MXPA00007899A - Method and apparatus for recording of encrypted digital data - Google Patents

Abstract

A method of recording transmitted digital data in which transmitted digital information CW (96) is encrypted (97) using a recording encryption key E(NE) (98) and the resulting encrypted ECM message (99) stored on recording support medium. An equivalent of the recording encryption key E(NE) (100) is further encrypted by a recording transport key RT(A) (102) to form an EMM message (103) stored on the support medium together with the encrypted ECM message (99). In one embodiment, the recording transport key may be generated and managed by a central authorising unit. Alternatively, the recording transport key may be generated and managed within the decoder and recorder configuration of the user, for example, by generating the key at the recorder and communicating a version to the decoder for safekeeping.

Description

METHOD AND APPARATUS FOR RECORDING CRITICALLY CODED DIGITAL DATA The present invention relates to a method and apparatus for recording disturbed digital data, for example television transmissions. The transmission of cryptically encoded data is well known in the field of paid television systems, where disturbed audiovisual information is typically transmitted by satellite to several subscribers, each subscriber having an integrated decoder or receiver / decoder (IRD) capable of awakening the broadcast program for its subsequent display. In a typical system, the disturbed digital data is transmitted together with a control word to awaken the digital data, the same control word being cryptically encoded by an operation key and transmitted in cryptically encoded form.

A decoder receives the disturbed digital data and the cryptically encoded control word which uses an equivalent of the operation key to decode the control word encoded cryptically and thereafter to wake up the transmitted data. A paid subscriber will periodically receive the exploitation key needed to decode the control word encoded cryptically to allow viewing a particular program. With the advent of digital technology, the quality of the transmitted data has increased many times. A particular problem associated with digital quality data is its ease of reproduction. When an unsuspecting program passes via an analog link (for example the "Peritel" link) to be viewed and recorded by a standard cassette video recorder, the quality is no longer greater than that associated with a standard analogue analogue cassette recording. The risk that this recording is used as a master tape to make pirated copies is not greater than with the analogue camera bought in a standard store. By way of contrast, each digital data awakened by a direct digital link to one of the digital recording devices of the new generation (for example, a DVHS recorder) will have the same quality of the originally transmitted program and can thus be reproduced any number of times without any degradation of the image or sound quality. Therefore there is a considerable risk that the awaited data will be used as a master copy to make pirated copies. French Patent Application 9503859 shows a way to overcome this problem, by means of a system in which the digital data awakened is never allowed to be recorded in the digital recording medium. Instead, the decoder described in this application sends the data for recording on the medium in its disturbed form. The control word necessary to wake up the data is encoded again cryptically by means of another key and stored in the recording medium with the disturbed data. This new key is known only by the receiver / decoder and replaces the operating key needed to obtain the control word to view the program. The advantage of such a system is that the data is never stored in a "clean" way and can not be viewed without having the new key, stored in the decoder. The system also has the advantage that, since the exploitation key changes monthly, the use of a key chosen by the decoder to re-encode the control word recorded on the digital tape means that the decoder will still be able to decode the control word recorded on the tape even after the end of the subscription month. The disadvantage of the system proposed in this prior patent application is that the recording can only be viewed together with that particular decoder. If the decoder is broken, or replaced, the recording can no longer be played. Equally, it is not possible to play the recording directly on a digital recorder without connecting the decoder to the system. It is an object of the present invention in its broadest and most specific aspect to overcome some or all of the problems associated with this known solution. According to the present invention, there is provided a method for recording transmitted digital data in which digitally transmitted information is cryptically encoded by a cryptic encoding key for recording and stored by a recording medium on a recording medium and characterized in that an equivalent of the cryptic encoding encoding key is encoded cryptically by a recording transport key and stored in the support medium together with the cryptically encoded information. The advantage of this method lies in the fact that the specific cryptic encoding key used to cryptically encode information is permanently recorded with the cryptically associated encoded information. In order to facilitate future access, as will be described below, one or more secure copies of the recording transport key may be stored in a location other than the recorder. In one embodiment, the information cryptically encoded by the cryptic recording encoding key comprises control word information usable to wake up a transmission of disturbed data also recorded in the support medium. Other modalities are conceivable, for example, in which the information encoded cryptically corresponds simply to transmitted data that will finally be read or displayed, for example the audiovisual information itself instead of a control word used to wake it up. In one embodiment, the cryptic encoding key of recording and / or recording transport key are stored in a portable security module associated with the recording element. This may comprise, for example, any convenient microprocessor and / or memory card device, such as a PCMCIA or PC card, a smart card, a SIM card, and so on. In alternative relationships, the keys can be stored in a security module permanently incorporated in the recording element. Unless explicitly limited to a portable or integrated device it will be understood that all references to a "security module" cover both possible embodiments. In one embodiment, the transmitted information is encoded cryptically prior to transmission and is received by a decoder element before being communicated to the recording element. The decoder may be physically separate or combined with the recording element.

As will be explained in more detail below, the transmitted information may in some cases be processed and / or re-encoded cryptically by the decoder before being communicated to the recording element. The decoder element may be associated with a portable security module used to store transmission access control keys used to decode the cryptically transmitted encoded information. In some embodiments, this may be different from the portable security module associated with the recording element. However, in the case of an integrated decoder / recorder, for example, the same security module can be used to store all the keys. In one embodiment, the cryptic recording encoding key and / or the recording transport key operate in accordance with a first cryptic encoding algorithm and the transmission access control keys operate in accordance with a second cryptic encoding algorithm. For example, cryptic encoding and transport encoding keys may use the symmetric DES algorithm, while transmission keys operate in accordance with a customer-adapted algorithm unique to the transmission access control system. This allows the system administrator to retain control over the algorithm chosen for the transmission keys while allowing a generic algorithm to be used for keys related to a recording. In one embodiment, the recording transport key is generated in a central recording authorization unit and a copy of this key is communicated to the recording element. In the case of loss or destruction of the key support associated with the recording element, a backup or at least the element for generating the transport key will be present all the time in the central recording authorization unit. For security reasons, the recording transport key is preferably encoded cryptically by an additional cryptic encoding key before being communicated to the recording element. This additional cryptic encoding key can be based, for example, on a cryptic encoding key common to all security recorder modules diversified by a serial number of the security module, so that only that security module can read the message . In the case where the system comprises a receiver / decoder physically separate from the recording element it may be desirable for the recording element to have the same access rights as the receiver / decoder, for example to allow the receiver / decoder to simply send the data stream "as is" to the recorder for processing. In accordance with the above, in one embodiment, a central access control system communicates transmission access control keys to a portable security module associated with the recording element. These may comprise, for example, a duplicate of the keys normally stored in the portable security module associated with the decoder and which are used to wake up the transmissions. In this embodiment, the recording element directly awoke the transmitted information using the transmission access keys before re-encoding the information cryptically by means of the cryptic recording encoding key and storage in the support medium. In a similar manner as with communication of the transport key, the central access control system preferably cryptically encodes access control keys transmitted by an additional cryptic encoding key prior to its communication with the recording element. This additional cryptic encoding key may also comprise a hearing key common to all diversified security modules by the serial number of the recording element. In order to enable the central access control system to correctly identify the transmission access keys that need to be sent to the recording element, the recording element preferably sends a request to the central access control system which includes information identifying the necessary transmission access keys, the request being authenticated by the recording element using a unique key to the recording element. This may correspond, for example, to the key used to cryptically encode communications from the central access control system to the recording element. In the above embodiments of the invention, several different embodiments have been described, in particular in which a central recording authorization unit generates and maintains a copy of the recording transport keys and in which the central access control system sends a duplicate set of transmission access control keys to the recording element. Alternative modalities are possible. For example, in a mode comprising a decoder element and an associated security module and a recording element and an associated security module, a copy of the recording transport key is stored in the security module associated with any of the two or with both decoder or recording elements. In this way, a backup key to decode a recording will always be available even in the event of destruction or loss of the other security module. In particular, a copy of the recording transport key can more conveniently be stored in the decoder security module. The recording transport key can be generated, for example, by the security module the recording element and communicating with the security module of the decoder element or vice versa. For security reasons, the recording transport key is preferably encrypted before communication with the security module of the decoder and decoded by a single key to the security module that receives the recording transport key. This unique key and its equivalent can be incorporated into the respective security modules at the time of its creation. However, alternatively, the decoder security module and the recording security module perform a mutual authorization process, with the unique decoding key being passed to the other security module from the cryptic encoding security module depending on the result of mutual authorization. In one embodiment, the mutual authorization step is carried out using, among others, a known auditorium key to both security modules. This can be, for example, a generic key known to all decoders and recorders and diversified by the serial number of each module. In another development of this double security module embodiment, the security module of the decoder element has transmission access control keys to decode the information transmitted in a cryptically encoded form and a session key to cryptically recode the information before the communication with the security module of the recording element, the security module having the recording element an equivalent of the session key for decoding the information from the cryptic encoding by means of the recording transport key. This session key can be generated by the security module of the decoder element or by the security module of the recording element and communicated to the other module in cryptically encoded form using a cryptic encoding key univocally decodable by the other security module. The present invention extends to a recording element for use in the above method, a decoding element and a portable security module for use in each. The terms "disturbed" and "cryptically encoded" and "control word" and "key" have been used in various parts of the text for the purpose of language clarity. Nevertheless, it will be understood that there is no fundamental distinction between "disturbed data" and "cryptically encoded data" or between a "control word" and a "key". Similarly, the term "equivalent key" is used to refer to a key adapted to decode cryptically encoded data by a first mentioned key, or vice versa. Unless it is mandatory in view of the context or unless otherwise specified, no general distinction is made between the keys associated with symmetric algorithms and those associated with public / private algorithms. The term "receiver / decoder" or "decoder" used herein may connote a receiver to receive either encoded or uncoded signals, for example, television and / or radio signals, which may be broadcast or transmitted by some other medium. The term may also connote a decoder to decode the received signals. The embodiments of these receivers / decoders may include a decoder integrated with the receiver for decoding the received signals, for example, in a "top box", such as a decoder operating in combination with a physically separate receiver, or a decoder including additional functions, such as a network browser or that is integrated with other devices such as a video recorder or a television. As used herein, the term "digital transmission system" includes any transmission system for transmitting or broadcasting primarily digital audiovisual or multimedia data. Although the present invention is particularly applicable to a digital broadcast television system, the invention may also be applicable to a fixed telecommunications network for multimedia Internet applications, to a closed television circuit, and so on. As used herein, the term "digital television system" includes, for example, any satellite, terrestrial, cable and other systems. Now we will describe, by way of example only, several embodiments of the invention, with reference to the following Figures, in which: Figure 1 shows the overall architecture of a digital television system according to this modality; Figure 2 shows the architecture of the conditional access system of Figure 1; Figure 3 shows the levels of cryptic encoding in the conditional access system; Figure 4 shows the design of a digital decoder and recorder device according to this embodiment; Figure 5 shows schematically the organization of zones within the memory cards associated with the decoder and recorder of Figure 4; Figures 6 and 7 show the steps in the preparation of messages for communication between the decoder card and the centralized server in this first mode; Figure 8 shows the cryptology architecture of the decoder card to generate a cryptic recording key according to this first embodiment; Figures 9 and 10 show the preparation of rights control and rights management messages for recording on the digital recording medium according to this first mode; Figure 11 shows the decoding steps associated with the reproduction of a recording in this first mode; Figure 12 shows schematically the organization of zones within the memory cards of the decoder and recording device according to a second embodiment of the invention; Figures 13 and 14 show the steps of initial mutual authorization and data transfer between the memory card of the decoder and the memory card of the recorder according to this second embodiment; Figure 15 shows the creation and communication of a session key to be used by both memory cards during the recording of a program in this second mode; Figure 16 shows the operation of the recording card to generate a cryptic recording encoding key in this second mode; Figure 17 shows the processing of transmission rights control messages via the decoder card in order to communicate the control word (CW) in cryptically encoded form to the recording card in this second mode; Figures 18 and 19 show the preparation of rights control messages and rights manager for re-recording in the digital recording medium according to this second embodiment; Figure 20 shows the communication between a decoding card and a recording card. An overview of the digital television transmission and reception system 1 is shown in Figure 1.

The invention includes a mostly conventional digital television system 2 which uses the MPEG-2 compression system to transmit compressed digital signals. In greater detail, the MPEG-2 compressor 3 in a transmission center receives a digital signal stream (e.g., an audio or video signal stream). The compressor 3 is connected to a multiplexer and a disturber 4 via the link 5. The multiplexer 4 receives a plurality of additional input signals, assembles one or more transport streams and transmits compressed digital signals to a transmitter 6 of the transmission center via link 7, which can of course have a variety of forms including telecom links. The transmitter 6 transmits electromagnetic signals via the uplink 8 to a satellite transmitting transmitter 9, where they are processed electronically and transmitted via a downward notional link 10 to the terrestrial receiver 11, conventionally in the form of proprietary or rented satellite dish. by the end user. The signals received by the receiver 11 are transmitted to an integrated receiver / decoder 12 owned or rented by the end user and connected to the television set of the user 13. The receiver / decoder 12 decodes the compressed MPEG-2 signal into a signal from the receiver. television for the television set 13. A conditional access system 20 is connected to the multiplexer 4 and the receiver / decoder 12, and is located partially in the transmission center and partially in the decoder. It allows the end user to access digital television broadcasts from one or more broadcast providers. A smart card, capable of decoding messages related to commercial offers (that is, one or several television programs sold by the transmission provider), can be inserted into the receiver / decoder 12. Using the decoder 12 and the smart card, the User can buy events either in a subscription mode or in a pay per view mode. An interactive system 17, also connected to the multiplexer 4 and the receiver / decoder 12 and again located partially in the transmission center and partially in the decoder, can be provided to enable the end user to interact with various applications via a rear channel with modem 16. The conditional access system 20 will now be described in greater detail. With reference to Figure 2, an overview of the conditional access system 20 includes a subscriber authorization system (SAS) 21. The subscriber authorization system 21 is connected to one or more subscriber management systems (SMS) 22 , a subscriber management system for each transmission provider, through a respective TCP-IP link 23 (although other types of link can alternatively be used). Alternatively, a subscriber management system could be shared between two transmission providers, or a provider using two subscriber management systems, and so on. The first cryptic encoding units in the form of encryption units 24 using smart cards "mothers" 25 are connected to the subscriber authorization system via the link 26. The second cryptic encoding units again in the form of encryption units 27 which use mother smart cards 28 are connected to multiplexer 4 via link 29. Receiver / decoder 12 receives a portable security module, for example in the form of a "daughter" smart card 30. It is directly connected to the subscriber management system 21 through the communication servers 31 via the back channel with modem 16. The subscriber authorization system sends, among other things, subscription rights to the daughter smart card upon request. Smart cards contain the secrets of one or more commercial operators. The "mother" smart card cryptically encodes different kinds of messages and "daughters" smart cards decode the messages, and they have the right to do so. The first and second encryption units 24 and 27 comprise a canister, an electronic VME card with software stored in an electrically erasable programmable read-only memory (EEPROM), up to 20 electronic cards and a smart card 25 and 28 respectively, for each electronic card, a card 28 for cryptically encoding rights control messages and a card 25 for cryptically encoding rights management messages. The operation of the conditional access system 20 of the digital television system will now be described in greater detail with reference to the various components of the television system 2 and the conditional access system 20. Multiplexer and Disturber With reference to Figures 1 and 2, the transmission center, the digital audio or video signal is compressed first (or the bit rate is reduced), using the compressor MPEG-2 3. This compressed signal is then transmitted to the multiplexer and to the disturber 4 via the link 5 in order to be multiplexed with other data, such as other compressed data. The disturber generates a control word used for the disturbance process and is included in the MPEG-2 stream in the multiplexer. The control word is generated internally and enables the integrated receiver / decoder of the end user 12 to awaken the program. The access criteria, which indicate how the program is marketed, are also added to the MPEG-2 stream. The program can be marketed either in one of several "subscription" modes and / or one of several modes or "pay per view" (PPV) events. In the subscription mode, the end user subscribes to one or more commercial offers, or "bouquet", thus obtaining the rights to see all the channels within these bouquets. In the preferred mode, up to 960 commercial offers of a bunch of channels can be selected. In Pay Per View mode, the end user has the ability to buy events that I want. This can be achieved either by pre-listing the event in advance ("pre-list mode"), or by buying the event as soon as it is being transmitted ("impulse mode"). In the preferred mode, all users are subscribers, whether they see in subscription mode or in pay-per-view mode, but of course pay-per-view viewers do not need to be subscribers. Rights Control Messages Both the control word and the access criteria are used to build rights control message (ECM). This message is sent in connection with a disturbed program; the message contains a control word (which allows the program to be awakened) and the access criteria of the transmitted program. The access criterion and the control word are transmitted to the second cryptic encoding unit 27 via the link 29. In this unit, a rights control message is generated, cryptically encoded and transmitted to the multiplexer and the disturber 4. During a broadcast transmission, the control word typically changes every several seconds, and thus rights control messages are periodically transmitted to enable the changing control word to be awakened. For redundancy purposes, the rights control message includes two control words; the present control word and the next control word. Each transmission of services by a provider of transmissions in a data stream comprises a different number of components; for example, a television program includes a video component, an audio component, a subtitling component and so on. Each of these components of a service is individually disturbed and cryptically encoded for subsequent transmission to the responder-transmitter 9. With respect to each disrupted service component, a separate rights control message is required. Alternatively, a single rights control message may be required for all disturbed components of a service. Multiple rights control messages are also generalized in the case where multiple conditional access system control accesses have access to the same transmitted program.

Rights Management Messages (EMM) The rights management message is a message dedicated to an individual end user (subscriber), or to a group of end users. Each group can contain a given number of end users. This organization as a group has the purpose of optimizing the bandwidth; that is, giving access to a group can allow the reach of a large number of end users. Several specific types of law administration messages can be used. Individual rights management messages are dedicated to individual subscribers, and are typically used to provide Pay Per View services; these contain the identifier of the group and the position of the subscriber in that group. Group subscription rights management messages are dedicated to groups of, say, 256 individual users, and are typically used in the administration of some subscription services. This rights management message has a group identifier and a group bit mapping of the subscribers. Audience rights management messages are dedicated to complete audiences, and could for example be used by a particular operator to provide certain free services. An "auditorium" is the totality of subscribers that have smart cards that carry the same identifier of conditional access system (CA ID). Finally, a "unique" rights management message is addressed to a unique identifier of the smart card. Rights management messages can be generated by several operators to control access to the rights associated with the programs transmitted by the operators as presented above. Rights management messages can also be generated by the conditional access system administrator to consider aspects of the conditional access system in general. Program Transmission The multiplexer 4 receives electrical signals comprising cryptically encoded rights management messages from the subscriber authorization system 21, cryptically encoded rights control messages from the second cryptic encoding unit 27 and compressed programs from of the compressor 3. The multiplexer 4 disturbs the programs and sends the disturbed programs, the cryptically encoded rights management messages and the cryptically encoded rights control messages to a transmitter 6 of the transmission center via the link 7. The transmitter 6 transmits electromagnetic signals to the satellite transponder 9 via the uplink 8.

Reception of the Program The satellite transmitter-responder 9 receives and processes the electromagnetic signals transmitted by the transmitter 6 and transmits the signals in the terrestrial receiver 11, conventionally in the form of a parabolic antenna owned or rented by the end user, via the link downwards 10. The signals received by the receiver 11 are transmitted to the receiver / decoder 12 owned or rented by the end user and connected to the end user's television set 13. The receiver / decoder 12 demultiplexes the signals to obtain disturbed programs with cryptically encoded rights administrator messages and cryptically encoded rights control messages. If the program is not disturbed, that is, no rights control message has been transmitted with the MPEG-2 current, the receiver / decoder 12 decompresses the data and transforms the signal into a video signal for transmission to an apparatus of television 13. If the program is disturbed, the receiver / decoder extracts the corresponding rights control message from the MPEG-2 stream and passes the rights control message to the "daughter" 30 smart card of the end user. This is inserted into a housing in the receiver / decoder 12. The daughter smart card 30 controls whether the end user has rights to decode the rights control message and access the program. If it does not, a negative status is passed to the receiver / decoder 12 to indicate that the program can not be awakened. If the end user has rights, the rights control message is decoded and the control word is extracted. The decoder 12 can awaken the program using this control word. The MPEG-2 stream is decompressed and translated into a video signal for transmission to the television set 13. Subscriber Management System (SMS) A subscriber management system (SMS) 22 includes a database 32 that it administers , among others, all the end user files, commercial objects, subscriptions, Pay Per View details, and data regarding the consumption and authorization of end users. The subscriber management system may be physically removed from the subscriber authorization system. Each subscriber management system 22 transmits messages to the subscriber authorization system 21 via the respective link 23 which involves modifications to or creations of rights management messages (EMM) that are to be transmitted to the end users. The subscriber management system 22 also transmits messages to the subscriber authorization system 21 which implies that no modifications or creations of rights management messages are made but only imply a change in the state of the end user (related to the authorization granted). to the final user when ordering products or to the amount that will be charged to the end user). The subscriber authorization system 21 sends messages (typically requesting information such as answering information or billing information) to the subscriber management system 22, so that it will be apparent that the communication between the two is two-way. Subscriber Authorization System (SAS) The messages generated by the subscriber management system 22 pass via link 23 to the subscriber authorization system (SAS) 21, which in turn generates messages acknowledging receipt of messages generated by the subscriber. Subscriber authorization system 21 and passes these acknowledgments to the subscriber management system 22. In general, the subscriber authorization system comprises a Subscription Chain area to grant rights for a subscription mode and automatically renew rights every month, an area of Payment Chain By View to grant rights for Pay Per View events, and a Rights Management Message Injector to pass Rights Management Messages created by the Subscription and Pay Per View chains and the multiplexer and disturber 4 areas, and then feed the MPEG stream with rights management messages. If other rights, such as Payment Per File (PPF) rights are to be granted in the case of copying computer software to a user's personal computer, other similar areas are also provided. One function of the subscriber authorization system 21 is to manage access rights to television programs, available as commercial offers in subscription mode or sold as Pay Per View events according to different marketing modes (pre-list mode, mode impulse). The subscriber authorization system 21, in accordance with those rights and the information received from the subscriber management system 22, generates message management rights for the subscriber. Rights management messages are passed to the encryption unit (CU) 24 for encryption with respect to administration and exploitation keys. The encryption unit completes the signature in the rights management message and passes the rights management message back to the message generator (MG) in the subscriber authorization system 21, where a header is added. Rights management messages pass to the message sender (ME) as full rights management messages. The message generator determines the start and end time of the transmission and the speed of issuance of rights management messages, and passes these appropriate addresses together with rights management messages to the message sender. The message generator only generates a rights management message at the same time; and it is the message issuer that performs cyclic transmissions of rights management messages. In generating a rights management message, the message generator assigns a unique identifier to the rights management message. When the message generator passes the rights management message to the message issuer, it also passes the rights management message identifier. This enables the identification of a rights management message to both the message generator and the message sender. In systems such as Simulcrypt that are adapted to handle multiple conditional access systems for example, associated with multiple operators, the rights management message streams associated with each conditional access system are generated separately and multiplexed together by the multiplexer 4 before the transmission. Levels of Cryptic Coding of the System Referring to Figure 3, a simplified outline of the levels of cryptic coding in the transmission system will now be described. The stages of cryptic encoding associated with the transmission of digital data are shown at 41, the transmission channel (for example a satellite link as described above) at 42 and the cryptic decoding stages at the receiver at 43. The digital data N are disturbed by a control word CW before being transmitted to an Mp multiplexer for subsequent transmission. As will be seen from the lower part of Figure 3, the transmitted data includes a rights control message comprising, among others, the control word CW as it was cryptically encoded by a cryptic encoder Chl controlled by a first pass code. Kex cryptic encoding. In the receiver / decoder, the signal passes through a DMp demultiplexer and D booster before moving to a 2022 television for viewing. A decoding unit DChl which also possesses the key Kex decodes the rights control message in the demultiplexed signal to obtain the control word CW subsequently used to wake up the signal. For security reasons, the control word CW incorporated in the rights control message encoded cryptically changes on average every 10 seconds or so on. In contrast, the first Kex cryptic encoding key used by the receiver to decode the rights control message changes every month or so by means of a rights management message operator. The Kex cryptic encoding key is cryptically encoded by a second ChP unit using a custom group key Kl (GN). If the subscriber is one of those chosen to receive an updated Kex key, a cryptic decoding unit ChP in the decoder will decode the message using its group key Kl (GN) to obtain the Kex key of that month. The DChp and DChl decoding units and associated keys are stored in a smart card provided to the subscriber and inserted into a smart card reader in the decoder. The keys can be generated, for example, according to any symmetric key algorithm generally used or according to a symmetric key algorithm adapted to the client. As will be described, different keys can be associated with different operators or transmitters as well as the conditional access system provider. In the above description, a group key Kl (GN) is stored by the smart card associated with the decoder and is used to decode rights management messages. In practice, different operators will have different unique subscriber keys Kl (Opl, GN), Kl (Op2, GN) and so on. Each group key is generated by an operator and is diversified by a value associated with the group to which the subscriber belongs. Different memory zones in the smart card store the keys for different operators. Each operator may also have a unique key associated only with the smart card in question and an audience key for all subscribers to the services provided by that operator (see above). In addition, a set of keys can also be saved by the administrator of the conditional access system. In particular, a given smart card may include a user-specific key K0 (NS) and an auditorium key Kl (C), common to all smart cards. Although operator keys are generally used to decode rights management messages associated with transmission rights, conditional access manager keys can be used to decode rights management messages associated with changes to the conditional access system in general, such as it will be described later. The above description of the system shown in Figure 3 relates to the implementation of access control in a transmission system in which the transmissions are awakened by a decoder and issued immediately. Referring to Figure 4, the elements of an access control system for recording and playback of disturbed transmission will now be described. As above, a decoder 12 receives disturbed emitted transmissions via a receiver 11. The decoder includes a portable security module 30, which may conveniently be in the form of a smart card, but which may comprise another convenient memory or microprocessor device. The decoder 12 includes a modem channel 16, for example, to communicate with servers that handle conditional access information and is also adapted to pass awakened audiovisual display information, for example, via a Peritel 53 link, to a 13 television. The system additionally includes a digital recorder 50, such as a DVHS or DVD recorder, adapted to communicate with the decoder, for example, via an IEEE 1394 busbar 51. The recorder 50 receives a digital media (not shown) on which it is recorded. information. The recorder 50 is further adapted to operate with a portable security module 52 containing, among others, the key used for control access to the reproduction of a recording. The portable security module can comprise any portable memory and / or microprocessor device as conventionally known, such as a smart card, a PCMCIA card, a microprocessor key and so on. In the present case, the portable security module 52 has been designated as a SIM card, known from the field of portable telephones. The digital recorder 50 includes a direct link 54 to the display 13. In alternative embodiments, the digital audiovisual information can be passed from the recorder 50 to the decoder 12 before its display. Likewise, although the elements of the decoder 12, the recorder 50 and the display 13 have been separately indicated, it is conceivable that some or all of these elements may be combined, for example, to provide a combined decoder / television set or a decoder / recorder combined, et cetera. Similarly, although the invention will be discussed in connection with the recording of audio broadcast information, it can also conveniently be applied, for example, to transmitting audio information subsequently recorded on a DAT or minidisk recorder or to a software application of transmission recorded on a computer's hard drive. A first and second embodiment of the invention will now be described with reference to Figures 5 through 11 and 12 through 19, respectively. In the first mode, a central server is used to manage the generation and security of the keys that allow access to a recording. In addition, in this mode, the real-time decoding and the awakening of a transmission is carried out by the SIM card of the recorder before its recording. In the second embodiment, the smart card of the decoder handles the security of the access keys to the recording and also represents a part in the decoding and deciphering in real time of the broadcasts issued. First Mode Referring to Figure 5, the structure of the memory zones on the smart card 30 and the SIM card 52 associated with the decoder and recorder, respectively, will be described. As shown, the smart card of the decoder 30 includes several keys adapted to operate with a symmetric cryptic encoding / decoding algorithm associated with the conditional access system. In the present example, an algorithm adapted to the client "CA" is used for operations generally associated with access to the transmitted transmission. This is to distinguish them from the operations carried out by the SIM card 52 using the DES algorithm and which are generally associated with the recording and reproduction of information on the digital media (see below). The first set of keys, associated with the conditional access system administrator indicated in zone 55, are implanted in the smart card at the time of customization. These keys include a KO key diversified by a unique NS number for that card. The system administration area 55 may also include other keys, such as auditorium key K1 (not shown) diversified by a constant C and common to all smart cards managed by the administrator of the conditional access system. A second zone 56 contains the keys associated with one or more transmission operators. These keys can be implemented at the time of personalization of the card 30 by the conditional access system administrator but are usually created by means of a special transmitted rights management message when the decoder is started. As mentioned above, the operator's key can typically include a KO 'diversified by a unique NS number for that card, a group key Kl' diversified by a group number GN and a auditory key K2 'diversified by a constant Z and common to all subscriber cards run by that operator. Finally, the smart card includes the value of a unique NS number of that card, implanted at the time of customization and maintained in zone 57 of the smart card memory. As shown, the SIM card 52 associated with the digital recorder includes two sections 58, 59 associated with keys and operations carried out using the CA and DES algorithms, respectively. The section 59 associated with operations using the CA algorithm includes a first system administration area 60 and an operator zone 61. The keys in the system administrator area are implanted in the card at the time of customization by the administrator of the system. Conditional access system includes a KO key diversified by the NSIM serial number of the SIM card as well as a communications transport key T also diversified by the NSIM serial number of the card. Both keys are unique to the SIM card in question. The SIM card further includes an operator zone 61 adapted to store keys associated with one or more operators. In the present Figure 5, the SIM card is shown as it is at the time of its creation and personalization by the administrator of the conditional access system and before insertion in a recorder. For this reason, both the operator zone 61 and the DES 58 zone are shown as empty, that is, without any stored key. Finally, the SIM card includes a zone 63 adapted to store the unique serial number of the NSIM SIM card. As mentioned above, in this embodiment, the SIM card of the recorder 52 is adapted to handle the decoding and real-time wake-up of data transmitted autonomously and independently of the smart card 30 associated with the decoder. In order to carry out these operations, it is necessary that the SIM card of the recorder 52 possess a duplicate of the keys usually stored in the system administrator and the operator zones 55, 56 of the smart card of the decoder (see Figure 5). As will be described, as soon as the necessary keys are installed in the SIM card of the recorder 52, the decoder 12 will then pass the transmission current emitted "as is" to the digital recorder 50 and the card 52. In this mode, the generation of keys related to the duplicate transmission is handled by the central conditional access system 21, the digital recorder 50 acting to transmit a request to the appropriate server, for example, via the modem link provided by the decoder 12. Alternatively , it can be considered that the same recorder will be equipped with a modem to carry out your request. In this mode, the central conditional access system serves to regulate both transmission access control keys and, as the recording access control keys will be described. In order to enable the server of the central conditional access system to generate a duplicate of the keys associated with the smart card of the decoder, it is necessary that the request message of the SIM card of the recorder include an identification of the identity of the card. intelligent decoder (for example, the serial number of the NS smart card) as well as providing assured confirmation of its own identity. As a first step, therefore, the smart card of the decoder 30 communicates its serial number NS and a list of operators Opl, Op2, etc., to the SIM card 52. For security reasons, this communication can itself be cryptically encoded. by a simple transport cryptic encoding algorithm applied to all communications between the decoder 12 and the recorder 50. To avoid unnecessary complexity in the Figures, the keys associated with this cryptic encoding are not shown. The serial number of the NS decoder card is then stored in the system administrator area of the SIM card. The SIM card of the recorder 52 then establishes a communication with the conditional access system 21 and requests the unique number NMERE of the conditional access system 21 on the conditional access server (see Figure 2). Using the information thus obtained, the SIM card of the recorder 52 generates a message using the CA algorithm, as shown in Figure 6.

In the convention adapted in the accompanying drawings, the symmetric algorithm to be used in a given cryptographic step (CA or DES) is identified within an oval. The data to be encoded cryptically and / or the data that serves as a diversifier is identified as arriving via an input outside the oval. See the cryptic encoding of the smart card number and the operator list in 70 of Figure 6. The decoding steps are distinguished by using a reverse power sign, for example, CA "1 or DES" 1. As a first step in Figure 6, the smart card number NS and the list of operators are encoded cryptically by the key KO (NSIM) as shown at 70 to generate a message 71 comprising the serial number of the NSIM SIM card and the cryptically encoded data. In a second step 72, the cryptically encoded data is again encoded cryptically by the key T (NSIM, NMERE), created by diversifying the key T (NSIM) by a single NMERE value associated with the conditional access system. As will be understood, steps 70, 71 can be carried out in the reverse order. The message 73 and the signature thus formed are then sent to the conditional access server 21, the encryption unit 24 and the mother card 25. The conditional access system 21 decodes the message as shown in Figure 7. The system possesses the KO original key shown in 76. By diversifying the KO key with the NSIM value contained in the message, as shown in 77, it generates the KO key (NSIM). The KO key (NSIM) is first used to validate the signature at 78. In the case where the signature is not valid, the analysis of the message ends, as shown at 81. In addition to the KO key, the system also has the transport key T or at least the key T (NMERE) representing the value of this key T diversified by the unique conditional access system number NMERE. Diversifying T (NMERE) through the NSIM value contained in the message enables the system to generate the T key (NSIM, NMERE). For reasons of simplification, the steps in the preparation of this key have not been shown in Figure 7. Equipped with the KO (NSIM) and T (NSIM, NMERE) keys, the system administrator can decode the message at 79 to obtain the serial number of the smart card of the NS decoder and the list of operators associated with the subscriber in question. The system administrator additionally verifies that the list of operators will undoubtedly match the serial number of the smart card and thereafter assembles in a rights management message the values of the duplicate keys that will be necessary for the SIM card decodes a transmission, including a duplicate of the key of the KO smart card system administrator (NS) as well as the different operator keys KO '(Opl, NS), Kl' (Opl, GN) and so on. The access system also prepares a recording transport key RT (A) which can be subsequently used by the SIM card to control access during recording and playback of a digital recording, as will be discussed in more detail below. According to the choice of preferred algorithm to work with the recording, this key will be prepared from a key DES RT diversified by a random number A. The RT key is always present on the motherboard and a copy of the value A is maintained for security reasons in a database associated with the system operator. In this way, the RT (A) value can be regenerated at any time. The duplicate keys of the smart card KO (NS), KO '(Opl, NS), Kex etcetera and the recording transport key RT (A) are formatted in a rights administrator message sent to the SIM card of the recorder . For security reasons, this message is encoded cryptically using the KO (NSIM) key to ensure that only the correct SIM card can obtain this information. For any subsequent change or update, for example, in relation to operator passwords and other access rights, the SIM card (such as a copy of the smart card) will receive all rights administrator / rights control messages needed to decode the broadcasts issued. Referring to Figure 8, the status of the SIM card of the recorder 52 immediately prior to the recording of a broadcast transmission will now be described. As shown, the card of the digital recorder 59 now includes complete areas of system administrator and operator 60, 61 as well as a stored value of the recording transport key DES RT (A) shown at 85. In addition, the card generates a cryptic encoding encoding key E (NE) shown at 86 and obtained by diversifying into 87 a key DES E shown at 88 by a random value NE shown at 89. In this case, the key E (NE) is used as a type of session key and can be changed between recordings. The key pair E (NE) and RT (A) will subsequently be used in all critical encodings and decoding of digital recording. Referring now to Figure 9, the steps in processing by the recorder of a rights control message associated with a broadcast transmission will now be described. After the arrival of a message of control of rights in 90, the card verifies in 91 that it has the rights to read this particular transmission, for example, that it is a transmission of one of the operators in its list of operators. If so, the control word cryptically encoded CW is extracted from the rights control message in step 92. If it is not, the process is stopped in step 93. Using that Kex key of exploitation of the month for the operator in issue shown at 94, the card decodes at 95 the cryptically encoded value to get the control word CW clean, as shown at 96. The card of the recorder then re-encodes at 97 the control word CW cryptically using the key DES E (NE) shown at 98 and prepares a rights control message including a new control word cryptically encoded for insertion into the data stream to replace the previous rights control message. The disturbed transmission together with the sequence of new rights control messages are then recorded on the media in the digital recorder. Simultaneously and as shown in step 101 in Figure 10, the card of the SIM recorder cryptically encodes the value E (NE) shown at 100 using the recording transport key RT (A) shown at 102, to generate a message special rights administrator type 103. This rights manager message is then recorded on a digital recording medium at the beginning or in the header of the recording. As will be understood from the previous description, other than the backup stored in the database of the conditional access system, the RT (A) key is unique to the card of the recorder and this message rights administrator it may not be decoded by cards other than the card of the recorder that generated the message. Referring to Figure 11, the steps in the decoding and awakening of a recording will now be described. First, the rights management message 111 in the recording header is decoded at 110 using the recording transport key 112 stored in the SIM card. Assuming that the rights management message was originally created using the same recording transport key the result decoding step 110 will be the cryptic encoding encoding key E (NE) at 116. As the recording is played, the messages of rights control 113 are collected from the data stream and decoded in step 114 using the recording encoding key E (NE) to obtain in step 115 the control word CW used to disturb that part of the data stream associated with the rights control message. This control word CW is then fed together with the disturbed audiovisual data to a wake-up unit, either in the SIM card of the recorder or in the same recorder, and an awakened audiovisual output obtained for its subsequent display via television viewing or something similar. It will be understood that the presence of a security element for preparing a transport key copy RT (A) on the central access control system 25 mother board means that, in the case of the loss or destruction of the SIM card of the recorder 25, it will be possible to reconstruct a new card of the recorder to allow the reproduction of previously made recordings. The above modality is particularized by the fact that the recording transport key RT (A) is generated and safeguarded in the central server and also by the fact that the SIM card of the recorder contains a duplicate of the necessary operator key to decode and independently wake up a real-time transmission. The second embodiment, described later in Figures 12 to 19, does not suffer from these restrictions, but rather describes an embodiment in which the smart card of the decoder represents a more important role. Second Mode Referring to Figure 12, the structure of the conditional access zones on the smart card of the decoder 30 and the SIM card of the recorder 52 in this system are shown. As before, both cards include zones reserved for operations using the CA algorithm and the storage of key data, in areas of system administrator 55, 60 and particular operator zones 56, 61. In the present embodiment, the system administrator area 55 of the decoder card 30 includes, in addition to the KO (NS) key, a Kl (C) auditorium key common to all custom cards and administered by the system administrator and formed by the diversification of a CA key by a constant value CLIENT this key Kl (C) is also present in the management area of the system 60 of the card of the recorder 52. The other significant change compared to the structure of the area of the above embodiment is that the smart card 30 is additionally provided with a DES algorithm and includes an operation area DES 120. In order to enable the smart card of the decoder and the SIM card of the recorder to work together, and , in particular, to enable the eventual generation of a recording transport key TR, it is necessary that the mutual authentication of both cards be carried out. As shown in Figure 13, in a first step 121 the SMI card of the recorder 52 requests a random number from the smart card of the decoder 30 which returns the number Al to 122. This number is then used to diversify the auditorium key Kl (C) in step 123 to generate the key Kl (C, Al) shown in step 124. The SIM card then generates a second random number A2 shown at 125, which in turn is encoded cryptically by the key Kl (C, Al) at 126. Before communication with the smart card, this message is cryptically encoded again and signed at 128 by a second key Kl (C, NSIM) shown at 127 and formed by diversifying the auditorium key Kl (C) by the NSIM value. The message 129 thus formed is sent to a serial number request NS and the associated individual key KO (NS) with the smart card of the decoder 30. Referring to Figure 14, upon arrival of the smart card of the decoder 30, the communicated value NSIM is used by the smart card to generate the key Kl (C, NSIM). The value of A2 is decoded in 130 using this key and the key Kl (C, Al) obtained by the smart card using the random number Al previously generated and stored in its memory. This random number value A2 obtained at 131 is then used to diversify the auditory key Kl (C) to obtain the key Kl (C, A2) shown at 132. The key Kl (C, A2) cryptically encodes then the number of single series of the NS smart card and the system key K0 (NS) at 133 to create the message 134. As above, the message is re-encrypted at 135 using the Kl (C, NSIM) key shown at 136 and the message returns to the SIM card of the recorder 52 as shown in 137. The SIM card of the recorder generates the Kl keys (C, A2) and Kl (C, NSIM) shown in 138 diversifying the Kl (C) key by the serial number NSIM and the random number previously generated and stored A2. These keys are used to decode the messages in 139 so that the unique serial number NS and the administrator key of the unique system KO (NS) of the smart card are obtained, after which this information is recorded in the memory of the SIM card of the recorder in 140. Unlike the previous mode, in which duplicates of all the keys of the system administrator and the operator were taken to ensure the independent operation of the SIM card of the recorder, the duplication of the key KO (NS) and serial number of the NS smart card are used to establish a session key to record and to enable secure communication between the cards during a recording session, notably to enable secure communication of a transport key of recording. In this mode, the initial decoding of the keyword is handled by the smart card using the operator's keys and the monthly operating keys it has. Although it is conceivable that the control word CW could pass directly to the SIM card during the creation of a recording, it is desirable for security reasons to use a session key to carry the control word CW for this purpose. Figure 15 shows a way to create such a key. As shown, the SIM card of the recorder picks up a K3 random key shown at 141 and diversifies this key to 142 with the serial number of the NSIM SIM card shown at 143. The K3 key can be taken from any of several of these keys stored for this purpose in the area of the system administrator. The session key CA K3 (NSIM) thus created at 144 is then cryptically encoded at 145 using the system administrator key KO (NS) of the previously obtained smart card shown at 146. The message 147 thus generated is transmitted thereafter to the smart card of the decoder 55 using its KO (NS) key to decode the message in 148 and store the session key K3 (NSIM) in the memory of the card in step 149. Referring to Figure 16, the status of the SIM card of the recorder before a recording operation will now be described. The zone of the system administrator 60 includes the KO smart card key (NS) and the session key K3 (NSIM) as well as the system keys normally present KO (NSIM), etcetera (not shown). In addition, the card creates a cryptic encryption encoding key DES from a key DES E shown at 150 by diversifying this key to 151 by a random value NE shown at 152. As above, the resulting cryptic encoding encoding key E ( NE) will be used in the cryptic encoding of the control words associated with a program. Similarly, a recording transport key RT (A) shown at 153 is generated to be used to cryptically encode the cryptic encoding encoding key E (NE) also recorded on the digital media. Unlike the previous mode, in which the recording transport key was generated in the access control server, the RT (A) key is generated by the SIM card of the recorder itself using a DES key diversified by a number Random A. In order to safeguard a copy of this key a copy is communicated to the smart card of the decoder. For obvious security reasons, this copy is communicated in cryptically encoded form, for example, as it was cryptically encoded by the smart card key KO (NS) currently stored in the memory of the SIM card. Referring to Figure 20, after the first insertion into the decoder the SIM card of the recorder 52 first sends a request 190 to the smart card to see if a value of RT (A) has already been generated. A valuation is carried out by the smart card of the decoder in 191.

If the answer is negative, the SIM card of the recorder 52 generates a random key RT in 192, whose value is diversified in 193 by a random value A shown in 194 to generate the key RT (A) shown in 195. This value RT key (A) is cryptically encoded then at 196 using the client-adapted algorithm and the KO (NS) key shown at 197 and the resulting message 198 is then sent to the smart card of the decoder 30 for decoding and safeguarding the RT key (A). If the determination is positive at 191, then the previously stored value of RT (A) is sent back to 199 to the SIM card of the recorder 52. Referring to Figure 17, the operations of the smart card of the decoder 30 during the recording of a disturbed transmission will now be described. As mentioned above, in this embodiment, the smart card of the decoder handles the initial decoding steps using the operator's keys before communicating the value of the control word CW to the SIM card of the recorder 52. As shown, the The smart card of the decoder 30 receives a rights control message 160 for processing in the areas of the operator 56. First, the smart card 30 verifies that it has access rights to this program. Assuming that this is the case, the codeword CW is extracted from the rights control message at 162 and decoded at 163 using the appropriate operation key Kex shown at 164. Otherwise, the process ends as shown in 165. As mentioned above, the clean value of the control word CW shown at 166 can not be communicated directly to the SIM card of the recorder. In accordance with the foregoing, the control word CW is cryptically encoded at 167 using the session key K3 (NSIM) shown at 168 and the resulting value 169 is communicated to the SIM card of the recorder for the following steps in the process. Referring to Figure 18, the control word encoded cryptically by the session key is received by the SIM card of the recorder 52 which performs a decoding process 170 using the equivalent of the session key K3 (NSIM) previously. stored in the memory shown at 171. The clean value of the control word CW at 172 is then passed to the DES area of the card for cryptic coding at 173 using the cryptic encoding encoding key E (NE) shown at 174 The resulting cryptically encoded value is then encapsulated in a rights control message and inserted into the data stream for recording with the disturbed data still in the recording medium.

At the same time and in a manner similar to the first embodiment, the cryptic encoding encoding key value shown at 180 in Figure 19 is decoded at 181 using the recording transport key RT (A) shown at 182. The encoded value Cryptically resulting 183 is encapsulated in a rights management message for recording in the header of the digital recording. During the reproduction of the recording, as described above in connection with Figure 11, the rights management message at the beginning of the recording containing the cryptic encoding key of the E (NE) recording is decoded by the SIM card of the recorder using the recording transport key RT (A). The cryptic encoding encoding key E (NE) is then used to decode each rights control message to obtain the control word CW associated with the particular session of the disturbed recording. The recording is awakened and played. As will be understood, the presence of a secure copy of the recording transport key RT (A) stored in the smart card of the decoder means that, in the case of loss or breakdown of the SIM card of the recorder, a replacement recording card can be generated. Unlike the previous mode, however, it is not necessary to use a centralized server to maintain this duplicate copy. As will be understood, alternative modalities can be considered. For example, in the above embodiments the cryptic encoding recording key E (NE) is generated using a key and a random number. However, in alternative modes the key E (NE) can be generated from a key diversified by the serial number of the recording device itself (ie not from the SIM card of the recorder) to link a given recording to both the SIM card of the recorder as to the recording device. Similarly, certain elements of the first mode such as a centralized warehouse of transport keys and a recorder operating autonomously are independent of each other and can be used in the second mode, and vice versa.

Claims (29)

1. A method for recording transmitted digital data in which the transmitted digital information is cryptically encoded by a cryptic recording encoding key (E (NE)) and is stored by a recording element (50) in a recording medium and it is characterized in that an equivalent of the cryptic encoding encoding key (E (NE)) is encoded by a recording transport key (RT (A)) and is stored in a support medium together with the encoded information.

A method as claimed in claim 1 in which the information cryptically encoded by the cryptic recording encoding key (E (NE)) comprises control word information (CW) usable to wake up the transmission of disturbed data as well engraved on the support medium.

A method as claimed in claim 1 or 2 in which a cryptic recording encoding key (E (NE)) and / or recording transport key (RT (A)) are stored in a security module portable (52) associated with the recording element (50).

4. A method as claimed in any preceding claim in which the transmitted information is encoded cryptically prior to transmission and is received by the decoding element (12) before being communicated to the recording element (50).

A method as claimed in claim 4 in which the decoder (50) is associated with a portable security module (30) used to store the transmission access control keys (KO (NS), K? ' (Opl, NS) etcetera) used to decode the transmitted encoded information.

6. A method as claimed in claim 5 wherein the cryptic encoding encoding key (E (NE)) and / or recording transport key (RT (A)) operate in accordance with a first cryptic encoding algorithm (DES) and transmission access control keys (KO (NS), K0 '(Opl, NS) and so on) work in accordance with a second cryptic encoding (CA) algorithm.

A method as claimed in any of the preceding claims in which the recording transport key (RTA) is generated in a central recording authorization unit (21, 24, 25) and a copy of this key is communicated to the recording element (50).

A method as claimed in claim 7 in which the recording transport key (RT (A)) is preferably cryptically encoded by an additional cryptic encoding key (K0 (NSIM)) before being communicated to the recording element. recording (50).

9. A method as claimed in any of the preceding claims in which the central access control system (21, 24, 25) communicates transmission access control keys (KO (NS), K0 '(Opl, NS) and so on. ) to the recording element (50).

A method as claimed in claim 9 in which the transmission access control keys (KO (NS), K0 '(Opl, NS) and so on) are communicated to a portable security module (52) associated with the recording element (50).

A method as claimed in claim 9 or 10 in which the recording elements (50) directly wake up the information transmitted using the transmission access keys (K0 (NS), K? '(Opl, NS) and so on. ) before re-encoding the information cryptically using the cryptic encoding encoding key (E (NE)) and storage in the support medium.

12. A method as claimed in claim 9, 10 or 11 wherein the central access control system (21, 24, 25) preferably encodes cryptically the access control keys to the transmission (K0 (NS), K0) '(Opl, NS), etc.) using an additional cryptic encoding key (K0 (NSIM)) before its communication with the recording element (50).

A method as claimed in any of claims 9 to 12 in which the recording element (50) sends a request to the central access control system that includes information identifying the necessary transmission access keys (KO (NS), K0 '(Opl, NS) etc.), the request being authenticated by the recording element (50) using a key (KO (NSIM)) unique to that recording element.

A method as claimed in claim 1 using a decoding element (12) and an associated security module (30) and a recording element (50) and the associated security module (52) in which a copy of the recording transport key (RT (A)) is stored in the security module (30) associated with the decoding element (12) and / or the security module (52) associated with the recording element.

15. A method as claimed in the claim 14 in which the recording transport key (RT (A)) is generated either by the recording security module (52) or the decoder security module (30) and communicated to the other security module.

16. A method as claimed in the claim 15 in which the recording transport key (RT (A)) is preferably cryptically encoded before communication with the other security module and decoded by a unique key (K0 (NS)) for that other security module.

17. A method as claimed in claim 16 in which the decoder security module (30) and the recording security module (52) perform a mutual authorization process, passing the only cryptic encoding key ( KO (NS)) to another security module from the cryptic encryption security module depending on the result of the mutual authorization.

18. A method as claimed in claim 17 wherein the mutual authorization step is carried out using, among others, an auditorium key K1 (C) known to both security modules (30, 52).

19. A method as claimed in any of claims 14 to 18 in which the decoder security module (30) has transmission access control keys (KO (NS), K0 '(Opl, NS), etc.) to decode the transmitted information in a cryptically encoded form and a session key (K3 (NSIM)) cryptically recodes the information before communication with the recording security module (52), possessing the recording security module (52) an equivalent of the session key (K3 (NSIM)) to decode the information before the cryptic encoding by the recording transport key (RT (A)).

20. A method as claimed in claim 19 in which the session key (K3 (NSIM)) is generated by the security module of the decoder or the security module of the recording medium (52) and is communicated to the other module in cryptically encoded form using a cryptic encoding key (KO (NS)) univocally decodable by the other security module.

21. A recording element (50) adapted for use in a method as claimed in any preceding claim comprising a security module (52) for cryptically encoding digital information transmitted by a cryptic encoding encoding key (E ( NE)) for storage in a recording medium and characterized in that the security module (52) is further adapted to encode the recording coding key (E (NE)) by means of a recording transport key (RT ( A)) for storage in the support medium.

22. A portable security module (52) adapted for use in the recording element of claim 21 and characterized in that it comprises a cryptic encoding encoding key (E (NE)) for the cryptic encoding of digital information transmitted for its subsequent recording and a recording transport key (RT (A)) for the cryptic encoding of the cryptic recording encoding key for subsequent recording.

23. A decoding element (20) adapted for use in a method as claimed in any of claims 14 to 20 including a security module (30) adapted to store a copy of the recording transport key (RT (A) ).

24. A decoding element (20) as claimed in claim 23 which includes a security module (30) adapted to wake up the transmitted information using one or more transmission access keys (K0 (NS), K0 '(Op, NS) and so on) before the cryptic recoding using a session key (K3 (NSIM)) for subsequent communication with a recording element.

25. A portable security module (30) adapted for use in the decoder element (20) of claim 23 or 24 and comprising at least one copy of the recording transport key (RT (A)).

26. A method for recording digital data transmitted substantially as described herein.

27. A recording element substantially as described herein.

28. A portable security module substantially as described herein.

29. A decoding element substantially as described herein.