Conditional access data decrypting system

US 20050254648A1
Filed: 09/19/2003
Published: 11/17/2005
Est. Priority Date: 09/27/2002
Status: Abandoned Application

First Claim

Patent Images

1. Conditional access data decryption system, this system comprising:

a diffusion centre arranged to diffuse data encrypted by at least one control word, at least one management centre arranged to diffuse personal messages related to the management of access means to encrypted data, an operating device intended to render usable said encrypted data, and a decoder (arranged to decrypt at least one part of the encrypted data, placed between the diffusion centre (and the operating device, and comprising a module for the reception and decryption of encrypted data, and a module for the management of access rights to this data, these modules being physically different, the reception module being connected to the operating device and the management module being arranged to communicate with the reception module, the management module including a security module comprising a unique identification number and data allowing securing the connection between said management centre and the security module, the security module being arranged to verify the content of the personal messages IC and to allow or prevent the decryption of the control-word(s) according to the content of the personal messages, wherein the reception module receives the encrypted data originating from the diffusion centre via a first communication line, and the management module receives the personal messages through the management centre via a second communication line, and wherein the management module comprises data pertaining to the management centres with which these modules are authorized to communicate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to a conditional access data decryption system, in particular used in the domain of digital pay television.

This system includes a diffusion centre (10) arranged to diffuse data encrypted by control-words (cw), at least one management centre (11) arranged to diffuse personal messages (ECM, EMM) related to the management of access means to encrypted data, an operating device (12) intended to render usable said encrypted data, and a decoder (13) arranged to decrypt at least one part of the encrypted data. This decoder is placed between the diffusion centre (10) and the operating device (12). This decoder (13) comprises a module (14) for the reception and decryption of encrypted data and a module (15) for the management of access rights to this data. The reception module (14) is connected or integrated into the operating device (12) and the management module (15) is arranged to communicate with the reception module. The management module (15) includes a security module (16) arranged to verify the content of the personal messages (ECM, EMM) and to allow or prevent the decryption of the control words (cw) according to the content of the personal messages. The reception module receives the encrypted data originating from the diffusion centre (10) and the management module receives the authorization messages (EMM) from the management centre (11).

14 Citations

View as Search Results

20 Claims

1. Conditional access data decryption system, this system comprising:
- a diffusion centre arranged to diffuse data encrypted by at least one control word, at least one management centre arranged to diffuse personal messages related to the management of access means to encrypted data, an operating device intended to render usable said encrypted data, and a decoder (arranged to decrypt at least one part of the encrypted data, placed between the diffusion centre (and the operating device, and comprising a module for the reception and decryption of encrypted data, and a module for the management of access rights to this data, these modules being physically different, the reception module being connected to the operating device and the management module being arranged to communicate with the reception module, the management module including a security module comprising a unique identification number and data allowing securing the connection between said management centre and the security module, the security module being arranged to verify the content of the personal messages IC and to allow or prevent the decryption of the control-word(s) according to the content of the personal messages, wherein the reception module receives the encrypted data originating from the diffusion centre via a first communication line, and the management module receives the personal messages through the management centre via a second communication line, and wherein the management module comprises data pertaining to the management centres with which these modules are authorized to communicate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. Data decryption system according to claim 1, wherein the communication between the reception module and the management module (is a communication by means of waves.
  - 3. Data decryption system according to claim 1, wherein the rights management module is a mobile telephone.
  - 4. Data decryption system according to claim 3, wherein the security module includes identification functions necessary for telephony and at least one storage area pertaining to a management centre, this area comprising the security parameters for reception of the authorization messages of said management centre.
  - 5. System according to claims 1, wherein the diffusion centre is arranged to diffuse control messages comprising the control-word(s), and wherein the personal messages broadcasted by the management centre correspond to an authorization message.
  - 6. System according to claims 1, wherein in that the management centre is arranged to diffuse personal messages comprising the control-word(s), the security module of the management module having means for determine if the message is intended for said security module and means for transmits the control word to the reception module.
  - 7. System according to claim 6, wherein the reception and decryption module includes a unique decryption key applied to the control word (cw), the key serving to encrypt the control-words at the management centre before their transmission towards the management module.
  - 8. Data decryption system according to claim 1, including at least two management centres, wherein the security module of the managing module includes security parameters for the reception of the authorization messages originating from different management centres.
  - 9. Data decryption system according to claims 1, the diffusion centre being arranged to transmit descriptive information of the encrypted data, wherein the data contains indications necessary for the establishment of communication with the management centre that is responsible for the authorization of the data, and is transmitted to the management module, the latter being arranged to establish communication with the management centre in question to obtain the authorization message.
  - 10. Data decryption system according to claim 1, wherein the reception and decryption module is integrated into the operating device.
  - 11. Data decryption system according to claim 1, wherein the reception and decryption module includes standardized communication means with the management module, for permitting interaction between a reception and decryption module and a plurality of management modules.
  - 12. Data decryption system according to claim 1, wherein the management module includes means for establishing a matching key with the reception module, the key being intended to encrypt and decrypt at least the control-word(s) transmitted to the management module towards the reception module.
  - 13. System according to claim 2, wherein the diffusion centre is arranged to diffuse control messages comprising the control-word(s), and wherein the personal messages broadcasted by the management centre correspond to an authorization message.
  - 14. System according to claim 2, wherein the management centre is arranged to diffuse personal messages comprising the control-word(s), the security module of the management module having means for determining if the message is intended for said security module and means for transmitting the control word to the reception module.
  - 15. System according to claim 3, wherein the diffusion centre is arranged to diffuse control messages comprising the control-word(s), and wherein the personal messages broadcasted by the management centre correspond to an authorization message.
  - 16. System according to claim 3, wherein the management centre is arranged to diffuse personal messages comprising the control-word(s), the security module of the management module having means for determining if the message is intended for said security module and means for transmitting the control word to the reception module.
  - 17. System according to claim 4, wherein the diffusion centre is arranged to diffuse control messages comprising the control-word(s), and wherein the personal messages broadcasted by the management centre correspond to an authorization message.
  - 18. System according to claim 4, wherein the management centre is arranged to diffuse personal messages comprising the control-word(s), the security module of the management module having means for determining if the message is intended for said security module and means for transmitting the control word to the reception module.
  - 19. Data decryption system according to claim 2, wherein the reception and decryption module is integrated into the operating device.
  - 20. Data decryption system according to claim 2, wherein the management module includes means for establishing a matching key with the reception module, the key being intended to encrypt and decrypt at least the control-word(s) transmitted to the management module towards the reception module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
Nahum, Sylvain-Victor, Stransky, Philippe

Application Number

US10/528,788
Publication Number

US 20050254648A1
Time in Patent Office

Days
Field of Search
US Class Current

380/201
CPC Class Codes

H04H 60/23   using cryptography, e.g. en...

H04N 21/26606   for generating or managing ...

H04N 21/41265   having a remote control dev...

H04N 21/43637   involving a wireless protoc...

H04N 21/4623   Processing of entitlement m...

H04N 21/6112   involving terrestrial trans...

H04N 21/6131   involving transmission via ...

H04N 21/631   Multimode Transmission, e.g...

H04N 7/1675   Providing digital key or au...

Conditional access data decrypting system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Conditional access data decrypting system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links