The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Techniques and systems are provided for processing user interface content. For example, a server computer can receive a user interface event corresponding to a user interface of a device (e.g., a client device, another server computer, or other device). An application associated with the user interface event can be determined, and an interface model 5 can be generated using the application associated with the user interface event. The interface model defines state information for one or more graphic objects of the user interface. The state information results from the user interface event. The server computer can send the interface model to the device, which enables the device to render the user interface.
The present invention relates to a method for detecting at least one glitch (1) in an electrical signal (2). This method comprises: - generating, from said electrical signal (2), at least one digital oscillating signal (3) which is sensitive to glitches (1); and -performing the following steps as a repeatable round: - assigning a time window (5) to at least one digital oscillating signal (3), said time window (5) being implemented on the basis of a clock signal (4) substantially insensitive to said at least one glitch (1) to be detected; - determining from said time window (5) a sampling value (13) of the digital oscillating signal (3), said sampling value (13) being characteristic of said digital oscillating signal (3) throughout its time window (5); - detecting any potential glitch (1) in said electrical signal (2) by comparing said sampling value (13) with an expected reference value (23); and - outputting a response typifying a result of the comparison step. The invention also relates to a device for implementing said method.
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06K 19/073 - Special arrangements for circuits, e.g. for protecting identification code in memory
A method of transmitting entitlement messages to content consumption devices in a access control system, the method comprising periodically transmitting entitlement messages to content consumption devices in a access control system and periodically extending an expiry time comprised in the entitlement messages. The entitlement messages comprise indicator data indicating to the content consumption devices that subsequent entitlement messages loaded into a content consumption device after a first entitlement message is loaded into the content consumption device shall not be used by the content consumption device to access protected media content.
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
H04N 21/418 - External card to be used in combination with the client device, e.g. for conditional access
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
H04N 7/167 - Systems rendering the television signal unintelligible and subsequently intelligible
Example embodiments provide systems and methods for dynamically creating intuitive favorites for a user. The system and methods include monitoring actions performed, by the user at a digital receiver, with respect to a plurality of content programs. The actions performed with respect to the plurality of content programs are analyzed. The analysis includes comparing a level of the actions with respect to a first content program of the plurality of content programs with a threshold. Based on the comparing indicating that the first content program is a favorites, an indication that the first content program is a favorites content program is stored to a data store.
H04N 21/466 - Learning process for intelligent management, e.g. learning user preferences for recommending movies
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/472 - End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification or for manipulating displayed content
G06F 16/70 - Information retrieval; Database structures therefor; File system structures therefor of video data
A data processing device is disclosed, which comprises a plurality of data processing hardware components, such as one or more of a microprocessor, a central processing unit, a system on chip hardware component, a conditional access hardware component, a descrambler hardware component, a graphics hardware component, a video hardware component and a field programmable gate array hardware component. A first hardware component of the plurality of data processing hardware components is configured to send a challenge to at least one remaining hardware component of the plurality of data processing hardware components. Each remaining hardware component is configured to receive a respective challenge and to process the challenge to produce one or more respective responses. The device is configured to use one or more responses to verify device integrity.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
7.
METHODS AND SYSTEMS FOR AUTHENTICATION USING ZERO-KNOWLEDGE CODE
Methods and systems for authentication using zero-knowledge code. One embodiment takes the form of a process that includes detecting an accessory-access-request event associated with a trusted accessory. The process includes generating a seed sequence having a first number of seed-sequence elements. The process includes outputting an indication of at least one seed-sequence element. The process includes receiving at least one seed-sequence-element-modifier signal for at least one of the seed-sequence elements. The process includes modifying the generated seed sequence in accordance with the at least one received seed-sequence-element-modifier signal. The process includes comparing the modified seed sequence with a stored access sequence. The process includes granting operational access to the trusted accessory when the modified seed sequence matches the stored access sequence. The process includes denying operational access to the trusted accessory when the modified seed sequence does not match the stored access sequence.
An embodiment takes the form of a method carried out by a communication device. A binary data sequence is obtained at a communication device for transmission via a Bluetooth data link configured according to an audio-codec-based Bluetooth profile, wherein an audio codec is configured to receive a multi-bit data byte and output a single bit indicating whether the received multi-bit data byte is larger or smaller than a prior output reference byte, a multi-bit data byte sequence is generated based on the binary data sequence, the multi-bit data byte sequence is provided to the audio codec to induce the codec to generate a one-bit per-sample binary sequence representative of the binary data sequence, and, the generated one-bit per-sample binary sequence is transmitted via the Bluetooth data link.
An embodiment takes the form of a method carried out by a personal mobile device. The personal mobile device receives a session-request message requesting establishment of an encrypted-audio session with a call-initiating device, responsively presents one or more call-response inquiries via a user interface, and subsequently receives an accessory-unready indication via the user interface. The one or more call-response inquiries include an accessory-status inquiry, and the accessory-unready indication is associated with the presented accessory-status inquiry. In response to receiving the accessory-unready indication, the personal mobile device sends, to the call-initiating device, a request-acknowledgment message that is associated with the session-request message. Subsequent to sending the request-acknowledgment message but before establishing the encrypted-audio session, the personal mobile device makes an accessory-ready determination. In response to making the accessory-ready determination, the personal mobile device establishes the encrypted-audio session.
The present disclosure concerns a method for searching for at least a specific datum among data stored in a permanent memory (14) of a user unit (11) linked to a central authority (10). This method comprising: ~ receiving in said user unit (11), a processing key (PK) derived, in said central authority (10), by means of a key derivation function applied on at least a secret piece of information, said key derivation function being a first iterative one-way function; ~ storing said processing key (PK) in a temporary memory (16) of the user unit (11); ~ receiving from said central authority (10), said at least one specific datum converted by a second one-way function using said processing key (PK); ~ in the user unit(11), converting at least a part of the data stored in the permanent memory (14) of the user unit, by said second one-way function and said processing key; ~ in the user unit (11), comparing said converted at least one specific datum received from the central authority (10) with the converted data from the permanent memory (14) of the user unit, thereby providing a search result; ~ deleting said processing key (PK) from the temporary memory (16) of the user unit (11). The present disclosure further concerns a system comprising a central authority (10) and at least a user unit (11), for implementing the method described above.
The method, the mobile device, and the payment terminal of the invention relate to security of contactless payment performed during a purchase of products or services by using a short-range wireless communication between the mobile device and the payment terminal. Various external parameters associated to the payment transaction may be exchanged between the mobile device and the payment terminal. Preferred embodiments comprise external parameters such as respective positions of the mobile device and the payment terminal, time stamps related to transaction processing time or identifiers of each the mobile device and the payment terminal. Difference values related to these external parameters are verified by both the mobile device and the payment terminal by carrying out comparison with reference values before validation of the payment transaction by the payment terminal.
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
12.
BLOCK CRYPTOGRAPHIC METHOD FOR ENCRYPTING/DECRYPTING MESSAGES AND CRYPTOGRAPHIC DEVICES FOR IMPLEMENTING THIS METHOD
A block cipher method and apparatus using round repetition for providing, from a plaintext message (10), a ciphertext message (50) and a global tag (52) is disclosed. The plaintext message is converted into a plurality of ordered plaintext blocks (11) which are successively processed during a round for computing: - a cryptogram (30) by encrypting input data (20) using a single cryptographic key, said cryptogram comprising a first segment (31) and a second segment (32) - a ciphertext block (51) by performing a first operation (41) using, as operands: said first segment (31) said current plaintext block (11) and said second segment (32). At each next round said input data is newly determined based on the current ciphertext block and an updated reproducible data. The ciphertext message is determined by concatenating the ciphertext blocks and the global tag by a second operation (42) using computed authentication local tags as operands.
H04L 9/06 - Arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
13.
MANAGING COMMUNICATION EXPLOITATION IN GLOBAL ORGANIZATIONS
Techniques disclosed herein integrate communication mechanisms of a business or government with time management/calendar systems having knowledge of an employee's work schedule and geo-location, with a set of rules usable to selectively store and/or forward work related communications to an employee, while enabling overrides for emergencies, preventing employee self-exploitation, and monitoring for compliance. When a work related communications is sent towards an employee, the system receives the communication, and evaluates the communication based on the employee's work schedule, geo- location, and any other restrictions within the set of rules. When it is determined that the communications should be restricted from being sent, and no override to the restrictions is identified, then the communication is scheduled for transmission to the employee at a later time. Overrides to the restrictions are logged and monitored for compliance to company or public policy.
Methods and systems of generating an image gradient are presented. In one example, image data for generating a two-dimensional digital image is provided to a hardware graphics processor. The image data may include a single pixel along a first direction of the digital image and multiple pixels along a second direction of the digital image. The pixels along the second direction of the digital image may include an image gradient. A one-dimensional stretching operation of the hardware graphics processor is initiated based on the image data to generate the digital image. In response to the stretching operation, the digital image may include multiple pixels along the first direction for each of the single pixels, wherein each of the multiple pixels along the first direction for a corresponding pixel of the single pixels comprises the corresponding pixel.
Methods and systems of paying for content, such as, for example, audio and/or video content, are presented. In an example method, a task to be executed using at least one device resource associated with a user device is provided. Also, the task is to be executed during streaming of a content item. The streaming of the content item to the user device is caused to terminate in response to a determination that the execution of the task using the at least one device resource has been terminated.
Example embodiments provide systems and methods for managing intelligent content queuing from a secondary device for content delivery to a primary device. A content queuing system on the secondary device generates and displays a playlist interface on the secondary device. A selection of a content item to be added to a playlist is received. The content queuing system determines that addition of the content item causes a live content item to overlap with an on-demand content item on the playlist. As a result, the content queuing system creates at least two segments for the on-demand content item. The live content item is positioned between the first and a second segment on the playlist. The first segment is scheduled to end at a start time of the live content item and the second segment is scheduled to begin at an ending time of the live content item.
Media content containing a substantially invisible watermark and/or a fingerprint may be redistributed/retransmitted in a way that bypasses bypass the detectability of a hidden or invisible watermark or fingerprint. In particular, a first segment of media content may be received by a first receiver and a second segment of media content may be received by a second server. The first and second segments may be stored on a storage device. The first and second segments may be made available to a client in the form of a concatenated media content.
H04N 19/467 - Embedding additional information in the video signal during the compression process characterised by the embedded information being invisible, e.g. watermarking
G10L 19/018 - Audio watermarking, i.e. embedding inaudible data in the audio signal
H04N 19/00 - Methods or arrangements for coding, decoding, compressing or decompressing digital video signals
G10L 19/00 - Speech or audio signal analysis-synthesis techniques for redundancy reduction, e.g. in vocoders; Coding or decoding of speech or audio signals, using source filter models or psychoacoustic analysis
18.
CRYPTOGRAPHIC METHOD FOR SECURELY EXCHANGING MESSAGES AND DEVICE AND SYSTEM FOR IMPLEMENTING THIS METHOD
A method for securely exchanging messages between at least two devices each storing a shared secret key is provided. At each device a random number is generated, then sent it to the other devices. A first key is determined by a first operation based onto said secret key and each random number. A second key is determined based on said first key and said random numbers. At a sending device a pseudo message is determined on the basis of the message and said random numbers. A cryptogram is calculated and sent on the basis of said pseudo message and said second key. At the receiving device the cryptogram is decrypted by means of said second key, then the message is retrieved from said pseudo message.
H04L 9/16 - Arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
H04L 9/06 - Arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
19.
A METHOD AND SYSTEM TO CREATE A SECURE COMMUNICATION CHANNEL BETWEEN TWO SECURITY MODULES
Techniques for pairing two different security modules that use two different encryption technologies for operation in two different networks include generation and transmission of a secret to both the security modules via their respective communication networks. In one advantageous aspect, one of the security module, which may be prone for duplication or theft, is logically tethered to the other security module via the pairing. For example, after pairing is successfully performed, the first security module may be usable in a wide area network only when its presence in a local communication connection, such as a home network of a subscriber, or a peer-to-peer or a near field communication link, can be detected and verified by the second security module.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04W 92/08 - Interfaces between hierarchically different network devices between user and terminal device
H04N 21/2347 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving video stream encryption
An improved technique of mark insertion in digital audio or audio and/or video content data is provided. By managing and minimizing the number of modifications the undesirable distortion of inserted marks into audio and/or video content is reduced. A receiver device is configured to produce a sequence of elementary media content packets. A marker unit is configured to mark by modifying data in the sequence of the packets according to a pattern defined by an internal parameter associated to the receiving device. A segment of the sequence of the packets is divided into a predetermined number of contiguous windows. Each window is indexed in the segment defining a position of a window in the segment. Data in the windows are modified to produce a detectable distortion. The predetermined start position is synchronized with a start code producing a detectable distortion distinct from the distortion produced by the modified data.
H04N 21/418 - External card to be used in combination with the client device, e.g. for conditional access
H04N 21/434 - Disassembling of a multiplex stream, e.g. demultiplexing audio and video streams or extraction of additional data from a video stream; Remultiplexing of multiplex streams; Extraction or processing of SI; Disassembling of packetised elementary stream
H04N 21/439 - Processing of audio elementary streams
H04N 21/4402 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving reformatting operations of video signals for household redistribution, storage or real-time display
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
H04N 21/845 - Structuring of content, e.g. decomposing content into time segments
21.
METHOD AND DEVICE FOR DISTRIBUTING MULTIMEDIA LICENCES WITHIN A DISTRIBUTION SYSTEM OF A SECURED MULTIMEDIA SERVICE
ABSTRACT A method for distributing multimedia licenses by a server to a plurality of user devices in a distribution system of a multimedia service, the access of which is protected by a first protection is provided. This method comprising verifying that computing resources used by the server do not exceed a maximal threshold, if so, generating and then transmitting regular licenses including said first protection in response to user device requests, otherwise switching the server to a singular mode of distribution aiming to protect the access to the multimedia service using a second protection, independent of the first protection; to generate and to transmit to the devices one singular license comprising the second protection; to verify that the computing resources do not exceed the maximal threshold, if so, to switch from the singular mode to a regular mode so as to protect the access to the multimedia content using only said first protection. CA 2928506 2019-1.0-09
The present invention relates to the field of controlling access to audiovisual content broadcast to a receiver, in particular control relative to the location of the receiver. The present invention proposes a method for controlling access to content broadcast to a receiver, said receiver being part of a geographical access control system comprising verification means and security means, the method comprising the following steps: - acquiring a current location using a portable device, - transferring the current location to the verification means, - extracting a set of location data defining at least one zone from a memory of the verification means, - using the verification means to verify that the current location is included in said zone, and if so, sending a reception authorisation message for the audiovisual content to the security means relative to the receiver.
H04N 21/258 - Client or end-user data management, e.g. managing client capabilities, user preferences or demographics or processing of multiple end-users preferences to derive collaborative data
H04N 21/266 - Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system or merging a VOD unicast channel into a multicast channel
H04N 21/41 - Structure of client; Structure of client peripherals
H04N 21/414 - Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
H04N 21/418 - External card to be used in combination with the client device, e.g. for conditional access
H04N 21/422 - Input-only peripherals, e.g. global positioning system [GPS]
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
The invention relates to a method for securing control words (CW) within a decoder (10) responsible for unscrambling digital content protected by those control words, comprising the following steps: - for each unscrambling unit (14) of said decoder, loading a pairing key (PK) referenced by an identifier (ID) associating it with an unscrambling unit into a directory (22), - receiving at least one encrypted control word referenced by an indication making it possible to identify the unscrambling unit for which it is intended, - decrypting the control word using a first key shared with a security module (30), - identifying, in the log, the pairing key whose identifier (ID) corresponds to the indication of intended use (D) associated with the control word, - encrypting that control word using that pairing key, - storing the control word in a log (15) in a chronological and referenced manner.
The present application relates to systems or methods for a user authentication when said user whishes to access a remote service. This invention proposes a method for a user authentication implementing a first server connected to a public network, and a second server connected to the first server but no connected to the public network, this method comprising a step of enrolment comprising: - receiving by the first server an reference identifier U and of a reference password P, and transmission of this information to the second server, - loading a security parameter R by the second server, and calculating a first cryptogram H by a one-way function Hash on the reference identifier U, the reference password P, and the security parameter R, - encrypting at least the reference identifier U and the password P by using an asymmetrical encryption method, and storing the encrypted data by the second server, - returning the first cryptogram H to the first server and storing said cryptogram by the first server, and a verification step of an user comprising: - receiving by the first server of the current identifier IT and of the current password P', and transmission of said information to the second server, - calculating a second cryptogram H' by the one-way function Hash on the current identifier U', the current password P', and the security parameter R by the second server, - returning the second cryptogram H' to the first server and verification that the first cryptogram is included in the database, if not, generating an error message.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
25.
METHOD AND DEVICE TO EMBED WATERMARK IN UNCOMPRESSED VIDEO DATA
The aim of the present invention is to enforce the watermarking on a content received by a client device, in particular to uncompressed video content. A method to watermark an uncompressed content received at a client device in a compressed form and encrypted by at least one content key (CK). The CK as well as watermark instruction forming CAM data. The CAM Data is encrypted by a transmission key and comprising at least one signature to authenticate the CAM Data. The client device comprising a Conditional Access Module (CAM) in charge of the CAM Data, a Descrambler (DSC) having an input to receive the encrypted compressed content and an output to produce an compressed content. A decoder converts the compressed content into uncompressed content, a Watermark inserter connected to the output of the Decoder. A Secure Elernent is connected with a Watermark inserter and a Secure Activation module.
H04N 21/8355 - Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
26.
METHOD TO WATERMARK A COMPRESSED CONTENT ENCRYPTED BY AT LEAST ONE CONTENT KEY
The aim of the present invention is to enforce the watermarking on a content received by a client device, in particular to compressed video content. The present invention proposes a method to watermark a compressed content encrypted by at least one content key (CA key), said content key as well as pre-marking data forming CAS data, said CAS Data being encrypted by a transmission key and comprising at least one signature to authenticate all or part of the CAS Data, said compressed content being received by a client device comprising : - a Descrambler (103) having an input to receive the encrypted compressed content and an output to produce an compressed content, - a WM inserter (104) directly connected to the output of the Descrambler, said Descrambler and said WM inserter being connected with the Conditioner (200), said Conditioner executing the following steps : - receiving the CAS Data, - decrypting the CAS Data with the transmission key, - verifying the signature of the CAS Data, and if the signature is valid, - transferring the content key (CA key) to the descrambler (103) and the pre-marking data to the WM inserter, - watermarking by the WM inserter, the decrypted content received by the descrambler using the pre-marking data and the identifier.
H04N 21/8355 - Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/6334 - Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
The aim of the present invention is to ensure that a security module or conditional access module ("module") is used together with an authorised receiver/decoder to access pay TV content. The module uses a wireless transceiver to read an authorisation message from a wireless tag attached to the receiver/decoder to which it is connected. The authorisation message contains an identifier of the module and is encrypted with a system key. If the obtained identifier in the authorisation message is not the one of the security module, operation of the security module is blocked. The authorisation message is written by a communications device (located i.e. in a shop selling receiver/decoder devices) to a wireless tag attached to the receiver/decoder. Thus a sold receiver/decoder can be immediately operated together with a specific module.
A method and system to confirm co-location of multiple devices within a geographic area, while filtering spurious alarms, is provided. An example method comprises processing first GPS data obtained from a first GPS sensor and second GPS data obtained from a second GPS sensor. A sensing data evaluator compares a sensing error from the first GPS data and a sensing error from the second GPS data. Based on the result of the comparing, the sensing data evaluator determines whether the sensing errors are to be ignored. An approach where an alarm that otherwise would be generated is disabled or canceled may be termed as filtering spurious alarms.
H04N 7/16 - Analogue secrecy systems; Analogue subscription systems
G01S 19/14 - Receivers specially adapted for specific applications
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies
H04N 21/462 - Content or additional data management e.g. creating a master electronic program guide from data received from the Internet and a Head-end or controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabi
Method and cryptographic system for descrambling content packets (15) included within a digital transport stream (10) together with conditional access messages (12) and header data (15') belonging to these content packets (15). This method requires a deciphering algorithm (35), processed by a descrambler (36) of a multimedia unit (30), using an initialization vector (33) as first input and a control word (13) as second input. This unit is connected with a security module (40) for processing the conditional access messages (12) and extracting thereof said control words (13). This initialization vector (33), or intermediate data (33') to determine the initialization vector (33), is the result of cryptographic function (44) based on at least one variable (43) extracted from the digital transport stream (10) and processed into the security module (40).
H04N 21/435 - Processing of additional data, e.g. decrypting of additional data or reconstructing software from modules extracted from the transport stream
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
30.
METHOD TO CONTROL THE ACCESS OF PERSONAL DATA OF A USER
There is a need for a system and method that is designed to give full and continued control of his data by a user, gain the trust of the average individual, encouraging such individual to become an open-minded and trustful user of such system. It is proposed a method to control the access of personal data of a user by a trusted centre comprising at least one database comprising for a specific user, memory locations for personal data, access conditions associated to the personal data and management data comprising at least a counter, - loading by a user into the database of the trusted center, its personal data and assigning access conditions to said data, said personal data being divided into at least two categories having two different access conditions, each category being associated with a user's value, - requesting access to the trusted centre by a third party to the personal data of a plurality of users, said request comprising search criteria, - executing by the trusted center the search criteria on the personal data of the users so as to determine a first set of users matching the search criteria, - returning to the third party information showing the quantity of the first set of users matching the criteria, as well as the sum of the user's value of each user of the first set, - acknowledging all of part of the sum by the third party, thus defining a second set of users that can comprise all or part of the first set, - returning the personal data of the second set of user for which the sum covers the accumulated values of the extracted users, - updating the counter of the second set of users with the content of the value of their respective personal data.
An embodiment of the present invention may be deployed in a personal video player/recorder. According to different embodiments of the present invention provision is made to be able to play an alternative pre-stored content in place of a particular type of content received by the player within a transport stream comprising a plurality of types of content. Embodiments of the invention can be useful in providing targeted advertising, where, when combined with profiling techniques, alternative content of interest to a viewer can be substituted in the transport stream in place of the received content having the particular type. According to other embodiments of the present invention, computing resources and communication bandwidth use can be saved by playing pre-stored content instead of the received content of the particular type. Embodiments of the present invention provide for the maintenance of the pre-stored material by storing appropriate content as it is received in the transport stream or by deleting pre-stored content when deemed appropriate to do so.
H04N 5/00 - PICTORIAL COMMUNICATION, e.g. TELEVISION - Details of television systems
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
H04N 21/4623 - Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
H04N 5/445 - Receiver circuitry for displaying additional information
H04N 7/16 - Analogue secrecy systems; Analogue subscription systems
The present invention aims to improve data protection against illegal access by a strong differentiation of the security level specific on a type of data so that when the protection on a part of the data is violated, the remaining data are still inaccessible. A method for controlling access, via an open communication network, to user private data, comprising steps of: dividing the user private data into a plurality of categories, each category defining a privacy level of the data,encrypting the user private data of each category with a category key pertaining to the category of the data,attributing to a stakeholder an entity configured for accessing to at least one category of user private data, and authorizing the access to the at least one category of user private data for the entity of the stakeholder, by providing the stakeholder with the category keys required for decrypting the user private data of the corresponding category.
The present invention aims to address the issue of deploying costly hardware by proposing a content protection layer with an easy distribution capability to clients. The aim is achieved by an network device for descrambling an access controlled audio/video content stream, said network device being configured to be connected to a network router comprises a memory to store a unique address UA specific to the network device,an network input / output interface,a descrambler to descramble the audio/video content stream, and a watermark engine configured to watermark the descrambled audio/video content streamby applying the unique address. A further object of the invention is a method to access scrambled audio/video content stream in a local or roaming mode by a multimedia reception device connected via an IP network to a network router having an IP port connected to the network device.
H04N 21/2347 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs involving video stream encryption
H04N 21/418 - External card to be used in combination with the client device, e.g. for conditional access
H04N 21/61 - Network physical structure; Signal processing
H04N 21/647 - Control signaling between network components and server or clients; Network processes for video distribution between server and clients, e.g. controlling the quality of the video stream, by dropping packets, protecting content from unauthorised alteration within the network, monitoring of network load or bridging bet
H04N 21/8358 - Generation of protective data, e.g. certificates involving watermark
34.
METHOD FOR SHARING DATA AND SYNCHRONIZING BROADCAST DATA WITH ADDITIONAL INFORMATION
A method for sharing data and synchronizing broadcast data with additional information, the broadcast data and the additional information being provided by at least two distinct sources to a multimedia device. The method comprises steps of: receiving by a data extractor associated to the multimedia device broadcast data from a first source and extracting first metadata from the broadcast data, accessing by the multimedia device to additional information provided by a second source by using the first metadata and obtaining from the additional information second metadata and additional content data related to a content of the broadcast data, merging and synchronizing, by the multimedia device, the second metadata and the additional content data with the content of the broadcast data, and obtaining modified broadcast data,
H04N 21/462 - Content or additional data management e.g. creating a master electronic program guide from data received from the Internet and a Head-end or controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabi
H04N 21/8547 - Content authoring involving timestamps for synchronizing content
35.
SECURE REMOTE CONTROL FOR AUDIO/VIDEO RECEIVER/DECODER
In order to limit the use of generic remote control devices, the invention relates to a system comprising a remote control device and a security device, both sharing a common key, algorithms or protocol specific to a pair formed by the remote control device and the security device. The remote control device comprises means to send wirelessly data to a receiver comprising the security device. The remote control device being paired with the security device is characterized in that data sent by the remote control device towards the receiver is specific to the pair formed by the remote control device and the security device, said remote control device comprising encryption means and a memory to store a specific key, said data being encrypted by the encryption means with the specific key, the security device comprising decryption means and a key corresponding to the specific key to decrypt the received data.
The present invention provides a method and an apparatus for encrypting and decrypting digital information while imparting a high level of security on the encrypted digital information. A mixed-mode digital-analogue encryption and decryption technique is proposed, which minimises the probability of an unintended recipient of the thus encrypted information being able to decrypt the information using known reverse engineering techniques.
G09C 5/00 - Ciphering or deciphering apparatus or methods not provided for in other groups of this subclass, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
H04L 9/28 - Arrangements for secret or secure communications; Network security protocols using particular encryption algorithm
The present invention describes a system and a method for securely loading digital information from a storage device into a memory module in a data processing system, said data processing system comprising at least one storage device, one memory module and at least one processor, said data processing system further comprising a memory access controller module connected between the processor and the memory module, and a secure memory management module connected to the processor, the memory module, the storage device and the memory access controller. Requests by the processor for data are passed to the secure memory management module, which loads the data from the storage device to the memory module and configures the memory access controller such that the processor will have access to the data.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/79 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
38.
METHOD FOR THE ALLOCATION AND MANAGEMENT OF SUBSCRIPTIONS FOR THE RECEPTION OF BROADCAST PRODUCTS
A device to reduce bandwidth necessary for renewal of subscriptions for reception of broadcast services including: defining a plurality of sets of subscriber identification numbers, each set being associated with a product; splitting a set of subscriber identification numbers into groups of subscribers; searching for an available subscriber identification number related to the desired product at the time of initialization of a new subscriber; confirming that an inhibit duration has elapsed between the end of the previous subscription and the start of the new subscription; sending an initialization message to the new subscriber addressed with his unique identification address and containing the subscriber identification number of, and rights to, his product; preparing a group rights renewal message for the product to the group containing the subscriber identification number, this message comprising the group header containing this subscriber and a compressed bitmap for individually addressing each of the group members.
The aim of the present invention is to limit the impact of security breaches, which are the emulators of the security module.This aim is reached by a processing unit of audio/video digital conditional access data, encrypted by control words, responsible for processing security messages containing at least one cryptogram relative to a control word and one instruction relative to the control word, characterised in that it includes means to receive at least two micro programs by security messages, executable by the security module, said security module comprising means to store at least two micro programs and means to receive aninstruction contained in the security message, for selecting the micro program indicated by the instruction, for executing the said micro program with at least the cryptogram as a parameter of execution, this execution allowing the calculation of the control word to be sent back to the audio/video processing unit.
This invention relates to a process for carrying out a transaction between a payment module and a security module connected to a user's unit, this process being characterized in that it comprises the following steps: entering an identifier representative of the transaction to be carried out by means of an input device; generating by the user's unit, a control message containing at least a representative code of said transaction and an identifier of the security module requiring the transaction; sending said control message to said payment module (PP); verifying in said payment module whether it is entitled to carry out the desired transaction; if the payment module is entitled to carry out this transaction, execution of the transaction, storage of the result of the transaction in said payment module and generation by the payment module, of a receipt relating to the desired transaction and to the related security module; sending said receipt to a management centre; sending an unlocking code to the security module (SC) by the management centre; registering the transaction in said security module.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check of credit lines or negative lists
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
41.
METHOD OF REVOCATION OF SECURITY MODULES USED TO SECURE BROADCAST MESSAGES
The aim of the present invention is to propose a method for preventing the abusive use of conditional access data, in particular by means of clones of security modules whose security has been compromised. This aim is achieved by a method of revocation of security modules that are intended to receive security messages broadcast to a plurality of security modules, the said security modules comprising at least one personal key, this method comprising the steps, prior to revocation: dividing the set of security modules into at least two groups, determining, for each group, an asymmetric key comprising a public key and a plurality of private keys, loading a private key per security module, transmitting a security message per group, the said message being encrypted by the public key of the said group; revocation consisting in the following steps: dispatching to each member of the same group as the security module to be revoked, with the exception of the security module or modules to be revoked, a new private key corresponding to the public key of another group, each private key being encrypted by the personal key of the said security module.
H04L 9/16 - Arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
H04N 21/4405 - Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to MPEG-4 scene graphs involving video stream decryption
The aim of the present invention is to provide a secure system-on-chip for processing data, this system-on-chip comprising at least a central processing unit, an input and an output channel, an encryption/decryption engine and a memory, characterized in that, said input channel comprises an input encryption module to encrypt all incoming data, said output channel comprising an output decryption module to decrypt all outgoing data, said central processing unit receiving the encrypted data from the input encryption module and storing them in the memory, and while processing the stored data, said central processing unit reading the stored data from the memory, requesting decryption of same in the encryption/decryption engine, processing the data and request-ing encryption of the result by the encryption/decryption engine and storing the encrypted result, outputting the result to the output decryption module for decryption purpose and exiting the decrypted result via the output channel.
The aim of the present invention is to provide a security module capable of supporting the different functions of the latest and the previous generations, by avoiding any possible attack due to this adaptability. This aim is attained by a security module comprising first communication means to a host device, first storage means (MEM0) and first decryption means (ENC0), characterized in that it includes a state module (SM) and second communication means (COM1) and physical activation or deactivation means (TSB) of said second means, such activation or deactivation being managed by the state module (SM).
G06F 21/77 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
H04N 21/414 - Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
The invention relates to a method for permitting that a (live) broadcast content accessible during the broadcast can also be accessed in batch mode thanks to intermediate storage on the hard drive of the user unit. To this end, a method for processing conditional access content (DT) by a user unit (STB) is provided, this unit receiving a data flow (DT) encrypted by at least one control word (CW), at least one flow of control messages (ECM, PECM) containing control words (CW), characterized in that this method comprises the following steps: forming an index file (ID TB), each index comprising an identifier of a control message formed by the extraction of data associated with control messages (ECM, PECM) and comprising an identifier of the portion of the contents to which this control message applies; during the batch processing of the contents (DT), extraction of at least a portion of the control messages, resynchronization of the content with the control messages by using the index file, the identifier of the control message making it possible to select the current control message among the set of control messages during the use of the contents identified by the identifier of the portion of the content relative to this control message.
G11B 27/32 - Indexing; Addressing; Timing or synchronising; Measuring tape travel by using information detectable on the record carrier by using information signals recorded by the same method as the main recording on separate auxiliary tracks of the same or an auxiliary record carrier
H04N 5/00 - PICTORIAL COMMUNICATION, e.g. TELEVISION - Details of television systems
H04N 7/16 - Analogue secrecy systems; Analogue subscription systems
H04N 7/24 - Systems for the transmission of television signals using pulse code modulation
45.
METHOD FOR TRANSMITTING DIGITAL DATA IN A LOCAL NETWORK
The aim of this invention is on one hand, to allow the reading of a content stored by a digital video recorder from a decoder of the local network regardless of the time elapsed between storage and reading, and on the other hand to prevent the transfer or improper copying of the content stored from one network to another. This aim is achieved by a method for transmitting digital data in a local network comprising members constituted by at least one first multimedia unit (DVR) having content (C) storage means (HD) and at least one second multimedia unit (STB1, STB2, STB3) intended to restore the content (C), said first multimedia unit being connected on one hand to a broadcasting server (SD) of encrypted digital audio/video data (D) and on the other hand to the second multimedia unit (STB1, STB2, STB3), each member possessing a security module (SM0, SM1, SM2, SM3) including a network key (Kr), said first multimedia unit (DVR) receives and decrypts the encrypted data forming a content (C) broadcasted by the broadcasting server (SD) and re-encrypts the content (C) previously decrypted, said method is characterized in that the content is re-encrypted with a random key (Ka) and transmitted to the second multimedia unit (STB1, STB2, STB3) accompanied by an authorization block Kr(Ka) comprising the random key (Ka) encrypted with the network key (Kr), said second multimedia unit (STB1, STB2, STB3) decrypts the authorization block Kr(Ka), and extracts the random key (Ka) to be used for decrypting the content (C).
The aim of this invention is to improve in an optimal way the security of smart cards to prevent the fraudulent control of a cryptographic processor(s) by means of external signals that interfere with the normal development of the tasks of a processor(s). This aim is reached by a component IC of a security module comprising at least two processors CPU A, CPU B each connected to program memories ROM A, ROM B, to non-volatile programmable and erasable memories (EEPROM) EEPROM A, EEPROM B containing the data and random access memories (RAM) RAM A, RAM B that serve as temporary data storage during processing, the first processor CPU A having an interface bus with the exterior of the component IC, characterized in that the second processor CPU B is connected to the first processor CPU A through an exchange memory DPR, the non-volatile programmable and erasable memory EEPROM A of the first processor CPU A having read-only access R for said first processor CPU A, the second processor CPU B having read and write access R/W on said non-volatile programmable and erasable memory EEPROM A of the first processor CPU A.
G07F 7/10 - Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card together with a coded signal
47.
METHOD FOR PROCESSING CONTENTS INTENDED FOR BROADCASTING
The aim of the invention is to provide a flexible and easy solution for securing the contents transmitted by video servers to one or more users. To this end, the invention provides a method for processing contents intended for broadcasting, whereby this method comprises the following steps prior to broadcasting: encrypting the content using a number of control words (CW); reserving locations intended for receiving a control message (ECM) in the encrypted content; marking each location with an item of location information in the content; storing a file of keys containing the control words, and during broadcasting: transmitting the encrypted content to the video server; transmitting the file of the keys to a control message generator; broadcasting the encrypted content via the video server; intercepting the diffused stream by a replacement module; detecting, via the replacement module, locations of the control messages in the diffused content stream, and; applying control messages (ECM) to locations provided to this end by the replacement module.
Method to encrypt or decrypt blocks of data X to Y, based on a main key R, this method using several serially connected modules, each module using a sub- key RA derived from the main key R and comprising the steps of: - inputting at least two initial values XOL and XOR, and mixing these values to form a mixed value X1, - obtaining a value X2 by mixing a first part RAH of the sub-key RA with the value X1, - obtaining a value X3 by applying the value X2 to a substitution layer, comprising at least one substitution box (sbox), - obtaining a value X4 by using a diffusion box of multi-permutation type based on the value X3, - obtaining a value X5 by mixing a second part RAL of the sub- key RA with the value X4, - obtaining the value X6 by applying to the value X5 a substitution layer, - obtaining a value X7 by mixing a first part RAH of the sub-key RA with the value X6, - mixing the value X7 with the initial at least two values XOL and XOR to obtain the at least two values X8L and X81R, X8L and X8R representing the output value X8 of the module. This method using at least two modules, and applies to at least one of the value X8L or X8R an orthomorphism function before feeding them to the next module.
H04L 9/06 - Arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems