only the frequency of the clock PVR, but also commands transferred between PVR and protection module.

The validity of credentials is determined by the security module based on time information that is recorded when you buy the program. Therefore, it is recommended to keep this information in the module protection for every purchase, otherwise the newly created authority will have reduced the validity period if written in the module protection time information will be outdated.

Due to the fact that the protection module does not accept from PVR decoder time information if this information indicates the time until the current value on the real time clock, this clock must meet certain requirements:

real - time clock PVR preferably should have the battery power to maintain their work off PVR;

- the value representing the date and time, shall be transmitted to the security module, a real time clock;

the readings of these real-time clock preferably should cause a shift of the current time upwards;

values are adjusted table description the date and time TDT (Time and Date Description table description time and date), to kotorayaraspolagaetsya PVR when working in a connected state, i.e. in the process of communication with the control center. This table is synchronized with the time information contained in the messages ECM, broadcast transmitted by the control center;

- user PVR should not directly adjust the real time clock. If you want to ensure the correction of the date and time displayed on the screen bezel PVR, their first setting is saved in non-volatile memory as the value differences with the current value of the real-time clock. Display the new date/time thereafter is calculated on the basis of this stored discrepancies;

if PVR is not connected, real-time clock should not be adjusted, or at least should not be transferred back relative to the values recorded in the module protection;

if PVR is connected, and the real-time clock were moved relative to the reference time/date in the table TDT, real-time clock is re-synchronized with the reference information in a single action;

- if the real-time clock are translated forward relative to the reference data in the TDT, the immediate re-synchronization performed in the previous case, undesirable, since new information about the current time will be shifted backward relative to the previous data on BP is like, stored in the module protection. The condition for positive values of the difference between these two data sets will not be executed, and the protection module will stop the decryption of the control words.

For example, PVR was connected to a communication channel in 10.00.00, but the real-time clock in PVR mattered 10.02.00, i.e. for 2 minutes more. The difference timeout decryption of the control words is 10 seconds.

PVR sends messages as follows:

the first message in 10.00.00 specifies the time 10.02.01;

the second message in 10.00.20 specifies the time 10.02.10;

the third message in 10.00.40 specifies the time 10.02.20; and so on.

After 4 minutes is re-synchronized real-time clock in PVR with time indicated by the control center; if it is still possible to decrypt data stored on the hard disk, in accordance with the time recorded in the module protection.

In the case of a personal computer method according to the invention is used when downloading various files, such as software, games, movies and music from the Internet. Installed in the computer protection module, which controls the permissions for access to files that you download or use of these files for a limited time. The necessary time information is generated by the internal clock of the computer, to the which also can be updated during the period when the computer is connected to the Internet.

1. The way to control the duration of action of the powers in the protection module installed in the device having an internal clock, said device receiving a digital data stream encrypted by control words contained in the control message of authority, which includes the following steps:
by means of a security module to receive the data coming from the internal clock of the device and contains information about the current time;
keep in module security information about the current time;
by means of the security module, receive the control message of the powers for which you want to decrypt the at least one control word;
read the information about the previous time, which produced the previous processing of the control messages powers;
process control messages powers if the time specified in the information about the current time, ahead of time specified in the information about the previous time.

2. The method according to claim 1, characterized in that the condition ahead of time is determined by the frequency changing control words.

3. The method according to claim 1, characterized in that the information about the current time is kept in memory, and after receiving new information about the current time replace the existing information about tech is the next time new information about the current time provided if the time specified in the new information about the current time, ahead of time specified in the information available about the current time.

4. The method according to claim 1, characterized in that the time information specifies the date and time.

5. The method according to claim 4, characterized in that the information about the current time protection module is used to check the duration of action of the authority is required to decrypt the digital data stream.

6. The method according to claim 1, characterized in that the device receives the time information when the connection to the control center, and based on the specified information is the update counter in the device, providing a value representing a date and time that is stored and subsequently compared with the value of the time information generated by the internal clock of the device.

7. The method according to claim 6, characterized in that the value of the internal clock of the device is updated in accordance with the comparison result, and the new value is passed to the security module.

8. The method according to claim 1, characterized in that the value of the internal clock of the device is updated based on the time information, the broadcast is transmitted in the control message, in the period when the specified device is connected with the control center.

9. The method according to any one of claims 1 to 8, characterized in that condition the device is a digital video recorder, for viewing and recording of programs of digital pay-TV.



 

Same patents:

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to digital television (DTV), especially to the method of verifying identity of a subscriber terminal in a DTV network. The method of carrying out authentication procedure of at least one subscriber terminal comprises the following stages: reading out, using a set-top box (STB) at the subscriber terminal, the period of validity of the key and key information, stored in the subscriber identification module at the subscriber terminal when the set-top box is launched; initiation, using the STB, of sending a request for authentication to a central station, if the period of validity of the key has expired, and authentication by the central station, in accordance with the authentication request; determination by the central station of whether authentication has been successful, and if successful, sending a corresponding reply message, containing new key information, and a reply message on failure of authentication if otherwise; updating, through the STB, key information when a reply message on successful authentication has been received.

EFFECT: reduced congestion of a network or authentication server.

18 cl, 8 dwg

FIELD: information technologies.

SUBSTANCE: invention can be used in system of the forced performance of requirements which provides access possibility to the enciphered digital content on a computing mechanism only according to parametres the certain rights of the license got by the user of digital contents. The first confidential builder on the first computing mechanism carries out cryptographic, an estimate and the forced performance of requirements and forcedly contacts it, the first certificate of the user device corresponding to the first computing mechanism, forcedly contacts the user. Accordingly, the second confidential builder on the second computing mechanism carries out cryptographic processing, an estimate and the forced performance of requirements and forcedly contacts it, the second certificate of the user device corresponding to the second computing mechanism, also forcefully contacts the user. The first competent builder gains contents for reproduction on the first computing mechanism by means of the first certificate of the user device and the license, and the second confidential builder gains contents for reproduction on the second computing mechanism by means of the second certificate of the user device and the same license.

EFFECT: prevention of non-authorised duplication of digital content by the user related to the digital license and having of some computing mechanisms.

16 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: invention refers to method of control of decoding of program traffic set received by receiving system. Method of control of decoding of program traffic set received by receiving system implying that sequence of messages is received in conventional access subsystem (9, 10) comprising the specified receiving system, and each message is associated with one of coded program traffic set and represents information return enabling decoding of associated coded traffic by at least one decoding module (12) within receiving system. It is detected whether messages received within certain interval are associated with various coded program traffic set, and at least one of requests presented by messages received within certain interval is rejected, if number of various coded program traffics with which these messages are associated, exceeds preset value.

EFFECT: creation of receiving system, portable protector which enables program traffic provider to control program traffic set to which user of receiving system simultaneously addresses.

16 cl, 2 dwg

FIELD: information technology.

SUBSTANCE: decoder and subscription television data control system proposed contain at least two decoders, each of those is connected to at least one removable protective module. The protection is realised using identification data, contained in the decoder and protective module indicated. Besides, each of the decoders contains a descrambler and subscription television data processing deactivation units. Each decoder also contains a counter, which influences the deactivation units mentioned. Besides, at least one of the removable protective modules is assigned as primary and therefore contains decoder counter reinitialisation units.

EFFECT: provision of capability to regulate decoder operation time and to adjust operation parameters at any time using protective module.

19 cl, 13 dwg

FIELD: information encryption.

SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.

EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.

12 cl, 2 dwg

FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.

SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.

EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.

5 cl, 1 dwg

FIELD: receivers/decoders of services, provided in conditional access mode, in particular, receivers having storage block (memorization device), such as a hard drive.

SUBSTANCE: method is claimed for storing an event, encrypted with usage of at least one control word (CW) in receiver/decoder (STB), connected to safety block (SC), where at least one control word and access privileges for aforementioned event are contained in access control messages (ECM-messages), method includes following operations: recording of encrypted event, and also of at least one ECM-message in storage block; transmission of at least one ECM-message into safety block (SC), verification of the fact that safety block (SC) contains access privileges for aforementioned event, generation of receipt (Q), which contains data related to management of event in reproduction mode, where receipt (Q) contains signature (SGN), generated on basis of the whole ECM-message or its part with usage of secret key (K) contained in safety block (SC) and specific for every safety block, where during later consumption of event the authenticity of the receipt (Q) is verified in prioritized manner compared to conventional access privileges, stored in safety block (SC), storage of aforementioned receipt (Q) in storage block.

EFFECT: provision of method for storing an event.

6 cl, 3 dwg

FIELD: cryptographic protocols, in particular, efficient encoding at content level.

SUBSTANCE: method is provided for generation of digital data with cryptographic protection, encoding content and composed into messages. Encoding of at least a part of the message is performed and encoded messages are provided in form of output signal in format, allowing the interface of server service to compose a message in form of at least one packet, including at least one header and useful load, where at least one header includes information, which allows the service interface in the client to assemble each message for decoding application using useful load of packets. Each message is divided onto the first and at least one additional section of the message. At least one of the message sections is encoded in such a way that it may be decoded independently from other message sections. Assembly of encrypted message is performed by addition of resynchronization marker, separating the message section from adjacent message section and including precise information about synchronization, at least for additional sections of the message.

EFFECT: synchronized decoding process in case of data loss.

14 cl, 8 dwg

FIELD: copy/access protection.

SUBSTANCE: audio/video stream processing system includes module for inputting audio/video stream, which receives audio/video stream, containing field of information about audio/video content, including first copy control information, and audio/video content field, including second copy control information; reading module which extracts first and second copy control information from received audio/video stream and determines whether first copy control information is modified; and module for decoding audio/video stream, which processes received audio/video stream in accordance to predetermined criteria, if first copy control information is modified.

EFFECT: protection of content, prevented unsanctioned processing of content.

15 cl, 8 dwg

FIELD: engineering of systems for loading and reproducing protective unit of content.

SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.

EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.

3 cl, 4 dwg

FIELD: access control systems.

SUBSTANCE: proposed signal processing method involves reception of digital input signal incorporating first component of scrambled signal and second component of scrambled signal; binding of input signal with detachable intelligent card unit for processing first scrambled signal component and generation of first descrambled signal which is internal with respect to intelligent card unit and for processing second scrambled signal component in case of response to first descrambled signal to generate second descrambled signal and to integrate first scrambled signal component of input signal and second descrambled signal so as to produce output signal; reception of output signal from intelligent card unit and processing of second descrambled signal to shape signal adapted for display.

EFFECT: improved control of access.

1 cl, 9 dwg

FIELD: television.

SUBSTANCE: device converts signals to digital video information. Compression device is made in such a way, that it receives digital video data, coming from source data generator, and compresses digital images. Encoding device receives compressed digital video data coming from compression device and encodes compressed digital video data. Recording device stores encoded compressed digital audio data at data carrier.

EFFECT: higher data transfer speed.

3 cl, 17 dwg

FIELD: broadcasting systems.

SUBSTANCE: method includes broadcasting of message, including text portion intended to reach user, while said message is transferred in form of conditional access message.

EFFECT: broader functional capabilities.

5 cl, 7 dwg

FIELD: digital audio and video technologies.

SUBSTANCE: device for storing information is made with possible receipt of data carrier, decoder is made with possible receipt of compressed encoded signals from data carrier and transmitting signals to decrypter. Decrypter is made with possible decryption of compressed encoded data encrypted data and transmitting these to decompressor. Decompressor is made with possible receipt of compressed encoded signals from decrypter and decompression of compressed encoded signals to reproduce the image.

EFFECT: higher precision, higher efficiency.

3 cl, 17 dwg

FIELD: engineering of systems for loading and reproducing protective unit of content.

SUBSTANCE: in accordance to invention, in receiving device 110 for protected preservation of unit 102 of content on carrier 111 of information unit 102 of content is stored in protected format and has associated license file, file 141 of license being encrypted with usage of open key, associated with a group of reproduction devices 120,121, and, thus, each reproduction device 121 in group can decrypt file 141 of license and reproduce unit 102 of content, and devices not belonging to group can not do that, while device 121 for reproduction may provide the open key, specific for given device, to system for controlling content distribution, and then system for controlling content distribution returns secret key for group, encrypted with open key of device 121 for reproduction, after that device 121 of reproduction by protected method receives secret key of group and may decrypt file 141 of license.

EFFECT: creation of system for loading and reproducing protected unit of content, making it possible to constantly control usage of unit of content.

3 cl, 4 dwg

FIELD: copy/access protection.

SUBSTANCE: audio/video stream processing system includes module for inputting audio/video stream, which receives audio/video stream, containing field of information about audio/video content, including first copy control information, and audio/video content field, including second copy control information; reading module which extracts first and second copy control information from received audio/video stream and determines whether first copy control information is modified; and module for decoding audio/video stream, which processes received audio/video stream in accordance to predetermined criteria, if first copy control information is modified.

EFFECT: protection of content, prevented unsanctioned processing of content.

15 cl, 8 dwg

FIELD: cryptographic protocols, in particular, efficient encoding at content level.

SUBSTANCE: method is provided for generation of digital data with cryptographic protection, encoding content and composed into messages. Encoding of at least a part of the message is performed and encoded messages are provided in form of output signal in format, allowing the interface of server service to compose a message in form of at least one packet, including at least one header and useful load, where at least one header includes information, which allows the service interface in the client to assemble each message for decoding application using useful load of packets. Each message is divided onto the first and at least one additional section of the message. At least one of the message sections is encoded in such a way that it may be decoded independently from other message sections. Assembly of encrypted message is performed by addition of resynchronization marker, separating the message section from adjacent message section and including precise information about synchronization, at least for additional sections of the message.

EFFECT: synchronized decoding process in case of data loss.

14 cl, 8 dwg

FIELD: receivers/decoders of services, provided in conditional access mode, in particular, receivers having storage block (memorization device), such as a hard drive.

SUBSTANCE: method is claimed for storing an event, encrypted with usage of at least one control word (CW) in receiver/decoder (STB), connected to safety block (SC), where at least one control word and access privileges for aforementioned event are contained in access control messages (ECM-messages), method includes following operations: recording of encrypted event, and also of at least one ECM-message in storage block; transmission of at least one ECM-message into safety block (SC), verification of the fact that safety block (SC) contains access privileges for aforementioned event, generation of receipt (Q), which contains data related to management of event in reproduction mode, where receipt (Q) contains signature (SGN), generated on basis of the whole ECM-message or its part with usage of secret key (K) contained in safety block (SC) and specific for every safety block, where during later consumption of event the authenticity of the receipt (Q) is verified in prioritized manner compared to conventional access privileges, stored in safety block (SC), storage of aforementioned receipt (Q) in storage block.

EFFECT: provision of method for storing an event.

6 cl, 3 dwg

FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.

SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.

EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.

5 cl, 1 dwg

FIELD: information encryption.

SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.

EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.

12 cl, 2 dwg

Up!