EP1436996A1

EP1436996A1 - Interactive protocol for remote management of access control to scrambled data

Info

Publication number: EP1436996A1
Application number: EP02795318A
Authority: EP
Inventors: Claudia Becker; Chantal Guionnet; André CODET; Pierre Fevrier
Original assignee: Viaccess SAS
Current assignee: Viaccess SAS
Priority date: 2001-10-19
Filing date: 2002-10-15
Publication date: 2004-07-14
Also published as: KR100768129B1; FR2831360A1; JP2005506770A; CN1605203A; JP4409946B2; WO2003034732A1; FR2831360B1; KR20040054733A; CN100466721C; US20050055551A1

Abstract

The invention concerns a protocol for remote management, from a broadcasting center (E), of access control to scrambled data, through a descrambling terminal (T) and an access control card or module provided with a security processor (PS). It consists in transmitting (A) from the broadcasting center (E) to at least a receiver set (PR) or the security processor (PS) a control message including input template fields, control applicative data, digital signature, and in subjecting (B) the exchange of action instructions and the replies to said action instructions, between the terminal (T) and the security processor (PS), to a local security protocol inhibiting any local viewing at the security processor (PS)/terminal (T). The invention is applicable to management of broadcasting or distribution of scrambled or encrypted data.

Description

Interactive protocol for remote management of access control to scrambled information.

The invention relates to a remote management protocol for controlling access to encrypted or scrambled information.

Access control to encrypted information has experienced unprecedented growth, thanks to the advent of networked information transmission technologies.

These techniques, having the object of ensuring the transmission of information to the greatest number of users, currently make it possible to offer a very large number of services, due to the increase at a doubling rate of capacities for computing and memorizing integrated circuits approximately every five years, and, consequently, the processing power of the information transmitted. The techniques for controlling access to encrypted information were originally proposed in the context of applications in the transmission and display of information on television receivers for the purpose of entertainment, information Or other.

Such techniques have, in particular, found application to the system called "ANTIOPE" for Digital Acquisition and Television Visualization of Images Organized in Writing Pages, to the system called "TITAN" for Interactive Teletext Terminal to Call by Dialing or to the said system "EPEOS" for Scheduled Recording of Emissions by Order of Sources.

These systems using for the dissemination of information a so-called "DIDON" procedure for Diffusion of Digital Data, relate to a broadcast videotext system, an interactive videotext system, respectively a program messaging system by remote control, from a source of transmission, of the recording action by a receiving equipment, such as a video recorder. The application of the access control process to such systems has been proposed. Such an application poses the problem of locking information on transmission, locking by encryption or scrambling, then unlocking encrypted information or locked on reception, account- given the user authorization criteria and the specifics of the system to be checked.

In particular, an access control system applied to the aforementioned systems has been developed and described in French patent application 79 02995 (2 448 825) made available to the public on September 5, 1980. In the access control system aforementioned, a dual key process is used comprising, a service key, which makes it possible to lock the information, this key being changed randomly at short intervals, of the order of a few minutes, and a so-called key subscription, which can take several Ci values depending on the type of subscription. This key also changes randomly, at longer intervals, of the order of a month. It is entered on a subscription medium, such as a smart card or credit card, which is inserted into each receiving station. Special messages are composed on transmission and transmitted with the data locked. These messages make it possible to restore the service key in the receiving station, then to open the electronic lock which locks the locked information transmitted.

Such a process has been the subject of numerous technological developments, which have given rise to the establishment of the UTE standard.

C90-007 "Conditional access system for digital broadcasting systems".

In general, based on the teachings of the aforementioned French patent application, the provisions adopted by the text of the previously mentioned standard relate to the definition of specifications for conditional access control systems to scrambled or encrypted information which allow ensure that television, radio programs, data consultation services or other types of services are accessible only to users who meet certain conditions and meet very specific criteria, essentially linked to a payment for consultation of the aforementioned programs or services.

To this end, such systems make it possible to remotely manage access control to scrambled information by means of a service key and transmitted between a sending center and at least one receiving station. The emission center includes a module for calculating a word control, CW, containing at least the service key, and a control word encryption module, CW, by means of an exploitation key, SOK. A module for generating access title control messages, ECM messages, containing at least the encrypted control word and parameters for controlling access titles and a module for generating access title management messages, EMM messages , are provided. ECM messages and EMM messages can be multiplexed in the stream of transmitted encrypted information. Each receiving station comprises at least one terminal for descrambling scrambled information and an access control module comprising a security processor (PS) hosted for example by an access control card inserted in the terminal. The security processor comprises the operating key SOK and access titles, stored in secure internal memory, and a decryption module, the security processor making it possible, from the operating key and the encrypted control word to restore the service key, on the basis of the verification criteria for one of the registered access titles, from the access title control parameters.

Each descrambling terminal comprises a descrambling module making it possible, from the restored service key, to decrypt the scrambled information transmitted, for use by the authorized subscriber user holding the access control card.

Such systems, developed within the framework of the aforementioned standard UTE C 90-007, give satisfaction, insofar as, on the one hand, the calculations of restitution of the service key and the secrets, operating key , necessary for the execution of these calculations, are located in the protected memory area of the access control card, the operating key being never accessible by external reading, and where, on the other hand, the transmission and the management of access titles, stored in the memory of the security processor, is made completely independent of the access control as such, conditioned on the possession of the current operating key, in order to allow the restitution of the current service key, then descrambling the scrambled data using the latter. The present invention relates to the implementation of a remote management protocol for controlling access to scrambled information allowing application of the access control process to any type of online service, linked in particular to electronic transaction operations, regardless of the type of scrambled data transmission.

Another object of the present invention is, in particular, the implementation of a remote management protocol for controlling access to encrypted information of a very high level of security, the terminal descrambling / processor dialogue. security, a privileged point of attack for pirates and ciphers, being subject to a local security protocol.

Another object of the present invention is, moreover, the implementation of specific messages, such as EPM messages, constituting link messages for managing access titles and ensuring the link between ECM message and EMM message.

Another object of the present invention is, finally, the implementation of a remote management protocol for controlling access to scrambled information, applied to a wide variety of services, such as secure online transaction management. electronic, via a return channel thanks to the transmission of programmable messages, which allows the processing of state variables representative of the most diverse situations and environments, regardless of the type of service and transaction implemented.

The remote management protocol for controlling access to information scrambled by means of a service key and transmitted over a network, object of the invention, is implemented between a transmission center and at least one receiving station. . The transmission of scrambled information is accompanied by a control word containing at least the service key, a control word encrypted by means of an exploitation key. This transmission of the control word cryptogram is carried out by means of access title control messages, ECM messages, containing at least this encrypted control word and access title control parameters. ECM messages are transmitted and multiplexed in the flow of scrambled information with access title management messages, EMM messages. Each receiver station comprises at least one descrambling terminal for scrambled information and an access control module provided with a security processor. The security processor comprises the operating key and registered access titles allocated to a subscriber user stored in the protected memory of the security processor and allows the key to be restored from the operating key and the encrypted control word. service based on criteria for verifying registered access tickets. Each descrambling terminal makes it possible, from the restored service key, to descramble scrambled information for use by an authorized subscriber user.

It is remarkable in that it consists at least of transmitting from the transmission center to at least one receiving station and / or to the security processor associated with the latter a command message comprising data fields forming at least one template. input, command application data and cryptographic redundancy or digital signature. The input template contains the security attributes applied to the control application data. Cryptographic redundancy or digital signature makes it possible to authenticate and guarantee the integrity of the command message from the security attributes.

It also consists in subjecting the exchange of action instructions and responses to these action instructions between the descrambling terminal and the security processor to a specific local security protocol making it possible to guard against local eavesdropping. the descrambling terminal / security processor interface, for securely executing a series of tasks consisting of the execution of at least one action instruction.

The protocol object of the present invention finds application to the remote management of access control to scrambled or encrypted information periodically transmitted over a network, whatever the type of transmission network used, the criteria for synchronization of the transmission. scrambled or encrypted information, the encrypted control word and the service key associated with the latter, if applicable of the operating key used, which alone must be satisfied. It will be better understood on reading the description and on observing the drawings below in which:

- Figure 1a shows, by way of illustration, a flowchart of the essential steps for implementing the remote management protocol for controlling access to scrambled information, object of the present invention;

- Figure 1b shows, by way of illustration, an alternative implementation of the protocol object of the present invention illustrated in Figure 1a, this protocol having an interactive character, during the presence of a return channel between receiving station and center transmission or management center of this transmission center;

- Figures 2a to 2c show, by way of illustration, the specific structure of respectively response control messages allowing the implementation of the protocol object of the present invention; FIG. 3a represents, by way of illustration, a flow diagram of the essential steps allowing the implementation of a local security protocol implemented between the descrambling terminal and the security processor equipping the access control module associated with the latter, to ensure the transmission of control messages to this security processor; - Figure 3b shows, by way of illustration, a flow diagram of the essential steps allowing the implementation of a local security protocol conducted between the security processor equipping the access control module and the descrambling terminal to ensure transmission response messages to this terminal, if applicable to the transmission center or the transmission management center;

- Figure 3c shows, by way of illustration, a process of indexing respectively response control messages likely to be implemented within the framework of the local security protocol, in order to reinforce the security and reliability of the latter; - Figure 3d shows, by way of illustration, an alternative implementation of the local security protocol shown in Figure 3a, to give the security processor of the access control module associated with each descrambling terminal a control function referral control messages, depending on their destination at the descrambling terminal respectively at the security processor itself;

- Figure 4 shows, by way of illustration, an example of implementation of a link message between EMM message and ECM message of the prior art in an application related to the use of an electronic token holder.

A more detailed description of the interactive remote management method for controlling access to scrambled information in accordance with the object of the present invention will now be given in conjunction with FIG. 1a and the following figures.

With reference to FIG. 1a above, it will be recalled that the method which is the subject of the present invention is implemented between a transmitter E, transmitter of messages, a receiver station PR comprising a descrambling terminal T with which a control module is associated. access. The access control module is provided with a security processor and can, for example, be constituted either by an access control card of the microprocessor card type, or by a virtual card installed in a more complex system.

The messages sent by the message sender E are intended to remotely manage access control to scrambled information by means of a service key and transmitted over the network between the sending sender message center E and at least one PR receiver station. The concept of scrambling of information covers the operations of symmetric encryption of this information by means of secret keys respectively of non-symmetrical encryption by means of public key, private key.

The transmission of the encrypted information is accompanied by a control word CW containing at least the service key. The control word is encrypted using an exploitation key designated SOK. The transmission of the encrypted control word is carried out by means of access title control messages designated ECM messages containing at least the encrypted control word and access title control parameters. ECM messages are transmitted and can be multiplexed in the flow of information encrypted with access title management messages designated EMM messages. The process of transmitting the encrypted data and the multiplexing of the ECM messages and of the EMM messages satisfies for example the provisions of the standard UTE C90-007 previously mentioned in the description. For this reason, the above process will not be described in more detail. In general, it will be recalled that the access control module associated with each descrambling terminal T comprises the operating key SOK as well as registered access titles allocated to a subscribed user, authorized holder of the control module access. The operating key and the access titles entered are stored in the protected memory of the aforementioned access control module. The latter further comprises a security processor and cryptographic resources making it possible, from the operating key and the encrypted control word, to restore the service key used for encryption of the scrambled information transmitted. The service key is returned on the basis of verification criteria for the registered access titles, or at least one of the registered access titles, using the parameters for controlling the transmitted access titles.

Each descrambling terminal makes it possible, from the restored service key, to descramble the scrambled information broadcast for use in clear by the authorized subscriber user.

Finally, and within the framework of the implementation of the process which is the subject of the present invention, each receiver station can advantageously be connected to the transmission center, transmitter E, by means of a return channel enabling a interactive implementation of the remote management method according to the subject of the present invention.

As shown in FIG. 1a, it is indicated that the protocol which is the subject of the invention consists at least, in a step A, of transmitting from the transmission center to at least one receiver station PR and / or to the security processor PS of the access control module associated with the latter a control message denoted MC = [GE, DAC, RC] comprising data fields forming at least one input template GE, application data of DAC command and RC authenticity data which may be cryptographic redundancy, or a digital signature.

The input template contains the security attributes to be applied to the DAC control application data. The authenticity data make it possible to authenticate the order message, as will be described later in the description.

Step A is followed by a step B consisting in subjecting the exchange of action instructions, between the descrambling terminal T and the security processor PS of the access control module, to a local security protocol. specific. The specific local security protocol makes it possible to protect against local listening at the descrambling terminal / security processor interface, in order to execute in a secure manner a series of tasks constituted by the execution of at least one action instruction.

In accordance with a particularly advantageous aspect of the protocol in accordance with the object of the present invention, it is indicated that the aforementioned specific local security protocol implemented in step B makes it possible to take account of the destination of the control messages MC at the terminal T descrambling respectively to the access control module, as will be described later in the description. Indeed, depending on the maximum security criterion sought, it is possible to implement different variants of execution of the local security protocol, this with a view, in particular, to ensuring maximum security of the data exchange between the descrambling terminal T and the security processor of the access control module. The maximum level of security can be defined as consisting in reserving the execution of all of the encryption-decryption operations to the internal organs of the module, in particular to the security processor of the latter, as will be described later in the description.

When the receiver station (s) PR are provided with a return channel, connecting each of these receivers to the transmission center E or to a management center GE of the latter, the abovementioned step B can then, as shown in Figure 1b, be followed by a step C consisting of calculating and transmitting on the return channel, a response message specific to the above-mentioned control message MC. The transmission of the response message is carried out from the receiving station PR, that is to say in fact from the descrambling terminal T, to the transmitter E or, where appropriate, to the management center GE associated with this transmitter and networked with it.

In FIG. 1 b, the response message is noted MR = [G'E, DAR, RC, ST].

It includes data fields forming at least one input template G'E, DAR response application data and state data denoted ST.

It can also include RC authenticity data. The input template contains the security attributes applied to the response application data. According to an advantageous aspect of the protocol which is the subject of the present invention, the absence of an input template G'E in the response message MR corresponds to an absence of security applied to these response application data. It is understood, in particular, that the DAR response application data as a function of the operation carried out need not necessarily be encrypted and that consequently, in such a situation, the field or part of the field of application data DAR response can be simply transmitted in clear.

On the contrary, when the transmitted control message MC concerns sensitive data, the field or part of the field forming the DAC control application data can be encrypted. The field containing the authenticity data formed by the cryptographic redundancy or digital signature RC can be calculated from a signature key calculation protocol for example.

In general, it is indicated that the specific local security process relates to the exchange of messages between the terminal T and the security processor PS.

In a preferred nonlimiting embodiment, the local link between the descrambling terminal T and the access control module, constituted by a card, is a link according to the ISO 7816 protocol. Under these conditions, the exchange of messages premises between the descrambling terminal T and the access control card corresponds to command messages of the so-called C_APDU type and of response messages of the R_APDU type. The protocol for exchanging this type of message will not be described in detail, because it corresponds to a protocol known as such.

Finally, with regard to the calculation and transmission of the MR response messages, in particular on the return channel, it is indicated that the aforementioned return channel can be constituted by a telephone link of the switched telephone network for example, this link being, the if necessary, associated with any radio network link or other conventional type in order to ensure the transmission of each response message MR to the transmitter E or the transmitter management center GE associated with the latter.

A more detailed description of the structure of the control messages MC respectively of response MR will now be given in connection with FIGS. 2a, 2b and 2c.

As shown in FIG. 2a, it is indicated that each control message MC can advantageously include an additional data field forming a response template GR. This response template contains the security attributes to be applied to response application data.

In general, it is indicated that each control message MC, when such a control message includes a response template GR, makes it possible to set the security conditions and attributes to be applied to the application response data subsequent to the command message MC considered.

It is thus possible to manage not only the security of the control messages, but also of all the response messages by changing the values contained in the field forming the response template GR of successive control messages MC. As has also been represented in FIG. 2a, it is indicated that, for any command message MC, the DAC command application data or, where appropriate, when these command application data are encrypted, this data, noted in this CKDAC situation, may include an action instruction or, preferably, a list of action instructions. In FIG. 2a, a list of action instructions has been shown, this list being noted:

[ACT ₀ [ACT ₁ [ACT2 ... [ACT _n ]]]] The notation of the above-mentioned action instruction list corresponds to a conventional notation of the lists. It will be understood in particular that each action denoted ACTo to ACT _n can then be executed sequentially by the recipient of the control message MC, this recipient being, in accordance with a particularly advantageous aspect of the method which is the subject of the present invention, namely the descrambling terminal T , or the security processor of the aforementioned access control module.

A particularly advantageous embodiment of the method which is the subject of the present invention will now be described in conjunction with FIG. 2b. This embodiment makes it possible to introduce very great flexibility of use of the aforementioned messages. In this embodiment, the aforementioned messages, command and / or response messages, then constitute generic messages designated EXM messages. EXM messages can, because of their great flexibility of use and the structure associated with these allowing the introduction of such flexibility of use, either be declined in ECM messages, or in EMM messages, or in messages specific management, as will be described below in the description.

For this purpose, as shown in FIG. 2b, the application and / or response application data are programmable. Consequently, the corresponding field of these data comprises a logical combination of conditions whose binary result of the logical verification, true or false, makes it possible to generate a conditional branching of actions. The actions are processed sequentially by the descrambling terminal or the security processor PS of the recipient access control card.

In FIG. 2b, the programmable nature of the command and / or response application data is represented by the relation:

Data = (Action | (lfBlock [Then Block] [Else Block])) ⁺ It will be understood in particular that, in the preceding relation, Data designates either the DAC command application data in clear or, if appropriate encrypted, designated by C “DAC, or the response application data in clear designated by DAR, or the case if necessary encrypted, designated by CKDAR. The notation of the preceding relation is a notation of metalinguistic description of the Backus-Naur-Form type which will be explained later in the description.

With regard to the preceding relation, it is indicated that the command and / or response message and the command or response application data constitute a structured logical sentence which may contain the logical relation:

If ("If): the logical condition expression is verified; Then (" Then "): we execute the action or the list of actions described in the descriptive block of the action or of the associated list of actions on the verified condition;

Otherwise ("Else"): the action or the list of actions described in the description block of the action or of the list of actions associated with this unverified condition is executed. In Figure 2c, the structure of response messages is shown.

MR, this structure comprising the G'E input template, the DAR response application data template in the form of clear or encrypted data

CKDAR and the ST status field. It will also be recalled that, with regard to the DAR response application data in clear or in encrypted form, as mentioned above, these data correspond to the Data data structure as described in connection with FIG. 2a or, preferably , with Figure 2b.

Thanks to the structure of the control messages MC respectively of response MR as described previously in the description in conjunction with FIGS. 2a to 2c, it is indicated that the generic messages EXM previously described may, because of their common structure, be dedicated either to actions of commercial management independent of, but linked to, the management of access tickets, commercial actions such as management of a token holder or the like installed on the access control module, depending on the access credentials registered in the security processor of the access control module, either to control access credentials or to optimize the management of access credentials registered according, for example, to the behavior of the authorized subscriber user, or to the management of the local security of message exchange between the security processor and the decryption terminal by actions of connection between ECM messages and EMM messages, to security management actions of the encrypted information.

Examples of the general structure of the response command messages respectively will now be given below in the description by means of a metalinguistic description notation related to the BNF form (Backus-Naur-Form) in which:

- A = BC: element A consists of the sequence of elements B and C, - A = (B) ⁺ : element A consists of 1 to n elements B,

- A = (B) ^* : element A consists of 0 to n elements B,

- A = B | C: element A consists of element B or element C,

- A = B [C]: element A consists of element B optionally followed by element C, - A = -: element A consists of nothing.

A semantic description of the messages will now be given in the description.

By the term message, is meant any command message MC intended for the security processor PS of the module or the access control card respectively of the terminal T from the transmitter E or the transmitter management system GE . For this reason, it will be considered that any command message MC is in fact intended for the security processor equipping either the module or the access control card, real or virtual.

Any response message MR is consecutive to a command message MC and intended for the terminal T or the equipment upstream of the transmission system. The general structure of the messages is then as follows, according to table T1 below: Table T1

General structure of conditional access messages

For orders:

Command = Gabaritlnput [GabaritResponse] Data Authenticity

For the answers:

Command = [[Gabaritlnput] Data [Authenticity]] StatusData

For MC command messages:

- a command message includes an input template and optionally a response template. The optional response template describes the security mechanisms to be applied to the response.

The command application data is preceded by one or two templates, Gabaritlnput and GabaritResponse, only the input template indicating the security attributes used in the current message.

When application control data requires two templates, the latter precede the application data in the message.

Preferably, the information described in the input or response templates of an MC command message is transmitted in clear.

The application control data indicate specific actions which are taken into account by the access control module or card or the descrambling terminal T.

In general, the application control data is sent from remote equipment, that is to say from the transmitter E, and transmitted in encrypted form in order to ensure the confidentiality of this data. For MR response messages: - the G'E input template contains the security attributes which are applied to the response application data present in the response. The absence of a template indicates that no security is applied to the application data. The response message MR associated with a control message MC can be operated either locally by the descrambling terminal T, or by upstream equipment such as the transmitter or the transmitter management system GE, via the return path, as previously mentioned in the description. In the first case, when the response message MR is used locally by the terminal T, the response message is not subject to general encryption, but only to the local security protocol, as will be described later in the description. On the contrary, when the response message is intended for a transmission on the return channel, this response message MR is subjected to a general encryption process by means of a specific management key for example.

Of course, the MR response messages can also optionally include authenticity data, cryptographic redundancy or digital signature, to authenticate and guarantee the integrity of the response message itself. The field relating to this authentication data is absent when the associated input template is absent.

Regarding the status field, designated by ST, a response message MR always contains a status or status field specifying the report on the structure of the message, that is to say:

- the message could not be interpreted, in this case the response contains only the ST status,

- the message has been processed, in this case, the response contains the application data for the response and the ST status.

More specific indications relating to the input template data field of command and response messages will now be given.

With reference to the general structure of the messages previously mentioned in the description in conjunction with the table T1, it is recalled that the templates define the parameters necessary for the security mechanisms applied to the application data for respectively controlling the response. Under these conditions, the two input templates GE or G'E and the response template GR can include the following information, according to table T2:

Table T2

Structure of a template

Template = RefFile [Algolds] Keylds [Reflnits]

In the aforementioned table, the file reference designated by RefFile indicates the file where the key references apply. It is the name of a dedicated file, or master file, that is to say the name of a service distributed by the encrypted data distributor under conditional access Typically, RefFile = SOID. SOID designates a parameter service identifier broadcast, for Service Output Identifier in English language. The references of algorithms designated Algolds specify the algorithms used in the current message for the cryptographic functions associated with the message described according to table T3.

Table T3

Structure of algorithm references

Algolds = AlgoAuthenld [AlgoConfld] [AlgoCipherld]

In the aforementioned table, AlgoAuthenld designates the message authenticity function, AlgoConfld designates the confidentiality function of the respective response application control data, and

AlgoCipherld designates the function of encryption of specific application data, respectively command response. The keylds key references specify the keys used in the current message for the implementation of functions defined according to table T4: Table T4

Key reference structure

Keylds ≈ KeyAuthenld [KeyConfld] [KeyCipherld]

in which KeyAuthenld designates the key for verifying the authenticity of the message, KeyConfld designates the confidentiality key for the application and response response data respectively, KeyCipherld designates the encryption key for specific application data.

Reflnits initial data references are values used in the current message to initialize message authenticity functions designated InitAuthen, respectively confidentiality of InitConf application data.

The general structure of the messages is therefore as follows:

. without response template: when no response template is specified in the MC command message, no security mechanism is applied to the response;

- no template is provided in the MR response message;

- the response application data are in clear in the MR response message;

- no authenticity is added to the data. The pair command message MC / response message MR then has the following structure, according to table T5: Table T5

. with response template: the structure of respectively response control messages is as follows, according to table T6:

Table T6

In general, the provisions applicable to the templates are as follows:

- if a function is not necessary, the associated security attributes are not explicitly described;

- messages containing confidential data and / or encrypted data must include an entry template for the authenticity of the message.

More specific indications will now be given relative to the data structures constituting the application response control data fields respectively. With reference to the general structure of the response respectively control messages, it is recalled that the application control data of a control message MC contain: - either an action or a list of actions processed sequentially by the recipient, this is ie by the security processor of the access control module or the descrambling terminal T;

- either a logical combination of conditions whose binary result of the verification, true or false, makes it possible to carry out a conditional branching, of actions, which are processed in sequence by the recipient.

It is recalled that the command message, or if necessary a response message, then responds to the structured logical sentence which may include the logical relation:

If then

Otherwise previously mentioned in the description.

Such a structure can be repeated inside a data structure designated by TData, the combination of conditions and actions being coded according to a TLV coding process, according to an ASN.1 data structure with TData type labels. .

In general, we indicate that a simple condition is a condition comprising a single action.

A logical combination of conditions is constituted by means of logical operators such as the conventional operators OR, AND, NOR and NAND performing the logical operations OR, AND, NON-OR and NON-AND.

Depending on the context of the application data processed, the descrambling terminal T is able to choose between a long response respectively a short response given in a response message MR associated with a control message MC.

The application data of a long response advantageously contains:

- repetition of the order structure;

- for each action requested in the order: - the repetition of the action requested in the order,

- the description of the information requested by each action of the command, this information being provided by the card or the terminal, - a report for each action, in order to inform the issuer E on the execution of the action.

The application data of a short response contains, for each defined action:

- a main block simple message or action present in a conditional message excluding combinatorial of conditions, or

- Then and / or Otherwise block present in the command and executed or not

- the description of the information requested by each action of the block (s), this information is provided by the access control card or module or the descrambling terminal T; - a report for each action of the block or blocks, in order to inform the emitter E on the result of the execution of the action.

Thus, each control message MC can include a field or a bit for specifying the response format of the corresponding response message associated with the latter. The long or short response format can be chosen by the descrambling terminal, depending on the application context and the detail of information required in the context of this application context. A plurality of response formats can be provided.

An example of a simple command message structure MC respectively of long or short response MR is given in table T7:

Table T7

The general structure of the respective response control application data allows the coding of the combinatorics of the conditions. Such a structure can be recursive and represented in this case, according to table T8: Table T8

General structure of application data

For orders:

Data = (Action | (IfBlock [ThenBlock] [ElseBlock])) ⁺

Or

Action = Action requested.

IfBlock = "Andlf (lfBlock | Action) ⁺ 1" Orlf (IfBlock | Action) ⁺ 1 "NAndlf (lfBlock | Action) ⁺ |

"NOrlf" (IfBlock | Action) ⁺ . ThenBlock = "Then" (Action) *. ElseBlock = "Else" (Action) ⁺ .

For long answers:

Data = ((Action [Result] StatusAction) | (IfBlockR [ThenBlockLR] [ElseBlockLR])) ⁺

Or

Resuit = Information requested by the action when there is one.

StatusAction = Report on each action.

IfBlockR = "And IF" (IfBlockR | (Action [Resuit] StatusAction); |

"Orlf (IfBlockR | (Action [Resuit] StatusAction)) ⁺ |

"NAndlf (IfBlockR | Action [Resuit] StatusAction)) ⁺ |.

"NOrlf (IfBlockR [Resuit] StatusAction)) ⁺ ThenBlockLR =" Then "(Action [Resuit] StatusAction) ⁺ . ElseBlockLR =" Else "(Action [Resuit] StatusAction) ^* .

For short answers:

Data ≈ (([Resuit] StatusAction) | ([ThenBlockSR] [ElseBlockSR])) ⁺

Or

Resuit = Information requested by the action when there is one. StatusAction = Report on each action. ThenBlockSR = "Then" [Resuit] StatusAction) ⁺ . ElseBlockSR = "Else" [Resuit] StatusAction) ⁺ .

The execution rules are then as follows:

- 1. In an action list, actions are processed in the order of the list.

- 2. In an Andif, NAndlf, Orlf, or NOrlf clause, all the actions in the associated list can be evaluated. - 3. In an Andlf or NAndlf clause, the actions of the associated list are executed as long as the clause remains true.

- 4. In an Orlf or NOrlf clause, the last action performed in the associated list is the one that makes the clause true.

By way of nonlimiting example, it is indicated that, the response control application data transported respectively in a message such as a control message MC respectively response MR, can be: - consult 01 or update the object 02, 01 and 02 designating objects;

- if the controlled actions 01 or controlled 02 are verified, then decipher 03, where 03 designates, by way of nonlimiting example, the cryptogram of the control words CW, that is to say the control words CW encrypted with using the SOK operating key.

A more detailed description of the specific local security protocol constituting step B of FIG. 1a or 1b will now be given in conjunction with FIGS. 3a to 3d.

In general, it will be recalled that the descrambling terminal / security processor interface of the access control module and, in particular, access control card when the latter is constituted by a microprocessor card for example, is the privileged point of attack for hackers and figure-piercers in an attempt to compromise the control word CW, when the latter is transmitted from the security processor PS to the descrambling terminal T. Indeed, all of the restitution calculations of the control word CW are carried out in the security processor, which has a maximum degree of security, the secrets necessary for the restitution of the control word being unable to be reached by an external reading.

More particularly, it is recalled that the application control data of each control message received at the descrambling terminal T can be in the clear or, on the contrary, can be encrypted and are designated DAC respectively CKDAC in these two situations . Remember that the encrypted order application data

CKDAC have been subjected for example to a general encryption process using a specific management key denoted K which is available to the authority ensuring the management of access control and, in particular, of the distribution of scrambled data for example.

In order to implement the local security protocol, it is indicated that the descrambling terminal T and the access control module, in particular the constituent access control card of the latter for example, are provided with cryptographic resources. encryption / decryption, calculation and authenticity verification. In a simplified manner, it is indicated that these cryptographic resources comprise algorithms and encryption keys respectively for specific calculation and verification of authenticity symbolically represented by an encryption / decryption, calculation and authenticity verification key noted CL . This key is locally shared by each descrambling terminal and by each access control module and can be specific to each pair thus formed.

Under these conditions, as shown in FIG. 3a, the specific local security protocol can consist, at the descrambling terminal T, in submitting at B1 at least the application data for controlling the command message MC to a local encryption process. and local authentication. Preferably, all of the fields of the MC control messages are subject to the local security protocol. In FIG. 3a, the corresponding operation of local encryption and local authentication is noted according to the relation: (Ξ L (MC) → C _L MC

In this relation, we indicate that the operation <_. indicates both the encryption of at least either the clear application application data DAC, or the encrypted control application data CKDAC of the control message MC and the calculation of signature values for example, to generate corresponding encrypted values and signature values allowing authentication of the values noted C _L MC for clear ordering application data or for encrypted ordering application data.

According to a particularly advantageous characteristic of the specific local security protocol which is the subject of the invention, it is indicated that the local encryption and local authentication process is independent of the encryption process implemented prior to the transmission of the command message, ie that is to say in particular, of the general encryption process by means of the management key K previously mentioned.

Step B1 is then followed by a step B2 consisting in transmitting, from the descrambling terminal T to the security processor PS of the access control module, encrypted local command messages formed from locally secure command data. CLMC In FIG. 3a, the encrypted local control messages are symbolically noted LM (CLMC). In the case where the access control module consists of a microprocessor access control card, the transmission to the security processor PS in step B2 can be carried out in accordance with ISO protocol 7816, the local messages of command being constituted according to messages of the C-APDU type in a manner known as such.

The local security protocol then consists, at the level of the security processor PS equipping the access control module, in a step B3, in subjecting the local encrypted control messages to a local decryption and local authentication process in order to restore the aforementioned command application data field.

The operation performed in step B3 is noted:

In this relationship, © CL (.) Designates the above-mentioned decryption and local authentication operation.

Following step B3, there is either command application data in clear DAC, or command application data encrypted according to the general encryption process CKDAC, constituting the command message MC.

Step B3 is then followed by step B4 consisting in subjecting the field of application data to an authentication process, in order to restore, from the field of application data of the abovementioned command, sequences of action instructions executable according to minus a task.

In FIG. 3a, it is indicated that the authentication process is noted according to the relation: <Sk (DAC.CKDAC) → DAC, C _K DAC.

In the aforementioned relation, the operation dk (.) Indicates the authentication process, which can consist, for example, of a signature verification operation using the management key K used during the encryption and general authentication process. by the operator managing the protocol which is the subject of the present invention and the broadcasting of the corresponding service. It is in fact indicated that this operation can be carried out on the basis of the security attributes transmitted with the command message MC, these attributes making it possible to identify and thus to restore the management key K memorized at the level of the security processor PS. At the end of step B4, there is clear order application data DAC or encrypted control application data CKDAC according to the general encryption process, as mentioned previously in the description.

When the control application data are clear, DAC data, step B4 is then followed by a step B5 consisting in executing the series of action instructions executable according to a task. The execution is shown in step B5, on the left-hand side of FIG. 3a.

On the contrary, when the application control data is encrypted according to the general encryption, CKDAC data, the execution step B5 can, as shown in FIG. 3a in the right part, be subdivided into a first step B5a consisting in operating a decryption by means of the management key K of these encrypted control application data, this operation being noted according to the relation: ®κ (C _κ DAC) → DAC.

In the above relation, D _κ (.) Indicates the decryption operation proper from the management key K. Step B5a can precede step B4 or be executed at the same time.

Step B5a is followed by a step B5b of execution of the DAC command application data.

A more detailed description of the specific local security protocol implemented during the establishment of the response messages will now be given in connection with FIGS. 3b to 3d.

With reference to FIG. 3b above, it is indicated that the specific local security protocol, following the execution of at least one action instruction executable according to at least one task, consists, at the level of the security processor PS, in calculating response application data from the execution of at least one action instruction executable according to at least one task in step B6. It is understood in particular that the response application data are calculated from the state data obtained following the execution of the blocks relative to the condition Then of the control application data, as well as following the procedure for evaluating the blocks not executed when this condition is not checked, but followed by the condition Otherwise, as mentioned previously in the description. In addition, the DAR response application data can consist, as mentioned previously in the description, in a structured logical sentence containing at least the logical relation itself applied to specific state variables.

Step B6 is then followed by a step B7 consisting in subjecting the DAR response application data to a process of securing by local encryption and local authentication of the response message MR in order to generate locally secure response application data. On step B7, the above process is symbolized by the relation:

(ΞCL (MR) → C _L MR.

In the previous relation, as well as during the implementation of step B1 of FIG. 3a, <_ _ (•) indicates the operation of the process of secure by local encryption and local authentication to obtain CLMR encrypted and secure data.

Step B7 is itself followed by a step B8 consisting in transmitting, from the security processor PS to the descrambling terminal T, local response messages containing the locally secure response application data.

In FIG. 3b, the local response messages containing the locally secure response application data are noted: LM (CLMR).

When the access control module consists of an access control card connected to the descrambling terminal according to a local link in accordance with ISO 7816 protocol, the above-mentioned local response messages consist of so-called R- type messages APDU. The specific local security protocol, as shown in FIG. 3b, is then followed, at the descrambling terminal T, by a step B9 consisting in subjecting the locally secure response application data to a local decryption and verification process. local authenticity to restore the original response application data constituting the response message MR.

In FIG. 3b, the corresponding operation is noted according to the relation:

In this relation, the operation © CL (-) designates the operation of decryption and verification of local authenticity carried out from the encryption and local authentication key CL.

The local security protocol implemented with respect to the response message and the DAR response application data, as described in connection with FIG. 3b, is perfectly satisfactory in the case where the response application data are intended for the descrambling terminal only. T. Indeed, the local security process implemented in particular in step B7 and, of course, with respect to the control messages MC in step B1 of FIG. 3a, is sufficient to ensure strict confidentiality local messages exchanged on the local link between the descrambling terminal and the security processor of the access control module. Indeed, it is always conceivable to use strong cryptographic systems for the implementation of local security processes, strong cryptographic systems, such as for example disposable masks or others making it possible to ensure an almost perfect encryption of local messages. traded on the local link, target of pirates or figure-piercers.

In addition, the local security protocol can advantageously be accompanied by a process of indexing the command and response messages in order to reinforce the security and the reliability of the assembly by allowing the detection of filtering or replay and thus, the elimination of messages which would be accidentally and / or intentionally repeated by unauthorized persons. For this purpose, as shown in FIG. 3c, each command message, respectively MC response, MR is associated with a current index value denoted i respectively for command and response messages, command and response messages. indexed being denoted MCj _c respectively MR | _C. The aforementioned indices represent the current value of the indices j and I assigned to each respectively response control message. Each current index value is incremented for each new response control message respectively, this incrementing being performed locally either at the descrambling terminal or at the security processor. The current value is compared with the previous value j respectively I of the index of the respectively response control message which satisfied the above-mentioned comparison.

On a negative response to this comparison for the current response command message respectively, an error message is established, a reciprocal authentication process descrambling terminal / security processor being able to be triggered for example.

On the contrary, on a positive response to the aforementioned comparison, the local security process or protocol can then be continued on the basis of the current response command message respectively. The aforementioned indexing process can for example be implemented after step B4 of FIG. 3a at the level of the security processor, before step B5 of execution for example. Finally, a preferred mode of implementation of the local security protocol, in which the security processor of the access control module plays a predominant role in controlling all of the command messages received and processed by the descrambling terminal. and / or the security processor of the access control module, will now be described in conjunction with FIG. 3d.

In general, it is indicated that the security processor PS is equipped with a function of discriminating the destination of the control messages MC in order to ensure all control of transmission and execution of the control messages respectively of response under the authority of the local security protocol implemented.

To this end, as shown in FIG. 3d, the local security protocol can consist in subjecting, in a step B4a, the control application data to a discrimination test of their destination at the access control module respectively at the descrambling terminal. . This operation consists for example in determining whether the corresponding command message MC, current message, or a command of the DAC command application data of the latter, is intended for the descrambling terminal T.

On a negative response to the aforementioned test, the command message MC or the command considered being intended for the security processor PS and, the authentication step of step B4 having been successful, the execution according to step B5 of the Figure 3a can be performed either from the DAC command application data, or from the encrypted command application data C _K DAC. On the contrary, on a positive response to test B4a, the current MC command message or the command considered being intended for the descrambling terminal T, this message being denoted MC *, a local securing step B4b is called, which consists in submitting the data DAC, C _K DAC command applications or the MC * command message to a process local encryption using the local encryption key CL. This operation implemented at the level of the security processor PS corresponds to that carried out in step B1 of FIG. 3a. The aforementioned step B4b is then followed by a step B4c consisting in transmitting to the descrambling terminal T the encrypted control application data or the encrypted control message, that is to say the data C _L MC *, that these data have been encrypted by means of a general encryption process by means of a management key K or, on the contrary, not subjected to such a general encryption process. In the first case, the general decryption is carried out by the security processor PS before transmission to the descrambling terminal T.

Following the transmission of step B4c to the terminal T, the aforementioned encrypted control application data are subjected to a decryption operation in a step B4d at the terminal T itself. This decryption operation corresponds substantially to the operation described in connection with step B3 of Figure 3a implemented this time at the descrambling terminal T.

The aforementioned step B4d is itself followed by a step B4e consisting either of an execution of the control application data in clear DAC at the descrambling terminal or, on the contrary, in a transmission of the control application data encrypted by the general encryption process, data noted CKDAC, to the transmission center E or to the management center of this transmission center GE. An example of implementation of a link message said message

EPM, between EMM message and ECM message of the prior art will now be described in connection with FIG. 4 in an application linked to the use of a token holder or of any value counting system.

With reference to the aforementioned figure, in a step Eo, the receiver station PR receives a credit of CU units via an EMM message denoted EMM (CU EP). Upon receipt of the above-mentioned EMM message, the descrambling terminal T presents the above-mentioned message to the security processor PS by transmission, which adds the unit credit in the electronic token holder referenced in the EMM message. As an example, we indicate that, for an electronic EP token holder, the identification number can be an IEP number. The aforementioned transmission operation is carried out in step Ei.

Following the aforementioned step, the security processor PS adds the unit credit in the electronic token holder referenced in step E ₂ , the credit operation being noted:

NCR = CR + CU where CR designates the previous credit value and NCR the new credit value. The operations Eo, Ei and E ₂ were carried out on the initiative of the access control manager in order to confer a credit of units sufficient to allow the latter to make an access proposal to any client receiving the credit. of units mentioned above.

For this purpose, step E ₂ is then followed by a step E ₃ carried out on the initiative of the access control manager by transmission, and, of course, the corresponding reception by the receiver station PR of a so-called EPM message intended to ensure the link between the above-mentioned EMM message and any message

Subsequent ECM, as will be described below.

The EPM message, in the form EPM (MIDF, COST), broadcasts a film or program reference number, for example noted MIDF, which is going to be broadcast and which the subscriber is likely to accept or refuse in the context of the access proposal made. In addition, the aforementioned EPM message includes a cost value, denoted COST, corresponding to the cost of purchasing the film or program considered.

Following step E ₃ , a step E is provided which consists in requesting, at the level of the terminal T, the agreement of the subscriber on the access proposal thus submitted. In practice, the message EPM is presented for the first time to the security processor PS which indicates that the agreement of the subscriber is necessary.

In the absence of agreement from the subscriber in step E, the access proposal is classified without further action in step E ₅ . On the contrary, with the agreement of the subscriber in step E ₄ , to the aforementioned access proposal, the terminal T proceeds to transmit the EPM message with the agreement of the subscriber, message linking with the corresponding fields MIDF and COST cost to the security processor PS. Step E ₆ is then itself followed, at the level of the security processor PS, by a step E ₇ consisting in debiting the electronic token holder EP, this operation being noted: NNCR = NCR-COST the electronic token holder being thus debited from the COST value, that is to say from the number of units corresponding to the program purchased. In addition, the identification or reference number of the film or program purchased, MIDF number, is written to the memory of the security processor PS. The preceding step E ₇ is then followed by a step E ₈ carried out during the broadcasting of the film or of the program purchased via the ECM messages of conventional type. The aforementioned ECM messages are received in step E ₈ by the receiving station and, in particular, by the terminal T and are of course accompanied by the cryptogram of the control word CCW and are presented by the terminal T to the security processor PS by transmission to the Eg stage. The identification number of the program or film broadcast in these two stages is noted DIDF.

The security processor PS then begins a verification step E ₁₀ consisting in verifying the identity of the identification number of the film or program broadcast DIDF and the identification number of the program or film offered for access by the message EPM, c that is, the MIDF identification number.

On negative response to the above-mentioned verification step E ₀ , a step En of end of access to the film or broadcast program, referenced DIDF, is called. On the contrary, upon positive response to the above-mentioned verification test E-io, an operation of decrypting the cryptogram of the control word is carried out, this operation being noted:

Φκ (CCW) → CW in step Eι ₂ , to restore the control word CW. Step E ₁₂ is then followed by the transmission of the control word CW containing the service key to the descrambling terminal T with a view to opening access to the broadcast program or film of identification number DIDF. The invention finally covers any software product recorded on a recording medium and executable by a computer of an information system, for the implementation of a remote management protocol for controlling access to scrambled information. by means of a service key and transmitted over a network between a transmission center and at least one receiving station, each receiving station comprising at least one terminal for descrambling scrambled information comprising an access control module provided with a security processor, this protocol possibly corresponding to the steps as described above in connection with FIGS. 1a and 1b.

According to a particularly remarkable aspect of the recorded software product which is the subject of the invention, the latter, when executed by a computer, makes it possible to manage the steps consisting in transmitting, from the transmission center to at least one receiving station and / or to a security processor associated with the latter, a command message. The command message, as shown in FIGS. 1a and 1b, comprising data fields forming an input template GE, command application data DAC and authenticity data RC. The GE input template contains the security attributes applied to the DAC control application data. The authenticity data make it possible to authenticate and guarantee the integrity of the command message from the security attributes.

It then makes it possible to manage a step consisting in subjecting the exchange of action instructions between the descrambling terminal and the security processor to a specific local security protocol designated by B in FIGS. 1a and 1b, making it possible to guard against local listening at the descrambling terminal / security processor interface, for securely executing a series of tasks consisting of the execution of at least one action instruction.

The software product recorded on a recording medium and executable by a computer of an information system object of the invention also makes it possible to manage the steps of the local security protocol as illustrated and described previously in connection with Figures 3a to 3d.

Claims

1. Remote management protocol for controlling access to scrambled information by means of a service key and transmitted over a network between a transmission center and at least one receiving station, the transmission of said scrambled information being accompanied by a control word (CW) containing at least said service key, this control word being encrypted by means of an exploitation key (SOK), the transmission of said encrypted control word being carried out by means of control messages access titles, ECM messages, containing at least said encrypted control word and access title control parameters, said ECM messages being transmitted and multiplexed in the flow of information scrambled with access title management messages , EMM messages, each receiver station comprising at least one descrambling terminal for scrambled information comprising an access control module provided with a processor curity, said security processor comprising said operating key (SOK) and registered access titles allocated to a subscribed user, stored in the protected memory of this security processor and allowing, from said operating key and said encrypted control word to restore the service key, on the basis of verification of said registered access titles, from the access title control parameters, each descrambling terminal making it possible, from the restored service key, to descrambling of said scrambled information for use by an authorized subscriber user, characterized in that said protocol consists of at least:

to transmit, from the transmission center to at least one receiving station and / or to the security processor associated with the latter, a command message, this command message comprising data fields forming at least one input template , control application data and authenticity data, said input template containing the security attributes applied to said control application data, said authenticity data making it possible to authenticate and guarantee the integrity of said control message, from said security attributes, - subject the exchange of action instructions and responses to these action instructions between the descrambling terminal and the security processor to a specific local security protocol, making it possible to guard against local eavesdropping interface descrambling terminal / security processor, for securely executing a series of tasks consisting of the execution of at least one action instruction.

2. Protocol according to claim 1, characterized in that each receiving station being connected to the transmission center or to a management center of this transmission center by a return channel, the latter also consists in calculating and transmit, on said return channel, a response message, specific to said control message, this response message comprising data fields forming at least one input template, response application data and status data, said input template containing the security attributes applied to the response application data, the absence of an input template, in said response message, corresponding to an absence of security applied to these response application data.

3. Protocol according to claim 1 or 2, characterized in that each control message further comprises a data field forming a response template, said response template containing the security attributes to be applied to the response application data.

4. Protocol according to one of claims 1 to 3, characterized in that said control application data being encrypted, said encrypted control application data are subjected to a decryption and authentication process and in that the application data of response are encrypted and authenticated.

5. Protocol according to one of claims 1 to 4, characterized in that, for any command message, said command application data comprise an action instruction or a list of action instructions, processed sequentially by the recipient of this command message, terminal or security processor of the access control module.

6. Protocol according to any one of claims 1 to 4, characterized in that said application data for ordering and / or response are programmable and include a logical combination of conditions whose binary result of the logical verification, true or false, makes it possible to generate a conditional branching of actions, said actions being processed sequentially by the descrambling terminal or the recipient security processor .

7. Protocol according to claim 6, characterized in that said command message and said command application data constitute a structured logical sentence containing the logical relation: SJ (If): The logical condition expression is verified;

Then (Then): we execute the action or the list of actions described in the descriptive block of the action or the list of actions associated with the verified condition;

Otherwise (Else): the action or the list of actions described in the descriptive block of the action or the list of actions associated with this unverified condition is executed.

8. Protocol according to claim 7, characterized in that the unexecuted block is further evaluated.

9. Protocol according to one of claims 6 to 8, characterized in that said command and / or response messages are dedicated: - to commercial management actions independent of, but linked to, the management of access tickets , commercial actions such as management of an electronic token holder installed in said security processor, according to the access titles entered in this security processor;

- control of access tickets; - to the optimized management of registered access titles, according to the behavior of the authorized subscriber user;

- the management of local security for the exchange of messages between the security processor and the descrambling terminal;

- link actions between ECM message and EMM message; - actions to manage the security of scrambled information.

10. Protocol according to one of claims 1 to 9, characterized in that, for a command message comprising at least one control application data field, said descrambling terminal and said security processor comprising cryptographic encryption / decryption, calculation and authenticity verification resources, said specific local security protocol consists of:. at said descrambling terminal

- subjecting said application control data of said control message to a local encryption and local authentication process, independent of the encryption processes implemented prior to the transmission of said control message, to generate locally secure control data;

transmitting encrypted local control messages from said descrambling terminal to said security processor, formed from said locally secure control data, and

. at said security processor - subjecting said local encrypted command messages to a local decryption and local authentication process to restore said field of command application data;

- subjecting said field of command application data to an authentication process and restoring, from the field of command application data, sequences of action instructions executable according to at least one task;

- to execute said sequence of action instructions executable according to at least one task.

11. Protocol according to one of claims 1 to 10, characterized in that said descrambling terminal and said security processor comprising cryptographic resources for encryption / decryption, calculation and verification of authenticity, said specific local security protocol further consists, following the execution of at least one action instruction executable according to at least one task:. at said security processor

- calculating response application data, from the execution of at least one action instruction executable according to at least one task; - subjecting said response application data to a security process by local encryption and local authentication, in order to generate locally secure response application data; - to transmit, from said security processor to said descrambling terminal, local response messages containing the locally secure response application data; and

. at said descrambling terminal

- subjecting said locally secure response application data to a local decryption and local authenticity verification process, in order to restore said response application data, constituting said response message.

12. Protocol according to claim 11, characterized in that, in the case of response messages intended for the transmission center or for a management center of this transmission center, the latter also comprises a step consisting in submitting the application response data to an encryption and general authentication process to generate encrypted response application data, said step being carried out prior to the step consisting in subjecting said response application data to a local encryption process and local authentication.

13. Protocol according to one of claims 9 to 12, characterized in that said local security process further comprises a process of indexing the command and response messages allowing the detection of filtering or replay.

14. Protocol according to one of claims 9 to 13, characterized in that, for a control message comprising at least one control application data field, said descrambling terminal and said security processor comprising cryptographic encryption resources / decryption, calculation and verification of authenticity, said specific local security protocol consists of at least:. at said security processor

- subjecting said application control data to a discrimination test of their destination at the security processor respectively at the descrambling terminal; and

.. when the clear order application data is intended for said security processor,

- to execute said sequence of action instructions executable according to at least one task; if not,

.. when the clear order application data is intended for the descrambling terminal,

- subjecting said control application data to a local encryption and local authentication process, to generate locally secure control application data;

- transmitting said locally secure control application data from said security processor to said descrambling terminal; and

. at said descrambling terminal, - subjecting said locally secure control application data to a local decryption and local authentication process, in order to restore said control application data, and constituting sequences of action instructions executable according to minus a task; - to execute said instructions for executable actions according to at least one task.

15. Protocol according to one of claims 1 to 13, characterized in that said local security protocol is executed by symmetric encryption / decryption using an encryption / decryption and local authentication key, specific to each terminal pair of descrambling / security processor, said encryption / decryption and local authentication key being configured on the basis of a secret specific to said security processor and / or to said descrambling terminal of said pair.

16. Protocol according to claim 15, characterized in that said encryption decryption and local authentication key is modified periodically.

17. Protocol according to any one of claims 1 to 16, characterized in that each command message includes a field of specification of the format ² of the corresponding response message, according to a long or short response format, depending on the application context and the detail of information required in the context of this application context.

18. Control message sent from a transmission center to at least one receiving station, this receiving station comprising at least one descrambling terminal for scrambled information and an access control module provided with a processor. security cooperating with said descrambling terminal, by exchange of local control messages respectively of response on a local link descrambling terminal / security processor, characterized in that said control message comprises at least:

- a data field constituting an input template;

a field of control application data intended to control said descrambling terminal and / or said security processor by means of said local control messages;

an authenticity data field, said input template containing security attributes applied to said command application data and said authenticity data making it possible to authenticate said command message.

19. Control message according to claim 18, characterized in that it further comprises a data field forming a response template, said response template containing the security attributes to be applied to the response application data, established in response audit command message.

20. Response message sent from a control message receiver station to a center for sending these control messages, said receiver station comprising at least one scrambled information descrambling terminal and a control module. access equipped with a security processor cooperating with said descrambling terminal, by exchanging local response control messages respectively on a local descrambling terminal / security processor link, characterized in that said response message comprises at least : - a data field forming an input template;

a state data field, said input template comprising security attributes to be applied to the response application data, the absence of an input template, in said response message, corresponding to an absence of security applied to this response application data.

21. Control response message respectively, according to one of claims 18 to 20, characterized in that said control response application data are programmable, the control response control application data field comprising a logical combination of conditions whose binary result of the logical verification, true or false, makes it possible to generate a conditional branching of actions, said actions being processed sequentially by said descrambling terminal and / or said security processor respectively by said destination sending station.

22. Software product recorded on a recording medium and executable by a computer of an information system for the implementation of the remote management protocol for controlling access to scrambled information using a key service and transmitted over a network between a transmission center and at least one receiving station, each receiving station comprising at least one terminal for descrambling scrambled information comprising an access control module provided with a security processor, according to one of claims 1 to 17, characterized in that, during execution by a computer, said software product manages the steps consisting in:

to transmit, from the transmission center to at least one receiving station and / or to a security processor associated with the latter, a command message, this command message comprising data fields forming at least one input template , control application data and authenticity data, said input template containing the security attributes applied to said control application data, said authenticity data making it possible to authenticate and guarantee the integrity of said control message, from said security attributes, - to transmit the exchange of action instructions and responses to these action instructions between the descrambling terminal and the security processor to a specific local security protocol, making it possible to guard against local eavesdropping interface descrambling terminal / security processor, for securely executing a series of tasks consisting of the execution of at least one action instruction.