US20220053169A1 - Methods for the covert transmission of data - Google Patents
Methods for the covert transmission of data Download PDFInfo
- Publication number
- US20220053169A1 US20220053169A1 US17/512,154 US202117512154A US2022053169A1 US 20220053169 A1 US20220053169 A1 US 20220053169A1 US 202117512154 A US202117512154 A US 202117512154A US 2022053169 A1 US2022053169 A1 US 2022053169A1
- Authority
- US
- United States
- Prior art keywords
- card
- identifier
- timing
- shared
- control word
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000005540 biological transmission Effects 0.000 title claims abstract description 10
- 230000004044 response Effects 0.000 claims description 31
- 238000004891 communication Methods 0.000 claims description 15
- 238000012544 monitoring process Methods 0.000 abstract description 11
- 238000012886 linear function Methods 0.000 abstract 2
- 239000013598 vector Substances 0.000 description 16
- 238000012545 processing Methods 0.000 description 13
- 239000011159 matrix material Substances 0.000 description 8
- 238000003780 insertion Methods 0.000 description 5
- 230000037431 insertion Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000002238 attenuated effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/637—Control signals issued by the client directed to the server or network components
- H04N21/6377—Control signals issued by the client directed to the server or network components directed to server
- H04N21/63775—Control signals issued by the client directed to the server or network components directed to server for uploading keys, e.g. for a client to communicate its public key to the server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
Definitions
- the present invention relates generally to the Pay-TV piracy field and more particularly to card sharing attack.
- Pay-TV is ever evolving and gaining more and more audiences.
- this evolvement has to be escorted by security measures as hackers are unceasingly looking for new issues and vulnerabilities so as to acquire an unauthorized reception on their satellite or cable TV system.
- CAS Conditional Access System
- the CAS involves two main components: a source-side component, and a reception-side component.
- the digital content to be broadcasted (including video, audio and data) and which the provider wishes to restrict access, is encrypted (by using common DVB scrambling algorithms) with a cryptographic key, called a Control Word (CW).
- the CW is generated by a pseudo-random binary sequence generator (CW Generator). More generally, the CW is changed every few seconds (mostly, with a periodicity between 2 and 10 s).
- the CW Since there is no return channel or any other means to negotiate with legitimate Satellite or Terrestrial receivers, the CW, in turn, needs to be protected then carried by the broadcasted content itself.
- the CW is, thus, encrypted with a function specific to each CAS manufacturer, and is then packaged into so-called Entitlement Control Message (ECM).
- ECM Entitlement Control Message
- the Viewing rights of the individual subscriber is managed by the so called Subscriber Management System (SMS) and updates or changes in rights are packaged with entitlement data into so-called Entitlement Management Message (EMM).
- SMS Subscriber Management System
- EMF Entitlement Management Message
- the resulting scrambled content, ECM, and EMM are broadcasted together in the same channel in only one scrambled stream.
- the CAS mainly, includes an Integrated Receiver/Decoder (IRD), Television and a smart card, which are generally both comprised within a Set-top box (STB).
- IRD Integrated Receiver/Decoder
- STB Set-top box
- the IRD receives the scrambled streams which comprises the encrypted content, the ECM and the EMM.
- the IRD filters from the received stream the ECM and the EMM according to the parameters provided by the card and then forwards these messages to the card.
- the card decrypts the ECM into a plain CW and transfers it back to the IRD so that IRD will be able to descramble the scrambled content (Video Image).
- the descrambled content is then forwarded to a terminal user able to display such stream as a television or a computer.
- the CW is very vulnerable to the link between the card and the IRD.
- an attacker may easily redirect the decrypted CW to others IRD to descramble the encrypted content.
- an attacker can effortlessly obtain the CW in the plaintext form while its transmission from the card to the IRD. Therefore, the attacker can distribute the obtained CW through Internet or radio means to unauthorized users so that they freely enjoy the protected content, without any subscription.
- Such attack is known as “control word redistribution”, “CW sharing”, or “card sharing”, by which one legitimate user colludes to an unrestricted number of illegitimate users to provide unauthorized access to a protected content.
- CW sharing CW sharing
- card sharing by which one legitimate user colludes to an unrestricted number of illegitimate users to provide unauthorized access to a protected content.
- CW sharing CW sharing
- card sharing By acting as a card server in a push system or a pull system way, only one legitimate card can provide numerous illegitimate receivers with free-access to an encrypted content, resulting in a serious threat to the security of the CAS.
- the card sharing pirate runs one or more IRD's, intercepts the CWs and sends all of them to clients.
- a client software application selects the needed CW for the watched channel out of the whole packet and loads it into its IRD's.
- one or more card connected to a card server running on a PC are shared among Clients.
- an ECM is received by a client IRD, it is forwarded to the card server in order to be processed.
- the card server subsequently carries out the message decryption and forwards back to each client the decrypted CW.
- a forward channel is needed to provide the ECM, such implementation can be deployed only on two-way connections, namely on Internet network.
- card sharing is more and more popular among network communities as it is powerful and easily deployable (no exhaustive smart card compromising or IRD manipulating) which makes of card sharing attack a significant security threat to be overcome.
- Another object of the present invention is to remotely identify a shared card.
- Another object of the present invention is to provide a method for card sharing prevention with the least modification on the underlying CAS hardware.
- Another object of the present invention is to remotely identify a shared card, whatever deployed in a push system or a pull system manner.
- Another object of the present invention is to be able to remotely identify a plurality of cards which are jointly shared via a card server.
- Another object of the present invention is to provide a low computational complexity method for remotely identifying a shared card.
- Another object of the present invention is to provide a method for retrieving the identifier of a shared card without any functional disturbance of the IRD.
- Another object of the present invention is to pinpoint the identifier of a shared card in an invisible way for card sharers.
- Another object of the present invention is to provide CAS managers with a plurality of decisions against shared card owners.
- Another object of the present invention is to permit a remote identification of a shared card from almost any access point to the pirate network.
- Another object of the present invention is to provide an outgoing communication method for the card.
- Another object of the present invention is to cleverly dissimulate the identifier of the card in its outgoing communication.
- FIG. 1 is a block diagram showing a monitoring station connected to the pirate network in order to remotely recover the identifier of a shared card;
- FIG. 2 is a block diagram illustrating one embodiment of outgoing communication of a card, upon the reception of a CW request, whatever from an IRD or from a pirate network;
- FIG. 3 is a block diagram illustrating a functional module.
- the present invention is directed to addressing the effects of one or more of the problems set forth above.
- the following presents a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not an exhaustive overview of the invention. It is not intended to identify key critical elements of the invention or to delineate the scope of the invention. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is discussed later.
- the present invention further relates to a method for identifying at least an identifier of a conditional access card used in a control word redistribution system by passing information over a side channel, said method comprising a modification step of the response time, of the card, to a control word request, according to a predefined function which depends on the identifier of the said cards.
- the present invention further relates to a computer program product for remotely identifying at least one shared card over a pirate network and comprising:
- FIG. 1 With reference to FIG. 1 , there is shown, in the left-hand side, a legitimate user 1 provided with
- the legitimate user 1 is receiving, on his IRD 11 , a scrambled stream, namely a pay-tv stream, via adequate reception means such as a satellite dish, an antenna or a cable connection.
- a scrambled stream namely a pay-tv stream
- the card 12 decrypts the control word CW from the EMM and the ECM which are forwarded thereto from the IRD 11 . Subsequently, the card 12 transfers back the decrypted control word CW, in plaintext form, to the IRD 11 .
- the control word CW furnished by the card 12 and permitting to descramble the received scrambled stream is being diffused or provided on request by the card server 15 through the (wireless or wired) pirate network 3 .
- the card server 15 may relay more than smart card 12 output, in order to jointly serve a plurality of requests concerning the same or different control words.
- the pirate network 3 is a two-way communication network, such as Internet, Intranet, a Local Area Network, a Wide Area Network or a Metropolitan Area Network.
- the card 12 may be uniquely identified by a certain identifier 13 .
- the identifier 13 of a card is commonly an alphanumeric word of a finite number of characters (generally named “serial number” or “code”).
- serial number or “code”.
- the identifier 13 of the card 12 may be of the following form OA852786, 576F18C, 99E58CB001X.
- the response time of the card 12 is used to dissimulate therein its identifier 13 .
- the response time of a card is intended here to mean the elapsed time between
- the response time of a card 12 is limited to the required time by the card 12 to make out the CW from the received EMM and ECM.
- the response time of a card 12 is composed of the required time to decipher the control word CW plus an inserted time delay which is function of the identifier 13 of the card 12 .
- the identifier 13 of the card 12 may be coded in terms of response times of the smart card 12 , whereas the control word CW itself is kept unchanged.
- a time delay offset may be purposely included before the delivery of the control word CW at the level of the outgoing communication interface of the card 12 .
- a predefined delay time may be inserted or not before the card 12 answer to a control word CW request in such a way that its identifier 13 may be deduced from a numerous observations of its response time (response time signature) taken by a monitoring station 2 via control word CW requesting.
- the monitoring station 2 connected to the pirate network 3 , is equipped with
- the monitoring station 2 is further provided with a terminal user 23 able to display a descrambled stream.
- the processing unit 22 is charged for:
- the analysis of the response times of a card aims, mainly, at recreating the response time signature of shared cards, and consequently the card identifier which is encrypted within response times to control word requests over the pirate network 3 .
- the monitoring station 2 may be connected from anywhere within a communication network comprising a card sharing access.
- the insertion decision 43 of a time delay depends on the output of a predefined function 42 .
- the predefined function 42 is function of the card identifier 13 and the requested control word 41 . It must be noted that the predefined function 42 may be the combination or the juxtaposition of more than one function.
- the function 42 is chosen in such a way that each bit of the binary writing of the card identifier 13 is concerned by the function 42 .
- the definition domain of the function 42 must comprise all the bits of the binary writing of the card identifier 13 .
- the output of the function 42 may be more than 1-bit length and at any other alphanumerical form, but the insertion decision 43 has to be adapted accordingly. Any switch-case statement may be applied on the output of the function 42 . For example, if the output of the function 42 is equal to “01” then insert a delay, else don't insert a delay. Moreover, one can even define more than one time delay level to be inserted, such as insert the half of the time delay offset or all the time delay offset.
- FIG. 3 shows an illustrative example of the function 42 .
- the example of function 42 comprises a 32-to-1 multiplexer, a 2-to-1 multiplexer and three functions F 1 , F 2 and F 3 .
- a 5 bit length word A is given by the function F 3 from the bytes 1 and 2 of the currently requested control word 41 .
- the binary word A is used to address the 32-to-1 multiplexer in order to select the corresponding bit from the card identifier 13 .
- the selected bit B is forwarded to the 2-to-1 multiplexer.
- Functions F 1 and F 2 permit, respectively, to extract 1-bit length words C and D.
- C and D are respectively resulted from the couple of bytes ( 3 , 5 ) and ( 6 , 7 ) of the current control word 41 .
- the output E of the 2-to 1 multiplexer will be the one-bit length word C or D.
- the output E will be used, here, as the signature bit for the current crypto-period (or the current control word 41 ).
- Logical functions “AND”, “OR”, “NOR”, “XOR”, “XNOR”, “NANO” or any combination of them are examples of functions F 1 , F 2 , and F 3 .
- control words are utilized by the function 42 .
- the current control word the already transmitted control word or both.
- the CW itself may be used as random source to encode the card identifier in temporal information (response time of the card).
- the bits of the binary writing of the card identifier 13 are randomly multiplexed.
- a random sequence generated by a predefined pseudo-random sequences generator, is used instead of the control word 41 .
- This subroutine may have the following structure:
- the time delay to be waited x is chosen in regards
- the time delay to be waited is chosen in such a way that is significantly inferior to the control word changing periodicity and averagely superior (of the same order or preferably superior) to the channel time-delay spread (maximum time delay which is introduced by the pirate network 3 ).
- the illustrative above subroutine has to be called upon each control word request, or, equivalently, for each crypto-period.
- the monitoring station 2 anywhere within a communication network having an access to the pirate network 3 , aims at recreating the card 12 signature from the received control words which are decrypted by the shared card 12 .
- the observation of the presence/absence of such intentionally inserted time delay in comparison with the arrival time of an ECM at the processing unit 22 (or equivalently at the IRD 21 ) certainly, reveals information about the identifier 13 of the card 12 .
- the intentionally inserted time delay will be indeed “noised” by an additive propagation delay introduced by the communication channel over the pirate network 3 (network jitter, Internet routers, satellite uplink, and modems for example).
- the added propagation delay may be approximated by a random process, as a noise.
- the randomly added noise may be easily overcome (attenuated or even cancelled) by collecting a large number of observations on the responses times of the shared card 12 .
- processing may be accomplished with a subroutine of the form:
- the response time of the shared card 12 is measured in regards to the reception times of ECMs (or equivalently of EMMs) on the local IRD 21 .
- the processing unit 22 conducts a statistical analysis of the response time signature, achieved through a correlation measure between the measured response time signature (named measured_vector in the above illustrative subroutine) and the expected one.
- the processing unit 22 does not know, a priori, the identifier 13 of the shared card 12 , it has to calculate all the set of possible response time signatures of the shared card 12 , given by successively using all possible identifiers of a card of the same type as the shared card 12 .
- the identifier 13 of the shared card 12 exists among the set of possible identifiers. Consequently, the expected response time vector will be certainly the one who shows the maximum similarity (maximum correlation with the measured vector) with the measured one.
- the processing unit 22 has to calculate the response time signature from the same N control words (N is the number of observations) obtained from the card server 15 .
- N is the number of observations
- the identifier 13 of the shared card 12 By calculating the correlation between, each column of the obtained matrix and the measured vector of response times, the identifier 13 of the shared card 12 will be, subsequently, given by the argument of the maximum value of the calculated correlation coefficients.
- Estimated_Identifier_of_shared_card arg(max(Correlation_results))
- correlation is a function returning the correlation coefficient between two vector of the same size
- Expected_matrix(:,k) is a column vector of order k from the 2-dimensional matrix “Expected_matrix”.
- the loop output is a vector (named in the above example “Correlation_results”) of size 1 ⁇ M which contains the correlation coefficients and which may be plotted in function of the M possible values of card identifiers.
- the identifier 13 of the shared card 12 (named in the above illustrative subroutine Estimated_Identifier_of_shared_card) is given by the argument of the maximum value of correlations coefficients plotted in function of the M possible identifiers of the shared card 12 .
- the correlation is done on smaller portions (sub-vectors) of the identifier that can be analyzed separately.
- processing unit 22 may be automatically performed by a computer program.
- the broadcaster may take the decision that meets his action plan (for example, deactivate the card, exclude the card from the monthly key update, or contact the shared card owner).
- An example of counteraction would be the creation of a universal ECM which deactivates every shared card of a specific Manufacturer.
- an ECM could be injected in pull systems on the pirate network 3 .
- the card server 15 usually does not know if an ECM is valid/real or not since it can not decrypt it. Therefore it forwards it to the card 12 in order to be processed.
- the card 12 (after decryption) could understands its purpose and, consequently, deactivates the subscription rights hence forcing the subscriber to call the broadcaster in order to reactivate it.
- a specific ECM may be dedicated for the remote identification of shared smart card.
- a pirate has no means of understanding what is inside an ECM. Therefore he cannot distinguish between a regular ECM and a faked one. Then, a special ECM could be created asking the shared card to respond with a CW with its identifier therein embedded.
- a software application, loaded on card is in charge of embedding the card identifier in the control word CW in such a way an eavesdropper could not exclude the unwanted bits from the intercepted CW. Accordingly, a shared card will automatically reveal its identifier. Therefore, a monitoring station provided with a card sharing access can easily identify the shared card identifier as soon as at least one control word is received.
- a card in a pull system, may be programmed to be automatically deactivated (self-deactivation) as soon as it receives a predefined sequence of requests.
- the sequence of requests is defined in such a way is almost impossible to be unintentionally generated by the owner of a legitimate card.
- Dedicated means may be loaded in the card in order to detect the predefined sequence of requests and subsequently deactivate the card.
- Fraudulent use counteracting of conditional access cards used for the redistribution of Control Words (shared keys) in conditional access systems by passing information over a side channel may be achieved through a predefined sequence detection function inside the said cards and a computer program product to generate the sequence to be detected.
Abstract
A method for determining an identifier of a conditional access card used in a conditional access system, in which the conditional access card autonomously modulates the timing of data packets sent by the conditional access card, to form a timing sequence that corresponds to the identifier of the card. The sequence is generated by a predefined non-linear function stored on the conditional access card, and the predefined non-linear function depends on both the identifier of the conditional access card and a non-linear random sequence that is known to the conditional access card and a monitoring station that receives transmissions from the conditional access card.
Description
- This application is a continuation of co-pending U.S. patent application Ser. No. 16/551,410, entitled, “Methods for the Covert Transmission of Data for Identification,” filed Aug. 26, 2019, which is a continuation of U.S. patent application Ser. No. 15/660,634, entitled, “Methods for the Covert Transmission of Data for Identification,” filed Jul. 26, 2017, which is a continuation of U.S. patent application Ser. No. 14/450,635, entitled, “Methods for the Covert Transmission of Data for Identification,” filed Aug. 4, 2014, which is a continuation of U.S. patent application Ser. No. 13/512,083, entitled, “Card Sharing Countermeasures,” filed Oct. 18, 2012, which is a National Stage of International Application No. PCT/IB2009/007825 filed Nov. 25, 2009, the contents of which are incorporated herein by reference in their entirety.
- The present invention relates generally to the Pay-TV piracy field and more particularly to card sharing attack.
- Thanks to the notable improvement in digital broadcasting platforms which contribute towards a broader reception of digital contents, Pay-TV is ever evolving and gaining more and more audiences. However, this evolvement has to be escorted by security measures as hackers are unceasingly looking for new issues and vulnerabilities so as to acquire an unauthorized reception on their satellite or cable TV system.
- Hence, in order to protect their investments and safeguard their revenue streams, Pay-TV providers have to rely on a strict Conditional Access System (CAS). CAS is responsible for ensuring that broadcasted contents are accessible only to those customers who have satisfied clearly specified conditions, mainly payment related.
- To that end, the CAS involves two main components: a source-side component, and a reception-side component.
- At the source-side, the digital content to be broadcasted (including video, audio and data) and which the provider wishes to restrict access, is encrypted (by using common DVB scrambling algorithms) with a cryptographic key, called a Control Word (CW). The CW is generated by a pseudo-random binary sequence generator (CW Generator). More generally, the CW is changed every few seconds (mostly, with a periodicity between 2 and 10 s).
- Since there is no return channel or any other means to negotiate with legitimate Satellite or Terrestrial receivers, the CW, in turn, needs to be protected then carried by the broadcasted content itself. The CW is, thus, encrypted with a function specific to each CAS manufacturer, and is then packaged into so-called Entitlement Control Message (ECM).
- Further, the Viewing rights of the individual subscriber is managed by the so called Subscriber Management System (SMS) and updates or changes in rights are packaged with entitlement data into so-called Entitlement Management Message (EMM).
- Therefore, the resulting scrambled content, ECM, and EMM are broadcasted together in the same channel in only one scrambled stream.
- At the reception-side, the CAS, mainly, includes an Integrated Receiver/Decoder (IRD), Television and a smart card, which are generally both comprised within a Set-top box (STB).
- The IRD receives the scrambled streams which comprises the encrypted content, the ECM and the EMM. The IRD filters from the received stream the ECM and the EMM according to the parameters provided by the card and then forwards these messages to the card.
- If the card belongs to the right broadcaster and is not revoked, then the card decrypts the ECM into a plain CW and transfers it back to the IRD so that IRD will be able to descramble the scrambled content (Video Image).
- The descrambled content is then forwarded to a terminal user able to display such stream as a television or a computer.
- The CW is very vulnerable to the link between the card and the IRD. In fact, by eavesdropping the communication of the card, an attacker may easily redirect the decrypted CW to others IRD to descramble the encrypted content. In other words, an attacker can effortlessly obtain the CW in the plaintext form while its transmission from the card to the IRD. Therefore, the attacker can distribute the obtained CW through Internet or radio means to unauthorized users so that they freely enjoy the protected content, without any subscription.
- Such attack is known as “control word redistribution”, “CW sharing”, or “card sharing”, by which one legitimate user colludes to an unrestricted number of illegitimate users to provide unauthorized access to a protected content. In particular, by acting as a card server in a push system or a pull system way, only one legitimate card can provide numerous illegitimate receivers with free-access to an encrypted content, resulting in a serious threat to the security of the CAS.
- In a push system, the card sharing pirate runs one or more IRD's, intercepts the CWs and sends all of them to clients. A client software application selects the needed CW for the watched channel out of the whole packet and loads it into its IRD's.
- In a pull system one or more card, connected to a card server running on a PC are shared among Clients. As soon as an ECM is received by a client IRD, it is forwarded to the card server in order to be processed. The card server subsequently carries out the message decryption and forwards back to each client the decrypted CW. As a forward channel is needed to provide the ECM, such implementation can be deployed only on two-way connections, namely on Internet network.
- Even if Pay-TV providers resort to frequently changing the CW, card sharing remain possible as the crypto period (generally around 7 seconds) is relatively greater than the required time to provide, in real-time, the CW to almost any person on the planet.
- Accordingly, card sharing is more and more popular among network communities as it is powerful and easily deployable (no exhaustive smart card compromising or IRD manipulating) which makes of card sharing attack a significant security threat to be overcome.
- It is in one object of the present invention to counteract card sharing attack.
- Another object of the present invention is to remotely identify a shared card.
- Another object of the present invention is to provide a method for card sharing prevention with the least modification on the underlying CAS hardware.
- Another object of the present invention is to remotely identify a shared card, whatever deployed in a push system or a pull system manner.
- Another object of the present invention is to be able to remotely identify a plurality of cards which are jointly shared via a card server.
- Another object of the present invention is to provide a low computational complexity method for remotely identifying a shared card.
- Another object of the present invention is to provide a method for retrieving the identifier of a shared card without any functional disturbance of the IRD.
- Another object of the present invention is to pinpoint the identifier of a shared card in an invisible way for card sharers.
- Another object of the present invention is to provide CAS managers with a plurality of decisions against shared card owners.
- Another object of the present invention is to permit a remote identification of a shared card from almost any access point to the pirate network.
- Another object of the present invention is to provide an outgoing communication method for the card.
- Another object of the present invention is to cleverly dissimulate the identifier of the card in its outgoing communication.
- The objects, advantages and other features of the present invention will become more apparent from the following disclosure and claims. The following non-restrictive description of preferred embodiments is given for the purpose of exemplification only with reference to the accompanying drawings in which:
-
FIG. 1 is a block diagram showing a monitoring station connected to the pirate network in order to remotely recover the identifier of a shared card; -
FIG. 2 is a block diagram illustrating one embodiment of outgoing communication of a card, upon the reception of a CW request, whatever from an IRD or from a pirate network; -
FIG. 3 is a block diagram illustrating a functional module. - The present invention is directed to addressing the effects of one or more of the problems set forth above. The following presents a simplified summary of the invention in order to provide a basic understanding of some aspects of the invention. This summary is not an exhaustive overview of the invention. It is not intended to identify key critical elements of the invention or to delineate the scope of the invention. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is discussed later.
- The present invention further relates to a method for identifying at least an identifier of a conditional access card used in a control word redistribution system by passing information over a side channel, said method comprising a modification step of the response time, of the card, to a control word request, according to a predefined function which depends on the identifier of the said cards.
- The present invention further relates to a computer program product for remotely identifying at least one shared card over a pirate network and comprising:
-
- a program code for measuring the response time signature from acquired control word from the pirate network;
- a program code for calculating expected response time signatures from the retrieved control words by using the set of possible identifiers of the shared card;
- a program code for measuring the correlation between the measured response time signature and each one of the expected response time signatures.
- a program code for determining the argument of the maximum of the correlation measurement among the set of possible identifier of the shared card, the determined code being estimated to be the identifier of the shared card.
- While the invention is susceptible to various modification and alternative forms, specific embodiments thereof have been shown by way of example in the drawings. It should be understood, however, that the description herein of specific embodiments is not intended to limit the invention to the particular forms disclosed.
- It may of course be appreciated that in the development of any such actual embodiments, implementation-specific decisions should be made to achieve the developer's specific goal, such as compliance with system related and business-related constraints. It will be appreciated that such a development effort might be time consuming but may nevertheless be a routine understanding for those or ordinary skill in the art having the benefit of this disclosure.
- With reference to
FIG. 1 , there is shown, in the left-hand side, alegitimate user 1 provided with -
- an Integrated Receiver/Decoder (IRD) 11
- a
legitimate card 12 and preferably - a
terminal user 14 able to display a multimedia (video, audio, data) content. A television or a computer are examples of suchterminal user 14.
- The
legitimate user 1 is receiving, on hisIRD 11, a scrambled stream, namely a pay-tv stream, via adequate reception means such as a satellite dish, an antenna or a cable connection. - The
card 12 decrypts the control word CW from the EMM and the ECM which are forwarded thereto from theIRD 11. Subsequently, thecard 12 transfers back the decrypted control word CW, in plaintext form, to theIRD 11. - According to the philosophy of card sharing attack, the control word CW furnished by the
card 12 and permitting to descramble the received scrambled stream, is being diffused or provided on request by thecard server 15 through the (wireless or wired)pirate network 3. It is to be noted that thecard server 15 may relay more thansmart card 12 output, in order to jointly serve a plurality of requests concerning the same or different control words. Typically, thepirate network 3 is a two-way communication network, such as Internet, Intranet, a Local Area Network, a Wide Area Network or a Metropolitan Area Network. - Generally, the
card 12 may be uniquely identified by acertain identifier 13. Theidentifier 13 of a card is commonly an alphanumeric word of a finite number of characters (generally named “serial number” or “code”). As illustrative examples, theidentifier 13 of thecard 12 may be of the following form OA852786, 576F18C, 99E58CB001X. - In a preferred embodiment, the response time of the
card 12 is used to dissimulate therein itsidentifier 13. The response time of a card is intended here to mean the elapsed time between -
- the reception time, by the
card 12, of an EMM/ECM in order to provide in return the decrypted control word CW; and - the time at which the control word CW is decrypted, by the
card 12, and it is ready to be communicated.
- the reception time, by the
- In fact, conventionally, the response time of a
card 12 is limited to the required time by thecard 12 to make out the CW from the received EMM and ECM. However, the response time of acard 12 is composed of the required time to decipher the control word CW plus an inserted time delay which is function of theidentifier 13 of thecard 12. - Then, the
identifier 13 of thecard 12 may be coded in terms of response times of thesmart card 12, whereas the control word CW itself is kept unchanged. Namely, a time delay offset may be purposely included before the delivery of the control word CW at the level of the outgoing communication interface of thecard 12. Explicitly, a predefined delay time may be inserted or not before thecard 12 answer to a control word CW request in such a way that itsidentifier 13 may be deduced from a numerous observations of its response time (response time signature) taken by amonitoring station 2 via control word CW requesting. - The
monitoring station 2, connected to thepirate network 3, is equipped with -
- a
processing unit 22; - an Integrated Receiver/Decoder (IRD) 21
- a
- Preferably, the
monitoring station 2 is further provided with aterminal user 23 able to display a descrambled stream. - The
processing unit 22 is charged for: -
- formatting requests, towards the
card server 15, for control words CW related to the received scrambled stream on the IRD 21 (if thecard server 15 works according to a pull system) or - selecting, among received control words CWs from the
pirate network 3, the right control word CW to decrypt the scrambled stream received on the IRD 21 (if thecard server 15 works according to a push system); - load the obtained control word CW into the
IRD 21 and particularly - focus on the response time of cards which are the sources of the obtained control words CWs.
- formatting requests, towards the
- The analysis of the response times of a card aims, mainly, at recreating the response time signature of shared cards, and consequently the card identifier which is encrypted within response times to control word requests over the
pirate network 3. - It is to be noted that the
monitoring station 2 may be connected from anywhere within a communication network comprising a card sharing access. - With reference now to
FIG. 2 , theinsertion decision 43 of a time delay depends on the output of apredefined function 42. Thepredefined function 42 is function of thecard identifier 13 and the requestedcontrol word 41. It must be noted that thepredefined function 42 may be the combination or the juxtaposition of more than one function. - Preferably, the output of the
predefined function 42 has one-bit length output (1=“yes”, 0=“no”), as it is shown onFIG. 2 . Then, the one-bit length output of thefunction 42, calculated for eachcontrol word 41 request, is used to decide on the insertion or not of a predefined delay time. For example, -
- if the output of the
function 42 is equal to “1”, then a delay offset is applied before the transmission of the requestedcontrol word 41; and - if the output of the
function 42 is equal to “0”, then no delay to be introduced and the requestedcontrol word 41 is communicated as soon as it is decrypted.
- if the output of the
- The
function 42 is chosen in such a way that each bit of the binary writing of thecard identifier 13 is concerned by thefunction 42. In other words, the definition domain of thefunction 42 must comprise all the bits of the binary writing of thecard identifier 13. By binary writing of a character, the writing of the character in the alphabet {0, 1} is meant. - It is to be noted that the output of the
function 42 may be more than 1-bit length and at any other alphanumerical form, but theinsertion decision 43 has to be adapted accordingly. Any switch-case statement may be applied on the output of thefunction 42. For example, if the output of thefunction 42 is equal to “01” then insert a delay, else don't insert a delay. Moreover, one can even define more than one time delay level to be inserted, such as insert the half of the time delay offset or all the time delay offset. -
FIG. 3 shows an illustrative example of thefunction 42. In this example, it is supposed that -
- the
identifier 13 is a 32 bits word (4 bytes); - the control word itself is used as random source to encode the
identifier 13 of thecard 12 in temporal information (response time); and - the control word is 8 bytes length wherein 2 bytes are used as checksum.
- the
- As it is shown in
FIG. 3 , the example offunction 42 comprises a 32-to-1 multiplexer, a 2-to-1 multiplexer and three functions F1, F2 and F3. A 5 bit length word A is given by the function F3 from thebytes control word 41. The binary word A is used to address the 32-to-1 multiplexer in order to select the corresponding bit from thecard identifier 13. The selected bit B is forwarded to the 2-to-1 multiplexer. Functions F1 and F2 permit, respectively, to extract 1-bit length words C and D. C and D are respectively resulted from the couple of bytes (3,5) and (6,7) of thecurrent control word 41. Then, in function of the value of one-bit length word B, the output E of the 2-to 1 multiplexer will be the one-bit length word C or D. The output E will be used, here, as the signature bit for the current crypto-period (or the current control word 41). Logical functions “AND”, “OR”, “NOR”, “XOR”, “XNOR”, “NANO” or any combination of them are examples of functions F1, F2, and F3. - In a variant embodiment, in addition to the
card identifier 13, another or a combination of other control words are utilized by thefunction 42. As an example, one mentions the current control word, the already transmitted control word or both. - Advantageously, the CW itself may be used as random source to encode the card identifier in temporal information (response time of the card).
- Preferably, the bits of the binary writing of the
card identifier 13 are randomly multiplexed. - In a variant embodiment, a random sequence, generated by a predefined pseudo-random sequences generator, is used instead of the
control word 41. - The above tasks may be accomplished with a subroutine loaded on the smart card. This subroutine may have the following structure:
-
Subroutine delay_bit = Function( requested_control_word_ 41, card_identifier_13)If delay_bit = 1 then wait_time x end_if return
where delay_bit, Function and x are, respectively, the output of thefunction 42, thefunction 42, and a chosen time delay to be waited before the transmission of the currently requestedcontrol word 41. In this example of subroutine loaded on thecard 12, the insertion of the time delay x depends on the value of delay_bit. - Preferably, the time delay to be waited x is chosen in regards
-
- to the control word changing periodicity; and
- to the time delay spread which may be inevitably added by the communication channel that links the
legitimate user 1 to themonitoring station 2.
- Preferably, the time delay to be waited is chosen in such a way that is significantly inferior to the control word changing periodicity and averagely superior (of the same order or preferably superior) to the channel time-delay spread (maximum time delay which is introduced by the pirate network 3).
- The illustrative above subroutine has to be called upon each control word request, or, equivalently, for each crypto-period.
- Once the decision on
delay insertion 43 is taken and applied, the requestedcontrol word 41, through theoutput communication interface 44, is -
- communicated to the
IRD 11, or - sent to the
monitoring station 2 as any other client, over thepirate network 3.
- communicated to the
- The
monitoring station 2, anywhere within a communication network having an access to thepirate network 3, aims at recreating thecard 12 signature from the received control words which are decrypted by the sharedcard 12. At themonitoring station 2 side, the observation of the presence/absence of such intentionally inserted time delay in comparison with the arrival time of an ECM at the processing unit 22 (or equivalently at the IRD 21), certainly, reveals information about theidentifier 13 of thecard 12. But, obviously, the intentionally inserted time delay will be indeed “noised” by an additive propagation delay introduced by the communication channel over the pirate network 3 (network jitter, Internet routers, satellite uplink, and modems for example). Advantageously, the added propagation delay may be approximated by a random process, as a noise. Thus, the randomly added noise may be easily overcome (attenuated or even cancelled) by collecting a large number of observations on the responses times of the sharedcard 12. The more noise there, the more observations are needed to better extract the useful information (the response time of sharedcard 12 and by the way the shared card identifier 13). - Aiming at recreating the response time signature of the shared
card 12, theprocessing unit 22 -
- calculates the difference between the arrival time of the requested
control word 41 and the arrival time, to theprocessing unit 22, of its correspondent ECM; and - repeats the above calculation for a large observation number N of received
control words 41 from thecard server 15.
- calculates the difference between the arrival time of the requested
- More explicitly, such processing may be accomplished with a subroutine of the form:
- For i=1 to N do
-
- get ECM from the
local IRD 21 - set T_ECM=the local time
- request, from the
card server 15, the control word CW relative to the ECM; - set T_CW=the local time
- set measured_vector(i)=(T_CW−T_ECM)
- set CW_List(i)=CW
- loop i
- get ECM from the
- Accordingly, the response time of the shared
card 12 is measured in regards to the reception times of ECMs (or equivalently of EMMs) on thelocal IRD 21. - In order to recover the
identifier 13 of the sharedcard 12, theprocessing unit 22 conducts a statistical analysis of the response time signature, achieved through a correlation measure between the measured response time signature (named measured_vector in the above illustrative subroutine) and the expected one. - As the
processing unit 22 does not know, a priori, theidentifier 13 of the sharedcard 12, it has to calculate all the set of possible response time signatures of the sharedcard 12, given by successively using all possible identifiers of a card of the same type as the sharedcard 12. Obviously, theidentifier 13 of the sharedcard 12 exists among the set of possible identifiers. Consequently, the expected response time vector will be certainly the one who shows the maximum similarity (maximum correlation with the measured vector) with the measured one. - Accordingly, suppose that the set of possible identifiers of the shared
card 12 counts M (M may be given by 2m, where m is the length of the binary writing of the maximum value of identifiers). Then, for each candidate of this set, theprocessing unit 22 has to calculate the response time signature from the same N control words (N is the number of observations) obtained from thecard server 15. Notably, main steps of such processing are as following - for k=1 to M % M being the number of possible identifiers in the system
-
- For i=1 to N % N being the number of retrieved control words
- delay_bit=Function(CW_list(i), one_possible_card_identifier)
- expected_vector(i)=delay_bit
- Loop i
- Expected_matrix(:, k)=expected_vector
- For i=1 to N % N being the number of retrieved control words
- Loop k
- It is to be noted that “Function(CW_list(i), one_possible_card_identifier)” is the
same function 42 which is used by the sharedcard 12, applied on the control word numbered i among the N observed control words and stacked in the vector named CW_list. - The output of the above illustrative subroutine may be stacked in a 2-dimensional matrix (named here Expected_matrix) of size N×M and wherein
-
- each row corresponds to one retrieved control word; and
- each column represents a response time vector calculated with one possible identifier of the shared
card 12.
- By calculating the correlation between, each column of the obtained matrix and the measured vector of response times, the
identifier 13 of the sharedcard 12 will be, subsequently, given by the argument of the maximum value of the calculated correlation coefficients. - Such processing may be formulated as follow:
- For k=1 to M % M being the number of possible identifiers in the system
-
- Correlation_results(k)=correlation(measured_vector, Expected_matrix(:, k))
- Loop k
- Estimated_Identifier_of_shared_card=arg(max(Correlation_results))
- where “correlation” is a function returning the correlation coefficient between two vector of the same size, and “Expected_matrix(:,k)” is a column vector of order k from the 2-dimensional matrix “Expected_matrix”.
- The loop output is a vector (named in the above example “Correlation_results”) of
size 1×M which contains the correlation coefficients and which may be plotted in function of the M possible values of card identifiers. - The
identifier 13 of the shared card 12 (named in the above illustrative subroutine Estimated_Identifier_of_shared_card) is given by the argument of the maximum value of correlations coefficients plotted in function of the M possible identifiers of the sharedcard 12. - It is to be noted that when more than one shared card is linked to the
card server 15, their identifiers are the arguments of maximum values of correlations coefficients plotted in function of the M possible identifiers. In order to easily identify the identifiers of more than one shared card linked to thecard server 15, one can proceed by -
- eliminating the argument of the global maximum of the correlation coefficients plotted against the possible identifiers;
- repeat the above processing with the remainder of possible identifiers until a threshold of the correlation coefficient amplitudes.
- In a variant, the correlation is done on smaller portions (sub-vectors) of the identifier that can be analyzed separately. As an example, one can subdivide the card identifier into two sub-vectors (for example, subdividing an identifier of 32-bit length into two sub-vectors: bits from 1 to 16 and bits from 17 to 32). This may be faster as it reduces the computational complexity of the correlation calculation, to the detriment of more additional observations (more control words to be retrieved from shared cards).
- It is to be noted that different embodiments of the
processing unit 22 may be automatically performed by a computer program. - Once a shared card is identified, obviously, the broadcaster may take the decision that meets his action plan (for example, deactivate the card, exclude the card from the monthly key update, or contact the shared card owner).
- Once the identifier of a shared card via a given card server is resolved, appropriate measures could follow. An example of counteraction would be the creation of a universal ECM which deactivates every shared card of a specific Manufacturer. For example, an ECM could be injected in pull systems on the
pirate network 3. Thecard server 15 usually does not know if an ECM is valid/real or not since it can not decrypt it. Therefore it forwards it to thecard 12 in order to be processed. On reception of such an ECM the card 12 (after decryption) could understands its purpose and, consequently, deactivates the subscription rights hence forcing the subscriber to call the broadcaster in order to reactivate it. - In another embodiment, a specific ECM may be dedicated for the remote identification of shared smart card. In fact, a pirate has no means of understanding what is inside an ECM. Therefore he cannot distinguish between a regular ECM and a faked one. Then, a special ECM could be created asking the shared card to respond with a CW with its identifier therein embedded.
- In another embodiment, one can extend the CW by further bits which are not necessary for the decryption of the scrambled content but that represent, in an encoded form, the card identifier. A software application, loaded on card, is in charge of embedding the card identifier in the control word CW in such a way an eavesdropper could not exclude the unwanted bits from the intercepted CW. Accordingly, a shared card will automatically reveal its identifier. Therefore, a monitoring station provided with a card sharing access can easily identify the shared card identifier as soon as at least one control word is received.
- In another embodiment, in a pull system, a card may be programmed to be automatically deactivated (self-deactivation) as soon as it receives a predefined sequence of requests. Preferably, the sequence of requests is defined in such a way is almost impossible to be unintentionally generated by the owner of a legitimate card. As an example of such sequence, one can mention predefined successive requests for transition between given television stations in a short time. Dedicated means may be loaded in the card in order to detect the predefined sequence of requests and subsequently deactivate the card. A computer program product comprising
-
- a program code for capturing the sequence over the hidden channel;
- a program code for correlating the captured sequence with the predefined sequence and
- a program code for comparing, and counteracting action
is an example of such means.
- Fraudulent use counteracting of conditional access cards used for the redistribution of Control Words (shared keys) in conditional access systems by passing information over a side channel may be achieved through a predefined sequence detection function inside the said cards and a computer program product to generate the sequence to be detected.
- It is to be noted that the herein described embodiments are also valid for a local card sharing (within a home, hotel, campus or among neighbors).
- Obviously, persons skilled in the art will readily appreciate how some teaching, such. as the data staking, the subroutines implementation or the subroutines optimization, may be modified within the spirit and scope of the appended claims.
- While the invention has been described in terms of several embodiments, those skilled in the art will recognize that the invention is not limited to the embodiments described, but can be practiced with modification and alteration within the spirit and scope of the appended claims. The description is thus to be regarded as illustrative instead of limiting and the teachings of this disclosure may be applied to systems and methods which are similar but somewhat different than those which are discussed herein.
- Now that the invention has been described,
Claims (8)
1. A method for an electronic device to communicate data values to a receiving device, the method comprising the steps of:
performing a predefined function depending on said data values to encode said data values into an encoded sequence of timing modulations;
modulating the timing between transmissions of communications sent from said electronic device to said receiving device corresponding to said encoded sequence of timing modulations, wherein said receiving device is adapted to decode the timing between communications sent from said electronic device to said receiving device to determine said data values.
2. The method of claim 1 , further comprising:
said encoded sequence of timing modulations being generated by a predefined function stored on said electronic device.
3. The method of claim 1 , further comprising:
said modulation of said timing not being in response to a request for a delay.
4. The method of claim 1 , wherein:
said data values are a unique signature of said electronic device, and said receiving device is adapted to decode said encoded sequence of timing modulations to determine said unique signature.
5. A method for an electronic device to communicate data values to a receiving device, the method comprising the steps of:
performing a predefined function depending on said data values to encode said data values into an encoded sequence of timing modulations;
modulating the timing between transmissions of communications sent from said electronic device to said receiving device corresponding to said encoded sequence of timing modulations, such that said actual data values are not communicated to said receiving device, wherein said receiving device is adapted to decode the timing between communications sent from said electronic device to said receiving device to determine said data values.
6. The method of claim 5 , further comprising:
said encoded sequence of timing modulations being generated by a predefined function stored on said electronic device.
7. The method of claim 5 , further comprising:
said modulation of said timing not being in response to a request for a delay.
8. The method of claim 5 , wherein:
said data values are a unique signature of said electronic device, and said receiving device is adapted to decode said encoded sequence of timing modulations to determine said unique signature.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US17/512,154 US20220053169A1 (en) | 2009-11-25 | 2021-10-27 | Methods for the covert transmission of data |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2009/007825 WO2011064613A1 (en) | 2009-11-25 | 2009-11-25 | Card sharing countermeasures |
US201213512083A | 2012-10-18 | 2012-10-18 | |
US14/450,635 US9749589B2 (en) | 2009-11-25 | 2014-08-04 | Methods for the covert transmission of data for identification |
US15/660,634 US20170339373A1 (en) | 2009-11-25 | 2017-07-26 | Methods for the covert transmission of data |
US16/551,410 US20190387200A1 (en) | 2009-11-25 | 2019-08-26 | Methods for the covert transmission of data |
US17/512,154 US20220053169A1 (en) | 2009-11-25 | 2021-10-27 | Methods for the covert transmission of data |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US16/551,410 Continuation US20190387200A1 (en) | 2009-11-25 | 2019-08-26 | Methods for the covert transmission of data |
Publications (1)
Publication Number | Publication Date |
---|---|
US20220053169A1 true US20220053169A1 (en) | 2022-02-17 |
Family
ID=42133620
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/512,083 Active - Reinstated US8949881B2 (en) | 2009-11-25 | 2009-11-25 | Card sharing countermeasures |
US14/450,635 Expired - Fee Related US9749589B2 (en) | 2009-11-25 | 2014-08-04 | Methods for the covert transmission of data for identification |
US15/660,634 Abandoned US20170339373A1 (en) | 2009-11-25 | 2017-07-26 | Methods for the covert transmission of data |
US16/551,410 Abandoned US20190387200A1 (en) | 2009-11-25 | 2019-08-26 | Methods for the covert transmission of data |
US17/512,154 Abandoned US20220053169A1 (en) | 2009-11-25 | 2021-10-27 | Methods for the covert transmission of data |
Family Applications Before (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/512,083 Active - Reinstated US8949881B2 (en) | 2009-11-25 | 2009-11-25 | Card sharing countermeasures |
US14/450,635 Expired - Fee Related US9749589B2 (en) | 2009-11-25 | 2014-08-04 | Methods for the covert transmission of data for identification |
US15/660,634 Abandoned US20170339373A1 (en) | 2009-11-25 | 2017-07-26 | Methods for the covert transmission of data |
US16/551,410 Abandoned US20190387200A1 (en) | 2009-11-25 | 2019-08-26 | Methods for the covert transmission of data |
Country Status (4)
Country | Link |
---|---|
US (5) | US8949881B2 (en) |
EP (1) | EP2504996A1 (en) |
IL (1) | IL220026A0 (en) |
WO (1) | WO2011064613A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8949881B2 (en) * | 2009-11-25 | 2015-02-03 | Olivier Koemmerling | Card sharing countermeasures |
FR2958103B1 (en) * | 2010-03-23 | 2012-08-17 | Cryptoexperts Sas | METHOD FOR IDENTIFYING A DEVICE USED BY A PIRATE TERMINAL AND ASSOCIATED DEVICE |
US9503785B2 (en) | 2011-06-22 | 2016-11-22 | Nagrastar, Llc | Anti-splitter violation conditional key change |
US8634322B2 (en) * | 2012-02-18 | 2014-01-21 | Bank Of America Corporation | Apparatus and methods for adaptive network throttling |
JP5855234B2 (en) * | 2012-03-27 | 2016-02-09 | 三菱電機株式会社 | Digital broadcast receiving apparatus and digital broadcast receiving method |
US9392319B2 (en) * | 2013-03-15 | 2016-07-12 | Nagrastar Llc | Secure device profiling countermeasures |
FR3044442B1 (en) | 2015-11-27 | 2018-02-09 | Viaccess | METHOD FOR IDENTIFYING SECURITY PROCESSORS |
US10305479B1 (en) * | 2018-06-12 | 2019-05-28 | Nxp B.V. | Fault attack protection against synchronized fault injections |
Citations (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4742544A (en) * | 1984-07-09 | 1988-05-03 | Kupnicki Richard A | Television transmission network with scrambling and descrambling |
US5517502A (en) * | 1995-03-02 | 1996-05-14 | Zenith Electronics Corp. | Upstream transmission using multiple transmission tags and downstream acknowledgements in conditional access packets |
US5682426A (en) * | 1993-07-12 | 1997-10-28 | California Amplifier | Subscriber site method and apparatus for decoding and selective interdiction of television channels |
US5822429A (en) * | 1996-09-17 | 1998-10-13 | Electro-Radiation Incorporated | System for preventing global positioning satellite signal reception to unauthorized personnel |
US5832035A (en) * | 1994-09-20 | 1998-11-03 | Time Domain Corporation | Fast locking mechanism for channelized ultrawide-band communications |
US6127975A (en) * | 1994-11-03 | 2000-10-03 | Ksi, Incorporated | Single station communications localization system |
US20010033576A1 (en) * | 2000-01-19 | 2001-10-25 | Richards James L. | System and method for medium wide band communications by impulse radio |
US20010050889A1 (en) * | 2000-03-23 | 2001-12-13 | Masayuki Hattori | Method and apparatus for reproducing data and method and apparatus for recording and/or reproducing data |
US20020017560A1 (en) * | 1998-06-22 | 2002-02-14 | Mos Robert J. | Method and apparatus for securing and authenticating encoded data and documents containing such data |
US20020018514A1 (en) * | 2000-07-06 | 2002-02-14 | Haynes Leonard S. | Method and system for fast acquisition of pulsed signals |
US6466125B1 (en) * | 1998-03-23 | 2002-10-15 | Time Domain Corporation | System and method using impulse radio technology to track and monitor people needing health care |
US20030030583A1 (en) * | 2001-08-06 | 2003-02-13 | Finn James S. | System and method of emergency apparatus pre-deployment using impulse radio radar |
US20030189975A1 (en) * | 1994-09-20 | 2003-10-09 | Fullerton Larry W. | Method and transceiver for full duplex communication of ultra wideband signals |
US20030207681A1 (en) * | 2002-05-03 | 2003-11-06 | Rowitch Douglas Neal | System, method, and apparatus for generating a timing signal |
US20040008798A1 (en) * | 2002-07-09 | 2004-01-15 | Tsui Philip Y.W. | Transmitter for operating multiple devices |
US20040091054A1 (en) * | 2002-08-02 | 2004-05-13 | Rastegar Jahangir S. | Low-detectability communication between a transmitter and receiver |
US20050010945A1 (en) * | 2003-04-23 | 2005-01-13 | Yoshikazu Hayashi | Broadcasting signal receiver apparatus provided with controller for controlling demodulation mode, and apparatus for controlling demodulation mode |
US20050015616A1 (en) * | 2003-07-16 | 2005-01-20 | Hogan Josh N. | Copy protected mastering system |
US20050075079A1 (en) * | 2003-10-07 | 2005-04-07 | Samsung Electronics Co., Ltd. | Mobile terminal circuit including an RFID tag and wireless identification method using the same |
US20050220213A1 (en) * | 2004-03-30 | 2005-10-06 | Tate Larry R | Method and apparatus to perform modulation using integer timing relationships between intra symbol modulation components |
US20060067451A1 (en) * | 2004-09-30 | 2006-03-30 | Pollman Michael D | Providing global positioning system timing signals to remote cellular base stations |
US20070153873A1 (en) * | 1996-12-06 | 2007-07-05 | Fullerton Larry W | Fast locking mechanism for channelized ultrawide-band communications |
US7317876B1 (en) * | 2004-02-26 | 2008-01-08 | Bbn Technologies Corp. | Medium access control for retro-reflectors |
US7437642B1 (en) * | 2005-07-22 | 2008-10-14 | Liontech Trains Llc | Model train command protocol using front and back error bytes |
US20090041241A1 (en) * | 2007-08-08 | 2009-02-12 | Radeum, Inc. | Near field communications system having enhanced security |
US20090081943A1 (en) * | 2007-09-26 | 2009-03-26 | Radeum, Inc. Dba Freelinc | System and method for near field communications having local security |
US20090103558A1 (en) * | 2007-10-19 | 2009-04-23 | Zangi Kambiz C | Hybrid Contention-Based and Schedule-Based Access to a Communication Link |
US7620187B1 (en) * | 2005-03-30 | 2009-11-17 | Rockwell Collins, Inc. | Method and apparatus for ad hoc cryptographic key transfer |
US7693216B1 (en) * | 2009-02-24 | 2010-04-06 | Daniel A. Katz | Modulating transmission timing for data communications |
US20100260290A1 (en) * | 2009-04-13 | 2010-10-14 | Adc Telecommunications, Inc. | Smooth modulation switching |
US8432255B2 (en) * | 2009-04-09 | 2013-04-30 | Amtech Systems, LLC | Secondary data channels in RFID systems |
US20140203950A1 (en) * | 2011-07-21 | 2014-07-24 | Mark Zdeblick | Mobile Communication Device, System, and Method |
US9749589B2 (en) * | 2009-11-25 | 2017-08-29 | Oliver Koemmerling | Methods for the covert transmission of data for identification |
US20190040738A1 (en) * | 2017-08-01 | 2019-02-07 | Conocophillips Company | Data acquisition and signal detection through rfid system and method |
US20190222613A1 (en) * | 2018-01-17 | 2019-07-18 | International Business Machines Corporation | Trusted group identification code |
US20190245685A1 (en) * | 2016-09-09 | 2019-08-08 | Nec Corporation | Transmitting device, receiving device, quantum key distribution method, and quantum key distribution program for quantum key distribution system |
Family Cites Families (32)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3688959B2 (en) * | 1999-11-29 | 2005-08-31 | 株式会社東芝 | Packet transmission system |
EP1111923A1 (en) * | 1999-12-22 | 2001-06-27 | Irdeto Access B.V. | Method for operating a conditional access system for broadcast applications |
US6898285B1 (en) * | 2000-06-02 | 2005-05-24 | General Instrument Corporation | System to deliver encrypted access control information to support interoperability between digital information processing/control equipment |
US7995603B2 (en) * | 2001-05-22 | 2011-08-09 | Nds Limited | Secure digital content delivery system and method over a broadcast network |
JP4142384B2 (en) * | 2002-10-01 | 2008-09-03 | 松下電器産業株式会社 | Transmitter |
US7936760B2 (en) * | 2003-03-18 | 2011-05-03 | Nokia Corporation | Method, communications network arrangement, communications network server, terminal, and software means for selecting and changing operating modes for packet-switched voice connection |
KR100543101B1 (en) * | 2003-10-23 | 2006-01-20 | 학교법인 배재학당 | Apparatus for converting and transmitting a code using chaos system and the method therefor |
US7804912B2 (en) * | 2004-09-23 | 2010-09-28 | Motorola, Inc. | Method and apparatus for encryption of over-the-air communications in a wireless communication system |
KR100997508B1 (en) * | 2004-12-28 | 2010-12-01 | 후지쯔 가부시끼가이샤 | Communication quality evaluation method, derivation device and recording medium recorded computer program |
JP2007104085A (en) * | 2005-09-30 | 2007-04-19 | Toshiba Corp | Digital broadcast method and apparatus employing communication line |
US7822073B2 (en) * | 2005-11-03 | 2010-10-26 | George Mason Intellectual Properties, Inc. | Packet flow side channel |
FR2894757B1 (en) * | 2005-12-13 | 2008-05-09 | Viaccess Sa | METHOD FOR CONTROLLING ACCESS TO A RUBBER CONTENT |
WO2007116390A2 (en) * | 2006-04-11 | 2007-10-18 | Nds Limited | Fingerprinting descrambling keys |
US8127009B2 (en) * | 2006-06-30 | 2012-02-28 | Pinder Howard G | Renewable conditional access |
FR2905215B1 (en) * | 2006-08-23 | 2009-01-09 | Viaccess Sa | METHOD OF TRANSMITTING COMPLEMENTARY DATA TO A RECEPTION TERMINAL |
US20080205571A1 (en) * | 2007-02-27 | 2008-08-28 | Khurram Muhammad | System and Method for Time Aligning Signals in Transmitters |
GB2448708B (en) * | 2007-04-24 | 2009-09-30 | Motorola Inc | A cellular communication system and a method of operation therefor |
EP2015497A3 (en) * | 2007-07-13 | 2013-07-03 | Hitachi, Ltd. | Radio communication system, mobile station, and radio base station |
US8199811B2 (en) * | 2008-02-18 | 2012-06-12 | Lg Electronics Inc. | Digital broadcast system and data processing method |
US8650399B2 (en) * | 2008-02-29 | 2014-02-11 | Spansion Llc | Memory device and chip set processor pairing |
US8396222B2 (en) * | 2008-03-10 | 2013-03-12 | Nds Limited | Key distribution system |
CN101690018B (en) * | 2008-04-25 | 2013-09-25 | 松下电器产业株式会社 | Communication apparatus and communication method |
JP5228727B2 (en) * | 2008-09-12 | 2013-07-03 | 日本電気株式会社 | Data transmission apparatus and data transmission method |
US8204220B2 (en) * | 2008-09-18 | 2012-06-19 | Sony Corporation | Simulcrypt key sharing with hashed keys |
FR2940691B1 (en) * | 2008-12-31 | 2011-02-25 | Viaccess Sa | METHODS OF TRANSMITTING, RECEIVING AND IDENTIFYING, SECURITY PROCESSOR, AND INFORMATION RECORDING MEDIUM FOR SUCH METHODS. |
KR101556243B1 (en) * | 2009-04-20 | 2015-09-30 | 삼성전자 주식회사 | Broadcasing processing apparatus and contrl method of the same |
WO2011116716A2 (en) * | 2011-04-28 | 2011-09-29 | 华为技术有限公司 | Method and device for artificial synthesis of network flow |
US20130143555A1 (en) * | 2011-12-02 | 2013-06-06 | Qualcomm Incorporated | Managing access terminal handover in view of access point physical layer identifier confusion |
US9148892B2 (en) * | 2012-08-31 | 2015-09-29 | Cambridge Silicon Radio Limited | Transmitting data |
US20140269667A1 (en) * | 2013-03-15 | 2014-09-18 | Qualcomm Incorporated | Method and apparatus for dynamic configuration of packet preambles for synchronization-based transmissions |
US9729362B1 (en) * | 2013-03-20 | 2017-08-08 | Georgia Tech Research Corporation | Systems and methods for autonomous signal modulation format identification |
US9705617B2 (en) * | 2013-08-08 | 2017-07-11 | Massoud Alibakhsh | System and method for wirelessly transmitting and receiving customized data broadcasts |
-
2009
- 2009-11-25 US US13/512,083 patent/US8949881B2/en active Active - Reinstated
- 2009-11-25 WO PCT/IB2009/007825 patent/WO2011064613A1/en active Application Filing
- 2009-11-25 EP EP09806121A patent/EP2504996A1/en not_active Withdrawn
-
2012
- 2012-05-28 IL IL220026A patent/IL220026A0/en unknown
-
2014
- 2014-08-04 US US14/450,635 patent/US9749589B2/en not_active Expired - Fee Related
-
2017
- 2017-07-26 US US15/660,634 patent/US20170339373A1/en not_active Abandoned
-
2019
- 2019-08-26 US US16/551,410 patent/US20190387200A1/en not_active Abandoned
-
2021
- 2021-10-27 US US17/512,154 patent/US20220053169A1/en not_active Abandoned
Patent Citations (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4742544A (en) * | 1984-07-09 | 1988-05-03 | Kupnicki Richard A | Television transmission network with scrambling and descrambling |
US5682426A (en) * | 1993-07-12 | 1997-10-28 | California Amplifier | Subscriber site method and apparatus for decoding and selective interdiction of television channels |
US20030189975A1 (en) * | 1994-09-20 | 2003-10-09 | Fullerton Larry W. | Method and transceiver for full duplex communication of ultra wideband signals |
US5832035A (en) * | 1994-09-20 | 1998-11-03 | Time Domain Corporation | Fast locking mechanism for channelized ultrawide-band communications |
US6127975A (en) * | 1994-11-03 | 2000-10-03 | Ksi, Incorporated | Single station communications localization system |
US5517502A (en) * | 1995-03-02 | 1996-05-14 | Zenith Electronics Corp. | Upstream transmission using multiple transmission tags and downstream acknowledgements in conditional access packets |
US5822429A (en) * | 1996-09-17 | 1998-10-13 | Electro-Radiation Incorporated | System for preventing global positioning satellite signal reception to unauthorized personnel |
US20070153873A1 (en) * | 1996-12-06 | 2007-07-05 | Fullerton Larry W | Fast locking mechanism for channelized ultrawide-band communications |
US6466125B1 (en) * | 1998-03-23 | 2002-10-15 | Time Domain Corporation | System and method using impulse radio technology to track and monitor people needing health care |
US20020017560A1 (en) * | 1998-06-22 | 2002-02-14 | Mos Robert J. | Method and apparatus for securing and authenticating encoded data and documents containing such data |
US20010033576A1 (en) * | 2000-01-19 | 2001-10-25 | Richards James L. | System and method for medium wide band communications by impulse radio |
US20010050889A1 (en) * | 2000-03-23 | 2001-12-13 | Masayuki Hattori | Method and apparatus for reproducing data and method and apparatus for recording and/or reproducing data |
US20020018514A1 (en) * | 2000-07-06 | 2002-02-14 | Haynes Leonard S. | Method and system for fast acquisition of pulsed signals |
US20030030583A1 (en) * | 2001-08-06 | 2003-02-13 | Finn James S. | System and method of emergency apparatus pre-deployment using impulse radio radar |
US20030207681A1 (en) * | 2002-05-03 | 2003-11-06 | Rowitch Douglas Neal | System, method, and apparatus for generating a timing signal |
US20040008798A1 (en) * | 2002-07-09 | 2004-01-15 | Tsui Philip Y.W. | Transmitter for operating multiple devices |
US20040091054A1 (en) * | 2002-08-02 | 2004-05-13 | Rastegar Jahangir S. | Low-detectability communication between a transmitter and receiver |
US20050010945A1 (en) * | 2003-04-23 | 2005-01-13 | Yoshikazu Hayashi | Broadcasting signal receiver apparatus provided with controller for controlling demodulation mode, and apparatus for controlling demodulation mode |
US20050015616A1 (en) * | 2003-07-16 | 2005-01-20 | Hogan Josh N. | Copy protected mastering system |
US20050075079A1 (en) * | 2003-10-07 | 2005-04-07 | Samsung Electronics Co., Ltd. | Mobile terminal circuit including an RFID tag and wireless identification method using the same |
US7317876B1 (en) * | 2004-02-26 | 2008-01-08 | Bbn Technologies Corp. | Medium access control for retro-reflectors |
US20050220213A1 (en) * | 2004-03-30 | 2005-10-06 | Tate Larry R | Method and apparatus to perform modulation using integer timing relationships between intra symbol modulation components |
US20060067451A1 (en) * | 2004-09-30 | 2006-03-30 | Pollman Michael D | Providing global positioning system timing signals to remote cellular base stations |
US7620187B1 (en) * | 2005-03-30 | 2009-11-17 | Rockwell Collins, Inc. | Method and apparatus for ad hoc cryptographic key transfer |
US7437642B1 (en) * | 2005-07-22 | 2008-10-14 | Liontech Trains Llc | Model train command protocol using front and back error bytes |
US20090041241A1 (en) * | 2007-08-08 | 2009-02-12 | Radeum, Inc. | Near field communications system having enhanced security |
US20090081943A1 (en) * | 2007-09-26 | 2009-03-26 | Radeum, Inc. Dba Freelinc | System and method for near field communications having local security |
US20090103558A1 (en) * | 2007-10-19 | 2009-04-23 | Zangi Kambiz C | Hybrid Contention-Based and Schedule-Based Access to a Communication Link |
US7693216B1 (en) * | 2009-02-24 | 2010-04-06 | Daniel A. Katz | Modulating transmission timing for data communications |
US8432255B2 (en) * | 2009-04-09 | 2013-04-30 | Amtech Systems, LLC | Secondary data channels in RFID systems |
US20100260290A1 (en) * | 2009-04-13 | 2010-10-14 | Adc Telecommunications, Inc. | Smooth modulation switching |
US9749589B2 (en) * | 2009-11-25 | 2017-08-29 | Oliver Koemmerling | Methods for the covert transmission of data for identification |
US20140203950A1 (en) * | 2011-07-21 | 2014-07-24 | Mark Zdeblick | Mobile Communication Device, System, and Method |
US20190245685A1 (en) * | 2016-09-09 | 2019-08-08 | Nec Corporation | Transmitting device, receiving device, quantum key distribution method, and quantum key distribution program for quantum key distribution system |
US20190040738A1 (en) * | 2017-08-01 | 2019-02-07 | Conocophillips Company | Data acquisition and signal detection through rfid system and method |
US20190222613A1 (en) * | 2018-01-17 | 2019-07-18 | International Business Machines Corporation | Trusted group identification code |
Also Published As
Publication number | Publication date |
---|---|
WO2011064613A1 (en) | 2011-06-03 |
US20140344851A1 (en) | 2014-11-20 |
EP2504996A1 (en) | 2012-10-03 |
US20130031576A1 (en) | 2013-01-31 |
US20170339373A1 (en) | 2017-11-23 |
US8949881B2 (en) | 2015-02-03 |
US9749589B2 (en) | 2017-08-29 |
IL220026A0 (en) | 2012-07-31 |
US20190387200A1 (en) | 2019-12-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220053169A1 (en) | Methods for the covert transmission of data | |
KR101120689B1 (en) | Smartcard dynamic management | |
CA2137608C (en) | Apparatus and method for securing communication systems | |
US8831219B2 (en) | Method of transmitting an additional piece of data to a reception terminal | |
KR20010030925A (en) | Method and apparatus for encrypted data stream transmission | |
EP1439697A1 (en) | Digital broadcast data reception system with digital master terminal ,and at least one digital slave terminal | |
US8571213B2 (en) | Security method for preventing the unauthorized use of multimedia contents | |
KR20110109970A (en) | Tracing unauthorized use of secure modules | |
TWI477133B (en) | Methods for decrypting, transmitting and receiving control words, recording medium and control word server to implement these methods | |
US8615650B2 (en) | Control-word deciphering, transmission and reception methods, recording medium and server for these methods | |
US8885816B2 (en) | Method for detecting an illicit use of a security processor | |
TWI448920B (en) | Methods for transmitting, receiving and identifying, security processor and information-recording carrier for these methods | |
RU2547230C2 (en) | Method of receiving multimedia content scrambled using control words | |
CN102271284B (en) | A method and apparatus for decrypting encrypted content | |
Eskicioglu | Key transport protocol based on secret sharing: an application to conditional access systems | |
KR101980928B1 (en) | Method, cryptographic system and security module for descrambling content packets of a digital transport stream | |
Villegas et al. | Network assisted content protection architectures for a connected world | |
US20110228933A1 (en) | Method and system for protecting an information signal using a control word | |
Kim et al. | A study on frame encryption for protecting IPTV contents | |
CN113497961A (en) | Conditional access system based on smart phone | |
CN113497960A (en) | Conditional access system based on smart phone | |
KR100850946B1 (en) | Apparatus and method for conditional access | |
TR2023001044A2 (en) | PIRATE (ILLEGAL) STREAMING DETECTION SYSTEM ON DIGITAL PLATFORMS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |