FR2883683A1 - METHOD FOR MATCHING BETWEEN A TERMINAL AND A SECURITY PROCESSOR, SYSTEM AND COMPUTER PROGRAM FOR IMPLEMENTING THE METHOD - Google Patents

Abstract

The present invention relates to a pairing control between a decoder / descrambler terminal of a multimedia stream and a security processor, especially when the terminal is part of a terminal pool and the processor is part of a peer park. processors. According to the invention, the pairing control procedure is carried out with the security processor by comparing identifiers stored in a memory of the terminal, on the one hand, and in a memory of the security processor, on the other hand .

Description

Method of pairing between a terminal and a processor

  The invention relates to the management of a pool of set-top boxes and / or descramblers of a multimedia stream, including pay television, and the management of a network. counterpart security processors, such as smart cards.

  In particular, when using a terminal and a card, it may be necessary to verify that these two devices are allowed to work together. This association check, well known as a matching check, consists of limiting the use of one or more terminals with one or more cards. Various reasons may impose such a limitation: E a choice of manufacture and / or management of these devices is to form indissociable pairs of a terminal and a card Éa card (respectively a terminal) must refuse to operate with a unofficial terminal (or card); a set of terminals and cards must only allow access to certain services or to the services of a single operator; for example, in the context of promotional campaigns of a terminal manufacturer, the purchase of a decoder may be associated with a promotional subscription offer preloaded in a card that can only be used in this terminal.

  In all these cases, however, there is the problem of verification of matching between the terminal and the card.

  WO-99/57901 proposes a procedure for verifying a pairing between a terminal and a security processor. In this document, this procedure is conducted with the terminal, which then verifies that a value stored in the security processor corresponds to a value stored in a memory of the terminal.

  However, it is usual that in terms of secure access, the inviolability of secrets is more focused on the security processor, the design itself reinforces the resistance to attacks, and less on the terminal. Indeed, it seems easier to technically reproduce a terminal incorrectly than a smart card. Thus, a disadvantage of the pairing control procedure in the sense of document WO-99/57901 is that it remains possible to access the memory of a terminal to extract the value and the algorithms used for the procedure. matching control.

  The present invention improves the situation.

  It proposes for this purpose a method for controlling a pairing between a type of terminal, among a fleet of terminals, and a type of security processor, among a pool of security processors.

  A security processor, when paired with a terminal, is arranged to cooperate with this terminal to provide the latter with data enabling decoding and / or descrambling of a multimedia stream that the terminal receives according to the conditions of use. secure access associated with this stream.

  The method in the sense of the invention then comprises: a) a step of assigning matching values in which at least one first value is stored in a memory of a terminal and at least one second value corresponding to said first value; in a memory of a security processor intended to be paired with the terminal, and b) a matching control step, prior to the verification of the secure access conditions, in which the security processor is arranged to read and comparing said first and second match values, and then continuing or stopping its operation with said terminal, based on the comparison of the first and second match values.

  Thus, according to one of the advantages provided by the present invention, the pairing control procedure is conducted by the security processor, so that the computer program stored in a memory of the security processor and which provides control of matching is difficult to access for unauthorized persons.

  By the terms "a second value corresponding to a first value" is meant the fact that there exists a predetermined function that can uniquely relate the first match value to the second match value. A simple embodiment consists in providing, in step a), identical matching values, while in step b), the security processor simply checks whether the first and second matching values are identical. Alternatively, only the first bytes of the match values can be compared, while subsequent bytes can advantageously be used to identify version or serial numbers, or the like, of the terminal and / or the security processor. Another embodiment consists in providing, in step a), a matching value in the terminal consisting of a series of bytes, such as a sequence of characters, and a matching value in the security processor. which is the cryptographic digest of this sequence of bytes, condensed obtained by a one-way function as well known in the state of the art. Thus, in step b), the security processor recalculates the digest of the sequence of bytes transmitted to it by the terminal and simply checks whether the calculated digest and the stored digest are identical. This embodiment is particularly advantageous when the sequence of bytes constituting the first matching value is too long to be stored in the security processor.

  However, in this latter embodiment in particular, the first matching value is transmitted "in clear" from the terminal to the security processor, which means that it is not necessary to provide any encryption / decryption procedure to transfer this first pairing value, according to a simple and advantageous embodiment.

  The meaning of the first and second match values does not occur in the matching process. However, in a preferred embodiment, the first and second matching values correspond to an identifier of the type of security processor. In another preferred embodiment, each of said first and second matching values corresponds to the association of a security processor type identifier and a terminal type identifier.

  In an advantageous embodiment, the aforementioned identifier of the type of security processor comprises a trademark of the technical system, typically the access control system, shared by the terminal and the security processor, for example the registered trademark "VIACCESS" of the Applicant, and, subsequent to step b), can then provide a step of displaying this identifier stored in the terminal memory on a display unit of the terminal and / or on the screen of a television connected to the terminal. It will thus be understood that the use of this identifier and its reproduction in the terminal is accompanied, in this preferred embodiment, by the reproduction of the mark of said technical system.

  In an advantageous embodiment that allows flexibility in the implementation of the method according to the invention, certain security processors are allowed to overcome the pairing control. For this purpose, in step a), at least one indicator is stored in the security whose triggering value or non-memory of the matching activation processor the comparison of the matching values, and, to arranged to read the value read to a no verification step b), the security processor the value of this indicator, compare reference value and trigger or match between the matching values, according to this comparison. In a preferred embodiment, it is advantageously provided that the matching control of step b) can be performed on all or part of the matching values and that said indicator specifies which part (s) of the values of matching must carry the matching control of step b). In particular, when the matching values correspond to the combination of an identifier of the type of terminal and a type of security processor as previously described, said indicator specifies whether the pairing control is deactivated or whether it relates to one or the other or both identifiers of this combination.

  As soon as the security processor (for example a smart card) is inserted into a peer reader of the terminal, the security processor initializes and automatically starts a matching check routine against a corresponding routine in the terminal. .

  The present invention also aims at such a routine in the security processor and such a corresponding routine in the terminal, in particular a computer program product intended to be stored in the memory of a security processor and including instructions for setting it. implementation of the pairing control step b) of the method according to the invention and a computer program product intended to be stored in the memory of a terminal and comprising instructions for providing the security processor the data which are useful to the latter in the implementation of step b) pairing control of the method according to the invention.

  The present invention also relates to the system comprising a terminal and a security processor, paired with the terminal and arranged to cooperate with the terminal to provide or not to the latter secure access data for decoding and / or descrambling of a multimedia stream that receives the terminal. According to the invention, the security processor also checks the pairing between the terminal and the security processor and, for this purpose, is arranged to read and compare, preferably under the control of a matching activation indicator. , a first pairing value stored in a terminal memory and a second pairing value stored in a memory of the security processor, and then continuing or stopping its cooperation with the terminal to check the secure access data, as a function of comparing the first and second match values.

  Other features and advantages of the invention will appear on examining the detailed description below, and the accompanying drawings in which: - Figure 1 shows schematically the elements of the system within the meaning of the invention, - the figure 2 illustrates the steps of a general method involving step b) process matching control in the sense of the invention, - Figure 3 illustrates the storage of identifiers for the implementation of step a) assigning process identifiers in the sense of the invention, and - FIGS. 4A and 4B illustrate flow charts for implementing the pairing check step and representative of the algorithms of a program product of FIG. computer within the meaning of the invention.

  Referring first to Figure 1 to describe elements involved in a system within the meaning of the present invention.

  Typically, in the field of controlling the access to multimedia contents by a CAS access control system (for "Conditional Access System") or DRM (for "Digital Rights Management"), such a system The access control system comprises equipment at the head end of the network (not shown) which associates content with access conditions (authorizations and / or constraints). These contents are encrypted and then put online or broadcast via a distribution network 4 (satellite broadcast, cable, transfer over a broadband link eg xDSL, or others). At the reception, a user has a terminal 1 capable of managing this type of content whose access is protected. The terminal 1 then presents the conditions of access to the access control system which verifies them, for example by comparing them with the access rights of the user, and authorizes or denies said access.

  The access rights and the authorization logic are generally stored in a secure module, such as a smart card 2. In what follows, the term "security processor 2" or indistinctly "card to chip 2 "such a secure module.

  The present invention provides a mechanism for associating a group of smart cards with a group of terminals. In the context of access control typically to pay television, the method within the meaning of the invention makes it possible to restrict the use of a fleet of smart cards to a set of terminal terminals. The decoders can render their services only when they are implemented with a homologous fleet of smart cards which, after verification of the pairing, accept or refuse to work with these decoders.

  Current techniques already provide a similar mechanism by which a terminal verifies that information, representative of the group of cards and terminals, is present in the card. In contrast, the present invention proposes a solution according to which the card, itself, verifies that information, representative of the group of cards and / or terminals, is present in the terminal.

  Verification that a group of terminals and a group of cards are allowed to be used together can be performed by various solutions. There are indeed multiple authentication mechanisms that rely on the use of cryptography, and in particular, on the use of asymmetric cryptography. However, these mechanisms, even if they can respond to strong authentication between two entities, are heavy to manage (management secrets, initialization, distribution of secrets) and require significant computing and memory capabilities.

  The present invention proposes a simple mechanism, based on the sharing of a particular piece of information referred to as a matching value (typically an alphanumeric string) between a group of cards and a group of terminals. A terminal provides the card connected to it with its matching value by a simple protocol that does not use cryptographic techniques and the card compares this received value to its own matching value. In order to simplify the pairing mechanism, the method in the sense of the invention uses a technique of a limited security level. In particular, despite its simplicity that could make it sensitive to powerful investigation and / or emulation devices, it can be applied in conjunction with another strong authentication method between terminal and card based on powerful cryptography, method to which it brings the adequacy control of a park of terminals to a park of cards. However, the simplicity of implementation of this pairing control remains very advantageous, insofar as the matching control is performed by the card, which provides a degree of protection as explained above. Thus, the implementation of the invention does not use data exchanged in encrypted form and does not require, in the exchange of these data between terminal and card, the use of encryption / decryption algorithms in the memory of the terminal and / or in the memory of the card. In addition, the pairing control mechanism within the meaning of the invention is configurable, lockable and / or unlockable, which provides a remarkable flexibility in the use of the method.

  With reference to FIG. 1, the terminal 1 is connected to the network 4 and, for example, to a television 3. It may comprise a display screen 11, as well as a reader 12 of a smart card 2. As at least the messages that the terminal transmits to the smart card, for the pairing control, are "in the clear", it can be expected to display all or part of these messages on the screen of the television 3 and / or on the display screen 11 of the terminal.

  Furthermore, generally speaking, when the user inserts the card 2 in the reader 12 of the terminal, an initialization sequence of the card is automatically performed by a procedure called "ATR sequence" (for "Answer to Reset"). . Usually, without pairing control, the procedure for putting the card into service in the terminal continues with the implementation of an exchange protocol, where appropriate secure, of messages between the terminal and the card, the processing on both sides of these messages for controlled access to multimedia content. In particular, these messages transmitted between card and terminal can be: - EMM (for "Entitlement Management Message") messages received by the terminal from the distribution network 4 and provided to the card 2 to manage the registration of rights and secrets associated in the card 2, - ECM messages (for "Entitlement Control Message") received by the terminal 1 from the distribution network 4 and provided to the card to control, for a given content, the adequacy of the access conditions to rights of access of the card 2, - data resulting from the processing of ECM messages by the card 2 and allowing the terminal 1 to descramble and decode a stream.

  Thus, the pairing control procedure in the sense of the invention occurs between the initialization of the card and the implementation of message exchanges as described above. Preferentially, the matching control conditions the use of the card to access services and, in particular, the processing of ECM messages by the card.

  A card that supports the matching method in the sense of the invention has a software function adapted to this method and in its memory a matching value and an indicator of activation of the matching control.

  Referring then to FIG. 2, the first step 21, following the insertion of the card 2 into the reader 12 of the terminal, consists of an initialization of the card which continues automatically by the test 22 of the indicator of activation of the matching control stored in the card.

  If the value of this indicator specifies that the pairing control is not to be activated (arrow N of test 22), the card does not perform the pairing check and sets (step 23) an internal flag to a value allowing card processing of ECM messages: this makes it possible to operate the card in any terminal without prior pairing.

  However, in the most general case, the matching control is preferably effective and determines the processing of the ECM messages. Thus, step 23 consists in setting said internal indicator to a value prohibiting the processing by the ECM card: this therefore makes it mandatory for the card and terminal to be paired so that the ECMs are processed by the card, so as to be able to descramble the cards. multimedia streams.

  If the matching control is to be activated (arrow Y of the test 22), the card sets (step 24) said internal indicator to a value specifying that the ECM messages should not be processed: thus the card 2 does not process any ECM message that transmits the terminal, as the b) pairing control step within the meaning of the invention has not been performed. Then, the card performs the matching check (test 25). During this pairing check step, the card 2 receives from the terminal the matching value thereof and then verifies the correspondence between the terminal matching value and the match value stored in the card. In case of non-correspondence between these pairing values (arrow N at the output of the test 25), a matching error situation 26 is detected and the cooperation between the terminal and the card can then stop at this step. : in particular, the card does not process any ECM message. On the other hand, if the test matching check procedure results in a positive conclusion (arrow Y), the card sets (step 27) the aforementioned internal flag to a value that allows ECM message card processing.

  As has been described above, the verification of the correspondence between the matching values (test 25) can be done according to different methods, such as for example the simple equality or the equality of the cryptographic digest of the value of pairing of the terminal and the map matching value. This check may also include all or only part of each match value, depending on the value of the match enable indicator.

  In parallel with all of this processing, the card is capable of receiving ECM messages transmitted by the terminal. From the insertion of the card 2 in the terminal 1, the card ignores (step 29) any received ECM message (step 28) until the matching control has been performed. Then, after the internal indicator has been set, following the test 22, to a value allowing (step 23) or not authorizing (step 24) the processing of the ECM messages, the card takes into account the ECMs received from the terminal. Thus, upon receiving an ECM (step 30), the card tests the internal indicator (test 31). If the value of this flag specifies that the processing of an ECM is not allowed (arrow N of test 31), the card does not process this ECM and sends back to the terminal a pairing error message (step 34) that the terminal and the card are not matched. In this case, the terminal can not descramble / decode the intended content and may display a mismatch message to the user (step 36). If, on the other hand, the value of said internal indicator specifies that the processing of an ECM is authorized (arrow Y of the test 31), the card proceeds with the processing of the ECM (step 32) in accordance with the functionalities of the control system of the ECM. access used by the card. As a result of this ECM processing, the card returns to the terminal the data consecutive to this processing (step 33). It should be noted that in this context, the processing of the ECM is normally carried out without it being modified in any way by the matching method: the data consecutive to this processing and received by the terminal (step 35). ) are mainly those that will allow the terminal to descramble / decode the content transmitted by the network 4 or may be error messages if the descrambling / decoding is not allowed by the access conditions present in the ECM.

  Reference is now made to FIG. 3 to describe the first step a) of the method in the sense of the invention, for the assignment of the pairing values to the terminal 1, on the one hand, and to the security processor 2, d 'somewhere else.

  These matching values may consist of the same single information shared by the terminal and the card. They may also consist of a pair of information, one relating to the card such as an identification of the type of card denoted id (CAR), the other relating to the terminal such as an identification of the type of terminal noted id (STB). While being easily transposable to the case of simple information, the operation of the method is described below in the case where the matching values consist of a pair of information. It is also obvious that the method is directly applicable in the case where the matching values are the combination of more than two pieces of information.

  For this purpose, the terminal 1 comprises a memory MEM1 for preferentially storing: a characteristic identifier of the type of terminal, denoted id (STB) 1, and a characteristic identifier of the type of security processor, denoted id (CAR) 1.

  The identifier id (STB) 1 is characteristic of the type of the terminal. It allows to target the type of terminals with which a card can work as part of this pairing. The interest of this identifier id (STB) 1 appears, for example, in the case where an industrial distributor of terminals provides a promotional offer - associating its terminal and a pre-authorized smart card for a particular service, the card not having only work with this type of terminal as part of this promotional offer.

  The identifier id (CAR) l is characteristic of the type of security processor. It preferably contains a string of characters, such as, more particularly, a mark of the access control system shared by the terminal and the security processor.

  The terminal 1 is programmed to always present to the map, as a matching value, the identifier of the terminal type id (STB) 1 and the identifier of the type of security processor id (CAR) 1. These two identifiers are always presented by the terminal in clear, during the pairing control step b). In addition, it can be expected to display one and / or the other of these identifiers id (STB) 1 and id (CAR) 1 on the screen of the television 3 and / or on the screen of display 11 of terminal 1, during the pairing check.

  In the case where the matching value consists of simple information, it is preferably similar to the identifier id (CAR) 1 and more particularly contains the mark of the access control system supported by the card. Similarly, this simple identifier is always presented in clear by the terminal to the card and can be displayed on the screen of the television 3 and / or on the display screen 11 of the terminal.

  Thus, the access to contents is authorized by the security processor 2, at least on the condition that the latter 2 belongs to the park that is matched to the park of the set-top terminals, which is controlled by the correspondence of the values id (STB) l and id (STB) 2 between them on the one hand, and by the correspondence of the values id (CAR) 1 and id (CAR) 2 between them on the other hand. Referring again to FIG. 3, in the step of assigning identifiers a), therefore, a memory identifier MEM 2 of security processor 2 is stored with an identifier of terminal type id (STB) 2 and an identifier of card type id (CAR) 2. Preferably, this memory of the security processor 2 is non-volatile (for example of the E2PROM type).

  It will be understood in particular that if the security processor 2 can be paired with the terminal 1, the identifiers id (STB) 1 and id (STB) 2, on the one hand, and the identifiers id (CAR) 1 and id (CAR) 2, on the other hand, must match each other.

  Nevertheless, in an embodiment implementing a simple pairing value, the pairing between the card park and the terminal park can be controlled solely by the security processor identifiers id (CAR) 1 and id (CAR) 2 which must then match.

  In an advantageous embodiment of the invention, the values of two parameters VP (STB) and VP (CAR) are stored in the memory of the card MEM2. The combination of these two parameters constitutes the pairing activation indicator mentioned above. The values of these two parameters VP (STB) and VP (CAR) will be read as soon as the card is initialized to start or not the pairing control procedure (test 22). If the pairing check is to be performed, the value of the VP (STB) parameter will be tested to trigger or not the identifier matching procedure related to terminal types id (STB) l etid (STB) 2, d on the one hand, and the value of the parameter VP (CAR) will be tested to trigger or not the procedure for checking the correspondence of identifiers relating to the type of security processor id (CAR) 1 and id (CAR) 2, on the other hand go. The roles of these parameter values VP (STB) and VP (CAR) will be described in detail with reference to FIGS. 4A and 4B.

  The values stored in the id (STB) 2, id (CAR) 2, VP (STB) and VP (CAR) cards can be modified globally or individually by receiving messages of the EMM type.

  Referring again to FIG. 2, the modification of at least one of these values in the card (step 37) makes it take them into account at the next initialization of the card or, preferably, that the card performs the pairing check again as after initialization (step 37 of FIG. 2) with the last values id (STB) 1 and id (CAR) 1 received from the terminal. However, these values are in no way searchable in the memory of the card, just as card identification values are never accessible to a subscriber using the terminal.

  If the match value is not a combination of two identifiers but only consists of the identifier of the id security processor type (CAR), the VP match enable flag consists of a single part VP (CAR) which alone is stored in the card and which alone is considered to decide if the matching control is to be performed.

  During the pairing check procedure, the card can access the EMM messages. On the other hand, it can only access the ECM messages if the matching control procedure has been successfully performed, in which case ECM processing by the card can be performed.

  With reference to FIGS. 4A and 4B, the role of the parameters VP (STB) and VP (CAR) will now be described.

  As described above, the value of the VP (STB) parameter defines whether the match check should be performed on the terminal type identifier id (STB) 1 and id (STB) 2, and the value of the parameter VP (CAR) defines whether the match check must be performed on the security processor type identifiers id (CAR) l and id (CAR) 2.

  Figure 4A illustrates the role of these parameters in the test 22 of the matching activation flag. If the value of the VP (STB) parameter defines that the match check should not be performed on terminal type ids (STB) 1 and id (STB) 2 (arrow N of test 41), and if the value parameter VP (CAR) defines that the match check should not be performed on security processor type IDs id (CAR) 1 and id (CAR) 2 (arrow N of test 42), so the test result 22 is that the matching control should not be performed, which corresponds to the output N of the overall test 22. In all other cases, the values of the parameters VP (STB) and VP (CAR), the matching control must be performed, which corresponds to the output Y of the global test 22.

  Figure 4B illustrates the role of these parameters in the test where the matching check is performed. If the value of the VP parameter (STB) defines that the match check is to be performed on the terminal type ids (STB) 1 and id (STB) 2 (Y-arrow of the test 43), the match of the two ids (STB) 1 and id (STB) 2 is tested (test 44). If these two identifiers do not match (arrow N of the test 44), the matching control is negative (arrow N of the overall test 25). If these two identifiers correspond or if, depending on the value of the parameter VP (STB), the correspondence check on the identifier of terminal type id (STB) 1 and id (STB) 2 is not to be carried out (arrow N of the test 43), the value of the parameter VP (CAR) is tested (test 45). If the value of the VP (CAR) parameter defines that the match check is to be performed on the security processor type IDs id (CAR) 1 and id (CAR) 2 (arrow Y of test 45), the match of the two identifiers id (CAR) 1 and id (CAR) 2 is tested (test 46). If these two identifiers do not match (arrow N of the test 46), the matching control is negative (arrow N of the overall test 25), otherwise the matching control is positive (arrow Y of the test 25). The matching control is also positive if the correspondence check of the two identifiers id (CAR) 1 and id (CAR) 2 is not to be performed (arrow N of the test 45).

  It should be noted that the structure of the test 25 does not have to take into account the case where neither the correspondence of the identifiers of the type of terminals nor that of the security processors are to be tested since this case was rejected during the test 22.

  It is also noted that the behavior of the test 25 is equivalent if we first consider the identifiers of security processors (tests 45 and 46) and the terminal identifiers (tests 43 and 44).

  Concerning the values of parameters VP (STB) and VP (CAR), it is indicated that a combination of particular values of these parameters will allow a card to work with any type of terminal, without then checking any pairing. Thus, whatever the identifier id (STB) 1 and / or id (CAR) 1 will transmit the terminal 1 to the security processor 2, the processor 2 will allow the processing of ECM messages and any other command related to the operation of the processor of security. It is further indicated that the match control mechanism may be suspended or reactivated after it is suspended from the security processor by an entry made following receipt of an EMM message which would assign the parameter values VP (STB). and / or VP (CAR) the particular values mentioned above. It is indicated that this order of registration is dated so as to prevent the replay of such an order.

  The broadcast of EMM messages and / or the initial storage in step a) of the parameter values may or may not allow the security processor to cooperate with any type of terminal to trigger the pairing check. On the other hand, if the terminal, for example from an earlier version, does not provide the matching check procedure (and therefore does not provide id (STB) 1 and / or id (CAR) 1 at card initialization), the EMM messages can unlock the pairing control process by assigning the particular values mentioned above to the VP (STB) and VP (CAR) parameters.

  Furthermore, in order to be able to adapt the security processor to the value of identifier provided by the terminal, it can be planned to broadcast an EMM message modifying the identifiers relating to the cards, so as to adapt these cards to a new fleet of cards. terminals, or the value of identifiers relating to the types of terminals, under the authority of the suppliers of terminal type identifiers, if the alphanumeric string identifying these types of terminals must evolve.

  Finally, referring again to FIG. 3, the identifiers id (STB) 2, id (CAR) 2 and the parameter values VP (STB) and VP (CAR) are stored in step a) in FIG. the memory dL: the card, as global data of the card, for example in the issuer entity of a smart card as identified for example in the standard UTE C 90-007 (Annex 1, section 6) . Thus, the identifiers and values stored in the card are not searchable using a read command of data stored in the card. Nevertheless, a function operated by the card and which consists of presenting the identifier id (STB) 2 and / or id (CAR) 2 can give information on the internal state of the authorization of the pairing.

  Conversely, for old version cards, which do not support the matching control mechanism, meaning the absence of a matching procedure, the terminal can directly supply the ECM and EMM messages allowing the card to proceed subsequently. the control of access rights.

  Of course, the present invention is not limited to the embodiment described above by way of example; it extends to other variants.

  Thus, it will be understood that the simplest embodiment of the invention consists in providing that the pairing value stored in memory of the security processor, on the one hand, and in memory of the terminal, on the other hand, consists of a single piece of information, preferably the identifier of the security processor. Moreover, the parameter values relating to the type of VP card (CAR) and / or the type of terminal VP (STB), although they offer appreciable flexibility for the implementation of the matching control method in the sense of of the invention may not be used in a simplified variant.

  It will also be understood that if the description of the invention was made in the context of using a card and a terminal, it is directly applicable to the context of using a card and a descrambling module. detachable, for example in the form of a removable PCMCIA card (Personal Computer International Memory Card International Association), intended to be inserted into a receiving terminal and complies with the EN 50221 standard "Common Interface Specification for Conditional Access and other Digital Video" Broadcasting Decoder Applications ".

  Finally, it has been described above the control of access to a content. However, the method within the meaning of the invention can of course also find an application to control the use of a resource or a service.

Claims (14)

claims   A method for controlling a pairing between a type of terminal, among a fleet of terminals, and a type of security processor, among a pool of security processors, a security processor (2), paired with a terminal (1) , being arranged to cooperate with this terminal to provide it with data enabling decoding and / or descrambling of a multimedia stream that the terminal (30) receives according to secure access conditions associated with this stream, the method comprising: a) a pairing value assignment step, in which at least a first pairing value is stored in a memory of a terminal and at least a second pairing value corresponding to said first value of pairing, in a memory of a security processor intended to be matched to the terminal, and b) a matching control step, prior to a verification of the conditions of secure access, in which the process The security manager is arranged to read and compare said match values, and then continue or stop operation with said terminal, based on the comparison of the first and second match values.   2. Method according to claim 1, wherein during step b), the security processor receives from the terminal the first matching value in unencrypted form.   3. Method according to one of claims 1 and 2, wherein said first and second matching values correspond to an identifier of the type of security processor.   4. Method according to one of the preceding claims, wherein said first and second matching values correspond to the association of a terminal type identifier and an identifier of the type of security processor.   5. Method according to one of claims 3 and 4, wherein the identifier of the type of security processor comprises a mark of the technical system shared by the terminal and the security processor.   6. Method according to one of claims 3 to 5, wherein step b) comprises a display operation of the identifier of the type of security processor included in the first matching value and stored in the memory. terminal, on a display unit of the terminal (11) and / or on the screen of a television (3) connected to the terminal.   7. Method according to one of the preceding claims, wherein in step a) stores in the memory of the security processor at least one matching activation indicator whose value activates the matching control, and wherein, in step b), the security processor is arranged to read the value of said indicator, compare (43) the value read to a reference value and trigger comparison of the first and second match values (44). ), depending on the comparison to the reference value.   The method of claim 7, wherein said matching matching activation flag on which portion of the matching values is to carry the matching control of step b).   The method according to claims 4 and 8, wherein the matching control of step b), according to the value of said pairing activation flag, relates to said terminal type identifier and / or said identifier. the security processor type or is disabled.   Method according to one of the preceding claims, wherein the comparison between all or part of the first and second matching values consists of an equality check.   11. Method according to one of the preceding claims, wherein the terminal transmits to the security processor its first match value in clear, while the comparison between all or part of the first and second pairing values consists of a verification of equality of a cryptographic digest of the first match value with the second match value.   The method according to one of the preceding claims, wherein, in step b), the security processor does not process the ECM messages received by the terminal at least as long as the matching control is in progress.   13. Computer program product, comprising instructions to be stored in a memory of a security processor for the implementation of the matching control according to step b) of the method according to one of the preceding claims, and instructions to be stored in a memory of a terminal to provide the security processor with data useful for the matching control according to step b).   14. A system comprising a terminal and a security processor, paired with the terminal and arranged to cooperate with the terminal to provide said terminal with data enabling access conditions to be verified for decoding and / or descrambling a multimedia stream that receives the terminal, wherein the security processor (2), to further verify a pairing between the terminal and the security processor, is arranged to read and compare (44) a first match value stored in a terminal memory and a second pairing value stored in a memory of the security processor, and then continuing or stopping its cooperation with said terminal to check the access conditions, based on the comparison of the first and second pairing values.