FR2927209A1 - Computer entity i.e. server, communicating method for exchanging e.g. multimedia content, involves executing global program by executing routine to control identifier, and playing content in case of positive control of identifier of entity - Google Patents

Abstract

The method involves merging a content (20) and a content player program in a single global program included in a file before communication with a computer entity. An identifier (22) of the entity is stored as data of the global program before communication, and a verification routine (23) of the identifier is added to the global program before communication. The global program leading to a content player (21) is executed before communication by executing the routine for controlling the identifier, and playing the content in case of positive control of the identifier. Independent claims are also included for the following: (1) a computer program comprising instructions to perform a method for communicating a computer entity to another computer entity (2) a computer entity comprising global program generation units (3) a computer entity comprising execution units.

Description

The present invention aims at the protection of a content, in particular multimedia content, against an illegal reproduction.

It has been observed that systems for protection against unauthorized reproduction of content have first been very successful (during the 1990s), to bring about less development effort. This observation can be explained in particular by: - the fact that many protection systems have been successively "broken", that is to say disabled by indelicates to gain access to the content, - by the fact that most users want to be able to make a "reasonable" duplication (in the family context or for a simple loan to a third party or for an audiovisual reproduction on a device of their choice), - by the fact that digital rights management or DRM (for "Digital Rights Management") requires a budget larger than expected (some broadcasters say for example that three out of four calls to their platform (or "hotline") are related to DRM problems).

Many protection systems have probably been broken for the following reason: the conventional approach of protection is to provide a secret key to be inserted in a media supporting the multimedia content, this secret key allowing a device for reading the media to check whether the content is copied legally. It therefore represents a right that is provided by the broadcaster, who can normally check the number of copies in circulation.

Indeed, a standard device is unable to copy this key if it is placed in an inaccessible receptacle (for example using a non-standard file system where information specific to this key would be stored). This system is secured by a commercial agreement between a manufacturer of suitable reading devices and a media manufacturer (or their representatives). However, it has proved possible to circumvent such protection, especially in the case of encrypted DVD discs that can be read by running a program called DeCSS. An alternative to using a secret key is to check the user's right from an online site (for example, such as iTunes). In this embodiment, a remote server has content protected by copyright. The client is the software and / or the device that can read this content (for example a media player or a digital music player). When a user wants to download a file, the client provides a unique identifier to the server. The server encrypts the requested file specifically for this client. This encrypted file is then transferred from the server to the client over a wide area network such as the Internet. When the user wishes to play the content that he has thus downloaded, on a player equipped with the software and / or connected to the authorized device (s), the reader first establishes a connection with the server, which ensures that the user on whose behalf the rights are registered has a valid license at this time. If this is the case, the server transmits to the client the decryption code of the file, as well as the list of rights of the user vis-à-vis this file. The verification of the right may require the user to possess an additional key (for example a hardware key such as a "dongle" to be connected to a PC-type computer port), which greatly limits the possibilities of duplication and of restitution on any support. This technique is not very widespread especially because of the costs involved and its lack of flexibility: it is indeed difficult to lend content and / or use this technique outside the world of the personal computer.

Content broadcasters have tried to install and implement ad-hoc reading software on personal PCs of their customers, profoundly modifying their operation (Sony brand rootkit). This approach has created a lot of mistrust or distrust of these broadcasters.30 Another possibility is to make the content access tool sensitive to a DRM policy (which is very recent for example Microsoft Vista).

Another possibility is to make unconditional access to some of the content and subject to certain conditions access to a complementary part. Again, the use of online access is necessary.

A promising solution is tattooing digital content or watermarking. The content does not seem protected, but, in reality, has "marks" that are undetectable by our senses. The legal value of these marks, however, seems difficult to establish insofar as it is always possible, technically: - to add a watermarking, or - to remove or conceal a watermarking.

The present invention improves the situation.

To this end, it proposes to ensure that users can make a "reasonable" duplication of the content they have regularly acquired. A lawful user of a content must be able to: - "lend" the content to a third party, - use it on the device of their choice, without being limited to proprietary hardware, - use the DRM easily without them are sources of additional costs.

Preferably, the act of copying is and must remain regulated. For this purpose, an entity B (content provider) must be able to identify at least one other entity A (receiving a copy of the content) in order to count the number of copies made.

Thus, the present invention firstly relates to a method of communicating a first computer entity to a second computer entity of a file comprising a content intended to be read by a predetermined program, reader of this content. In the method according to the invention, before communication with the second entity: the content and the program reader of the content are merged into the same global program, that includes said file, the execution of said overall program leading to the reading of the content, - an identifier of the second entity is registered as data of said global program, and - a verification routine of said identifier is added to said global program, Thus, the execution of the global program by the second aforementioned entity comprises: - a execution of the identifier verification routine to control the identifier of the second entity, and, in case of positive control of the identifier, a reading of said content.

Preferably, it must also be possible for the user to differentiate between pirated content and "non-pirated" content. The goal is not to prevent a particular hacker from making a copy of content similar to the original, but rather to make this copy difficult.

Thus, in one embodiment, a complication routine of the overall program structure is further applied, and the second entity then executes the overall program in its complicated form.

The term "complicated form" means that the verification routine of the identifier, on the one hand, and the reading routine of the content in the overall program, on the other hand, are nested and mixed, so that it is difficult for an attacker to gain access in a reasonable time: - to the verification routine of the identifier, - and / or to the data of the identifier inserted in the global program, - and / or to the data of the content .

The content, itself, can be multimedia content, text, or other, or simply an identifier for secure access control.

By way of example, such a complication (or simplification) of the overall program structure can be carried out by a computer technique known as "obfuscation" (or "deobfuscation"), which technique will be described later in a illustrative example. Obfuscation aims to make information difficult to understand.

The overall program, in its initial uncomplicated form, then comprises the digital data of the content, as well as a reader program (or "player") of these data, so that its execution (with a positive control of the identifier ) is to read the content and play for example a movie or a music, if the second entity is connected to a rendering device. It will be understood that the second entity may be an audio or video rendering device, or more generally a terminal, possibly connected to a wide area network, for example to download from the first entity the global program in obfuscated form.

Thus, the first entity may be, for its part, a server initially broadcasting the content, in the form of an obfuscated global program, for "second" entities that may be rendering devices and / or terminals.

The present invention thus aims at a computer entity, such as a broadcast server of the aforementioned type, and comprising means for being able to implement the above method, as "first computing entity" involved in the process. It will be noted that this "first" computer entity can implement a computer program comprising instructions for generating the overall program, for the implementation of the method in the sense of the invention, when this computer program is executed. by a processor of such a "first" computing entity.

As such, the invention also aims at this computer program.

However, the aforementioned first computer entity may also be a terminal and / or a rendering device communicating the overall program to another terminal and / or rendering device. Thus, by repeating the statement of the above method, the second entity (a terminal for example) can decide to communicate the content as a global program to a third computer entity (another terminal for example). In this case, the second entity, preferably: -simplifies the global program, -inserts, as data, an identifier of the third entity in the simplified global program, and -complicates the global program comprising the identifier of the third entity .

The present invention thus also relates to a computer entity, such as a terminal and / or restitution device of the aforementioned type, and comprising means for implementing the above method, as "second computer entity" involved in the process.

It will be noted here that the insertion of the identifier of the third entity as data in the global program may consist of the addition of this identifier to the identifier of the second entity, or, alternatively, to an insertion by replacing the identifier of the second entity with the identifier of the third entity.

It will then be understood that the insertion of identifier makes it possible to control the circulation of the copies of the content and, in particular, to know exactly if a terminal, having its own identifier has had access or not to the protected content within the meaning of the invention. It is also possible to provide a remote content distribution management authority to: -receive the second entity's identifier from the second entity and the third entity's identifier, and store these identifiers in memory, and communicating to the second entity: a first key for launching, with the second entity, a routine simplifying the overall program and inserting the identifier of the third entity in the global program, and a second key for then launch, at the second entity, a complication routine of the overall program, before communication of the overall program in complicated form to the third entity.

The present invention aims, as such, a computer entity having means for implementing this embodiment, as a management authority. For example, it may be again a remote server, managing a list of terminals that had access to the content. In particular, this server may be identical and perform the same functions as the initial broadcast server content (which can be the "first" entity above).

In the embodiment where, with each copy of the content intended for a new entity, provision is made for inserting the identifier of this new entity by insertion in the global program, the content can then be transferred several times between several entities, and an identifier of each entity of this plurality of entities is registered as data of the global program, which then comprises a list of the identifiers of the terminals having accessed the content. In the case where a managing authority is foreseen, the latter will maintain a peer list.

For example, a computer entity identifier may be the serial number of the computer entity, or simply a confidential code chosen by the owner of the computer entity or personal data relating to the owner.

Thus, the reading of the content whose data is data of the global program only executes if the identifier read as additional data of the global program corresponds to the serial number read in a memory of the computing entity, or to a PIN entered by the owner.

It should be noted that the overall program has an advantageous structure since it includes the data of the content (and the data of possible identifiers) as data of the global program, these data being obfuscated (therefore difficult to find in the overall structure of the program). program) before a communication to a terminal or a rendering device. As such, the present invention also provides a computer program, stored in memory of a computer entity or downloadable via a remote site to be stored at least temporarily in memory of said computer entity, forming such a global program for the implementation implementation of the method in the sense of the invention, when this program is executed by a processor of the computer entity. The global program thus comprises instructions for: - conducting a verification check of the identifier of the computer entity, - and, in case of a positive control of the identifier, reading the content whose data are data of the global program .

Thus, in conventional protection systems, a conventional use of cryptographic principles is implemented where an entity B (Bob) communicates a secret to an entity A (Alice, where Alice and Bob are both enabled). It is then desired to totally prevent an entity C (Eve, unauthorized) from accessing their communication. This is not the purpose of the invention which, on the contrary, allows controlled copying.

Similarly, the invention differs from a conventional use of DRM rights: - it is not necessary to protect exchanges between Alice and Bob but simply a single initial exchange, - in the example above, Alice and Eve would be complicit since Alice would unauthorizedly duplicate her content for Eve.

Other features and advantages of the invention will appear on examining the detailed description below, and the accompanying drawings in which: - Figure 1 schematically illustrates a first diffusion of content protected by the implementation of the invention, from an S server as "first computing entity", in an exemplary embodiment of the invention, - Figure 2 illustrates the steps implemented by the server S to generate the overall program including the content data for the computing entity D1 of FIG. 1; FIG. 3 illustrates the exchanges between the computer entity D1 and the server S to provide "copy the content" (that is to say, adapt the overall program) for another entity D2, - Figure 4 schematically illustrates the operations performed by the entity D1 to be able to adapt the overall program for the second entity D2, - Figure 5 schematically illustrates the steps of execution of the overall program with a computer entity D1 or D2.

With reference to FIG. 1, a computer entity D1 (such as a terminal or a rendering device) first sends a request to a remote server S, a content provider, for it to download a predetermined content. . In particular, the REQ request (Id-1) comprises an identifier (for example a serial number) of the IT entity D1 or of its owner (for example a personal code). The terminal D1 also sends in the request an identifier of the desired content (not shown). In the embodiment where the identifier is a serial number, it can be provided an automatic routine: - able to read in a memory of the entity D1 this serial number - and the communicating to the server S.

The server S stores the identifier Id-1 of the entity D1 (step MEM Id-1 of FIG. 1) in a database. Next, the server S constitutes, as a function of the identifier Id-1 of the entity D1, a global program in the sense of the invention, with a view to the communication to the entity D1 of the content, in the form of this PG global program (Id-1).

With reference to FIG. 2, this overall program is constituted as follows. The content data 20 is imported as data of a reading program (a "player" with the reference 21 in FIG. 2, possibly with an additional "plugin" type program for the verification of identifier). Advantageously, the verification routine of the identifier of the computer entities to which the content is intended, bearing the reference 23 in FIG. 2, is added and, in particular, the identifier Id-1 of the computing entity D1 is added as data item 22 of the global program, to form in step 24 the global program then containing: the data of the content 20; the reading routine of these data 21; the identifier Id-1 of the entity D1 for which the content is intended as data item 22 of the program; and a verification routine 23 of this identifier Id-1.

The overall program obtained in step 24 is of simple structure. It is then obfuscated in step 25 to form the global obfuscated program PG (Id-1), at step 26.

This global obfuscated program PG (Id-1) is then communicated directly from the server to the IT entity D1 for a reproduction of a multimedia content, for example, if this IT entity D1 is connected to a rendering device.

Referring now to Figure 3, there is described a situation in which the computer entity D1 wishes to communicate the content to another computer entity D2 (another terminal or other sound or video playback device). The entities D1, D2 are, of course, connected to the server S by an extended network, for example via the Internet, as are the entity D1 and the server S of FIG.

In the example described, the terminal D1 sends a request to the server S having the identifier Id-1 of the terminal D1 and the identifier Id-2 of the terminal D2. Of course, the terminal D1 also sends an identifier of the desired content. The server S, on the basis of this request, finds the identifier Id-1 of the terminal D1 in its database and then processes the request of the terminal D1. The server S then stores in its database the new identifier Id-2 of the terminal D2 and sends the terminal D1 a deobfuscation key DES (Id-1) of the global program PG (Id-1) that currently has the terminal D1, and an obfuscation key OBS (Id-2) of the overall simplified structure program to add the identifier Id-2 of the second terminal D2 and obfuscate the result to form the global program PG (Id-2). The program thus obfuscated PG (Id-2), which holds the terminal D1, is finally communicated to the second terminal D2.

More specifically, with reference to FIG. 4, the initial global program PG (Id-1) held by the entity D1 is preferentially transformed as follows. Starting from this global program PG (Id-1), in step 40, which can read the entity D1 since its serial number corresponds to the identifier Id-1, first undergoes a deobfuscation, at the step 41, using the key DES (Id-1) that transmits the server S. The program obtained in step 42 is then simplified structure: it corresponds substantially to the program that was obtained in step 24 of Figure 2 There is added the identifier Id-2 (in step 43) of the terminal D2 and the global program is obfuscated in step 44 to thus constitute the global program PG (Id-2) which is intended for the terminal D2 at step 45.

It will then be understood that, if the program PG (Id-1) is of complicated form (by obfuscation), a routine which is triggered by verification of the identifier Id-1 of the terminal D1 is intended to simplify the structure of this program PG ( Id-1) during the deobfuscation step 41. On the other hand, after inserting the identifier Id-2 of the second terminal D2 (in step 43), an obfuscation routine 44 is executed to make it more difficult to again the structure of the program PG (Id-2) which is intended for the terminal D2.

With reference to FIG. 4, it will be understood in particular that the operations of deobfuscation 41 and obfuscation 44 are preferably conducted substantially simultaneously, on the fly. In any event, it will be avoided to provide the opportunity for a malicious user to perform the deobfuscation routine 41 and to interrupt the obfuscation routine 44 at its beginning (for example by powering off), which would allow this malicious user to have access to the content data that would appear in simple form. It is therefore preferred that steps 41 and 44 be implemented almost simultaneously.

It should be noted that these obfuscation and deobfuscation routines are known per se in the art of computer processing. An obfuscation does not prevent a program from being executed but, on the other hand, greatly complicates its structure for an intruder who would have access to the code and who would try to understand it. For example, the data of the content and / or the identifier can be obfuscated first. An obfuscation routine that can be implemented in the context of the present invention will be described later and it consists, in the example described, in a binary decomposition of the data and a complication of the expression. exponents of the power 2, of this binary decomposition.

Preferably, the obfuscation effected by the server S in step 25 of FIG. 2 advantageously leads to a global program different from that obtained by the obfuscation performed by the terminal D1 in step 44 of FIG. 4. Thus, it will be understood that a global program is different from a copy PG (Id-1) to the other PG (Id-2).

It will be noted in the example of FIGS. 1 and 3 that the server S that broadcasts the content, on the one hand, and the server that keeps the list of identifiers of the terminals that have access to the content, on the other hand, are the same and only server. Of course, two separate servers can be provided.

It will be noted that the method illustrated in FIG. 2 is implemented by the content distribution server S, while the method illustrated in FIG. 4 is implemented by the computer entity D1 (such as a terminal). which is then equipped with an appropriate copy program. As such, the present invention also aims at such a copy program. As seen previously with reference to FIG. 4, each global program PG (Id-2) which is intended for a entity D2, is generated specifically for this entity D2 under the control of the server S and by means of the aforementioned copy program.

Of course, it may be provided to limit the number of possible copies, for example by imposing a finite number of identifiers in the list maintained by the server S, or in the list of identifiers successively added as data of the global program . It will also be noted that the server S, holding a list of the identifiers of the terminals, can refuse the communication of a content if a request reveals an unauthorized terminal identifier.

It should be noted that the terminal D1, once the global program PG (Id-2) is transformed to be intended for the entity D2, can no longer use this global program PG (Id-2) since its execution is conditioned by checking the identifier Id-2 (and not Id-1) with the entity Dl. It can then be provided several options. According to a first option, the copying program of the entity D1 can freely copy the global program PG (Id-1) as many times as desired and a version of these copies can be transformed for a communication to the entity D2, under the form of the global program PG (Id-2). According to another option where it may be preferred to "lend" the content of the entity D1 to the entity D2, the simple copy of the program PG (Id-1) from the entity D1 may be prohibited, so that that the transformation of this global program into a program adapted to the entity D2 can no longer be used by the entity Dl. In this case, the owner of the terminal Dl will ask the owner of the terminal D2 the content for it to be returned. In any case, in this second option, it will be understood that it is not necessary to maintain a list of identifiers, but simply to keep in memory the identifier of the last terminal D2 to have access to the content (PG program (Id-2)).

It should also be noted that the overall program for an IT entity may include other routines, not described above. For example, according to the information that the entity D1 can give to the server S on the entity D2 (identifier Id-2), the server S can add a piece of data, in the obfuscation key OBF (Id-2) , to validate a timing routine in the global program PG (Id-2), which may consist of allowing the execution of the global program for a selected period (for example 7 days). Beyond this period, the execution of the global program PG (Id-2) can be inhibited.

It will also be noted that the entity D1, with reference to FIG. 1, when communicating a request to obtain a content, can initially declare several terminal identifiers, so that the global program PG (Id-1) is readable by a limited number of terminals whose owner of the Dl entity is also owner (for example several "MP3 players").

It will be understood then that the global program may further include routines defining rules of its own execution (multiple identifiers allowed at the same time, timing routine, or other).

Referring to Figure 5, there is illustrated, as a reminder, the operations that occur when the global program is executed from a terminal type computer entity or playback device. The execution of the program begins with the verification routine 50 of the identifier of the IT entity hosting the global program. If the identifier is in conformity (for example with the serial number of the IT entity), on the test 51 (arrow O), then the reading of the data of the content can be started in step 52. Otherwise (arrow N in test output 51), the reading of the content is not executed and it can be transmitted to the server S a user incident information, for example, accompanied by the serial number actually read by the global program. It is added here that the identifier of a computer entity may be for example its MAC address, a hard disk identifier that includes this computer entity, or other.30 Thus, the present invention authorizes the copy for a loan of the content, then that in the classic case of a DRM management, it is impossible to copy a content even if the copy of this content would remain in a family setting.

Moreover, the invention makes it possible to use the content on a device at the choice of its owner. Indeed, since the reader program (or "player") is provided in the global program, this global program can run on any type of terminal having sufficient memory and a sufficiently modern processor, according to another advantage that provides the present invention.

Note further that it is not necessary for a computer entity Dl or D2 to remain connected to the server S to read the content. Indeed, once the content has been transferred to a computer entity, it can read it as many times as desired, without the necessary intervention of the server S. We now describe, hereinafter, the obfuscation mechanism that can be used to complicate the structure of the overall program within the meaning of the invention.

Any digital content can be represented by a polynomial of the form: 20 a * 2 ^ n + b * 2 ^ m + .... + x * 2 ^ 1 + y * 2 ^ 0 where a, b, x and y are binary constants and where n, m, ..., are positive integers. This is a binary decomposition.

This polynomial can be implemented in a usual binary form by listing the coefficients a, b, x, y according to an arbitrary order (eg the most significant bit left or right). Thus, the number 23 is for example 23 = 1 * 2A4 + 0 * 2 ^ 3 + 1 * 2 ^ 2 + 1 * 2 ^ 1 + 1 * 2 ^ 0

It is possible to use a program that will generate this decomposition and list these aforementioned coefficients. An example of pseudo-code can be that illustrated in Appendix 1. In this pseudo-code, if the "while" loop is rewritten several times, in the form of a large number of sequential operations, then the digital content is completely unstructured so that the tables "coeff" and "expos" of appendix 1 are no longer used This case has been represented in appendix 2 where the operation "content" is repeated several times in the same example of the decomposition of the number 23. The content, without the apparent coefficients, is much more difficult to find than in the case of an encryption by a secret key.It should be remembered that the overall program is different for each copy, while content protected by a secret key has a standardized format from one copy to the other.In the case of a program protected by a secret key, the content of the key must be found.But as the reader who is authorized to read the content owns this By definition, it is "enough" to find this key and use it to decrypt the content and distribute it in unencrypted form.

It should be noted that the understanding of a program is usually difficult to achieve because: - not only do we need to know the manipulations performed at the level of the binary language (disassembly), which can always be feasible, - but we must also understand what these manipulations mean. In general, the link between assembly language (or "decompiled language") and its meaning is very difficult to find.

Here, the program in assembly language can itself be "obfuscated", that is to say that the structure of the program is altered to make disassembly particularly difficult. An example of a complication is illustrated in Appendix 3 where it is initially set a = 4; b = 3; c = 2; d = 1, again for the example of writing the data "content" = 23.

In this example, it is impossible for a pirate (or "hacker") to retrieve data of a large content in a reasonable time. The task of deobfuscation when it is well done can not currently be automated for any program, but you must have a deobfuscation key, knowing the initial program. The example in Appendix 3 is trivially understandable and simply illustrative. However, it will be advantageous to complicate all or part of the content data and, in any case, the identifier data of the entities.

ANNEX 1 int index = a lot - 1; Big Number content;

large integer coeff [a lot], expos [a lot]; while (index> -1) {content = content + (coeff [index] * (2 ^ expos [index]) index; Index--;} 15 APPENDIX 2 Big Number Content;

content = (2 ^ 4) 4; content = content + (2 ^ 2) 2; Content = content + (2 ^ 1) 1; content = content +1; APPENDIX 3 25 Big Number Content; broad integer a, b, c, d;

content = (2 ^ (b + d)) (2 * c); content = content + ((a-4) ^ a (b-d); 30 content = content -c * (d-d); content = content + (a-b); 10

Claims (12)

A method of communicating a first computer entity to a second computer entity of a file comprising a content intended to be read by a predetermined program, a reader of said content, in which, before communication to the second entity: the content ( 20) and the content reader program (21) are merged into one and the same global program included in said file, the execution of said global program leading to the reading of the content, - an identifier of the second entity (22) is registered in as a given of said global program, and - a verification routine (23) of said identifier is added to said global program, and in which the execution of the global program by the second entity comprises: - an execution of the identifier verification routine (50) for controlling the identifier of the second entity, and, in the case of a positive control of the identifier (51), reading (52) said content. The method of claim 1, wherein a complication routine (25) of the structure of said global program is further applied, and the second entity executes said global program in complicated form. 3. Method according to claim 2, wherein, for a communication of the content of the second entity (D1) to a third entity (D2), the second entity: - simplifies the global program (41), - inserts, as given, an identifier (43) of the third entity in the simplified overall program, and - complicates (44) the global program comprising the identifier of the third entity. 19 4. Method according to claim 3, wherein a remote management authority (S) is provided for: receiving from the second entity at least the identifier of the second entity and the identifier of the third entity (REQ 1, Id-2)), and store in memory at least the identifier of the third entity (Id-2), and - communicate to the second entity: o a first key (DES (Id-1)) to launch, in the second entity, a routine simplifying the overall program and inserting the identifier of the third entity in the global program, o and a second key (OBF (Id-2)) to then launch, with the second entity, a complication routine of the global program, before communication of the global program in complicated form (PG (Id-2)) to the third entity. 5. The method of claim 2, wherein a complication / simplification of the overall program structure is conducted by obfuscation / deobfuscation. The method of claim 1, wherein the content is transferred a plurality of times between a plurality of entities (D1, D2), and an identifier (Id-1, Id-2) of each of said plurality of entities. entities is registered as data of the global program. 7. Computer program comprising instructions for generating the overall program, for the implementation of the method according to one of claims 1 and 2, when the computer program is executed by a processor. 8. Computer entity (S), comprising means for executing the computer program according to claim 7, for generating said global program. 9. Computer entity, comprising means for implementing the method according to claim 4, as management authority (S). 10. Computer program (PG (Id-1), PG (Id-2)) stored in memory of an IT entity or downloadable via a remote site to be stored at least temporarily in memory of said computing entity, forming the overall program for implementing the method according to claim 1, when this program is executed by a processor of said computer entity, and comprising instructions for: conducting a verification check (50) of the identifier of said entity computer, - and, in case of positive control of the identifier (51), read said content (52). Computer entity (D1, D2), comprising means for executing the computer program according to claim 10, as the second computer entity. 12. Computer entity (Dl), comprising means for implementing the method according to claim 3, as the second computing entity (D1).