Method of enforcing rules for accessing broadcast product realised by control centre |
|
IPC classes for russian patent Method of enforcing rules for accessing broadcast product realised by control centre (RU 2518164):
 Multi-level message filtering / 2486677
Invention discloses systems and methods of generating multi-level filtering information, that are applicable to multiple messages. For a first filtering level, a set of filtering values is formed as a combination of all filtering values for filtering criteria which belong to a set of intersection of filtering criteria. On the receiver side, the overall transport entity first undergoes filtering based on second-level filtering information. First-level filtering information can be separated from the transport entity; if the transport entity is not discarded after first-level filtering, second-level filtering information, the obtaining of which requires processing the transport entity, is used to extract messages from a packet.
 Conventional access system for digital television and method for its use / 2477923
System includes identification unit, conventional frontend access system unit and receiving device, in which identification unit is bi-directionally connected to receiving device, identifies receiving device, generates unique ID of receiver and identification information, and records the corresponding information in data base; conventional frontend access unit is bi-directionally connected to this data base, reads the information about the receiver from data base for coding the control information about receiver identification, and transmits the information to receiving device in relevant addressing mode; conventional frontend access unit switches on the relevant generator of identification information; receiving device uses ID and identification information for provision of safe conventional access to scrambling programs.
 Programmable multimedia controller with programmable functions / 2460119
Disclosed is an integrated system which is based on a general purpose computer and is capable of interfacing with, controlling or managing a wide variety of audio, video, communication, data transmission or other devices. The system includes a programming environment for creating functions or user experiences that may incorporate features or functionalities of several devices that are conventionally used as separate, standalone devices.
 Method of multimedia data protection / 2449494
Method of data transmission to client computer executing client program includes following steps: a) data transmission to client program, b) transmission of program code containing algorithm from protection server to client program where algorithm result is function of client program status, c) executing the mentioned code by client program and returning result to protection server and facilities connected with protection server, and d) determination by protection server or facilities connected with protection server whether the obtained result indicates absence of client program modification.
 Device for processing data elements which can be reproduced to user / 2446614
Device (DVR) is processing data elements which can be reproduced for user. Example of such device is digital videorecorder. The device (DVR) contains network interface (NWIC, NWIM) which connects the device (DVR) to network which contains other devices. Content analysis initiator (ECF) in the device (DVR) detects that other device comprising part of network contains content analyser. Content analysis initiator (ECF) applies content analyser (AVCA) of other device to data element (AVF).
 Content download system, content download method, content supplying apparatus, content supplying method, content receiving apparatus, content receiving method, and programme / 2432686
Disclosed is a content download system comprises: a content supplying device, a content receiving device, a download apparatus designed to download encrypted content and playing control data necessary for playing said content from said content supplying device according to user operations; obtaining apparatus to confirm the existence of a license which includes a key for decrypting said encrypted content based on said playing control data when playing said downloaded content, and to obtain said license according to the confirmation result; and playing apparatus to play said encrypted content using said obtained license. Playing control metafile describes <content_title>, <drm_server_uri>, <license_id>, <license_type>, <license_description>, <user_confirmation>, <user_messsage>, and <price>. In the case when multiple licenses are set for a single content, the items <license_id> through <price> describe only the number of set licenses.
 Method to grant license to client device corresponding to coded content and system of conversion to manage digital rights, applying this method / 2421806
Method of a conversion system operation to manage digital rights to grant a license to a client's device corresponding to coded content consists in the following. The first content of the first type of digital rights content and the first license corresponding to the first content are converted to manage digital rights in order to generate the second content of the second type of digital rights content and the second license corresponding to the second content. A license request is received, corresponding to the second content distributed by means of superdistribution to a third party. The second license corresponding to the second content distributed by means of superdistribution is requested from a server corresponding to the second management of digital rights. The second license corresponding to the second content distributed by means of superdistribution is received and sent to a third party.
 Method and device for processing dvb-h (digital video broadcasting - handheld) compliant transport stream / 2418367
Invention proposes a method for processing a transport stream (TS) received as an input TS in a processing device (SDR), the transport stream comprising a plurality of elementary streams (ES), each ES being a set of TS packets having the same Packet IDentifier (PID), at least one of these ES being time-sliced so as to be sent in bursts, timing information indicating within a burst the time to the beginning of the next burst, applying a filtering operation to the input TS so as to filter out from the input TS part or all of one or more time- sliced ES; modifying the bursts scheduling of the input transport stream so as to generate a DVB-H compliant output TS from the filtered input TS.
 Controlled communication system / 2417534
First user can support one or more content "portals", which can be accessed by at least a subset of members of an online community. Access to content of any portal can be based on the level of confidentiality of the portal and the level of confidentiality, for example, access parametres provided to a person. The level of confidentiality and linking the content can be hierarchical and/or non-overlapping. That way, a user can transparently exchange data with several uses simultaneously independent of their context or level of confidentiality while preserving the confidentiality boundaries of each portal.
 Method and system for provision of conditional access to data in broadcast system of mhp or ocap / 2411665
Request of subscription is created from viewer, in order to realise access to additional paid content, parametre of viewer identification is formed in receiver in response to request of viewer subscription, parametre of viewer identification is saved in receiver, parametre of viewer identification is sent, as well as request of viewer subscription from receiver to broadcasting station along feedback channel, viewer access is authorised to additional paid content, parametre of viewer identification is sent, which has been received at the stage, from broadcast station in transport DVB-stream substantially to all receivers in broadcasting system, a transport DVB-stream is received in receiver, and requested additional paid content is unlocked from transmitted transport DVB-stream in receiver with use of transmitted parametre of user identification and stored parametre of viewer identification.
 Method and apparatus for secure transmission of audiovisual data encapsulated according to plurality of transport protocols / 2518160
Invention relates to a system and a method for secure transmission of audiovisual data encapsulated according to a plurality of transport protocols to different devices connected to a network. The invention discloses a system and a method for secure transmission of an audiovisual stream formed by a set of transport packets encapsulated according to a plurality of transport protocols suitable to be transmitted to a user device compatible with one of said transport protocols, which includes generating a secure audiovisual stream from an original stream, wherein said audiovisual stream includes a set of modified transport packets different from corresponding original transport packets in modification positions; generating an additional stream of any format containing digital information suitable to restore the original audiovisual stream based on said basic stream; restoring in said receiving device the original audiovisual stream based on the secure stream as a function of said additional stream, wherein the additional stream includes said modification positions which are generated according to each transport protocol from said transport protocols.
 Coder/decoder, coding/decoding processes and programmes for both / 2517691
Invention relates to picture data coder/decoder operating on switched video coding principle (SVC). Decoder comprises first decoding unit to decode picture data composed by interlaced picture data for generation of the first decoded data and data of forecast picture of lower level. First high-frequency sampling processing unit allows sampling at higher frequency of forecast picture data of lower level. Said data is generated by decoding unit for generation of forecast picture data sampled at higher frequency. Second high-frequency sampling processing unit allows sampling at higher frequency of forecast picture data of lower level. Said data is generated by decoding unit for generation of second forecast picture data sampled at higher frequency. It incorporates the selection unit to select the forecast picture first data sampled at higher frequency or second forecast data sampled at higher frequency as forecast picture data for forecast of second decoded data. Second decoding unit allows decoding of picture data that forms the data of consecutive pictures with application of forecast picture data selected by aforesaid selection unit.
 Method and apparatus for encoding video and method and apparatus for decoding video based on omission and breakdown order / 2517433
Invention relates to video encoding and decoding. The method of encoding video involves determining encoding units having a tree structure, which include encoding units of encoded depths, and determining encoding modes for encoding units of encoded depths by encoding based on units for encoding according to depths. The units for encoding according to depths are obtained via hierarchical breakdown of the maximum encoding unit as the depth increases. Further, information is output, which indicates the order of the breakdown information and omission mode information which is selectively determined for units for encoding according to depths, and information relating to encoding modes for encoding units of encoded depths, which includes breakdown information and omission mode information arranged according to the order.
 Transport stream packet header compression / 2517421
Invention relates to computer engineering. The method of transmitting a data stream in a physical layer frame in which data packet groups are mapped in a plurality of physical layer trunk streams, wherein the plurality of physical layer trunk streams include one or more physical layer trunk streams with header compression, to which only one group of data packets is mapped; the method involves generating packet identifier information and a group of data packets with compressed headers from a group of data packets mapped to the physical layer trunk stream with header compression, wherein a data packet with a compressed header has a compressed header with a remote packet identifier, wherein the packet identifier information indicates a single value of the packet identifier from a group of data packets mapped to said physical layer trunk stream with header compression; and transmitting the physical layer frame which includes packet identifier information and the group of data packets with compressed headers, for each of the physical layer trunk streams with header compression.
 Method and apparatus for encoding video by motion prediction using arbitrary region, and method and apparatus for decoding video by motion prediction using arbitrary region / 2517404
Invention relates to video encoding and decoding. The invention discloses a method and an apparatus for encoding video, wherein the method involves encoding video data of a maximum encoding element based on deeper encoding elements of hierarchical structures in accordance with at least one area for dividing the maximum encoding element, while performing inter-prediction using regions obtained by dividing the encoding element according to arbitrary ratios, and determining the encoding depth; and outputting a bit stream which includes encoded video data corresponding to the encoding depth, and in accordance with the maximum encoding element and information relating to the encoding depth and encoding modes.
 Method, device and system for compression and recovery of compressed picture / 2517398
Invention relates to computer engineering. Method of translucent picture comprises receipt of colour signal channel and translucent picture channel signal as the initial translucent picture. Compression is executed with data loss for colour channel to obtain colour signal compression info. Compression is executed without data loss for translucent channel info to obtain translucent channel compression info. Colour signal channel compression info and translucent channel compression info are synthesised whereat synthesising data includes the info about colour signal channel compression info and translucent channel compression data in compliance with the order of info on length for data on translucent channel compression, translucent channel compression info and that on colour signal channel compression Note here that length data on translucent channel compression info represents the quantity of preset bytes for designation of translucent channel compression data length.
 Method of embedding message in jpeg 2000 digital image / 2517337
Method of embedding a message in a JPEG 2000 digital image involves replacing coding coefficients of medium-frequency and high-frequency wavelet transformation subranges, wherein embedding is performed after the procedure of quantisation into blocks of wavelet coefficients measuring N×N. Bit values of the embedded message are coded by the parity of the sum of values of wavelet coefficients in a block, wherein if the value of the embedded bit does not match the parity of the sum of values of wavelet coefficients in the block, the value of one of them is increased by one, wherein the wavelet coefficient whose value has the greatest fractional part is selected for modification.
 Method and device for coding/decoding of pictures / 2517299
Invention relates to computer engineering. Proposed method comprises video layer of coded flow generation by picture coding, said picture being composed of one or several images. In includes system layer of system flow formation for transfer or storage of coded flow. Note here that video layer comprises picture coding for formation of coded flow. Note here that system layer comprises multiplexing of coded flow formed at said coding. Besides it includes identifier for generation of system flow. Note here that said identifier specifies if picture format is a left-right mixed format including basic layer and expansion layer to ensure multiple degrees of precision. It includes left plan picture area and tight plan picture area in every image. Note that said coding comprises, in the case of left-right mixed format, the picture coding including basic layer and expansion layer as well as left plan picture area and tight plan picture area in every image for forming of coded flow.
 Video encoding method and apparatus, and video decoding method and apparatus / 2517293
Image decoding method involves extracting, from a bit stream, information showing the intra-frame prediction mode applied to the current prediction unit; determining reference pixels among neighbouring pixels adjacent to the current prediction unit, and filtered neighbouring pixels based on the size of the current prediction unit and the intra-frame prediction mode of the current prediction unit; performing intra-frame prediction in prediction mode over the current prediction unit using the extracted information and determined reference pixels. The method involves hierarchical breakdown of a plurality of maximum coding units, according to information on the maximum size of the coding unit, into coding units with coding depths in accordance with depths. The coding unit of the current depth is one of rectangular data units obtained by breaking down a coding unit of a greater depth. The coding unit is broken down into coding units of lesser depth, independent of neighbouring coding units, and the coding unit of the current depth is broken down into at least one prediction unit.
 Method for modification of reference block in reference image, method for coding or decoding said reference image with help of reference block and device to this end, and data carrier to transfer block coded with help of reference block / 2517247
Invention relates to coding/decoding of picture signals. Method for variation of reference block (RFBL) with reference pixels in reference picture (I_REF) converts (TRF) reference block to first set of factors (REF (u, v,)). It changes the first set of factors (REF (u, v,)) with the help of one or several weights (TR (u, v,)) and executes the inversion (ITR) of changed. Note here that weights (TR (u, v,)) are defined by extra pixels in current picture (I_CUR) and extra reference pixels in reference picture. Application of extra pixels and extra reference pixels allows the determination of spectral weights so that they display the effects of attenuation. Particularly, if reference frame consists of two black-out frames one of which should be forecast with the help of reference frame, then assignment of weights in spectral band allows isolation of significant frame from two frames.
 Method and device for verifying dynamic password / 2506637
Invention relates to computer engineering. Method of verifying a dynamic password, involving generating, by a mobile device, an initial code using token software, and transmitting the initial code to a verification server through a web page; generating, by the mobile device, a Diffie-Hellman key using a Diffie-Hellman algorithm according to a private Diffie-Hellman after verification of the initial code; and generating an initial token value according to the Diffie-Hellman key using a hashing algorithm; and generating the current dynamic password by executing a predefined algorithm for processing the initial token value and the current time, and transmitting the current dynamic password to the verification server through a web page; generating, by the verification server, a dynamic password of the verification server according to the received initial code and by using the same Diffie-Hellman algorithm as that used by the mobile device; and comparing, by the verification server, the dynamic password of the verification server with the dynamic password generated by the mobile device, and verifying whether the dynamic password generated by the mobile device is correct.
|
FIELD: radio engineering, communication. SUBSTANCE: invention relates to broadcast encryption and specifically to a method of managing authorisation rules in a data broadcasting system. Disclosed is a method of enforcing rules for accessing a broadcast product, received by receivers, which is realised by a control centre. Access is provided by a product key and the management centre manages a set of Boolean positive and negative attributes at receivers, which comprises steps of: associating one positive Boolean attribute with a receiver entitled to the attribute and loading a state therein; associating one negative Boolean attribute with a receiver not entitled to the attribute and loading a state therein; defining a second broadcast encryption scheme for the negative Boolean attributes and associating with each negative Boolean attribute corresponding decryption key material; expressing access conditions for a product as a Boolean expression by combining one positive Boolean attribute and one negative Boolean attribute by Boolean conjunction or disjunction; generating a cryptogram for transmission to a receiver by encrypting the access key with the two combined broadcast encryption schemes according to said Boolean expression. EFFECT: reducing requirements for receiver security means to enforce access conditions defined in key messages, and handle complex access conditions based on the characteristic and properties of the receiving device or user. 5 cl, 1 dwg
The technical field to which the invention relates. The present invention relates to the field of broadcast encryption, specifically to a method of rights management authorization to broadcast the data transmission system having a control center and a set of receiving devices. The level of technology In known standard broadcast model, pay-TV, disclosed in "a Model of conditional access systems EBU (European Broadcasting Union, the European broadcasting Union)", EBU technical review, winter 1995, broadcast pay TV product is encrypted and the keys to decrypt pay-TV product at the receiving side are embedded in messages ECM (Entitlement Control Message, the message access control)transmitted along with the scrambled pay TV product. Messages ECM encrypted using key transfer, which often change for security reasons. In addition to the keys diskriminirovaniya message ECM contains information about the conditional access rights to pay-TV product in terms of access, the performance of which is provided at the receiving side. The management and transfer of rights conditional access individual subscriber (for example, the right to a subscription service for one month), as well as key transmission is performed by the asynchronous method in the form of messages EMM (Entitlement Management Message, the authorization message subscribers). Message EMM is encrypted using a secret key known only to the receiver. Thus, to enable reception and decryption of the product receiver, the first step you must take and decrypt the EMM messages that contain rights that are appropriate for the product, and EMM messages that contain the keys necessary to decrypt messages EMM. With this purpose, the receiving device contains a unique key, and the message EMM is encrypted agreed unique key (key"companion") to the receiving device and transmitted so that only that specific device can decrypt this message EMM. This can be applied to symmetric and asymmetric keys. Different rights can be loaded into the memory of the security of the receiving device is made, usually in the form of a smart card, then the execution result of such security. These security features can be done in different ways, for example, in the form of smart cards, secure chip, USB adapter or software protection against unauthorized access, included in the device. We believe that these security features is sufficient for storing the Oia at least the transmit key, unique key specific to the receiving device, and the rights (or rights)associated with the receiver. The role of security is to receive messages ECM and the EMM, the decryption of the message ECM using key transfer and retrieve the key (or keys) access, and the access conditions associated with pay-TV product. Security check, whether stored in the memory of the security right, corresponding to the access conditions contained in the message ECM, and in case of confirmation, the access key is transmitted to the receiving device to decrypt the product. Message ECM may contain more than one definition of access conditions. In this case, in accordance with applicable policies, security can verify the rights in his memory and to transmit the access key in the presence of at least one of these rights (logical function). According to another policy, security can transmit the access key only if all of the right, corresponding to the full set of access conditions are stored in memory security (logical function). Complex queries about the contents of the memory can be performed as described in the publication WO 2004052005. The access key is transmitted to the host device only if the various checks Yes the t positive result. When deciding on the legality of granting rights are taken into account not only the rights as such, but can also be considered the date of expiration or credit status. Right along with the transmit key can be loaded into the memory of the security using the EMM messages in different ways: - during initialization of the receiving device via the local connection to the main device or by receiving the initialization message sent over a broadcast channel; at any point in time, for example, when modifying data of the subscriber agreement on the provision of the subscription services or their cancellation, renewal rights, modification of key services (including the transmit key). As for security, made only on the basis of software, the risk of hacking software is higher than using dedicated hardware security. The primitives broadcast encryption, described, for example, "Secure broadcast encryption with short ciphertexts and private keys" Dan Beaune, Craig gentry and Brent waters, are an effective way for reliable transmission of digital content over a broadcast channel with a given bandwidth of the channel, about the EMA memory of the receiving device and the complexity of the encryption/decryption. The method consists of three algorithms. The tuning algorithm, which initializes the system parameters, such as the material of the decryption key to the receiver (s) and the encryption key for broadcast centre. The encryption algorithm generates a cryptogram for the permitted subset of receivers to other receivers that are not included in the allowed subset, could not decrypt the cryptogram. The decryption algorithm correctly decrypts the cryptogram provided that the receiver has the encryption key and is included in the allowed subset. Consider the situation when the center wishes to transmit the priority content is permitted to a set of receivers that meet certain criteria or characteristic (or its absence). This characteristic can be, for example, the subscriber agreement on the provision of a package of services, the amount of money remaining on the smart card, postal code receiver (or other geographic information), the properties of the chipset or any other information pertaining to the user or device. Disclosure of inventions The advantage of the present invention is effective in solving this problem by parallel use of the two primitives broadcast encryption. In contrast to the method disclosed in the publication WO 2004052005, which is to compare the presented functionality the present invention provides the realization of the right to broadcast centre (i.e. at the headend). It has the advantage over the previous method, which ensures the implementation of the rights in the security module (SC), because security in the previous case based on engineering analysis (breaking) of the security module, whereas in our case the security is based on the solution of complex mathematical problems. Furthermore, unlike the method disclosed in the publication WO 2004052005, the present invention allows to manage complex conditions and access policy, without affecting the security of the system. The aim of the present invention is to provide a method that allows a lesser extent, to rely on the security features of the security module (SC) receiver to ensure compliance with access conditions defined in the containing key messages, on the one hand, and to manage complex access conditions based on the characteristics and properties of the receiving device or the user of such a device, on the other hand. Thus, we propose a method for enforcing access broadcast product taken by the receivers, which is the control center, with access to the specified product provided the product key, and the decree of the config control center manages a set of subscriber packages of which at least one subscription package allows access to the product, including the following initial steps: determine for each subscription package at least the material of the positive key and material negative key; for the receiver, subscribed by at least one subscriber package, load the material of the positive key of the specified subscriber package and the material of the negative key subscription packages, which was not signed subscriber agreement. When this product is available through at least the first subscriber service and is not available at least for the second subscription package: - prepare an authorization message to provide access to the product, the product key or data that allow the extraction of the product key used to obtain the cryptogram, with this cryptogram encrypted as a material of the positive key of the first subscription package, and the material of the negative key of the second subscription package to the cryptogram, allowing extraction of the product key was available only in the case when the material of the positive key of the first subscriber service and material negative key of the other subscriber packet is stored in the receiver. Feature this is the first way is to define two materials key for subscription of the service. One of these keys (the material of the positive key) is loaded, if the receiver is allowed access to the specified subscription package, and the other (material negative key) is loaded in the receiver, without access to the specified subscriber package. The control center first sets the attribute (for example, a set of services or subscription package) and creates a list of possible attributes for each attribute is determined by the key material. Under the key material means at least a key associated with this attribute, and, in some cases, the correct definition. The basis of the present invention lies in the fact that in the case of specific receptor entitled to the first subscriber service and are not entitled to the second subscription package, this receiving device accepts the material of the positive key of the first subscriber service and the material of the negative key of the second subscription package. Thanks to this material key messages with keys can contain complex queries, for example, allowing access to the product key, only if the receiving device has the right to the first subscriber service and is not entitled to a second subscriber service. The access key or the product key can be used for direct access to the product or indirect access to prod the KTU, for example, using additional keys or algorithms in the security module. The access key can be combined with other switches in a single message or other messages access control, such as described in patent EP 1252768, and the access key plays in this case the role of the master key. In an alternative embodiment, the access key is a so-called transmit key used to encrypt (or decrypt) messages containing the control words and the conditions of access. Brief description of drawings The present invention will be explained using figure 1, which presents the General scheme of the environment wide broadcast. The implementation of the invention In the process of initializing a new subscriber module to the security of its receiver receives a message containing the key material that is destined for this user. Assume as an example that the control center manages four subscription packages, each of which contains at least one audio/video service and can contain a set of services. When the user is subscribed to the first subscription package, the material of the positive key of the first subscriber packet is passed to the receiver for storage in its security module. The control center will give the neg material is negative key other subscription packages, to which the subscriber does not have access. Due to this structure it is now possible to determine access to specific broadcast product using the material of the positive and negative key. In accordance with an example where the transmitted product available to the subscriber who subscribed to the first but not the second package, the product key, i.e. a key for decrypting the encrypted product thus positive key of the first subscription package, and then negative key of the second subscriber service. Generated message with this double-encrypted product key, which is transmitted to the subscribers. Our specific subscriber having access to the first package and do not have access to the second, can then decrypt this double-encrypted product key. When the other person has access to the first and the second packet has the specified subscriber will not adversely key of the second subscriber package, so it will not be able to decrypt the product key. Thus, the conditions of access to the product are implemented control center and do not depend on the verification of the subscriber installation. The encryption procedure, i.e. first positive key, then the negative may be reversed without any consequences. First, you can use the negative key, is after him - positive. When the access condition should affect the third subscription package, the product key can be optionally encrypted positive or negative key third subscriber package, depending on the fact that this condition is the presence or absence of access to the third subscriber package. In accordance with one embodiment of the present invention, the product key was originally encrypted session key. This provides greater flexibility when working with positive and negative keys. When positive and negative keys are asymmetric, the amount of material which is encrypted by an asymmetric key is defined as an asymmetric algorithm. He will act only on the size of the session key, leaving open the key size of the product. You can use the product key length of 96 bits, which is encrypted with the session key length of 128 bits. After this session key is encrypted in accordance with a condition of access instead of the product key, as described above. The message is passed to the subscriber installation, will contain the product key, encrypted with the session key and the session key encrypted by a positive or negative keys in accordance with the terms and conditions of access to the subscription packages. Because the subscriber can change is their subscriber agreement, in accordance with one embodiments of the present invention, the materials of the positive and negative keys are updated regularly, for example every month, so the caller was not interested in preserving the negative key for this subscription service, when he subscription to this package. The control center will give this person a new positive key for the coming month for subscription packages and new negative key for the coming month for a subscription package, for which he has no right. Thus, the saving in mass data storage subscription set keys of the previous month does not allow him to bypass access conditions based on the combination of positive and negative keys. A description of the shape In figure 1 the control center MS stores in its database DB copy of the materials of the keys passed to the receiving devices RD1, RD2, RD3. In accordance with our example were identified as two subscription package B1, B2, the first of which refers to a material positive key K1 and the material of the negative key K1', and the second material of the positive key K2 and the material of the negative key K2'. The receiving device RD1 entitled to subscription package B1, got the key material K1. Due to the fact that the receiving device RD1 is not entitled to subscription Pak is t B2, he was also given the key material K2'. The receiving device RD2 has the right to subscription packages B1 and B2, so both key material K1 and K2 are transferred to that device. The receiving device RD2 has the right to a P.O. package B2, so he had been given a key material K2. Due to the fact that the receiving device RD3 is not entitled to a P.O. package B1, he was also given the key material K1'. When the control center MS need to send key access only those receptors that have access to the second subscriber service B2 and do not have access to the first subscriber package B1, cryptogram CY transferred receptors RD, will contain the access key, combined with material negative key K1' and the material of the positive key K2. The authorization message containing the cryptogram, another field of the message contains the handle of the keys used for decryption. It can be made in the form of two bitmap in which each bit determines the active subscription package, with one bit map is designed for positive keys and the other for negative keys. According to a variant implementation of the present invention, may be decided, in order to decrypt the cryptogram first used positive keys and then negative. The product key can be released only broadcast product, such as a movie or a service for a day or a month. Customer service can refer to a set of services or a single service. Thus, the present invention allows to define an access rule to this product, combining access to channel 3 (the first subscription package) deny access to the channel 6 (the second subscription package). 1. The way to enforce access rules to broadcast the product taken by the receivers, which is the control center, with access to the specified product is key broadcast product, and the specified control center manages a set of subscriber packages, of which at least one subscription package allows access to broadcast product, including the following initial steps: 2. The method according to claim 1, characterized in that the cryptogram is a key Transline the constituent of the product. 3. The method according to claim 1, characterized in that the cryptogram represents a session key, which is encrypted with the key of broadcast product, and the method includes the step of adding an encrypted broadcast key product to authorization message. 4. The method according to any one of claims 1 to 3, characterized in that the cryptogram is generated sequential encrypted cryptogram using at least one negative key and at least one positive key. 5. The method according to any one of claims 1 to 3, wherein the authorization message includes identification information describing the subscription packages used for encryption.
|