Irdeto B.V. Patent applications |
Patent application number | Title | Published |
20160018996 | STORING AND ACCESSING DATA - A method of storing an amount of data D in association with a device, the method comprising: obtaining a characteristic C of the device; generating error correction data R for the characteristic C, the error correction data R enabling correction of up to a predetermined number of errors in a version of the characteristic C; combining the characteristic C with the amount of data D and an authentication key K to generate storage data P, wherein said combining is arranged so that the amount of data D and the authentication key K are obtainable using the characteristic C and the storage data P; generating a signature using a signature key, the signature being a digital signature of a quantity of data comprising the storage data P, the amount of data D and the authentication key K, wherein the signature key corresponds to a verification key accessible by the device; generating an authentication code for the error correction data R using the authentication key K, wherein the authenticity of the error correction data R is verifiable using the authentication code and the authentication key K; and storing the error correction data R, the storage data P, the signature and the authentication code to thereby store the amount of data D. | 01-21-2016 |
20150180873 | CONTROLLING ACCESS TO IP STREAMING CONTENT - There is described a method of controlling access to IP streaming content by a plurality of receivers. The method comprises the steps of (a) for each receiver in the plurality of receivers, providing that receiver with access to first control information for that receiver to enable that receiver to access a first portion of the content; (b) identifying a receiver from the plurality of receivers as an identified receiver; (c) updating the first control information so as to provide updated control information for each receiver, the updated control information being associated with a second portion of the content; and (d) configuring each receiver to fetch the updated control information for that receiver. For the identified receiver, the updated control information is invalid such that the identified receiver is unable to fully access the second portion of the content. A server configured to carry out the method is also described. | 06-25-2015 |
20150163054 | UPDATING KEY INFORMATION - A method of providing key information from a sender to one or more receivers, the method comprising: obtaining initial key information comprising a plurality of units that assume respective values; forming encoded key information from the initial key information, wherein the encoded key information comprises a plurality of encoded units that correspond to respective units of the initial key information, wherein said forming comprises, for each unit of the initial key information, selecting an encoding from a plurality of invertible encodings associated with said unit and encoding said value assumed by said unit with said selected encoding to form the corresponding encoded unit; and providing the encoded key information to said one or more receivers. | 06-11-2015 |
20150149785 | GENERATING FINGERPRINTED CONTENT DATA FOR PROVISION TO RECEIVERS - A method for generating, from initial content data, output content data for provision to one or more receivers, wherein the initial content data is encoded according to a coding scheme, wherein for a quantity of data encoded according to the coding scheme, the coding scheme provides a mechanism for including in the quantity of encoded data additional data such that a decoder for the coding scheme, upon decoding the quantity of encoded data, does not use the additional data to generate decoded data, the method comprising: selecting one or more portions of the initial content data; for each selected portion, generating a data construct that comprises a plurality of data structures, each data structure comprising data, including a version of the selected portion, that is encrypted using a corresponding encryption process different from each encryption process used to encrypt data in the other data structures, wherein the data construct is arranged such that using a decryption process that corresponds to the encryption process for one data structure on the encrypted data in each data structure in the data construct produces a quantity of data encoded according to the coding scheme that uses the mechanism so that a decoder for the coding scheme would not use any data structure in the data construct other than said one data structure; and using the generated data constructs in the initial content data instead of their corresponding selected portions to form the output content data. | 05-28-2015 |
20150121073 | SOFTWARE FINGERPRINTING - A method of providing a receiver with a version of an initial item of software, the method comprising: for each of a plurality of sections of the initial item of software that together form the initial item of software, obtaining one or more respective versions of that section, wherein for at least one of the sections a respective plurality of different versions of that section are obtained; for each of the plurality of sections of the initial item of software, selecting a respective version of that section to be used by the receiver, said selecting being arranged so that the receiver is identifiable from the set of selected versions; and providing the receiver with a version of the initial item of software by providing the receiver with access to the selected versions of the sections of the initial item of software. | 04-30-2015 |
20150043577 | DISTRIBUTING CONTENT TO MULTIPLE RECEIVERS USING MULTICAST CHANNELS - There is described a method of distributing a first piece of content to multiple receivers. The first piece of content comprises a plurality of content portions. The method comprises: (a) for each of a plurality of selected content portion of the plurality of content portions, there being two or more versions of each said selected content portion, allocating each version of that selected content portion to a respective multicast channel; and (b) providing each receiver with access to a respective group of the multicast channels, each receiver being identifiable at least in part by means of the respective group of multicast channels for that receiver. A corresponding multicast system and receiver are also described. | 02-12-2015 |
20150040224 | Method And System For Dynamic Platform Security In A Device Operating System - A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secure software agent is provided for embedding within the abstraction layer forming the operating system. A secure store is provided for storing security information unique to one or more instances of the application plication software. The secure software agent uses the security information for continuous runtime assurance of ongoing operational integrity of the operating system and application software and thus operational integrity of the device. | 02-05-2015 |
20150033026 | DYNAMIC TARDOS TRAITOR TRACING SCHEMES - A fingerprinting method. For each round in a series of rounds: providing to each receiver in a set of receivers a version of a source item of content, the source item of content corresponding to the round. For the round there is a corresponding part of a fingerprint-code for the receiver, the part includes one or more symbols. The version provided to the receiver represents those one or more symbols. One or more corresponding symbols are obtained from a suspect item as a corresponding part of a suspect-code. For each receiver in the set of receivers, a corresponding score that indicates a likelihood that the receiver is a colluding-receiver is updated. | 01-29-2015 |
20150026452 | DIGITAL RIGHTS MANAGEMENT - There is disclosed a method of controlling use of encrypted content by a plurality of client terminals each provided with a digital rights management (DRM) client and a content decryption module separate to the DRM client. First key information is provided for use by one or more selected ones of the DRM clients, and second key information is provided for use by one or more selected ones of the content decryption modules. Content key information is encrypted to form encrypted content key information such that the selected ones of the content decryption modules are enabled by the second key information to recover the content key information from the encrypted content key information. The encrypted content key information is further encrypted to form super-encrypted content key information such that the selected ones of the DRM clients are enabled by the first key information to recover the encrypted content key information from the super-encrypted content key information. Corresponding head-end and client terminal apparatus are also disclosed. | 01-22-2015 |
20150023495 | CHANGE-TOLERANT METHOD FOR GENERATING IDENTIFIER FOR COLLECTION OF ASSETS IN COMPUTING ENVIRONMENT USING ERROR-CORRECTION CODE SCHEME - A secure and change-tolerant method for obtaining an identifier for a collection of assets associated with a computing environment. Each asset has an asset parameter and the computing environment has a fingerprint based on an original collection of assets and on a codeword generation algorithm on the original collection of assets. The method comprises: retrieving the asset parameters of the collection of assets and processing the retrieved asset parameters to obtain code symbols. An error-correction algorithm is applied to the code symbols to obtain the identifier. The method can be used in node-locking. | 01-22-2015 |
20140362987 | SECURELY PROVIDING SECRET DATA FROM A SENDER TO A RECEIVER - The invention provides a system and a method for securely providing a secret data from a sender to one or more receivers. The receiver uses a sequence of functions originating from a hierarchy of functions to migrate the secret data from an input transform space to an output transform space using a mathematical transformation under control of one or more seeds. The seeds are provided to the receiver by the sender. The sender conditionally allows the receiver to obtain the secret data by controlling the seeds. | 12-11-2014 |
20140344850 | CONSTRUCTING A TRANSPORT STREAM - A plurality of sets of primary product keys is established or generated, each set containing at least two different primary product keys. One primary product key of each set is made available to each receiver or group of receivers, such that each receiver or group of receivers is provided with a different combination of said primary product keys. For each set of primary product keys, the plurality of receivers or groups of receivers is provided with a different primary entitlement control message corresponding to each primary product key of said set, each such primary entitlement control message distributing a primary control word for recovery through decryption using the corresponding primary product key. The primary control words can then be used for purposes such as tracing compromise of the conditional access system, or arranging for differently fingerprinted content to be decoded at different receivers or groups of receivers. | 11-20-2014 |
20140259086 | CONSTRUCTING A TRANSPORT STREAM - There is disclosed a head-end system in which differently processed copies of content portions are reordered such that copies from different content portions are not interleaved in the final transport stream. | 09-11-2014 |
20140237029 | CLOUD-BASED RESOURCE MANAGEMENT - The invention involves the migration of at least some of the content discovery and/or resource management tasks from a home network to a remote server by using a proxy device, such as e.g. a DLNA-compatible proxy server or a proxy server compatible with other and/or multiple standards, connected to the devices within the home network and also connected to the resource server via an external, network. The proxy device can obtain content-relation information and, possibly, also: device-related information from the devices within the home network and provide that information to the remote server which can use the information to create an integrated navigation interface for navigating and/or managing content available to all of the devices within the home network. | 08-21-2014 |
20140068656 | RELIABLE AND NON-MANIPULATABLE PROCESSING OF DATA STREAMS IN A RECEIVER - The invention provides a solution for secure and non-manipulatable processing of a data stream in a receiver, possibly in conjunction with a smartcard. A packet identity and a content type identifier associated with the packet identifier are received in encrypted form and securely processed within the receiver to allow an encrypted payload of the data stream to be processed without the possibility to manipulate the content type identifier in an attempt to intercept the payload after decryption. | 03-06-2014 |
20140026214 | Method of Securing Non-Native Code - A method to secure a non-native application. The non-native application is processed to obtain an application stub to be triggered within a virtual machine. The processing of the non-native application also provide a native code function upon which the application stub depends. The non-native function is part of a trusted module that extends security services from the trusted module to the virtual machine. The trusted module is a native code application that creates a trusted zone as a root of trustiness extending to the virtual machine by an execution-enabling mechanism between the application tab and the non-native function. | 01-23-2014 |
20140020112 | Method of Securing Memory Against Malicious Attack - A method and system for secure dynamic memory management using heap memory, or analogous dynamic memory allocation, that includes initializing a heap memory segment, having a plurality of buffers, within a random access memory. When an allocation request to store data in the heap memory segment is received, one of the buffers is randomly selected. Metadata, containing details of allocated and unallocated buffers of the heap memory segment, is then maintained in a portion of the memory separate from the heap object. According to certain embodiments, the secure heap of the present disclosure can securely implement the functions of those portions of the C/C++ stdlib library related to dynamic memory management, specifically malloc ( ) free ( ) and their variants. | 01-16-2014 |
20140019771 | Method and System for Protecting Execution of Cryptographic Hash Functions - A method of protecting the execution of a cryptographic hash function, such as SHA-256, in a computing environment where inputs, outputs and intermediate values can be observed. The method consists of encoding input messages so that hash function inputs are placed in a transformed domain, and then applying a transformed cryptographic hash function to produce an encoded output digest; the transformed cryptographic hash function implements the cryptographic hash function in the transformed domain. | 01-16-2014 |
20140019767 | CONTENT SEGMENTATION OF WATERMARKING - The invention relates to a computer-implemented method for providing a data stream comprising a plurality of content elements. At least one of two or more copies of a first content element of the data stream has been watermarked with a different watermark. The method includes watermarking at least one of two or more copies of a second content element with a different watermark. In a rendering order of the data stream, the second content element is at an interval equal to or greater than a watermark interval from the first content element. The watermark interval is set to be sufficiently long so that the output quality of the rendered data stream can either completely recover or at least return to a predetermined acceptable level following the watermarking of the copies of the first content element before watermarking the copies of the next content element. | 01-16-2014 |
20140013427 | System And Method Providing Dependency Networks Throughout Applications For Attack Resistance - A method and system is provided to automatically propagate dependencies from one part of a software application to another previously unrelated part. Propagation of essential code functionality and data to other parts of the program serves to augment common arithmetic functions with Mixed Boolean Arithmetic (MBA) formulae that are bound to pre-existing parts of the program. A software application is first analyzed on a compiler level to determine the program properties which hold in the program. Thereafter, conditions are constructed based on these properties and encoded in formulae that encode the condition in data and operations. Real dependencies throughout the application are therefore created such that if a dependency is broken the program will no longer function correctly. | 01-09-2014 |
20140007252 | Change-Tolerant Method of Generating an Identifier for a Collection of Assets in a Computing Environment Using a Secret Sharing Scheme | 01-02-2014 |
20140006803 | System And Method For Securely Binding And Node-Locking Program Execution To A Trusted Signature Authority | 01-02-2014 |
20130297737 | MULTIPARTY WATERMARKING METHOD AND SYSTEM - The invention relates to a method and system for watermarking in a content providing system having multiple parties. A first party system selects a first party watermark by selecting a watermarked copy of at least one first content element of the content elements. A second party system selects a second party watermark by selecting a watermarked copy of at least one second content element, different from the at least one first content element, of the content elements. Watermarked content is delivered to an end user device, the watermarked content containing the watermarked copy for the first content element selected by the first party system and the watermarked copy for the second content element selected by the second party system such that the watermarked content contains the first party watermark and the second party watermark. | 11-07-2013 |
20130262869 | CONTROL WORD PROTECTION - The invention enables a chip set of a receiver of a conditional access system to receive control words securely from a head-end system in the content delivery network. Hereto the chip set comprises means for processing an incoming message to obtain a virtual control word, and using the virtual control word to generate the control word used for descrambling content received from the content delivery network. The authenticity of incoming messages is verified, in the sense that content descrambling fails if an incoming message is not authentic. | 10-03-2013 |
20130251152 | KEY TRANSPORT PROTOCOL - The invention enables the transport of a key from a sender to a receiver. The sender comprises means for generating or obtaining a virtual key and securing the virtual key to protect its authenticity and confidentiality. The secured virtual key is provided to the receiver. The receiver comprises means to derive the virtual key from the secured virtual key. The sender and the receiver comprise means to provide the virtual key and a signature verification key associated with the sender as inputs to a cryptographic function to generate an output. The output includes at least one key. The at least one key may be in turn used as input to a cryptographic mechanism, providing a service to a security application. Examples of such services are encryption or decryption of content, or generating a response to a challenge. | 09-26-2013 |
20130251146 | CONTROL WORD PROTECTION - A method for securely obtaining a control word in a chip set of a receiver, said control word for descrambling scrambled content received by the receiver, the method comprising, at the chip set: receiving a secured version of a virtual control word from a conditional access/digital rights management client communicably connected to the chip set; obtaining the virtual control word from the secured version of the virtual control word; and using a first cryptographic function to produce a given output from an input that comprises the virtual control word and either a plurality of signature verification keys or one or more values derived from a plurality of signature verification keys, each signature verification key being associated with a conditional access/digital rights management system, the given output comprising at least one control word, wherein the first cryptographic function has the property that it is infeasible to determine a key pair including a signature key and a signature verification key and an input for the first cryptographic function comprising the determined signature verification key or one or more values derived, at least in part, from the determined signature verification key, such that the first cryptographic function produces the given output from the determined input. | 09-26-2013 |
20130205132 | OBTAINING A CONTROL WORD TO REVEAL A CLIENT DEVICE IDENTITY - The invention provides for a solution enabling obtaining a control word in the client. The client device has a unique binary identification. An input transformed control word is mapped from an input transform domain to an output transform domain to thereby obtain an output transformed control word by successively applying a transformation function to the input transformed control word using each compound of seeds from the set successively as an input to the successive transformation functions. Each of the successive transformation functions is one of a regular transformation function, a first special transformation function and a second special transformation function. The obtained control word can be used to decrypt one of two copies of a part of content data. The copy that can be decrypted contains a watermark representing either a binary “0” or a binary “1” and represents a bit of the unique binary identification of the client device. | 08-08-2013 |
20130166868 | METHOD AND SYSTEM FOR PROVIDING CONTENT TO A RECIPIENT DEVICE - The invention relates to a computer-implemented method for providing content to a particular recipient device of a plurality of recipient devices. Copies of one or more content elements of the content are generated and one or more of the copies are modified to obtain modified copies of the content elements. The content elements, including the one or more modified copies of the content elements, are stored in a storage. Selection information is transmitted to the particular recipient device in response to a request for providing the content. The selection information prescribes to the recipient device the modified copy to be retrieved by the recipient device for substantially each content element for which a modified copy is available. | 06-27-2013 |
20120008773 | PROVIDING CONTROL WORDS TO A RECEIVER - A method and a system of transmitting one or more control words to a receiver system is described, wherein the one or more control words are generated by a scrambling system for scrambling during a crypto period data packets in a service stream. The method involves transmission of at least one service stream and a stream of entitlement control messages associated with said service stream to the receiver system, each entitlement control message comprising at least one encrypted control word; and controlling the processing load of the receiver system by modifying the duration of said crypto period. | 01-12-2012 |
20120005703 | MULTI-VENDOR CONDITIONAL ACCESS SYSTEM - The invention provides a smartcard, a head-end system and a conditional access system enabling incompatible receivers to be used in a vendor specific conditional access system. Hereto the smartcard stores an operation mode identifier, which is read upon insertion of the smartcard into the receiver and activation of the smartcard. The operation mode identifier is used to select a protocol for communication with the receiver. If the protocol is incompatible with the receiver, the operation mode identifier is changed and another protocol is selected upon reinsertion of the smartcard in the receiver. The head-end system uses data packet encapsulation to enable the receiver to forward EMMs and ECMs to the smartcard. | 01-05-2012 |
20110317833 | GENERATING A SCRAMBLED DATA STREAM - A method and a system for generating a scrambled data stream is described, wherein the method comprises: providing a code book comprising code information for scrambling data in data stream comprising one or more service streams; generating a control word request associated with at least one crypto period in at least one of said service streams; in response to said control word request, generating on the basis of said code information at least one control word associated with said crypto period in said service stream; and, scrambling data associated with at least one of said service streams using said control word. | 12-29-2011 |
20110311044 | PROVIDING CONTROL WORDS TO A RECEIVER - A method and a system for providing control words to at least one a receiver are described wherein said receiver is associated with a secure module. The method comprises the steps of receiving at least part of a code book comprising code information for descrambling one or more service streams in a scrambled data stream sent to said receiver; providing a control word request associated with at least one crypto period in at least one of said service streams; and, in response to said control word request, generating on the basis of said code information at least one control word for descrambling data in said service stream and associated with said crypto period. | 12-22-2011 |
20110268271 | COMPUTATIONAL EFFICIENTLY OBTAINING A CONTROL WORD IN A RECEIVER USING TRANSFORMATIONS - The invention provides a receiver, a smartcard and a conditional access system for securely obtaining a control word using an entitlement transform tree, wherein intermediate results are cached to improve computational efficiency. | 11-03-2011 |
20110239296 | TRACING UNAUTHORIZED USE OF SECURE MODULES - At least methods and systems for generating tracing data for tracing rogue secure modules in a population of secure modules are described wherein said rogue secure modules are configured for unauthorized provisioning of control words to a control word sharing network. One method comprises: executing a predetermined number of tracing experiments on said population, wherein each of said tracing experiments comprises: sending at least one tracing event message to each secure module in said selected population, wherein event information in said tracing event message is used to select at least part of said secure modules in said population to generate a tracing event; in response to the reception of said at least one tracing event message, a tracing event detector monitoring for a predetermined time the presence of at least one tracing event in said control word sharing network; and, storing tracing data in an event database, said tracing data comprising said event information and event detection information indicating whether or not a tracing event is detected. | 09-29-2011 |
20110211695 | BROADCASTING VARIANTS OF DIGITAL SIGNALS IN A CONDITIONAL ACCESS SYSTEM - The invention provides a headend system, a receiver, a smartcard and a conditional access system enabling distribution of multiple variants of a part of a digital signal, such as multiple variants of an audio part or a video part of a data stream, without requiring receivers to be updated. The digital signal generated by the headend system enables a receiver to receive and process the digital signal without requiring identification of the copies in the second digital signal. Error handling capabilities of the receiver ensure that only one copy is used in the output of the receiver. The error handling capabilities are triggered by having the receiver use one decryption key for descrambling all copies, resulting in one copy being descrambled correctly and the other copies being descrambled incorrectly. | 09-01-2011 |
20110150213 | WHITE-BOX IMPLEMENTATION - A system for enabling a device to compute an outcome of an exponentiation C | 06-23-2011 |
20110116625 | CRYPTOGRAPHIC SYSTEM - A cryptographic system comprises a white-box implementation of a function; an implementation of a cryptographic algorithm; and an implementation of a combining operation for establishing cryptographically processed data in dependence on an outcome of the function and in dependence on an outcome of the cryptographic algorithm. The combining operation comprises combining an outcome of the cryptographic algorithm with an outcome of the function. Alternatively, the combining operation comprises combining an outcome of the function with a received data element to obtain a combination outcome and applying the cryptographic algorithm to the combination outcome. | 05-19-2011 |
20110091033 | CRYPTOGRAPHIC SYSTEM - A method of creating an encryption system for encrypting a plurality of plaintext words is provided. The method comprises associating ( | 04-21-2011 |
20110064215 | EXPONENT OBFUSCATION - A method of obfuscating an exponent is provided. The method comprises identifying a value λ for which it holds that λ>0 and x | 03-17-2011 |
20100296649 | CRYPTOGRAPHIC PROCESSING OF CONTENT - A system for cryptographic processing of content comprises an input for receiving the content. A plurality of look-up tables represents a white-box implementation of a combined cryptographic and watermarking operation. The look-up tables represent processing steps of the combined cryptographic and watermarking operation and the look-up tables being arranged for being applied according to a predetermined look-up scheme. The look-up scheme prescribes that an output of a first look-up table of the plurality of look-up tables be used to generate an input of a second look-up table of the plurality of look-up tables. The combined cryptographic and watermarking operation comprises a cryptographic operation and a watermarking operation. A control module looks up values in the plurality of look-up tables in dependence on the received content and in accordance to the look-up scheme, thereby applying the combined cryptographic and watermarking operation to the content. | 11-25-2010 |
20100215173 | DATA SECURITY | 08-26-2010 |