Method to control access to coded data

FIELD: information technologies.

SUBSTANCE: invention relates to method of control of access to data (CT) coded by means of control words (CW) received by protection module in control messages (ECM) and returned to module of coded data processing. Control messages (ECM) contain at least the first control word (CW1) and the second control word (CW2), at the same time each of specified control words provides access to coded data (CT) during the specified period of time called cryptoperiod (CP). Method includes the following actions: transfer of coded data into at least one module of processing; and transfer of control messages (ECM) into specified processing module, besides, control messages (ECM) contain at least two specified control words (CW1, CW2) and are sent to processing module after transfer of data coded by means of the first control word (CW1) and prior to transfer of data coded by means of the second control word (CW2), time shift between transfer into module of processing of data coded by means of the first control word (CW1) and transfer of control message (ECM), containing the first control word (CW1) and the second control word (CW2), makes more than 75% of cryptoperiod.

EFFECT: prevents access to coded content with fraudulent use of two decoders with only one module of protection.

4 cl, 4 dwg

 

The technical field to which the invention relates.

The present invention relates to a method for controlling access to data encrypted by control words CW (control words)received by the security module in the control message and return to the module processing encrypted data.

This method is particularly applicable in the case of pay-TV.

The level of technology

The known method mentioned in the pay television is that data encrypted by the data provider through the encryption keys, which are called control words. These data are transmitted to the multimedia modules users or subscribers. In parallel, the control words are transmitted in these multimedia modules in the form of flow control messages.

Multimedia modules usually consist of a processing unit, which in the case of pay-TV is a decoder receiving the above thread, and from a security module that is responsible for cryptographic operations associated with the use of such threads.

As is well known to specialists in this area, the protection module of this type can be represented in four different varieties. The first one is a microprocessor card, a smart card or, more generally, an electronic module (key, e is astronomo skip etc). A module of this type, generally, is removable and can be connected to the decoder. The most widespread type of electrical contact, but it does not exclude the use of contactless connection, such as connection type ISO 14443.

The second well-known variety is a module of the integrated circuits, which, as a rule, is placed in a certain fixed way in the module of the decoder. In one embodiment, the circuit is mounted on a base or connector, such as connector for a SIM module.

In the third security module is integrated into the integrated circuit that also has another function, for example in the module decoder in the decoder or in the microprocessor of the decoder.

In the fourth embodiment, the protection module is not physically made, and its functions are implemented using software. Given the fact that the function of the security module in these four cases are similar, although the level of protection and different, we can talk about the module protection regardless of how it functions or how it is made.

After the multimedia module to get the stream containing the control words, first, it checks that the user has the rights to decrypt the given data. If so, then the decryption control message is tions for to extract the control words. These control words are in turn used to decrypt the data.

It is also known that each control word, as a rule, allows to decrypt a small part of the transmitted data. Usually one control word allows 10 seconds to decrypt pay TV programmes. After this period of time, called cryptoperiod, the control word is changed for security reasons.

One of the possible ways of accessing encrypted data without authorization is to use genuine multimedia module this module protection and distribution control words between multiple decoders. This can be done using the server or the separating device, known as a "splitter" (splitter). Thus, the amount corresponding to the acquisition of rights of access to encrypted data, shall be paid for one multimedia module, while the program available to a number of multimedia modules.

The invention described in the application US 2004/0215691, is intended to prevent the joint use of the security module by multiple users. To this end each time multimedia module receives the control message, the module or the corresponding protection module determines Cana is, relates to the control message. The IDs of the channels are memorized together with the time information. Messages are compared to determine whether they refer to different channels or the same channel. If they belong to different channels, then the counter is incremented by a certain value. If the message is a control belong to the same channel, the counter decreases. If the counter reaches a preset threshold, it indicates that there was a large number of changes of the channel and the decryption of the control words is terminated.

For this process you must have the ID of the corresponding channel for each message management. In some embodiments is not provided. Using message control, in particular as defined by the standard Eurocrypt # : EN 50094 from December 1992, can identify the class of channels, and each channel separately. In this case, by using the invention described above, it is impossible to block the use of several multimedia modules that use only one security module and splitter.

In the international application published under the number WO 01/15448, describes a system of pay-TV, more specifically, the system VOD (video-on-demand). In this system, data is encrypted is the exploits of control words. These control words are sent to the user only for a predetermined period of time during which the user should get them, if he(she) wants to access content material. This process limits the risk that a fraudster illegal will receive control word and, therefore, access to the content material.

However, this process does not apply to traditional systems, pay TV, in which the user can switch channels. In fact, in the case of channel switching, this user will be forced to wait for the message control corresponding to the new channel before gain access to content material.

In the publication WO 2004/071091 described the invention, the purpose of which is to maximize the permitted speed rewind mode "fast forward" or "rewinding". This goal, therefore, is quite different from the purpose of the invention described in this application. In WO 2004/071091 optimization of scan speed is achieved through a shift change control words relative to the data stream to a value corresponding to about half of cryptoperiod. The specified value is equal to half of cryptoperiod, ideal for achieving the goals and inventions, because it allows you to optimize the speed as if the fast forward and rewind. The greater the distance from this value, the less will be the positive effect of shift between the data flow and the change in the control word.

It is widely known that the message control again over very short periods of time, for example 50 milliseconds. This is to ensure that when running from advertising" (switching channels) just to provide the control word required for access to the content material. When the multimedia module receives a control message, it filters out the same messages so that they are transmitted to the security module only once. In the below description assumes that at the mention of the control messages ECM (entitlement control message, the message access control) mean different messages, because the same message is not used.

The difficulty occurs when the control message contains more than one control word. In practice it is normal to send two control words, each control message. The advantage of this approach is that, while using a single control word, the second is decrypted and stored. This alternative implementation allows the use of more reliable algori what we encrypt, which require more time to decipher.

For the fraud it is possible to use only one control message of the two, and unused message to send to another decoder or device processing. Thus, each of the decoders receives all necessary control words. Therefore, several processing modules can provide access to the encrypted content material, although in theory the law is only one person.

Fraud of this kind is extremely difficult to identify, because without the use of channel IDs impossible to distinguish the normal use of all of the control messages only one decoder and fraudulent use one of two control messages in two different decoders.

Disclosure of inventions

This invention provides a solution to this problem and, thus, preventing access to the encrypted content material in fraudulent use of two decoders with only one protection module.

The solution offered by this invention also prevents, at least partially, access to the encrypted content material scammers using only one control message of the two, and the other control message from which p is redesa to another decoder.

The purpose of the invention is achieved with a method for managing data access (ARTICLE), encrypted by control words (CW)received by the security module in the message (ECM) and control is returned to the module processing encrypted data, and the specified message (ECM) controls contain, at least, the first control word (CW1) and the second control word (CW2), with each of these control words provides access to encrypted data (ARTICLE) within a specified period of time, called cryptoperiod (CP), comprising the following steps:

transmission of encrypted data, at least one processing module and

messages (ECM) control in the specified module processing, and message (ECM) controls contain at least two predetermined control words (CW1, CW2) and transmitted to the processing unit after the transmission data encrypted by the first control word (CW1), and before sending the data encrypted by the second control word (CW2),

characterized in that the time shift between the transmission module data encrypted by the first control word (CW1), and sending the message (ECM) control containing the first control word (CW1) and the second control word (CW2), over 75% of cryptoperiod.

Typically, in the method according to the present invention uses message control that contains two control words. However, a user who uses only one control message of the two, will not be able to access the encrypted content material in full. Each of the two users who share the splitter and one protection module, will be able to access only part of the content of audio and/or video.

Brief description of drawings

The invention and its advantages can be better understood with reference to the accompanying drawings and detailed description of the individual options of implementation, given as an example, without introducing any limitations. In the drawings:

Figure 1 shows the well-known version of the implementation in which the data flow and the flow control messages are used in the usual way.

Figure 2 presents an implementation option according to figure 1, in which the flow data and flow control messages are used fraudulently.

Figure 3 presents an implementation option according to the invention, in which the flow data and flow control messages are used in the usual way.

Figure 4 presents an implementation option according to figure 3, in which the flow data and flow control messages are used fraud is Kim.

The implementation of the invention

Figure 1 schematically depicts the flow of meaningful audio and/or video ART (data flow)and the flow of control messages ECM containing the control words CW, depending on time in accordance with the prior art. This figure informative audio and/or video data encrypted by control words, denoted by CW1, CW2,... and have a limited "life time", called cryptoperiods, that is, each control word provides access to the encrypted content material over a period of time corresponding to cryptoperiod. It may be, for example, 10 seconds. In the present example, the first message ESM control contains two control words CW1 and CW2. During the distribution of this first message content ARTICLE is encrypted by the first control word CW1. As soon as the message ESM control means and the control word CW1 returns to the security module of the decoder, the content can be decrypted and used. During this time remembered the second control word CW2. It can be used as soon as it is needed, in other words, when decryptable data represents data that has been encrypted through which this control word CW2.

Figure 2 shows the fraudulent use of the method presented in figure 1. Used in this way, the first user receives the first message ESM management and extracts the control words CW1 and CW2. Before receiving the second message ESM management it is filtered and therefore cannot be used. When the content should desirability by the control word CW2, the indicated control word is available, since it was sent in the first message ECM control.

Message ESM control can be used for transmission to the second decoder. In order to identify fraudulent use, you can calculate the number of messages ECM control decrypted within each cryptoperiod. This allows you to take action in the case when for each cryptoperiod decrypted too many control messages. However, in the case of the invention, the verification of the number of control messages for cryptoperiod will not allow to detect and prevent fraudulent use, because this number corresponds exactly to the number of messages that are decipherable only one protection module used in normal mode.

Figure 3 shows schematically the method according to the invention. In this way the stream of encrypted data ST Savin the t relative to the flow of messages ECM control. The following description relates to the case of normal use of one media module with the only protection module.

As an example, consider the case when the user activates his multimedia module or includes a specific channel at a time, denoted as t1 in figure 3. At this point the content of the ARTICLE must be decrypted by the control word CW2. Also at this point is broadcasting the first message ESM management. This message ESM control contains control words CW1 and CW2. Content, therefore, can be decrypted by means of the control word CW2.

If the user activates his multimedia module or includes a specific channel at a time, designated as t2, the control word CW2 will also need to decode the content. At this point is broadcasting a second message ESM management. It contains the control word CW2 and CW3. The content of the ARTICLE, thus, can be decrypted by means of the control word CW2.

If the user activates his multimedia module or includes a specific channel at a time, denoted as t3, the course of events will be similar to what was explained in the case of the activation of which is t1. The control word CW2 received from the message ESM control, can be used to access content material.

As you can see, in normal use to encrypted content material can be accessed regardless of the time at which the user activates your multimedia module or switch the channel.

Figure 4 shows the fraudulent use of two media modules in the case of the method according to the invention. In accordance with this option, each decoder uses only one control message of the two. Imagine that one of the decoders uses the first message ESM control that contains the control words CW1 and CW2. If the user activates his multimedia module or enables the corresponding channel at time t1, it is as in the example shown in figure 3, that is necessary to decrypt the content of the control word CW2 available as it is contained in the message ESM management. Content, therefore, available.

If the user activates his multimedia module at the time t2, for access to the content material ARTICLE will need the control word CW2. It is available in connection with what was sent in the first message ESM control, so that content is the material can be decrypted.

When the user activates his multimedia module at the time t3, for access to the content material must control word CW3. This control word is transmitted once a second message ESM control and once in the third message of ESS management. Assuming fraudulent use, as described previously, the second message ESM control was not used by this decoder, and was transferred to another decoder. Thus, the control words that contain the specified message is not available to the decoder. The third message of ESS control is not available at the moment t3, as between the data flow and message flow control includes a shift. In the content cannot be decrypted during the entire period of time between the point at which you want the third control word CW3, and sending the third message of ESS control.

In practice, in order conscientious user to have access to all the content material, it is necessary that the shift between the data flow of the ARTICLE and the flow of messages ECM control was less than cryptoperiod. In order to put the crook in the most disadvantageous position, the shift should be as large as possible. Typically, you shift slightly smaller h is m cryptoperiod. The shift is preferably selected so that the magnitude of the shift in the amount of time for processing the specified message management module protection and the return control word in the device processing was less than cryptoperiod.

As an example we can take cryptoperiod equal to five seconds, with a shift between two threads, equal to four seconds. As a result, in the case of one security module, serving two decoders, each decoder for a considerable period of time will not have access to encrypted content material.

1. Method for managing data access (ARTICLE), encrypted by control words (CW)received by the security module in the message (ECM) and control is returned to the module processing encrypted data, and the specified message (ECM) controls contain, at least, the first control word (CW1) and the second control word (CW2), with each of these control words provides access to encrypted data (ARTICLE) within a specified period of time, called cryptoperiod (CF), comprising the following steps: transmission of encrypted data, at least in one processing module; and transmit messages (ECM) control in the specified module processing, and message (ECM) controls contain at least two predetermined control words (CW1, CW2) and transmitted to the processing unit after the transmission data encrypted by the first control word (CW1), and before sending the data encrypted by the second control word (CW2), characterized in that the time shift between the transmission data encrypted by the first control word (CW1), the processing module and sending the message (ECM) control containing the first control word (CW1) and the second control word (CW2)is more than 75% of the value of cryptoperiod.

2. The method according to claim 1, characterized in that the time shift between the transmission data encrypted by the first control word (CW1), the processing module and sending the message (ECM) control containing the first control word (CW1) and the second control word (CW2)has a value smaller than the value of cryptoperiod.

3. The method according to claim 1 or 2, characterized in that the time shift between the transmission data encrypted by the first control word (CW1), the processing module and sending the message (ECM) control containing the first control word (CW1) and the second control word (CW2)has a value smaller than the value of cryptoperiod less time on processing the message management module protection and time to return control word to the renderer.

4. The method according to claim 1, great for the present, however, the data stream is an MPEG data stream.



 

Same patents:

FIELD: information technologies.

SUBSTANCE: device (3400) for processing of coded data flow (3401), comprising a decoding module (3402) to generate decoded data flow (3403) from coded data flow (3401), detection module (3404) for detection of information on position of at least one intra-coded frame in coded data flow (3403) and substitution module (3405) for substitution on the basis of detected information on position of coded data flow (3401) parts with according parts of decoded data flow (3403).

EFFECT: increased efficiency, speed of data flow processing by means of selective substitution of only that data in data flow, which is required for further use of data flow.

28 cl, 37 dwg

FIELD: information technology.

SUBSTANCE: metadata which classify new bulletins as a whole and their separate subject matter are formed; said metadata are sent to a user terminal. Received metadata are recorded into memory which may or may not be integrated into the user terminal. Recorded metadata are compared with previously recorded news bulletins and their subject matter; based on said comparison, recorded news bulletins are divided into video files of news items; obtained video files are recorded into memory. A database of news items is created with possibility of further browsing in an audio-visual information display device. In order to provide the proper accuracy of dividing recorded news bulletins into video files of news items, the timing device of the user terminal is periodically corrected using standard time signals.

EFFECT: possibility of selection of separate news items of interest by a user, acquaintance with history of the news item previously browsed by the user, as well as with the entire spectrum of views on the browsed news item.

6 cl, 5 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to an information processing device, an information recording medium and a method of processing information. Several content administration modules, which correspond to a name, index and some other information, are installed by dividing into parts content stored on an information recording medium. Different module keys, which are encryption keys, are allocated for different content administration modules. At least content data arriving in real time, included in each content administration module, are encrypted using the module key, and the encrypted data are stored. When playing back content, modules are identified, and decryption for playing back is carried out using the module key which corresponds to each module.

EFFECT: copyright administration for each part of data, obtained through segmentation of content recorded on a recording medium.

41 cl, 37 dwg

FIELD: physics, communications.

SUBSTANCE: invention concerns security modules actuated at device receiving encoded digital data; claimed method is particularly intended for transfer of data on date and current time to security module, and for decoding authorisation management based on validity period for data received or stored by indicated device. Method of authorisation duration control in security module installed in device with internal clock, where the device received digital data flow encoded with reference words included in authorisation reference messages, involves the following stages: data from internal device clock, including information on current time, are receiver over security module; information on current time is stored in security module; authorisation reference message requiring decoding of at least on reference word is received over security module; information on previous time when previous authorisation reference message was processed is read; authorisation reference message is processed if time indicated in current time information is ahead of time indicated in previous time information.

EFFECT: enhanced safety of data transfer.

10 cl, 1 dwg

FIELD: physics; computer engineering.

SUBSTANCE: present invention pertains to digital television (DTV), especially to the method of verifying identity of a subscriber terminal in a DTV network. The method of carrying out authentication procedure of at least one subscriber terminal comprises the following stages: reading out, using a set-top box (STB) at the subscriber terminal, the period of validity of the key and key information, stored in the subscriber identification module at the subscriber terminal when the set-top box is launched; initiation, using the STB, of sending a request for authentication to a central station, if the period of validity of the key has expired, and authentication by the central station, in accordance with the authentication request; determination by the central station of whether authentication has been successful, and if successful, sending a corresponding reply message, containing new key information, and a reply message on failure of authentication if otherwise; updating, through the STB, key information when a reply message on successful authentication has been received.

EFFECT: reduced congestion of a network or authentication server.

18 cl, 8 dwg

FIELD: information technologies.

SUBSTANCE: invention can be used in system of the forced performance of requirements which provides access possibility to the enciphered digital content on a computing mechanism only according to parametres the certain rights of the license got by the user of digital contents. The first confidential builder on the first computing mechanism carries out cryptographic, an estimate and the forced performance of requirements and forcedly contacts it, the first certificate of the user device corresponding to the first computing mechanism, forcedly contacts the user. Accordingly, the second confidential builder on the second computing mechanism carries out cryptographic processing, an estimate and the forced performance of requirements and forcedly contacts it, the second certificate of the user device corresponding to the second computing mechanism, also forcefully contacts the user. The first competent builder gains contents for reproduction on the first computing mechanism by means of the first certificate of the user device and the license, and the second confidential builder gains contents for reproduction on the second computing mechanism by means of the second certificate of the user device and the same license.

EFFECT: prevention of non-authorised duplication of digital content by the user related to the digital license and having of some computing mechanisms.

16 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: invention refers to method of control of decoding of program traffic set received by receiving system. Method of control of decoding of program traffic set received by receiving system implying that sequence of messages is received in conventional access subsystem (9, 10) comprising the specified receiving system, and each message is associated with one of coded program traffic set and represents information return enabling decoding of associated coded traffic by at least one decoding module (12) within receiving system. It is detected whether messages received within certain interval are associated with various coded program traffic set, and at least one of requests presented by messages received within certain interval is rejected, if number of various coded program traffics with which these messages are associated, exceeds preset value.

EFFECT: creation of receiving system, portable protector which enables program traffic provider to control program traffic set to which user of receiving system simultaneously addresses.

16 cl, 2 dwg

FIELD: information technology.

SUBSTANCE: decoder and subscription television data control system proposed contain at least two decoders, each of those is connected to at least one removable protective module. The protection is realised using identification data, contained in the decoder and protective module indicated. Besides, each of the decoders contains a descrambler and subscription television data processing deactivation units. Each decoder also contains a counter, which influences the deactivation units mentioned. Besides, at least one of the removable protective modules is assigned as primary and therefore contains decoder counter reinitialisation units.

EFFECT: provision of capability to regulate decoder operation time and to adjust operation parameters at any time using protective module.

19 cl, 13 dwg

FIELD: information encryption.

SUBSTANCE: system contains an encrypted data broadcasting centre, at least one control centre, a terminal device, a decoder located between the encrypted data broadcasting centre and the terminal device, the decoder includes an encrypted data reception and decryption module and a data access authority control module; the data access authority control module contains a protection module.

EFFECT: provision of system allowing to simplify access authority control at broadcasting centre level and ensuring optimal data security.

12 cl, 2 dwg

FIELD: receivers/decoders of services, provided with certain conditions, in particular in a system for accessing an encrypted data stream, priced per time unit.

SUBSTANCE: system contains control center (2), which transmits a data stream through a broadcasting channel, encrypted by means of control words, which are included in composition of access control messages, and meant for receipt by at least one user device (1), connected to safety block (3), having unique address and containing credit, which is reduced with purchase of products or consumption of data stream, where safety block (3) is provided with means for reducing credit for value, dependent on product, or for value, dependent on duration of access to data stream, where aforementioned values and/or duration are determined in access control messages or in conditional access messages, and system contains means, made independent from user device (1), for transmitting identifier, representing a unique number, and price code which indicates size of credit subject to load, in control center (2), and control center (2) additionally contains devices for receipt and verification of price code and for transmission of an encrypted message through broadcasting channel, having a unique address, corresponding to identifier, and giving a command to the safety block (3) to load the credit in defined amount.

EFFECT: development of a new approach to provision of access to paid television for broad clientele, substantially reduced subscriber management related costs.

5 cl, 1 dwg

FIELD: information technology.

SUBSTANCE: system receives multiple sets of authenticating data for a set of authentications from a set of authentication sources and presents the said set of authentications in a graphic user interface, where the graphic user interface includes a corresponding part for each of the said set of authentications, which is set up based on its set of authenticating data. The system can flexibly set up the graphic user interface.

EFFECT: flexible and broader setup of a user interface.

19 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: method involves reception of a payload data element using a processing device; performing cryptographic authentication of the payload data element; storing the authenticated received payload data element in a data processing device, and protecting integrity of the stored payload data element. The cryptographic authentication process involves calculation of a control hash function value of at least the received data element. Protection of integrity also involves calculation the standard value of a message authentication code at least for the control hash function value using a secret key stored in the data processing device as input data.

EFFECT: more computationally efficient mechanism for providing security, which protects software and when loading software into a device.

34 cl, 11 dwg

FIELD: information technologies.

SUBSTANCE: method is based on series of information bits match with bits in bytes of colour presentation, with change of least significant bits in initial image and requiring minimum correction of statistical characteristics of only least significant bits, as a result of accidental nature of matches. Least significant bit is replaced in bytes in initial digital image, besides, flag value "one" is assigned to least significant bit in bytes of initial digital image, if part of digital image signal byte bits and message signal bits match, or flag value "zero" is assigned in case of non-match, at the same time correction of statistics of distribution of least significant bits is made by their remaining part, which is not used as flag values.

EFFECT: possibility to store and transfer large volumes of confidential information.

3 dwg

FIELD: information technologies.

SUBSTANCE: in method of safety authentication in each link of wireless network, upper level key holder (R0KH) receives and stores upper pair main key (PMK_0) for each query wireless device after process of authentication. All access points (AP) of authenticator accept the role of the first level key holder (R1KH) and receive pair main key of another level (PMK_1) from R0KH. Key of data protection of the communication line level is extracted from PMK_1 by means of 4-side quitting of communication according to standard 802.11i.

EFFECT: provision of hierarchical safety structure for each link of wireless network.

11 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: playstation analyses coded certificate stored in hard drive memory. Having detected hard drive, playstation obtains a coded certificate from hard drive memory and decodes it. Certificate contains parametres related to hard drive such as, for instance, serial number of hard drive, number of model, capacity of hard drive memory and trademark, specifying authentication of hard drive. Playstation also obtains specified parametres from hard drive in unencrypted form. Parametres extracted from coded certificate are compared to parametres read from hard drive memory in unencrypted form. If specified parametres correspond to each other, hard drive is considered to be authentic. Certificate is coded by personal key of pair of open-personal key and is decoded by according open key using available cryptographic methods of open key.

EFFECT: execution of playstation capable of determining whether hard drive is authorised to use with playstation.

17 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: transmission method involves reception of a primary integrity key encrypted with a content key and at least one encrypted content stream from a content owner by a stream server; reception of a request from an electronic device for information on said content stream; formation of at least one initial value by the stream server; transmission of information in response to the said request on one content stream by the stream server to the said electronic device, where the said information contains at least one initial value and the primary integrity key encrypted with a content key; formation of at least one session integrity key in the said stream server using the said at least one initial value and the said primary integrity key; protection of integrity of at least one content stream in the said stream server using the said at least one session integrity key; and transmission to the said electronic device at least one content stream with integrity protection formed using at least one session integrity key.

EFFECT: higher protection of stream content.

38 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: multiplication value decision unit (12) decides a multiplication value which is a positive value or a negative value corresponding to a bit value of each bit contained in a binary bit string constituting a scramble pattern generated in a pattern generation unit (11). A multiplication processing unit (13) multiplies symbol data representing each symbol value in the symbol data string formed by the multi-value symbol containing a predetermined pair of a positive value and a negative value having an identical absolute value, in the value area, by the multiplication value decided by the multiplication value decision unit (12). At that moment, the multiplication processing unit (13) successively executes multiplication between the symbol data for one symbol and the multiplication value decided in accordance with the bit value of the one bit contained in the scramble pattern until the number of symbols expressed by the symbol data string is reached.

EFFECT: scrambling a data string through simple processing, even when the function channel content is changed.

7 cl, 8 dwg

FIELD: information technology.

SUBSTANCE: key is generated in an electronic component for a specific cryptographic algorithm. For this purpose a prime number P is stored in memory of the electronic component and at least one secret prime number is generated. In order to generate a secret prime number at step /a/ two integers p1' and p2' whose sum is equal to a number p' are randomly selected; at step /b/ it is determined (12) whether the number p' is a prime number, on the basis of a combination of the stored prime number P with the numbers p1' and p2' so as to maintain said number p' secret; at step /c/ if the number p' is determined to be a prime number, numbers p1' and p2' are stored (14) in the memory of the electronic component, otherwise steps /a/ and /b/ are repeated.

EFFECT: higher efficiency of key generation method.

16 cl, 2 dwg

FIELD: information technology.

SUBSTANCE: translation circuit provides stream content which is encrypted using traffic key. The traffic key is provided to users through a message on a stream of keys which is encrypted by a service key. A user receives at least one object of rights from a rights holder and said at least one object of rights contains a service key required for using the stream content. Said at least one object of rights also contains information on rights of use which can be configured by the rights holder so that different rights are provided depending on the user and/or reception device. The message on the stream of keys can contain a value of the "program category" variable, which indicates the type of content and, together with the object of rights, determines rights to use which are available for the given stream content.

EFFECT: less bandwidth used.

21 cl, 33 dwg

FIELD: information technologies.

SUBSTANCE: system comprises a processing server and database server, besides processing server is designed to obtain extended associative information, at least of one account from at least one client's terminal, to transfer extended associative information to database server; and is also designed, whenever request arrives for service from one client's terminal, to obtain from database server extended associative information of account, corresponding to client's terminal, to generate verification information according to level of protection of request for service and to transfer this verification information to client's terminal, in order to verify authenticity of user, using client's terminal; and database server is arranged with the possibility to preserve extended associative information of at least one account. The present invention also describes method of accounts control in Instant Messaging Service (IM).

EFFECT: increased protection of user account from thieves.

12 cl, 2 dwg

FIELD: information technology.

SUBSTANCE: when a device changes its position relative transmitters, one transmitter will possibly be identified as the one transmitting the strongest or highest quality signal. When that determination is made, the user of the mobile device is provided with the opportunity to switch to receiving the signal from that transmitter. Based on the user reply, the device can continue working with the current transmitter, even though it does not have the strongest signal, or the device can be configured to detect and start receiving a signal from a new transmitter. Measurement of the quality of the signal from the transmitter can be based on a composite factor which combines a number of individual measurements made over predetermined periods of time.

EFFECT: switching from one wireless broadcast network to a neighbouring broadcast network in a way which is efficient and convenient for the user.

21 cl, 6 dwg

Up!