METHOD OF DETECTING AN ABNORMAL USE OF A SECURITY PROCESSOR

US 20100017605A1
Filed: 10/25/2007
Published: 01/21/2010
Est. Priority Date: 10/27/2006
Status: Abandoned Application

First Claim

Patent Images

1. Method of detecting abnormal use of a security processor invoked by at least one receiving terminal in order to control access to a scrambled digital content supplied by at least one operator to said receiving terminal, method characterised in that it comprises the following steps:

analysing security processor use during a preset observation period T_obs,determining on the basis of said analysis the mean value M_ECMof the number of invocations per time unit of said security processor during said observation T_obs,comparing said mean value M_ECMwith a preset threshold S_max, andif the mean value M_ECMis greater than the threshold S_max, applying to said terminal a sanction whereof the level of severity increases progressively.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method of detecting an abnormal use of a security processor invoked by at least one receiving terminal in order to control access to a scrambled digital content supplied by at least one operator to said receiving terminal.

This method comprises the following steps:

- analysing security processor use during a preset observation period T_Obs,
- determining on the basis of said analysis the mean value M_ECMof the number of invocations per time unit of said security processor during said observation period T_Obs,
- comparing said mean value M_ECMwith a preset threshold S_max, and
- if the value M_ECMis greater than the threshold S_max, applying to said terminal a sanction whereof the level of severity increases progressively.

Citations

19 Claims

1. Method of detecting abnormal use of a security processor invoked by at least one receiving terminal in order to control access to a scrambled digital content supplied by at least one operator to said receiving terminal, method characterised in that it comprises the following steps:
- analysing security processor use during a preset observation period T_obs,determining on the basis of said analysis the mean value M_ECMof the number of invocations per time unit of said security processor during said observation T_obs,comparing said mean value M_ECMwith a preset threshold S_max, andif the mean value M_ECMis greater than the threshold S_max, applying to said terminal a sanction whereof the level of severity increases progressively.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19)
- - 2. Method according to claim 1 wherein, during said observation period T_obs, the mean value M_ECMis determined during a period of activity T_Actof said security processor constituted by accumulating a plurality of successive periods of activity separated by a minimum period T_InaMinof inactivity of said security processor.
  - 3. Method according to claim 2, characterised in that each invocation of the security processor consists in presenting it with an ECU access control message associated with the scrambled content and carrying a control word CW and the description of at least one access condition in order to supply the terminal with the control word for unscrambling the content,and In that the analysis of security processor use comprises the following steps:
    - determining the number N_ECMof ECU messages processed by the security processor during the period of activity T_act,calculating the relationship M_ECM=N_ECM/T_act,comparing the relationship M_ECMwith the threshold value S_max,applying the sanction if M_ECMis greater than S_max.
  - 4. Method according to claim 3, wherein security processor use is analysed by software built into said security processor.
  - 5. Method according to claim 1, wherein said sanction is applied progressively in accordance with the following steps:
    - firstly the sanction is applied with a level of severity n_ia preset number of times R_i,then the sanction is applied with a next level of severity n_i+1a preset number of times R_i+1,lastly the maximum sanction is applied when the last level n_imaxis attained.
  - 6. Method according to claim 5, wherein said sanction comprises a first level consisting in temporarily blocking content reception, a second level consisting in blocking content reception with a requirement to contact the operator supplying said content, and a third level consisting in permanently blocking reception of said content.
  - 7. Method according to claim 3, wherein the analysis of security processor use comprises the following operations:
    - at a current date t_c,determining on the one hand, the ECM messages with a distribution date contemporary with the current date t_cand which will be presented to the security processor for a first use of a content, on the other hand, the ECM messages with a distribution date which antedates the current date t_cand are presented to the security processor for re-using a content,measuring the period of activity T_Actof the security processor during which it processes successive contemporary ECM messages,counting the number N_ECMof contemporary ECM messages at least so long as the period of activity T_Actis less than a preset minimum duration T_ActMin.
  - 8. Method according to claim 7, wherein, at the date t_c, an old ECM message is determined by comparing the distribution date t of this ECM message with the date (t_c−
    - T_Diff), T_Diffrepresenting a previously specified minimum delay separating the date t and the date t_c.
  - 9. Method according to claim 8, wherein, at the date t_c, counting the number N_ECMof successfully processed contemporary ECM messages comprises the following operations:
    - comparing the date t with the date (t_c−
      
      T_Diff),increasing the number N_ECMif the date (t_c−
      
      T_Diff) is less than or equal to the date t, otherwise maintaining the number N_ECMat the current value,if the date t is between the date t_cand the date t_c+T_InaMin, increasing the period of activity T_Actby the value (t−
      
      t_c), otherwise maintaining the period of activity T_Actat the current value.
  - 10. Method according to claim 7, wherein, during an observation period starting at an instant t_o, the analysis of security processor use comprises the following operations:
    - calculating the relationship M_ECM=N_ECM/T_Act,checking whether T_Actis greater than or equal to a preset duration T_ActMinand whether M_ECMis greater than S_max,if yes,applying the sanction,increasing the number n of sanctions and/or the level of thesanction applied,reinitialising the values N_ECM, T_Actand t_o.otherwise,decrypting the control word CW,if the duration (t−
      
      t_o) is greater than the duration T_obsof the observation period,reinitialising the values of N_ECM, T_Actand t_oif the date t is greater than the date t_creplacing the date t_cby the date t.
  - 11. Method according to claim 10, wherein, when the number of ECM messages successfully processed during the period T_obshas been increased by a preset threshold value N_Buf, the parameters N_ECM, t_oand T_Actare transferred into an EEPROM memory.
  - 12. Method according to claim 1, wherein analysis parametensation and activation can be programmed by an operator by sending an EMM message.
  - 13. Method according to claim 12, wherein said EMM message carries at least one of the following parameters:
    - the duration T_obsof the observation period,the minimum duration of activity T_ActMin,the delay T_Diff,the minimum duration of inactivity T_InaMin,the threshold value S_max,the threshold value N_Buf.
  - 15. Computer program including program code instructions for implementing steps in the method according to claim 1 when said program is run on a security processor associated with a terminal for receiving digital contents supplied by an operator, characterised in that it comprises:
    - instructions for analysing the use of said chip card by said terminal over a preset observation period T_Obs,instructions for determining on the basis of said analysis the mean value M_ECMof the number of invocations per time unit of said chip card by said terminal during said observation period T_obsand for comparing said mean value M_ECMwith a preset threshold S_max, andinstructions for applying to said terminal a sanction whereof the level of severity progressively increases if the mean value M_ECMis greater than the threshold S_max.
  - 16. Method according to claim 5, wherein analysis parameterisation and activation can be programmed by an operator by sending an EMM message.
  - 17. Method according to claim 16, wherein analysis parameterisation and activation can be programmed by an operator by sending an EMM message.
  - 18. Computer program including program code instructions for implementing steps in the method according to claim 5 when said program is run on a security processor associated with a terminal for receiving digital contents supplied by an operator, characterised in that it comprises:
    - instructions for analysing the use of said chip card by said terminal over a preset observation period T_obs,instructions for determining on the basis of said analysis the mean value M_ECMthe number of invocations per time unit of said chip card by said terminal during said observation period T_obsand for comparing said mean value M_ECMwith a preset threshold S_max, andinstructions for applying to said terminal a sanction whereof the level of severity progressively increases if the mean value M_ECMis greater than the threshold S_max.
  - 19. Computer program including program code instructions for implementing steps in the method according to claim 7 when said program is run on a security processor associated with a terminal for receiving digital contents supplied by an operator, characterised in that it comprises:
    - instructions for analysing the use of said chip card by said terminal over a preset observation period T_Obs,instructions for determining on the basis of said analysis the mean value M_ECMof the number of invocations per time unit of said chip card by said terminal during said observation period T_obsand for comparing said mean value M_ECMwith a preset threshold S_max, and

14. Security processor intended to control access to a scrambled digital content supplied by at least one operator to at least one receiving terminal, characterised in that it comprises:
- a first module for analysing its use during a preset observation period T_obs,a second module for determining on the basis of said analysis the mean value M_ECMof the number of invitations per time unit of said security processor during said observation period T_obsand for comparing said mean value M_ECMwith a preset threshold S_max, anda third module for applying to said terminal a sanction whereof the level of severity progressively increases if the mean value M_ECMis greater than the threshold S_max.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Viaccess
Original Assignee
Viaccess
Inventors
Tronel, Bruno, Roger, Matthieu, Giard, Alexandre, Cuaboz, Alain, Granet, Olivier, Chieze, Quentin, Neau, Louis

Application Number

US12/444,559
Publication Number

US 20100017605A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04N 21/4181   for conditional access

H04N 21/4367   Establishing a secure commu...

H04N 21/4623   Processing of entitlement m...

H04N 7/1675   Providing digital key or au...

METHOD OF DETECTING AN ABNORMAL USE OF A SECURITY PROCESSOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF DETECTING AN ABNORMAL USE OF A SECURITY PROCESSOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links