Security processor and recording method and medium for configuring the behaviour of this processor
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04N-007/167
H04N-021/418
G06F-021/72
H04L-029/06
H04N-007/16
H04N-021/266
H04N-021/4623
출원번호
US-0438061
(2007-08-29)
등록번호
US-9332297
(2016-05-03)
우선권정보
FR-06 07631 (2006-08-30)
국제출원번호
PCT/FR2007/001411
(2007-08-29)
§371/§102 date
20090219
(20090219)
국제공개번호
WO2008/025900
(2008-03-06)
발명자
/ 주소
Danois, Pascal
Granet, Olivier
Le Henaff, Sébastien
출원인 / 주소
VIACCESS
대리인 / 주소
Trenkle, Nicholas B.
인용정보
피인용 횟수 :
0인용 특허 :
8
초록▼
Security processor (42) for a decoder able to receive a scrambled multimedia signal, this processor comprising: —at least one first rewritable lock (FIELDKEY, FIELDPIEMM, FIELDPIEMMC, FIELDPIECM, FIELDFCT) whose value can be toggled between a first and a second predetermined value in response to an
Security processor (42) for a decoder able to receive a scrambled multimedia signal, this processor comprising: —at least one first rewritable lock (FIELDKEY, FIELDPIEMM, FIELDPIEMMC, FIELDPIECM, FIELDFCT) whose value can be toggled between a first and a second predetermined value in response to an EMM or ECM message, —a restriction function able to authorize and, alternately, prohibit, as a function of the value of the first lock, only one particular operation of the security processor, this particular operation being chosen from the group composed of: the use of a cryptographic key, the processing of a parameter contained in an EMM or ECM message received, and the execution of an elementary conditional access function of the code of the application.
대표청구항▼
1. A security processor for a decoder for receiving a scrambled multimedia signal which is scrambled with a control word, the multimedia signal being broadcast by a network head, the security processor comprising: a microprocessor;a rewritable memory storing one or more first rewritable locks, each
1. A security processor for a decoder for receiving a scrambled multimedia signal which is scrambled with a control word, the multimedia signal being broadcast by a network head, the security processor comprising: a microprocessor;a rewritable memory storing one or more first rewritable locks, each of the first rewritable locks having a value which toggles between a first predetermined value and a second predetermined value and at least one cryptographic key;a non-rewritable memory storing an application code which, when executed by the microprocessor, causes the microprocessor to execute a set of operations comprising: initializing the value of each of the first rewritable locks; receiving an EMM (Entitlement Management Message) configuration message from the network head wherein the EMM configuration message comprises at least one lock configuration parameter;configuring the value of at least one of the first rewriteable locks according to the at least one lock configuration parameter;receiving a particular ECM (Entitlement Control Message) or EMM message dispatched by the network head in conjunction with the scrambled multimedia signal; andbased on the value of each of the at least one of the first rewritable locks, a) permitting execution at the security processor of a particular corresponding operation of a set of operations of the security processor coded within the application code and executable by the microprocessor for processing ECM or EMM messages; or b) prohibiting execution of the particular corresponding operation at the security processor, andwherein the particular corresponding operation for each of the at least one of the first rewritable locks is chosen from a group of operations consisting of: using a corresponding key of the at least one of cryptographic key recorded in the rewritable memory;processing of a parameter contained in the particular EMM or ECM message; andexecuting of a first conditional access function coded within the application code and executable by the microprocessor, the first conditional access function being executed independently of other conditional access functions coded within the application code such that non-execution of the first conditional access function does not prevent execution, by the microprocessor, of any one of the other conditional access functions. 2. The security processor according to claim 1, wherein the memory comprises at least one field FIELDKEY associated with a corresponding one of the at least one cryptographic key, the at least one field FIELDKEY containing several locks, each of the several locks corresponding to a respective conditional access function, andwherein the application code is further executable by the microprocessor to permit or prohibit use of the corresponding one of the at least one cryptographic key by the respective conditional access function for each of the several locks based on a value for the lock contained in the field FIELDKEY associated with the corresponding cryptographic key. 3. The security processor according to claim 1, wherein the security processor contains a list chosen from one of the following lists: a list FIELDPIEMM associated with non-confidential EMM messages, this list FIELDPIEMM containing several locks, each of the locks corresponding to a respective parameter Pi capable of being contained in a non-confidential EMM message,a list FIELDPIEMMC associated with confidential EMM messages, containing several locks, each of the locks corresponding to a respective parameter Pi capable of being contained in a confidential EMM message, anda list FIELDPIECM associated with the ECM messages, containing several locks, each of the locks corresponding to a respective parameter Pi capable of being contained in an ECM message, andwherein the application code is further executable by the microprocessor to, for each message received by the security processor associated with the list, permit or prohibit processing of a parameter Pi contained in the message received by the security processor as a function of a value of the lock corresponding to the parameter Pi in the list. 4. The security processor according to claim 1, wherein the security processor comprises a list FIELDFCT associated with the conditional access functions, the list FIELDFCT containing several locks, each of the locks corresponding to a respective conditional access function, andwherein the application code is further executable by the microprocessor to, for each of the several locks contained within the list FIELDFCT, permit or prohibit execution of the respective conditional access function for the lock as a function of a value of the lock. 5. The security processor according to claim 1, wherein the rewritable memory further stores one or more second rewritable locks each having a value that toggles between a first predetermined value and a second predetermined value in response to an EMM or ECM message, andwherein the application code is further executable by the microprocessor to, for each second rewritable lock, prohibit, based on the value of the second rewritable lock, a function chosen from a group of functions consisting of: use of any cryptographic key necessary for toggling the value of at least one of the first or second rewritable locks,processing of any parameter contained in an EMM message suitable for toggling the value of at least one of the first or second rewritable locks, andexecution of any conditional access function suitable for toggling the value of at least one of the first or second rewritable locks. 6. The security processor according to claim 1, wherein the first conditional access function is different from a function for writing new access entitlements and from a function for writing new cryptographic keys. 7. A method of configuring a behavior of a security processor for a decoder suitable for receiving a scrambled multimedia signal which is scrambled with a control word, the multimedia signal being broadcast by a network head, wherein the security processor comprises a microprocessor and a rewritable memory storing at least one cryptographic key and one or more first rewritable locks, each of the first rewritable locks having a value which toggles between a first predetermined value and a second predetermined value the method comprising: initializing, by the security processor, the value of each of the first rewritable locks;receiving, by the security processor, an EMM (Entitlement Management Message) configuration message from the network head wherein the EMM configuration message comprises at least one lock configuration parameter;configuring, by the security processor, the value of at least one of the first rewritable locks according to the at least one lock configuration parameter;receiving, by the security processor, a particular ECM (Entitlement Control Message) or EMM message dispatched by the network head in conjunction with the scrambled multimedia signal;based on the value of each of the at least one of the first rewritable locks, a) permitting execution at the security processor of a particular corresponding operation of a set of operations of the security processor for processing ECM or EMM messages; or b) prohibiting, at the security processor, execution of the particular corresponding operation,wherein the particular corresponding operation for each of the at least one of the first rewritable locks is chosen from a group of operations consisting of: using a corresponding key of the at least one of cryptographic key recorded in the rewritable memory;processing of a parameter contained in the particular EMM or ECM message; andexecuting of a first conditional access function by the security processor, the first conditional access function being executed independently of other conditional access functions at the security processor such that non-execution of the first conditional access function does not prevent execution, by the security processor, of any one of the other conditional access functions. 8. The method according to claim 7, wherein the method further comprises: managing at least one field FIELDKEY stored in the rewritable memory and associated with a corresponding cryptographic key of the at least one cryptographic key, the at least one field FIELDKEY containing several locks, each of the several locks corresponding to a respective conditional access function, andpermitting or prohibiting use of the corresponding cryptographic key by the respective conditional access function for each of the several locks as a function of a value of the lock which is contained in the field FIELDKEY associated with the corresponding cryptographic key. 9. The method according to claim 7, wherein the method further comprises: managing at least one list chosen from a group of lists consisting of: a list FIELDPIEMM associated with non-confidential EMM messages, containing several locks, each of the locks corresponding to a respective parameter Pi capable of being contained in a non-confidential EMM message,a list FIELDPIEMMC associated with confidential EMM messages, containing several locks, each of the locks corresponding to a respective parameter Pi capable of being contained in a confidential EMM message, anda list FIELDPIECM associated with the ECM messages, containing several locks, each of the locks corresponding to a respective parameter Pi capable of being contained in an ECM message, andpermitting or prohibiting, for each message received by the security processor associated with the at least one list, processing of a parameter Pi contained in the message received by the security processor as a function of a value of the lock corresponding to the parameter Pi in the list associated with the received message. 10. The method according to claim 7, wherein the method further comprises: managing a list FIELDFCT stored in the rewritable memory and associated with the conditional access functions, the list FIELDFCT containing several locks, each of the locks corresponding to a respective conditional access function, andpermitting or prohibiting for each of the several locks contained within the list FIELDFCT, execution of the respective conditional access function for the lock as a function of a value of the lock. 11. The method according to claim 7, wherein the method further comprises: receiving a particular EMM message including: a first parameter triggering a toggling of the value of a first lock of the at least one first rewritable lock so as to permit execution of the particular corresponding operation for the first lock at the security processor,a second parameter triggering an execution of the particular corresponding operation for the first lock, anda third parameter triggering a toggling of the value of the first lock so as to prohibit execution of the particular operation for the first lock, and processing in order by the security processor of the first, second and third parameters. 12. The method according to claim 7, wherein the first conditional access function is different from a function for writing new access entitlements and from a function for writing new cryptographic keys. 13. A non-transitory medium for recording information containing instructions that, when these instructions are executed by a microprocessor of a security processor, cause the security processor to perform a method of configuring a behavior of the security processor for a decoder for receiving a scrambled multimedia signal which is scrambled with a control word, the multimedia signal being broadcast by a network head, wherein the security processor comprises the microprocessor and a rewritable memory storing one or more first rewritable locks and at least one cryptographic key, each of the first rewritable locks having a value which toggles between a first predetermined value and a second predetermined value, the method comprising: initializing the value of each of the first rewritable locks;receiving an EMM (Entitlement Management Message) configuration message from the network head wherein the EMM configuration message comprises at least one lock configuration parameter;configuring the value of at least one of the first rewritable locks according to the at least one lock configuration parameter;receiving a particular ECM (Entitlement Control Message) or EMM message dispatched by the network head in conjunction with the scrambled multimedia signal;based on the value of each of the at least one of the first rewritable locks, a) permitting execution at the security processor, of a particular corresponding operation of a set of operations of the security processor for processing the ECM or the EMM messages; or b) prohibiting, at the security processor, execution of the particular corresponding operation, andwherein the particular corresponding operation for each of the at least one of the first rewritable locks is chosen from a group of operations consisting of: using a corresponding key of the at least one cryptographic key recorded in the rewritable memory;processing of a parameter contained in the particular EMM or ECM message; andexecuting of a first conditional access function at the security processor, the first conditional access function being executed independently of other conditional access functions at the security processor so that non-execution of the first conditional access function does not prevent execution, at the security processor, of any one of the other conditional access functions.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (8)
Taylor, Kevin Norman; Fahrny, James; Helms, William Lynn; Manson, Azita Miahnahri; Twigger, Andrew T.; Davoust, Nancy Louise; Lilly, III, Henry Clarence, Configurable access kernel.
Van De Ven, Antonius Johannes Petrus Maria; Wajs, Andrew Augustine, Method of controlling descrambling of a plurality of program transport streams, receiver system and portable secure device.
Beun, Frédéric; Boudier, Laurence; Roque, Pierre; Tronel, Bruno, Process for matching a number N of reception terminals with a number M of conditional access control cards.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.