WO2000011866A1 - Security device for decoding compressed encrypted data - Google Patents

Security device for decoding compressed encrypted data Download PDF

Info

Publication number
WO2000011866A1
WO2000011866A1 PCT/FR1999/002016 FR9902016W WO0011866A1 WO 2000011866 A1 WO2000011866 A1 WO 2000011866A1 FR 9902016 W FR9902016 W FR 9902016W WO 0011866 A1 WO0011866 A1 WO 0011866A1
Authority
WO
WIPO (PCT)
Prior art keywords
microcircuit
data
information
decrypted
secure
Prior art date
Application number
PCT/FR1999/002016
Other languages
French (fr)
Inventor
François Grieu
Roland Moreno
Original Assignee
Innovatron (Societe Anonyme)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from FR9810543A external-priority patent/FR2782563B1/en
Priority claimed from FR9815377A external-priority patent/FR2786973B1/en
Application filed by Innovatron (Societe Anonyme) filed Critical Innovatron (Societe Anonyme)
Priority to AU51743/99A priority Critical patent/AU5174399A/en
Publication of WO2000011866A1 publication Critical patent/WO2000011866A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4184External card to be used in combination with the client device, e.g. for conditional access providing storage capabilities, e.g. memory stick
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • H04N21/4367Establishing a secure communication between the client and a peripheral device or smart card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10HELECTROPHONIC MUSICAL INSTRUMENTS; INSTRUMENTS IN WHICH THE TONES ARE GENERATED BY ELECTROMECHANICAL MEANS OR ELECTRONIC GENERATORS, OR IN WHICH THE TONES ARE SYNTHESISED FROM A DATA STORE
    • G10H2240/00Data organisation or data communication aspects, specifically adapted for electrophonic musical tools or instruments
    • G10H2240/011Files or data streams containing coded musical information, e.g. for transmission
    • G10H2240/026File encryption of specific electrophonic music instrument file or stream formats, e.g. MIDI, note oriented formats, sound banks, wavetables
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10HELECTROPHONIC MUSICAL INSTRUMENTS; INSTRUMENTS IN WHICH THE TONES ARE GENERATED BY ELECTROMECHANICAL MEANS OR ELECTRONIC GENERATORS, OR IN WHICH THE TONES ARE SYNTHESISED FROM A DATA STORE
    • G10H2240/00Data organisation or data communication aspects, specifically adapted for electrophonic musical tools or instruments
    • G10H2240/011Files or data streams containing coded musical information, e.g. for transmission
    • G10H2240/046File format, i.e. specific or non-standard musical file format used in or adapted for electrophonic musical instruments, e.g. in wavetables
    • G10H2240/061MP3, i.e. MPEG-1 or MPEG-2 Audio Layer III, lossy audio compression
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10HELECTROPHONIC MUSICAL INSTRUMENTS; INSTRUMENTS IN WHICH THE TONES ARE GENERATED BY ELECTROMECHANICAL MEANS OR ELECTRONIC GENERATORS, OR IN WHICH THE TONES ARE SYNTHESISED FROM A DATA STORE
    • G10H2240/00Data organisation or data communication aspects, specifically adapted for electrophonic musical tools or instruments
    • G10H2240/171Transmission of musical instrument data, control or status information; Transmission, remote access or control of music data for electrophonic musical instruments
    • G10H2240/181Billing, i.e. purchasing of data contents for use with electrophonic musical instruments; Protocols therefor; Management of transmission or connection time therefor
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10HELECTROPHONIC MUSICAL INSTRUMENTS; INSTRUMENTS IN WHICH THE TONES ARE GENERATED BY ELECTROMECHANICAL MEANS OR ELECTRONIC GENERATORS, OR IN WHICH THE TONES ARE SYNTHESISED FROM A DATA STORE
    • G10H2240/00Data organisation or data communication aspects, specifically adapted for electrophonic musical tools or instruments
    • G10H2240/171Transmission of musical instrument data, control or status information; Transmission, remote access or control of music data for electrophonic musical instruments
    • G10H2240/201Physical layer or hardware aspects of transmission to or from an electrophonic musical instrument, e.g. voltage levels, bit streams, code words or symbols over a physical link connecting network nodes or instruments
    • G10H2240/241Telephone transmission, i.e. using twisted pair telephone lines or any type of telephone network
    • G10H2240/245ISDN [Integrated Services Digital Network]
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10HELECTROPHONIC MUSICAL INSTRUMENTS; INSTRUMENTS IN WHICH THE TONES ARE GENERATED BY ELECTROMECHANICAL MEANS OR ELECTRONIC GENERATORS, OR IN WHICH THE TONES ARE SYNTHESISED FROM A DATA STORE
    • G10H2240/00Data organisation or data communication aspects, specifically adapted for electrophonic musical tools or instruments
    • G10H2240/171Transmission of musical instrument data, control or status information; Transmission, remote access or control of music data for electrophonic musical instruments
    • G10H2240/201Physical layer or hardware aspects of transmission to or from an electrophonic musical instrument, e.g. voltage levels, bit streams, code words or symbols over a physical link connecting network nodes or instruments
    • G10H2240/261Satellite transmission for musical instrument purposes, e.g. processing for mitigation of satellite transmission delays
    • GPHYSICS
    • G10MUSICAL INSTRUMENTS; ACOUSTICS
    • G10HELECTROPHONIC MUSICAL INSTRUMENTS; INSTRUMENTS IN WHICH THE TONES ARE GENERATED BY ELECTROMECHANICAL MEANS OR ELECTRONIC GENERATORS, OR IN WHICH THE TONES ARE SYNTHESISED FROM A DATA STORE
    • G10H2240/00Data organisation or data communication aspects, specifically adapted for electrophonic musical tools or instruments
    • G10H2240/171Transmission of musical instrument data, control or status information; Transmission, remote access or control of music data for electrophonic musical instruments
    • G10H2240/281Protocol or standard connector for transmission of analog or digital data to or from an electrophonic musical instrument
    • G10H2240/295Packet switched network, e.g. token ring
    • G10H2240/305Internet or TCP/IP protocol use for any electrophonic musical instrument data or musical parameter transmission purposes

Definitions

  • the present invention relates to information dissemination systems in which information is sent from a broadcaster to a user in compressed and encrypted form, and in which the user has a decoder associated with a protected electronic microcircuit, by example a microcircuit card, which constitutes the key necessary so that the decoder can restore information in clear.
  • a decoder associated with a protected electronic microcircuit, by example a microcircuit card, which constitutes the key necessary so that the decoder can restore information in clear.
  • EP-A-0 714204 describes such a decoder capable of processing information both encrypted and compressed, which is the field concerned by the present invention.
  • EP-A-0 723 371 and EP-A-0 453 737 as well as Peyret P et al., Smart Cards Provide Very High Security and Flexibility in Subscribers Management, IEEE Transactions on Consumer Electronics, 1990, Vol. 36, 3, 744-752, only describe the decoding of uncompressed information.
  • the information broadcast by such systems can be varied, for example audio (music) or video signals (television programs), or even textual data such as agency reports or financial information.
  • the purpose of encryption is to reserve unencrypted access to this information to authorized persons in return for a payment such as a subscription or a payment per session.
  • the electronic microcircuit allowing the decoder to ensure decryption is generally protected against reading its content and against copying, whether it is a microcircuit card inserted in a connector of the decoder, or a microcircuit internal to the decoder. This level of security does not however prevent the information once decoded from being able to be copied, thus allowing the authorized user to share the dissemination of the information with other unauthorized persons, that is to say without subscription to the broadcaster or without payment in return for the unencrypted return of information. There are indeed many possible attacks on existing systems tants in order to save the information in a usable form.
  • One of the aims of the invention is to prevent, as far as possible, that the information once decoded can be copied, or at least to ensure that this copying is accompanied by a significant degradation of the quality of information or a considerable increase in the volume of data preventing or making it difficult to record.
  • the invention provides for this purpose a device for decoding encrypted and compressed information, in particular video, audio or text information, of the known generic type comprising a housing cooperating with a secure microcircuit comprising a memory and a processor protected against attempts to analyze and read and copy the information stored in this microcircuit, this decoder device comprising: means for receiving input of encrypted and compressed data; means for decrypting the data thus received; means for decompressing the data thus decrypted; and means for outputting, in a decoded form exploitable by a user, decrypted and decompressed data.
  • the secure microcircuit incorporates all of the decryption means and at least part of the decompression means, the stream of decrypted and compressed data delivered by the decryption means to the decompression means not being accessible. from outside the secure microcircuit.
  • the secure microcircuit can be that of a microcircuit card separate from the housing, the latter comprising connection means making it possible to couple the microcircuit card therein, or else an internal microcircuit in the housing.
  • the link between the microcircuit and the box is advantageously a serial type link, very advantageously a link such that the decrypted and partially or fully decompressed data stream is delivered by the microcircuit on at least one of the RFU contacts according to ISO 7816-2.
  • the housing includes part of the decompression means, this part including circuits capable of delivering the decompressed data in response to commands issued by the secure microcircuit;
  • the secure microcircuit also includes part of the means for delivering the data in an exploitable decoded form, this part including in particular digital processing or filtering means;
  • the decryption means operate by implementing a first algorithm allowing the calculation of packet keys from said associated information, and a second algorithm reconstructing a stream of information decrypted from the packets and packet keys calculated by the first algorithm;
  • the device comprises means of payment conditioning the delivery at the output of the data in a decoded form exploitable with the verification, by the microcircuit, of the preliminary realization of a payment according to associated tariff information contained in a memory, in particular of pricing information comprising user identification information contained in a memory of the secure microcircuit;
  • the device comprises recording means or means of coupling to recording means, which can in particular record compressed and encrypted data;
  • the secure microcircuit comprises means for including a watermark in the decrypted and decompressed data stream delivered, this watermark incorporating an identifier of the secure microcircuit.
  • FIG. 1 is an illustration, in the form of a block diagram, of the chain of transmission and reception of information, explaining the various stages of transformation of the signals.
  • FIG. 2 represents the decoder of the user with its various associated elements.
  • Figure 3 shows the different standardized contact areas of a microcircuit card.
  • the stream ⁇ is then compressed using a compression technique with loss of information, for example of the MPEG type, to give a stream of medium bit rate ⁇ , of the order of 10 5 bps for audio and 3.10 6 bps for video; this operation implements relatively advanced technical means, that is to say requiring a high computing power, to achieve a compression which does not adversely affect the sound or visual quality of the signal; e3)
  • This compressed stream ⁇ is then cut into packets, each representing for example 0.1 seconds of sound or image; for each packet, a numerical value forming the packet key is chosen such that the possession of the master key of a first cryptographic algorithm ALG1 is necessary to calculate this packet key.
  • an incremental index is associated with each packet and the packet key is obtained by encrypting the index with the master key by a triple-DES algorithm.
  • Each packet is then encrypted with a second ALG2 cryptographic algorithm using the packet key as a key (note that the data flow for the first ALG1 algorithm is of the order of 10 3 bps, much lower than the data flow of the second al- gorithm ALG2, which is that ⁇ at medium speed of the compressed data).
  • the encrypted stream resulting from step e4 is then broadcast, accompanied by additional information necessary for the calculation of the packet keys, in this example the packet indices. It can be a one-way broadcast, of the satellite, CD-ROM or DVD-ROM type, or on demand, such as a cable broadcast, via the Internet, via the switched telephone network or ISDN.
  • this dissemination is accompanied by various operations for verifying the integrity of the information transmitted and possible correction of errors, which are not concerned with the present invention.
  • broadcasting should not be understood in the strict technical sense (television or radio broadcasting, over the air or by wire) but that it also includes, for example, the dissemination of information by distribution of physical media such as CD-ROMs, DVDs, floppy disks, etc., the teachings of the invention applying equally to the decryption and decompression of information read on a physical medium of this nature.
  • the receiver or decoder comprises a secure electronic microcircuit, that is to say protected against analysis and duplication of its content, and containing the master key necessary for decryption.
  • the successively implemented steps are as follows (we will use references comprising homologous indices of the corresponding steps implemented on transmission): r3)
  • the microcircuit receives the information necessary for the calculation of the packet keys (in the present example, packet indices) and applies the first cryptographic algorithm ALG1; it communicates the packet keys thus calculated to the rest of the decoder.
  • the decoder then decrypts the packets using the second cryptographic algorithm ALG2 and the corresponding packet key, producing a data flow ⁇ identical to that resulting from step e2, i.e. compressed data of means debit.
  • the decoder then decompresses this data stream ⁇ , operation which requires relatively limited means compared to those implemented in step e2, thus giving a high-speed data flow ⁇ 'comparable to the flow ⁇ resulting from step e1, but not identical due to the modifications linked to the compression / decompression process.
  • the decoder converts this data flow ⁇ 'in a way accessible to the human senses, for example by controlling the vibration of a speaker membrane or the luminescence of a cathode ray tube; typically this step r1 firstly comprises a digital / analog conversion.
  • the process can also be transposed to an analog system, for example for systems of older design using in step e2 an analog encoding of the PAL, SECAM or NTSC type and for e4 an analog encryption of the type permutation or rotation of lines; the operating principle is identical, although the flow resulting from step r4 is, in this case, only approximately identical to the flow ⁇ resulting from step e2.
  • the technique which has just been exposed has a certain number of weak points which make it vulnerable.
  • This recording can be done: on a decoder equipped with the legitimate microcircuit, by recovering the information passing from the stage carrying out r4 to that carrying out r2 (the most recent decoders try to avoid this attack by grouping steps r4 and r2 in the same circuit, where the stream in question is not very accessible), by reproducing step r4 in an appropriate device, receiving on the one hand the flow of encrypted information as broadcast, on the other hand the flow of keys packet from a legitimate microcircuit, the device reproducing the decryption by the fast algorithm (this attack can be combined with the previous one). 4 °) The recording of the information flow resulting from step r2.
  • the fraudster will have an interest in recompressing the data, that is to say applying a step similar to e2; we can assume that the technical difficulty of the operation, as well as the resulting loss of quality (a loss all the more significant when the means used are modest) diminishes the attractiveness of the technique.
  • the invention endeavors to remedy these drawbacks which make the system vulnerable to attempts by fraudsters.
  • step r3 + r4 it essentially consists in integrating into the safety microcircuit all of the decryption (steps r3 + r4 above) and at least most of the decompression (step r2 above), so that the ⁇ (medium speed) flow of decrypted and compressed data as well as the flow of packet keys are not present outside the microcircuit and are therefore never accessible.
  • attack n ° 1 (exposed above) is made more difficult, because the cryptographic algorithm can remain secret.
  • security is compromised by a design defect and it must be replaced by another algorithm, it is possible to change the only microcircuit if it is removable, without modification of the decoder itself.
  • An additional advantage is that it is possible to use algorithms varying according to the dissemination area, or even to develop the decompression algorithm.
  • the decoder unit alone (that is to say without its secure microcircuit) containing no cryptographic algorithm, is not subject to any particular regulation.
  • the system that has just been described can be presented in a simplified form, with the two encryption algorithms ALG1 and ALG2 grouped together into one.
  • the steps on the transmitter side will be: e1) Production of digital signals (no change), e2) Compression (no change), e5) Encryption of the data flow par by a cryptographic process using a master key.
  • the decoder includes a secure electronic microcircuit which contains the master key. The steps implemented are: r5) The microcircuit receives the data flow resulting from e5 and decrypts it, reconstructing (in the absence of transmission error) the data flow ⁇ as it was before produced step e2.
  • the same microcircuit decompresses this data flow ⁇ , producing a data flow ⁇ ', comparable to that ⁇ resulting from step e1 (the differences arising from the compression / decompression process).
  • This flow ⁇ ' is communicated by the microcircuit to the rest of the decoder.
  • r1 Conversion in a form perceptible to the senses (without change).
  • the invention can be implemented by a box 10 ensuring the interfacing between, on the one hand, radio reception means 12 (typically an antenna or a satellite decoder), a cable network 14, a DVD-ROM drive 16, etc.
  • the box can include a mechanism for program selection and / or selective routing of a program on demand.
  • This box cooperates with a secure microcircuit 22, for example the microcircuit of a removable card 24 inserted in a slot 26 of the box 10, the box 10 + microcircuit 22 assembly constituting the "decoder" mentioned above.
  • the selected information arrives, compressed and encrypted, from the box 10 to the microcircuit 22, and the latter - if it contains the appropriate key and possibly if other conditions are met, for example the debit of prepaid points or the remote payment of a subscription or access to a program - decrypts and decompresses it, without the deciphered and compressed form being accessible.
  • the decompressed stream is delivered by the microcircuit 22 to the housing 10 to be applied, after the appropriate conversions to the television set 18 or the amplifier of the chain 20.
  • This basic principle can receive several improvements.
  • a first improvement aims to optimize the connection of the microcircuit to the housing, as well as the distribution between microcircuit and housing of the elements involved in the decompression process r2 and conversion r1.
  • connection between the microcircuit and the housing is advantageously of the serial type.
  • the connection between the microcircuit and the housing is advantageously of the serial type.
  • the contacts "RFU"("reserved for future use") of the ISO 7816-2 standard it is possible to use the contacts "RFU"("reserved for future use") of the ISO 7816-2 standard.
  • Figure 3 shows the arrangement of the contacts of a microcircuit card according to this standard.
  • ground contacts GND, power supply VCC, clock CLK, reset RST and input / output I / O keep their usual functions, I / O being used for supervisory functions such as those of step r3 and / or, by multiplexing, for the slower data flows, in particular the flows entering r5.
  • serial data streams are synchronized by a phase locked loop integrated into the microcircuit, synchronized with a signal entering the microcircuit such as the data entering r5 and / or CLK.
  • the last stages of the decompression process r2 can be transferred to the housing, this in order to reduce the complexity of the microcircuit, in particular the amount of memory and the power required treatment.
  • the decompression methods include in the phase preceding the digital / analog conversion the generation and the combination of various signals the characteristics of which are calculated elsewhere, for example generation and addition digital signals such as sinusoid and / or wavelet and / or noise whose frequency and / or amplitude and / or spectrum and / or envelope are configured. It can then be provided that the control (configuration) of these generators is carried out by the microcircuit, but that the generation and the combination proper are carried out in the housing, the main part of the computing power being thus transferred to this housing.
  • the decompression methods include in the final phase of generation of the decoded signal the copying of information coming from lines and frames of previous images and / or the filling of zones. We can then predict that the box will store this information and realize copies and filling, but according to parameters produced by the microcircuit.
  • microcircuit Conversely, if there is still sufficient computing power in the microcircuit, one can integrate into it not only the decompression r2, but also the first phases of the conversion process r1, in order to increase the bit rate of the information leaving the microcircuit and making its storage more difficult, which makes it possible to fight more effectively, to a certain extent, against the above-mentioned attack No. 4.
  • digital processing can be integrated into the microcircuit such as modification of the number of bits of the sampling and / or digital filtering, making it possible to reduce the complexity of the analog filter placed downstream of the converter digital / analog of the housing.
  • a second improvement consists in carrying out each of the stages e5 and r5 in two respective stages e3 + e4 and r3 + r4 involving two distinct algorithms, which is justified cryptographically speaking, with the aim of carrying out the operation with a good compromise in complexity. /cost.
  • a third improvement consists in providing an additional mechanism intended to price the use of the system. To this end, provision is made in the microcircuit for a means of conditioning the production of the decrypted information to prior payment, means operating by processing the content of a memory containing the rights of the owner of the microcircuit. This memory can be located in the microcircuit itself, or in the housing, or even at the information broadcaster.
  • a credit zone of this memory is debited when the information is first broadcast, for example the first hearing of a piece of music, and the identifier of this piece is stored in this memory, allowing the user who wishes to listen to the same song later, do so without bitrate, or at reduced bitrate. Certain operations are inhibited when the credit falls to zero. Reloading means are also provided. If it is with the broadcaster, the memory can be subdivided into zones each corresponding to a given microcircuit, the adequate zone being Î2
  • the purchase of the rights can be materialized by the storage in the memory of the microcircuit of the key and / or of the algorithm of decryption of this piece; this measure avoids having a universal key and / or algorithm valid for all songs.
  • identification / pricing information used by the microcircuit to determine which key and / or decryption algorithm and / or which pricing is to be applied to the encrypted information flow.
  • this identification / pricing information is added to the data flow; and in a step r6 (for example prior to r5), this identifier is extracted and used by the microcircuit to determine which key and / or which algorithm to use in step 5, and / or which pricing to apply (for example if the rights of decryption by the microcircuit are acquired definitively, or are the subject of a payment with each use, and at what price).
  • a cryptographic method can be used, for example the addition of an electronic signature of the data including the pricing and verified by the microcircuit, or by inserting this pricing information before encryption, so that its rapid alteration makes the rest of the data unusable.
  • a fourth improvement consists in associating a recorder with the system of the invention.
  • the box 10 can contain an information recording device (or include means for connection to such a device), allowing subsequent use without the need to convey the information by the dissemination channel.
  • the information can be saved in a still compressed and encrypted form; it will be deciphered and decompressed on proofreading, which will therefore require the presence of the microcircuit (this service may possibly be accompanied by a payment). Registration can also take place concomitantly with the first use.
  • These recording devices can, for example, take the form of a semiconductor memory, a hard disk 28, a magnetic strip 30 of the DAT type, a magneto-optical disc or of the optical WORM or DVD type. -RAM, etc., if direct digital recording is desired.
  • the box 10 can also include digital / analog conversion means for recording and analog / digital conversion means for reading in the case of analog recording, typically on a VHS video recorder.
  • a fifth improvement consists in providing during the decryption and decompression operations the inclusion of a "watermark” (wa- termarking) in the decrypted and decompressed data stream at output, this watermark including an identifier of the card used decryption and decompression of these data.
  • a watermark (wa- termarking)
  • tattoo The technique of including a "watermark” or “tattoo” is in itself known, and described for example in Fabien A et al., Information Hiding
  • this technique consists of adding inaudible information to the musical message, but which can be revealed by appropriate techniques.
  • the simplest technique combines by adding a low level identification signal coding the identification information in a very redundant manner, for example by adding a port 10 kHz sound level controller inaudible with respect to the musical message and phase modulated at 100 bits / s; the revelation is done by filtering techniques with correlation. Similar operations can be performed digitally for a digital signal. More simply, the identification message can be multiplexed with the original message and ignored during sound reproduction (but in this case the identification message can be easily removed).

Abstract

The invention concerns a case co-operating with a safe storage unit comprising protected memory and processor. The device comprises: means for receiving compressed encrypted data; means for decrypting (r5; r3, r4) the data received; and means for delivering (r1), in a decoded form exploitable by a user, decompressed decrypted data. The safe microcircuit (M; M') incorporates the set of decrypting means (r5; r3, r4) and at least part of the decompressing means (r2), the decrypted compressed data flow (ζ) delivered by the decrypting means not being accessible from outside the safe microcircuit. The safe microcircuit can in particular belong to a card separate from the case, the link between microcircuit and case being a series-type link using at least one of the RFU contacts as per ISO 7816-2 for delivering the decrypted and partially or completely decompressed data flow.

Description

Dispositif sécurisé décodeur d'informations chiffrées et compriméesSecure device decoder of encrypted and compressed information
La présente invention concerne les systèmes de diffusion d'information dans lesquels l'information est acheminée d'un diffuseur à un utilisateur sous forme comprimée et chiffrée, et dans lesquels l'utilisateur dispose d'un décodeur associé à un microcircuit électronique protégé, par exemple une carte à microcircuit, qui constitue la clef nécessaire pour que le décodeur puisse restituer une information en clair. Le EP-A-0 714204 décrit un tel décodeur apte à traiter des informations à la fois chiffrées et comprimées, qui est le domaine concerné par la présente invention.The present invention relates to information dissemination systems in which information is sent from a broadcaster to a user in compressed and encrypted form, and in which the user has a decoder associated with a protected electronic microcircuit, by example a microcircuit card, which constitutes the key necessary so that the decoder can restore information in clear. EP-A-0 714204 describes such a decoder capable of processing information both encrypted and compressed, which is the field concerned by the present invention.
Les EP-A-0 723 371 et EP-A-0 453 737, ainsi que Peyret P et coll., Smart Cards Provide Very High Security and Flexibility in Subscribers Manage- ment, IEEE Transactions on Consumer Electronics, 1990, Vol. 36, 3, 744- 752, ne décrivent, quant à eux, que le décodage d'informations non comprimées.EP-A-0 723 371 and EP-A-0 453 737, as well as Peyret P et al., Smart Cards Provide Very High Security and Flexibility in Subscribers Management, IEEE Transactions on Consumer Electronics, 1990, Vol. 36, 3, 744-752, only describe the decoding of uncompressed information.
Les informations diffusées par de tels systèmes peuvent être variées, par exemple des signaux audio (musique) ou vidéo (programmes de télévi- sion), ou encore des données textuelles telles que des dépêches d'agence ou des informations financières.The information broadcast by such systems can be varied, for example audio (music) or video signals (television programs), or even textual data such as agency reports or financial information.
Le but du chiffrement est de réserver l'accès en clair de ces informations à des personnes autorisées en contrepartie d'un paiement tel qu'un abonnement ou un paiement à la séance. Le microcircuit électronique permettant au décodeur d'assurer le déchiffrement est en général protégé contre la lecture de son contenu et contre la recopie, qu'il s'agisse d'une carte à microcircuit introduite dans un connecteur du décodeur, ou d'un microcircuit interne au décodeur. Ce degré de sécurité n'empêche cependant pas que les informations une fois décodées puissent être copiées, permettant ainsi à l'utilisateur autorisé de faire partager la diffusion de l'information à d'autres personnes non autorisées, c'est-à-dire sans souscription d'abonnement auprès du diffuseur ou sans paiement en contrepartie de la restitution en clair de l'information. II existe en effet de nombreuses attaques possibles des systèmes exis- tants dans le but d'enregistrer l'information sous une forme exploitable. Ces attaques, qui sont bien connues sur les systèmes de télédiffusion cryptée, seront explicitées dans la description détaillée qui suivra. L'un des buts de l'invention est d'empêcher, dans la mesure du possible, que les informations une fois décodées puissent être copiées, ou tout au moins de faire en sorte que cette copie s'accompagne d'une dégradation notable de la qualité de l'information ou d'une augmentation considérable du volume des données empêchant ou rendant difficile leur enregistrement. Essentiellement, l'invention propose à cet effet un dispositif décodeur d'informations chiffrées et comprimées, notamment d'informations vidéo, au- dio ou de texte, du type générique connu comprenant un boîtier coopérant avec un microcircuit sécurisé comportant une mémoire et un processeur protégés à encontre des tentatives d'analyse et de lecture et de recopie des informations conservées dans ce microcircuit, ce dispositif décodeur comportant : des moyens de réception en entrée de données chiffrées et comprimées ; des moyens de déchiffrement des données ainsi reçues ; des moyens de décompression des données ainsi déchiffrées ; et des moyens de délivrance en sortie, sous une forme décodée exploitable par un utilisateur, des données déchiffrées et décomprimées.The purpose of encryption is to reserve unencrypted access to this information to authorized persons in return for a payment such as a subscription or a payment per session. The electronic microcircuit allowing the decoder to ensure decryption is generally protected against reading its content and against copying, whether it is a microcircuit card inserted in a connector of the decoder, or a microcircuit internal to the decoder. This level of security does not however prevent the information once decoded from being able to be copied, thus allowing the authorized user to share the dissemination of the information with other unauthorized persons, that is to say without subscription to the broadcaster or without payment in return for the unencrypted return of information. There are indeed many possible attacks on existing systems tants in order to save the information in a usable form. These attacks, which are well known on encrypted television broadcasting systems, will be explained in the detailed description which follows. One of the aims of the invention is to prevent, as far as possible, that the information once decoded can be copied, or at least to ensure that this copying is accompanied by a significant degradation of the quality of information or a considerable increase in the volume of data preventing or making it difficult to record. Essentially, the invention provides for this purpose a device for decoding encrypted and compressed information, in particular video, audio or text information, of the known generic type comprising a housing cooperating with a secure microcircuit comprising a memory and a processor protected against attempts to analyze and read and copy the information stored in this microcircuit, this decoder device comprising: means for receiving input of encrypted and compressed data; means for decrypting the data thus received; means for decompressing the data thus decrypted; and means for outputting, in a decoded form exploitable by a user, decrypted and decompressed data.
Selon l'invention, le microcircuit sécurisé incorpore l'ensemble des moyens de déchiffrement et au moins une partie des moyens de décompression, le flux de données déchiffrées et comprimées délivré par les moyens de déchiffrement aux moyens de décompression n'étant pas ac- cessible depuis l'extérieur du microcircuit sécurisé.According to the invention, the secure microcircuit incorporates all of the decryption means and at least part of the decompression means, the stream of decrypted and compressed data delivered by the decryption means to the decompression means not being accessible. from outside the secure microcircuit.
Le microcircuit sécurisé peut être celui d'une carte à microcircuit distincte du boîtier, ce dernier comportant des moyens de connexion permettant d'y coupler la carte à microcircuit, ou bien un microcircuit interne au boîtier. Dans le cas d'une carte à microcircuit, la liaison entre le microcircuit et le boîtier est avantageusement une liaison de type série, très avantageusement une liaison telle que le flux de données déchiffrées et partiellement ou totalement décompressées est délivré par le microcircuit sur au moins l'un des contacts RFU selon ISO 7816-2. Selon d'autres caractéristiques subsidiaires avantageuses : - le boîtier comporte une partie des moyens de décompression, cette partie incluant des circuits propres à délivrer les données décomprimées en réponse à des commandes délivrées par le microcircuit sécurisé ;The secure microcircuit can be that of a microcircuit card separate from the housing, the latter comprising connection means making it possible to couple the microcircuit card therein, or else an internal microcircuit in the housing. In the case of a microcircuit card, the link between the microcircuit and the box is advantageously a serial type link, very advantageously a link such that the decrypted and partially or fully decompressed data stream is delivered by the microcircuit on at least one of the RFU contacts according to ISO 7816-2. According to other advantageous subsidiary characteristics: - the housing includes part of the decompression means, this part including circuits capable of delivering the decompressed data in response to commands issued by the secure microcircuit;
- le microcircuit sécurisé inclut en outre une partie des moyens de déli- vrance en sortie des données sous une forme décodée exploitable, cette partie incluant notamment des moyens de traitement ou de filtrage numériques ;the secure microcircuit also includes part of the means for delivering the data in an exploitable decoded form, this part including in particular digital processing or filtering means;
- les données reçues en entrée le sont sous forme de paquets accompagnés de données associées, et les moyens de déchiffrement opè- rent par mise en œuvre d'un premier algorithme permettant le calcul de clefs de paquet à partir desdites informations associées, et d'un deuxième algorithme reconstituant un flux d'informations déchiffrées à partir des paquets et des clefs de paquet calculés par le premier algorithme ; - le dispositif comprend des moyens de paiement conditionnant la délivrance en sortie des données sous une forme décodée exploitable à la vérification, par le microcircuit, de la réalisation préalable d'un payement en fonction d'informations tarifaires associées contenues dans une mémoire, notamment d'informations tarifaires comportant une in- formation d'identification d'utilisateur contenue dans une mémoire du microcircuit sécurisé ;the data received as input is in the form of packets accompanied by associated data, and the decryption means operate by implementing a first algorithm allowing the calculation of packet keys from said associated information, and a second algorithm reconstructing a stream of information decrypted from the packets and packet keys calculated by the first algorithm; - The device comprises means of payment conditioning the delivery at the output of the data in a decoded form exploitable with the verification, by the microcircuit, of the preliminary realization of a payment according to associated tariff information contained in a memory, in particular of pricing information comprising user identification information contained in a memory of the secure microcircuit;
- le dispositif comprend des moyens d'enregistrement ou des moyens de couplage à des moyens d'enregistrement, pouvant en particulier enregistrer des données comprimées et chiffrées ; - le microcircuit sécurisé comprend des moyens pour inclure un filigrane dans le flux de données déchiffrées et décomprimées délivré, ce filigrane incorporant un identifiant du microcircuit sécurisé.the device comprises recording means or means of coupling to recording means, which can in particular record compressed and encrypted data; - The secure microcircuit comprises means for including a watermark in the decrypted and decompressed data stream delivered, this watermark incorporating an identifier of the secure microcircuit.
00
On va maintenant donner un exemple de mise en œuvre de l'invention, en référence aux dessins annexés.We will now give an example of implementation of the invention, with reference to the accompanying drawings.
La figure 1 est une illustration, sous forme de schéma par blocs, de la chaîne d'émission et de réception des informations, explicitant les diver- ses étapes de transformation des signaux. La figure 2 représente le décodeur de l'utilisateur avec ses différents éléments associés.FIG. 1 is an illustration, in the form of a block diagram, of the chain of transmission and reception of information, explaining the various stages of transformation of the signals. FIG. 2 represents the decoder of the user with its various associated elements.
La figure 3 montre les différentes plages de contact normalisées d'une carte à microcircuit.Figure 3 shows the different standardized contact areas of a microcircuit card.
00
On va tout d'abord exposer en référence à la figure 1 la manière dont fonctionnent les meilleurs systèmes actuels (c'est-à-dire ceux procurant la sécurité la plus élevée à rencontre des fraudes) de diffusion d'informations cryptées, typiquement des signaux de télévision cryptés. On va tout d'abord décrire les étapes mises en œuvre côté émetteur : e1 ) On produit tout d'abord un flux de signaux numériques, soit directement soit par numérisation de signaux analogiques, donnant ain- si un flux de données non comprimées Φ de grand débit, de l'ordre de 106 bps (bits par seconde) pour l'audio et 108 bps pour la vidéo. e2) Le flux Φ est ensuite comprimé selon une technique de compression avec perte d'information, par exemple du type MPEG, pour donner un flux de moyen débit φ, de l'ordre de 105 bps pour l'audio et 3.106 bps pour la vidéo ; cette opération met en œuvre des moyens techniques relativement évolués, c'est-à-dire nécessitant une forte puissance de calcul, pour parvenir à une compression qui n'altère pas trop la qualité sonore ou visuelle du signal; e3) Ce flux comprimé φ est ensuite découpé en paquets, représentant chacun par exemple 0,1 seconde de son ou d'image ; pour chaque paquet, on choisit une valeur numérique formant clef de paquet telle que la possession de la clef maîtresse d'un premier algorithme cryptographique ALG1 soit nécessaire pour calculer cette clef de paquet. A titre d'exemple, on associe à chaque paquet un indice incrémental et la clef de paquet est obtenue en chiffrant l'indice avec la clef maîtresse par un algorithme triple-DES. e4) Chaque paquet est ensuite chiffré avec un second algorithme cryptographique ALG2 utilisant comme clef la clef de paquet (on notera que le flux de données pour le premier algorithme ALG1 est de l'ordre de 103 bps, très inférieur au flux de données du second al- gorithme ALG2, qui est celui φ à moyen débit des données comprimées). Le flux chiffré résultant de l'étape e4 est ensuite diffusé, accompagné d'informations complémentaires nécessaires au calcul des clefs de paquet, dans cet exemple les indices de paquet. Il peut s'agir d'une diffusion à sens unique, du type satellite, cédérom ou DVD-ROM, ou à la demande, telle qu'une diffusion par câble, via Internet, par le réseau téléphonique commuté ou RNIS.We will first of all expose with reference to FIG. 1 the way in which the best current systems (that is to say those providing the highest security against fraud) operate for the dissemination of encrypted information, typically encrypted television signals. We will first describe the steps implemented on the transmitter side: e1) We first produce a stream of digital signals, either directly or by digitizing analog signals, thus giving an uncompressed data stream Φ of high speed, around 10 6 bps (bits per second) for audio and 10 8 bps for video. e2) The stream Φ is then compressed using a compression technique with loss of information, for example of the MPEG type, to give a stream of medium bit rate φ, of the order of 10 5 bps for audio and 3.10 6 bps for video; this operation implements relatively advanced technical means, that is to say requiring a high computing power, to achieve a compression which does not adversely affect the sound or visual quality of the signal; e3) This compressed stream φ is then cut into packets, each representing for example 0.1 seconds of sound or image; for each packet, a numerical value forming the packet key is chosen such that the possession of the master key of a first cryptographic algorithm ALG1 is necessary to calculate this packet key. For example, an incremental index is associated with each packet and the packet key is obtained by encrypting the index with the master key by a triple-DES algorithm. e4) Each packet is then encrypted with a second ALG2 cryptographic algorithm using the packet key as a key (note that the data flow for the first ALG1 algorithm is of the order of 10 3 bps, much lower than the data flow of the second al- gorithm ALG2, which is that φ at medium speed of the compressed data). The encrypted stream resulting from step e4 is then broadcast, accompanied by additional information necessary for the calculation of the packet keys, in this example the packet indices. It can be a one-way broadcast, of the satellite, CD-ROM or DVD-ROM type, or on demand, such as a cable broadcast, via the Internet, via the switched telephone network or ISDN.
Bien entendu, cette diffusion s'accompagne de diverses opérations de vé- rification de l'intégrité de l'information transmise et de correction éventuelles d'erreurs, qui ne sont pas concernées par la présente invention. On notera que le terme "diffusion" ne doit pas être entendu au sens technique strict (télédiffusion ou radiodiffusion, par voie hertzienne ou filaire) mais qu'il inclut également, par exemple, la diffusion d'informations par distribution de supports physiques tels que cédéroms, DVDs, disquettes, etc., les enseignements de l'invention s'appliquant aussi bien au déchiffrement et à la décompression d'informations lues sur un support physique de cette nature.Of course, this dissemination is accompanied by various operations for verifying the integrity of the information transmitted and possible correction of errors, which are not concerned with the present invention. It should be noted that the term "broadcasting" should not be understood in the strict technical sense (television or radio broadcasting, over the air or by wire) but that it also includes, for example, the dissemination of information by distribution of physical media such as CD-ROMs, DVDs, floppy disks, etc., the teachings of the invention applying equally to the decryption and decompression of information read on a physical medium of this nature.
On va maintenant décrire les étapes mises en œuvre du côté du récep- teur.We will now describe the steps implemented on the receiver side.
Le récepteur ou décodeur comporte un microcircuit électronique sécurisé, c'est-à-dire protégé contre l'analyse et la duplication de son contenu, et contenant la clef maîtresse nécessaire au déchiffrement. Les étapes successivement mises en œuvre sont les suivantes (on utilise- ra des références comprenant des indices homologues des étapes correspondantes mises en œuvre à l'émission) : r3) Le microcircuit reçoit les informations nécessaires au calcul des clefs de paquet (dans le présent exemple, les indices de paquet) et applique le premier algorithme cryptographique ALG1 ; il communi- que les clefs de paquet ainsi calculées au reste du décodeur. r4) Le décodeur déchiffre ensuite les paquets en utilisant le second algorithme cryptographique ALG2 et la clef de paquet correspondant, produisant un flux de données φ identique à celui résultant de l'étape e2, c'est-à-dire des données comprimées de moyen débit. r2) Le décodeur décomprime ensuite ce flux de données φ, opération qui nécessite des moyens relativement limités par rapport à ceux mis en œuvre à l'étape e2, donnant ainsi un flux de données de grand débit Φ' comparable au flux Φ résultant de l'étape e1 , mais non identique du fait des modifications liées au processus de com- pression/décompression. r1 ) Le décodeur convertit ce flux de données Φ' de manière accessible aux sens humains, par exemple en commandant la vibration d'une membrane de haut-parleur ou la luminescence d'un tube cathodique ; typiquement cette étape r1 comporte tout d'abord une con- version numérique/analogique.The receiver or decoder comprises a secure electronic microcircuit, that is to say protected against analysis and duplication of its content, and containing the master key necessary for decryption. The successively implemented steps are as follows (we will use references comprising homologous indices of the corresponding steps implemented on transmission): r3) The microcircuit receives the information necessary for the calculation of the packet keys (in the present example, packet indices) and applies the first cryptographic algorithm ALG1; it communicates the packet keys thus calculated to the rest of the decoder. r4) The decoder then decrypts the packets using the second cryptographic algorithm ALG2 and the corresponding packet key, producing a data flow φ identical to that resulting from step e2, i.e. compressed data of means debit. r2) The decoder then decompresses this data stream φ, operation which requires relatively limited means compared to those implemented in step e2, thus giving a high-speed data flow Φ 'comparable to the flow Φ resulting from step e1, but not identical due to the modifications linked to the compression / decompression process. r1) The decoder converts this data flow Φ 'in a way accessible to the human senses, for example by controlling the vibration of a speaker membrane or the luminescence of a cathode ray tube; typically this step r1 firstly comprises a digital / analog conversion.
On notera que le système ici décrit est un système numérique, ce qui permet une forte compression à l'étape e2.Note that the system described here is a digital system, which allows strong compression in step e2.
Le processus peut être également transposé à un système analogique, par exemple pour les systèmes de conception plus ancienne utilisant à l'étape e2 un encodage analogique du type PAL, SECAM ou NTSC et pour e4 un chiffrement analogique du type permutation ou rotation de lignes ; le principe de fonctionnement est identique, quoique le flux résultant de l'étape r4 ne soit, dans ce cas, qu'approximativement identique au flux φ résultant de l'étape e2. La technique que l'on vient d'exposer présente un certain nombre de points faibles qui la rendent vulnérable.The process can also be transposed to an analog system, for example for systems of older design using in step e2 an analog encoding of the PAL, SECAM or NTSC type and for e4 an analog encryption of the type permutation or rotation of lines; the operating principle is identical, although the flow resulting from step r4 is, in this case, only approximately identical to the flow φ resulting from step e2. The technique which has just been exposed has a certain number of weak points which make it vulnerable.
Même si l'on suppose que le microcircuit et le premier algorithme cryptographique ALG1 sont effectivement résistants, il reste diverses attaques possibles lorsque l'on souhaite enregistrer l'information sous une forme exploitable, à savoir :Even if it is supposed that the microcircuit and the first cryptographic algorithm ALG1 are effectively resistant, there remain various possible attacks when one wishes to record information in an exploitable form, namely:
1 °) L'attaque du second algorithme ALG2, c'est-à-dire la reconstitution de l'étape r4 sans disposer du flux de données résultant de l'étape r3, par exemple en utilisant des redondances dans le flux de données résultant normalement de r4 ; la conception du second algo- rithme s'efforce de rendre cette opération difficile, mais on ne peut exclure une attaque réussie — impliquant de changer tous les décodeurs qui utilisent ce second algorithme ALG2. 2°) L'enregistrement, d'une part, du flux d'informations cryptées tel que diffusé (en entrée de r4) et, d'autre part (sur un décodeur équipé du microcircuit légitime), du flux des clefs de paquet, puis le déco- dage par un décodeur dénué du microcircuit légitime et recevant ces deux flux d'informations. Le volume de données représenté par les clefs de paquet étant très faible, ces informations peuvent par exemple être mises à disposition par radio ou sur Internet. 3°) L'enregistrement du flux d'informations déchiffrées résultant de l'étape r4, suivi de son exploitation ultérieure dans un dispositif appliquant r2 et r1. Cet enregistrement peut se faire : sur un décodeur équipé du microcircuit légitime, en récupérant les informations transitant de l'étage réalisant r4 vers celui réa- lisant r2 (les décodeurs les plus récents tentent d'éviter cette attaque en regroupant les étapes r4 et r2 dans un même circuit, où le flux en question est peu accessible), en reproduisant l'étape r4 dans un dispositif approprié, recevant d'une part le flux d'informations cryptées tel que diffusé, d'autre part le flux des clefs de paquet issues d'un microcircuit légitime, le dispositif reproduisant le déchiffrement par l'algorithme rapide (cette attaque pouvant se combiner à la précédente). 4°) L'enregistrement du flux d'informations résultant de l'étape r2. Mais le débit à ce stade étant élevé, en particulier pour la vidéo, le fraudeur aura intérêt à recomprimer les données, c'est-à-dire appliquer une étape similaire à e2 ; on peut supposer que la difficulté technique de l'opération, ainsi que la perte de qualité résultante (perte d'autant plus importante que les moyens utilisés sont modestes) diminue l'attrait de la technique.1 °) The attack of the second algorithm ALG2, that is to say the reconstruction of step r4 without having the data stream resulting from step r3, for example by using redundancies in the resulting data stream normally r4; the design of the second algorithm tries to make this operation difficult, but we cannot exclude a successful attack - implying to change all the decoders which use this second algorithm ALG2. 2 °) The recording, on the one hand, of the stream of encrypted information as broadcast (at the input of r4) and, on the other hand (on a decoder equipped with the legitimate microcircuit), of the stream of packet keys, then the deco- dage by a decoder devoid of the legitimate microcircuit and receiving these two information flows. The volume of data represented by the packet keys being very low, this information can for example be made available by radio or on the Internet. 3) The recording of the stream of decrypted information resulting from step r4, followed by its subsequent exploitation in a device applying r2 and r1. This recording can be done: on a decoder equipped with the legitimate microcircuit, by recovering the information passing from the stage carrying out r4 to that carrying out r2 (the most recent decoders try to avoid this attack by grouping steps r4 and r2 in the same circuit, where the stream in question is not very accessible), by reproducing step r4 in an appropriate device, receiving on the one hand the flow of encrypted information as broadcast, on the other hand the flow of keys packet from a legitimate microcircuit, the device reproducing the decryption by the fast algorithm (this attack can be combined with the previous one). 4 °) The recording of the information flow resulting from step r2. But the speed at this stage being high, in particular for video, the fraudster will have an interest in recompressing the data, that is to say applying a step similar to e2; we can assume that the technical difficulty of the operation, as well as the resulting loss of quality (a loss all the more significant when the means used are modest) diminishes the attractiveness of the technique.
5°) L'enregistrement des signaux sous une forme dérivée de r2, par exemple une forme analogique intermédiaire utilisée dans r1. La réduction de qualité est alors nette ; de plus, on connaît divers moyens analogiques empêchant de faire une copie de qualité ac- ceptable avec un enregistreur vidéo grand public.5) The recording of the signals in a form derived from r2, for example an intermediate analog form used in r1. The reduction in quality is then clear; in addition, various analog means are known which prevent making a copy of acceptable quality with a consumer video recorder.
L'invention s'efforce de remédier à ces inconvénients qui rendent le système vulnérable aux tentatives des fraudeurs.The invention endeavors to remedy these drawbacks which make the system vulnerable to attempts by fraudsters.
Elle consiste essentiellement à intégrer dans le microcircuit de sécurité la totalité du déchiffrement (étapes r3 + r4 ci-dessus) et au moins la plus grande partie de la décompression (étape r2 ci-dessus), de sorte que le flux φ (de moyen débit) de données déchiffrées et comprimées ainsi que le flux des clefs de paquet ne soient pas présents hors du microcircuit et ne soient donc jamais accessibles.It essentially consists in integrating into the safety microcircuit all of the decryption (steps r3 + r4 above) and at least most of the decompression (step r2 above), so that the φ (medium speed) flow of decrypted and compressed data as well as the flow of packet keys are not present outside the microcircuit and are therefore never accessible.
On a illustré sur la figure 1 en traits tiretés les limites du microcircuit sécu- risé, dans les deux variantes M, où ce microcircuit inclut la totalité des étages de décompression de l'étape r2, et M', où il ne met en œuvre qu'une partie de cette étape.The limits of the secure microcircuit have been illustrated in FIG. 1 in dashed lines in the two variants M, where this microcircuit includes all of the decompression stages of step r2, and M ′, where it does not use only part of this step.
Dans ces conditions, l'attaque n° 1 (exposée plus haut) est rendue plus difficile, car l'algorithme cryptographique peut rester secret. De plus, si sa sécurité est compromise par un défaut de conception et qu'il doit être remplacé par un autre algorithme, il est possible de changer le seul microcircuit si ce dernier est amovible, sans modification du décodeur lui- même. Un avantage annexe est que l'on peut utiliser des algorithmes variant selon la zone de diffusion, voire faire évoluer l'algorithme de décom- pression. Enfin, le boîtier du décodeur seul (c'est-à-dire sans son microcircuit sécurisé) ne contenant aucun algorithme cryptographique, n'est soumis à aucune réglementation particulière.Under these conditions, attack n ° 1 (exposed above) is made more difficult, because the cryptographic algorithm can remain secret. In addition, if its security is compromised by a design defect and it must be replaced by another algorithm, it is possible to change the only microcircuit if it is removable, without modification of the decoder itself. An additional advantage is that it is possible to use algorithms varying according to the dissemination area, or even to develop the decompression algorithm. Finally, the decoder unit alone (that is to say without its secure microcircuit) containing no cryptographic algorithm, is not subject to any particular regulation.
Les attaques n° 2 et n° 3 précitées sont rendues impossibles, puisque les flux de données intermédiaires nécessaires pour ces attaques restent in- ternes au microcircuit.The aforementioned attacks No. 2 and No. 3 are made impossible, since the intermediate data flows necessary for these attacks remain internal to the microcircuit.
Le système que l'on vient de décrire peut se présenter sous une forme simplifiée, avec les deux algorithmes de chiffrement ALG1 et ALG2 regroupés en un seul. Dans ces conditions, les étapes côté émetteur seront : e1) Production des signaux numériques (sans changement), e2) Compression (sans changement), e5) Chiffrement du flux φ des données par un procédé cryptographique utilisant une clef maîtresse. Côté récepteur, le décodeur comprend un microcircuit électronique sécu- risé qui contient la clef maîtresse. Les étapes mises en œuvre sont : r5) Le microcircuit reçoit le flux de données résultant de e5 et le déchiffre, reconstituant (en l'absence d'erreur de transmission) le flux de données φ tel qu'il avant été produit à l'étape e2. r2) Le même microcircuit (le fait qu'il s'agisse du même microcircuit, et non d'un autre circuit du décodeur, est une caractéristique essen- tielle de l'invention) décomprime ce flux de données φ, produisant un flux de données Φ', comparable à celui Φ résultant de l'étape e1 (les différences tenant au processus de compression/décompression). Ce flux Φ' est communiqué par le microcircuit au reste du dé- codeur. r1 ) Conversion sous forme perceptible aux sens (sans changement). Comme illustré figure 2, l'invention peut être mise en œuvre par un boîtier 10 assurant l'interfaçage entre, d'une part, des moyens 12 de réception hertzienne (typiquement une antenne ou un décodeur satellite), un réseau câblé 14, un lecteur de DVD-ROM 16, etc. et, d'autre part, un récepteur de télévision 18 ou une chaîne haute-fidélité 20. Le boîtier peut comprendre un mécanisme de sélection de programmes et/ou d'acheminement sélectif d'un programme à la demande. Ce boîtier coopère avec un microcircuit sécurisé 22, par exemple le mi- crocircuit d'une carte amovible 24 insérée dans une fente 26 du boîtier 10, l'ensemble boîtier 10 + microcircuit 22 constituant le "décodeur" mentionné plus haut.The system that has just been described can be presented in a simplified form, with the two encryption algorithms ALG1 and ALG2 grouped together into one. Under these conditions, the steps on the transmitter side will be: e1) Production of digital signals (no change), e2) Compression (no change), e5) Encryption of the data flow par by a cryptographic process using a master key. On the receiver side, the decoder includes a secure electronic microcircuit which contains the master key. The steps implemented are: r5) The microcircuit receives the data flow resulting from e5 and decrypts it, reconstructing (in the absence of transmission error) the data flow φ as it was before produced step e2. r2) The same microcircuit (the fact that it is the same microcircuit, and not another decoder circuit, is an essential characteristic of the invention) decompresses this data flow φ, producing a data flow Φ ', comparable to that Φ resulting from step e1 (the differences arising from the compression / decompression process). This flow Φ 'is communicated by the microcircuit to the rest of the decoder. r1) Conversion in a form perceptible to the senses (without change). As illustrated in FIG. 2, the invention can be implemented by a box 10 ensuring the interfacing between, on the one hand, radio reception means 12 (typically an antenna or a satellite decoder), a cable network 14, a DVD-ROM drive 16, etc. and, on the other hand, a television receiver 18 or a high-fidelity channel 20. The box can include a mechanism for program selection and / or selective routing of a program on demand. This box cooperates with a secure microcircuit 22, for example the microcircuit of a removable card 24 inserted in a slot 26 of the box 10, the box 10 + microcircuit 22 assembly constituting the "decoder" mentioned above.
L'information sélectionnée parvient, comprimée et chiffrée, du boîtier 10 au microcircuit 22, et celui-ci — s'il contient la clef appropriée et éven- tuellement si d'autres conditions sont remplies, par exemple le débit de points prépayés ou le télépaiement d'un abonnement ou de l'accès à un programme — la déchiffre et la décomprime, sans que la forme déchiffrée et comprimée ne soit accessible. Le flux décomprimé est délivré par le microcircuit 22 au boîtier 10 pour être appliqué, après les conversions appropriées au téléviseur 18 ou l'amplificateur de la chaîne 20. Ce principe de base peut recevoir plusieurs perfectionnements. Un premier perfectionnement vise à optimiser la connexion du microcircuit au boîtier, ainsi que la répartition entre microcircuit et boîtier des éléments intervenant dans le processus de décompression r2 et de conver- sion r1.The selected information arrives, compressed and encrypted, from the box 10 to the microcircuit 22, and the latter - if it contains the appropriate key and possibly if other conditions are met, for example the debit of prepaid points or the remote payment of a subscription or access to a program - decrypts and decompresses it, without the deciphered and compressed form being accessible. The decompressed stream is delivered by the microcircuit 22 to the housing 10 to be applied, after the appropriate conversions to the television set 18 or the amplifier of the chain 20. This basic principle can receive several improvements. A first improvement aims to optimize the connection of the microcircuit to the housing, as well as the distribution between microcircuit and housing of the elements involved in the decompression process r2 and conversion r1.
Tout d'abord, pour réduire au minimum le nombre de contacts, la liaison entre le microcircuit et le boîtier est avantageusement de type série. Pour les flux de données, en particulier le flux Φ' de grand débit sortant de r2, on peut utiliser les contacts "RFU" ("réservé pour usage futur") de la norme ISO 7816-2. La figure 3 montre la disposition des contacts d'une carte à microcircuit selon cette norme.First, to minimize the number of contacts, the connection between the microcircuit and the housing is advantageously of the serial type. For the data flows, in particular the flow Φ 'of high flow rate leaving from r2, it is possible to use the contacts "RFU"("reserved for future use") of the ISO 7816-2 standard. Figure 3 shows the arrangement of the contacts of a microcircuit card according to this standard.
On notera que les contacts de masse GND, d'alimentation VCC, d'horloge CLK, de remise à zéro RST et d'entrée/sortie I/O gardent leurs fonctions habituelles, I/O servant pour les fonctions de supervision telles celles de l'étape r3 et/ou, par multiplexage, pour les flux de données plus lents, en particulier les flux entrant dans r5.It will be noted that the ground contacts GND, power supply VCC, clock CLK, reset RST and input / output I / O keep their usual functions, I / O being used for supervisory functions such as those of step r3 and / or, by multiplexing, for the slower data flows, in particular the flows entering r5.
La synchronisation de ces flux de données série se fait par une boucle à verrouillage de phase intégrée au microcircuit, synchronisée sur un signal entrant dans le microcircuit tel que les données entrant dans r5 et/ou sur CLK.These serial data streams are synchronized by a phase locked loop integrated into the microcircuit, synchronized with a signal entering the microcircuit such as the data entering r5 and / or CLK.
On prévoit dans le code de données sortant du microcircuit un code de détection d'erreur et une inhibition de la restitution sonore ou visuelle lorsque le boîtier détecte une erreur dans ce flux, ceci pour prévenir des bruits ou images indésirables, lorsque le microcircuit présente un mauvais contact avec le boîtier.There is provided in the data code leaving the microcircuit an error detection code and an inhibition of the sound or visual restitution when the housing detects an error in this flow, this to prevent unwanted noise or images, when the microcircuit has a poor contact with the housing.
Par ailleurs, toujours dans ce perfectionnement visant à optimiser la connexion du microcircuit au boîtier, on peut déporter dans le boîtier les dernières étapes du processus de décompression r2, ceci afin de diminuer la complexité du microcircuit, en particulier la quantité de mémoire et la puissance de traitement nécessaires.Furthermore, still in this improvement aimed at optimizing the connection of the microcircuit to the housing, the last stages of the decompression process r2 can be transferred to the housing, this in order to reduce the complexity of the microcircuit, in particular the amount of memory and the power required treatment.
Dans le cas de signaux audio, on sait que les procédés de décompression comprennent dans la phase précédant la conversion numérique/analogique la génération et la combinaison de divers signaux dont les carac- téristiques sont calculées par ailleurs, par exemple la génération et l'addition numérique de signaux tels que sinusoïde et/ou ondelette et/ou bruit dont la fréquence et/ou l'amplitude et/ou le spectre et/ou l'enveloppe sont paramétrés. On peut alors prévoir que la commande (paramétrage) de ces générateurs soit réalisée par le microcircuit, mais que la génération et la combinaison proprement dites soient réalisées dans le boîtier, l'essentiel de la puissance de calcul étant ainsi déporté dans ce boîtier. En vidéo, les procédés de décompression comprennent dans la phase finale de génération du signal décodé la recopie d'informations provenant de lignes et trames d'images précédentes et/ou le remplissage de zones. On peut alors prévoir que le boîtier stockera ces informations et réalisera les copies et le remplissage, mais selon des paramètres produits par le microcircuit.In the case of audio signals, it is known that the decompression methods include in the phase preceding the digital / analog conversion the generation and the combination of various signals the characteristics of which are calculated elsewhere, for example generation and addition digital signals such as sinusoid and / or wavelet and / or noise whose frequency and / or amplitude and / or spectrum and / or envelope are configured. It can then be provided that the control (configuration) of these generators is carried out by the microcircuit, but that the generation and the combination proper are carried out in the housing, the main part of the computing power being thus transferred to this housing. In video, the decompression methods include in the final phase of generation of the decoded signal the copying of information coming from lines and frames of previous images and / or the filling of zones. We can then predict that the box will store this information and realize copies and filling, but according to parameters produced by the microcircuit.
A contrario, si l'on dispose encore dans le microcircuit d'une puissance de calcul suffisante, on peut intégrer dans celui-ci non seulement la décom- pression r2, mais également les premières phases du processus de conversion r1 , afin d'augmenter le débit binaire de l'information sortant du microcircuit et rendre son stockage plus difficile, ce qui permet de lutter plus efficacement, dans une certaine mesure, contre l'attaque n° 4 précitée. En particulier, pour de l'audio, on peut intégrer dans le microcircuit le traitement numérique tel que la modification du nombre de bits de l'échantillonnage et/ou le filtrage numérique, permettant de diminuer la complexité du filtre analogique placé en aval du convertisseur numérique/analogique du boîtier. Un deuxième perfectionnement consiste à réaliser chacune des étapes e5 et r5 en deux étapes respectives e3 + e4 et r3 + r4 mettant en jeu deux algorithmes distincts, ce qui est justifié cryptographiquement parlant, dans le but de réaliser l'opération avec un bon compromis complexité/coût. Un troisième perfectionnement consiste à prévoir un mécanisme supplémentaire destiné à tarifer l'utilisation du système. On prévoit à cet effet dans le microcircuit un moyen de conditionner la production des informations déchiffrées à la réalisation préalable d'un payement, moyen opérant en traitant le contenu d'une mémoire contenant les droits du possesseur du microcircuit. Cette mémoire peut être située dans le microcircuit lui-même, ou bien dans le boîtier, ou encore chez le diffuseur d'informations.Conversely, if there is still sufficient computing power in the microcircuit, one can integrate into it not only the decompression r2, but also the first phases of the conversion process r1, in order to increase the bit rate of the information leaving the microcircuit and making its storage more difficult, which makes it possible to fight more effectively, to a certain extent, against the above-mentioned attack No. 4. In particular, for audio, digital processing can be integrated into the microcircuit such as modification of the number of bits of the sampling and / or digital filtering, making it possible to reduce the complexity of the analog filter placed downstream of the converter digital / analog of the housing. A second improvement consists in carrying out each of the stages e5 and r5 in two respective stages e3 + e4 and r3 + r4 involving two distinct algorithms, which is justified cryptographically speaking, with the aim of carrying out the operation with a good compromise in complexity. /cost. A third improvement consists in providing an additional mechanism intended to price the use of the system. To this end, provision is made in the microcircuit for a means of conditioning the production of the decrypted information to prior payment, means operating by processing the content of a memory containing the rights of the owner of the microcircuit. This memory can be located in the microcircuit itself, or in the housing, or even at the information broadcaster.
Ces droits évoluent en fonction de l'usage qui est fait du système ; par exemple une zone de crédit de cette mémoire est débitée à la première diffusion de l'information, par exemple la première audition d'un morceau de musique, et l'identifiant de ce morceau est stocké dans cette mémoire, permettant à l'utilisateur qui souhaite réécouter ultérieurement le même morceau de le faire sans débit, ou à débit réduit. Certaines opérations sont inhibées lorsque le crédit tombe à zéro. Des moyens de rechargement sont prévus par ailleurs. Si elle est chez le diffuseur, la mémoire peut être subdivisée en zones correspondant chacune à un microcircuit donné, la zone adéquate étant Î2These rights change according to the use made of the system; for example a credit zone of this memory is debited when the information is first broadcast, for example the first hearing of a piece of music, and the identifier of this piece is stored in this memory, allowing the user who wishes to listen to the same song later, do so without bitrate, or at reduced bitrate. Certain operations are inhibited when the credit falls to zero. Reloading means are also provided. If it is with the broadcaster, the memory can be subdivided into zones each corresponding to a given microcircuit, the adequate zone being Î2
sélectionnée à partir d'un identifiant du microcircuit contenu dans une mémoire de celui-ci.selected from an identifier of the microcircuit contained in a memory thereof.
Outre l'enregistrement dans la mémoire d'un identifiant du morceau, l'achat des droits peut être matérialisé par le stockage dans la mémoire du microcircuit de la clef et/ou de l'algorithme de déchiffrement de ce morceau ; cette mesure permet d'éviter d'avoir une clef et/ou un algorithme universels valables pour tous les morceaux.In addition to the recording in the memory of an identifier of the piece, the purchase of the rights can be materialized by the storage in the memory of the microcircuit of the key and / or of the algorithm of decryption of this piece; this measure avoids having a universal key and / or algorithm valid for all songs.
On prévoira qu'aux données comprimées et chiffrées est ajoutée une information d'identification/tarification exploitée par le microcircuit pour dé- terminer quelle clef et/ou algorithme de déchiffrement et/ou quelle tarification est à appliquer au flux d'information chiffré. À une étape e6 (par exemple postérieure à e5), cette information d'identification/tarification est ajoutée au flux de données ; et à une étape r6 (par exemple préalable à r5), cet identifiant est extrait et exploité par le microcircuit pour déterminer quelle clef et/ou quel algorithme utiliser à l'étape 5, et/ou quelle tarification appliquer (par exemple si les droits de déchiffrement par le microcircuit sont acquis définitivement, ou font l'objet d'un payement à chaque utilisation, et à quel tarif). Pour protéger la partie tarification de cette information contre les altéra- tions intentionnelles, on peut utiliser une méthode cryptographique, par exemple l'ajout d'une signature électronique des données incluant la tarification et vérifiée par le microcircuit, ou en insérant cette information de tarification avant le chiffrement, de sorte que son altération rapide rende inexploitable le reste des données. Un quatrième perfectionnement consiste à associer un enregistreur au système de l'invention.Provision will be made to the compressed and encrypted data for identification / pricing information used by the microcircuit to determine which key and / or decryption algorithm and / or which pricing is to be applied to the encrypted information flow. In a step e6 (for example after e5), this identification / pricing information is added to the data flow; and in a step r6 (for example prior to r5), this identifier is extracted and used by the microcircuit to determine which key and / or which algorithm to use in step 5, and / or which pricing to apply (for example if the rights of decryption by the microcircuit are acquired definitively, or are the subject of a payment with each use, and at what price). To protect the pricing part of this information against intentional alterations, a cryptographic method can be used, for example the addition of an electronic signature of the data including the pricing and verified by the microcircuit, or by inserting this pricing information before encryption, so that its rapid alteration makes the rest of the data unusable. A fourth improvement consists in associating a recorder with the system of the invention.
A cet effet, le boîtier 10 peut contenir un dispositif d'enregistrement de l'information (ou comprendre des moyens de connexion à un tel dispositif), permettant une utilisation ultérieure sans qu'il soit nécessaire d'ache- miner l'information par la voie de diffusion.For this purpose, the box 10 can contain an information recording device (or include means for connection to such a device), allowing subsequent use without the need to convey the information by the dissemination channel.
L'information peut être enregistrée sous forme encore comprimée et chiffrée ; elle sera déchiffrée et décomprimée à la relecture, qui nécessitera donc la présence du microcircuit (cette prestation pouvant éventuellement être accompagnée d'un paiement). L'enregistrement peut également avoir lieu de façon concomitante à la première utilisation. Ces dispositifs d'enregistrement peuvent par exemple prendre la forme d'une mémoire à semiconducteurs, d'un disque dur 28, d'une bande magnétique 30 de type DAT, d'un disque 32 magnéto-optique ou de type WORM optique ou DVD-RAM, etc., si l'on souhaite un enregistrement numérique direct. En variante ou en complément, le boîtier 10 peut également comporter des moyens de conversion numérique/analogique pour l'enregistrement et de conversion analogique/numérique pour la lecture dans le cas d'un enregistrement analogique, typiquement sur un magnétoscope VHS. Un cinquième perfectionnement consiste à prévoir au cours des opérations de décryptage et de décompression l'inclusion d'un "filigrane" (wa- termarking) dans le flux de données décrypté et décomprimé en sortie, ce filigrane incluant un identifiant de la carte ayant servi au décryptage et à la décompression de ces données. La technique d'inclusion d'un "filigrane" ou "tatouage" est en elle-même connue, et décrite par exemple dans Fabien A et coll., Information HidingThe information can be saved in a still compressed and encrypted form; it will be deciphered and decompressed on proofreading, which will therefore require the presence of the microcircuit (this service may possibly be accompanied by a payment). Registration can also take place concomitantly with the first use. These recording devices can, for example, take the form of a semiconductor memory, a hard disk 28, a magnetic strip 30 of the DAT type, a magneto-optical disc or of the optical WORM or DVD type. -RAM, etc., if direct digital recording is desired. As a variant or in addition, the box 10 can also include digital / analog conversion means for recording and analog / digital conversion means for reading in the case of analog recording, typically on a VHS video recorder. A fifth improvement consists in providing during the decryption and decompression operations the inclusion of a "watermark" (wa- termarking) in the decrypted and decompressed data stream at output, this watermark including an identifier of the card used decryption and decompression of these data. The technique of including a "watermark" or "tattoo" is in itself known, and described for example in Fabien A et al., Information Hiding
- a Survey, Proceedings of the IEEE, 87(7) : 1062-1078, juillet 1999, ou Boney et coll., Digital Watermarks for Audio Signais, European Signal Processing Conférence, EUSIPCO '96, Trieste, Italie, septembre 1996, ainsi que dans les US-A-5 828 325, US-A-5 613 004, US-A-5 687 191 et US-A-5 822 360, ou dans les présentations des systèmes Musicode de Aris Techologies (www.musicode.com) et Audiomark d'Alpha Tec Ltd. (www.alphatecltd.com). L'invention propose cependant de : - la mettre en œuvre localement dans le décodeur, et au sein même de la carte,- a Survey, Proceedings of the IEEE, 87 (7): 1062-1078, July 1999, or Boney et al., Digital Watermarks for Audio Signais, European Signal Processing Conférence, EUSIPCO '96, Trieste, Italy, September 1996, as well than in US-A-5,828,325, US-A-5,613,004, US-A-5,687,191 and US-A-5,822,360, or in presentations of Aris Techologies Musicode systems (www.musicode. com) and Audiomark from Alpha Tec Ltd. (www.alphatecltd.com). The invention however proposes to: - implement it locally in the decoder, and within the card itself,
- en y incorporant un identifiant de cette dernière,- by incorporating an identifier of the latter,
- et d'utiliser cette technique pour "filigraner" ou "tatouer" le flux de données décodé délivré à l'utilisateur. De façon générale, cette technique consiste à ajouter au message musical une information inaudible, mais pouvant être révélée par des techniques appropriées.- and to use this technique to "watermark" or "tattoo" the decoded data stream delivered to the user. In general, this technique consists of adding inaudible information to the musical message, but which can be revealed by appropriate techniques.
Pour un signal analogique, la technique la plus simple combine par addition un signal d'identification de faible niveau codant l'information d'identi- fication de manière très redondante, par exemple en ajoutant une por- teuse de 10 kHz de niveau inaudible par rapport au message musical et modulée en phase à 100 bits/s ; la révélation se fait par des techniques de filtrage avec corrélation. Pour un signal numérique des opérations de même nature peuvent être faites de manière numérique. Plus simplement, le message d'identification peut être multiplexe avec le message d'origine et ignoré à la reproduction sonore (mais dans ce cas le message d'identification peut être facilement retiré).For an analog signal, the simplest technique combines by adding a low level identification signal coding the identification information in a very redundant manner, for example by adding a port 10 kHz sound level controller inaudible with respect to the musical message and phase modulated at 100 bits / s; the revelation is done by filtering techniques with correlation. Similar operations can be performed digitally for a digital signal. More simply, the identification message can be multiplexed with the original message and ignored during sound reproduction (but in this case the identification message can be easily removed).
De nombreuses techniques existent visant à rendre le tatouage indétectable, difficile à retirer ou à masquer, et altérant peu le message. Certai- nés permettent le tatouage de la musique comprimée sous forme numérique sans même la décomprimer, ce qui est bien adapté au cas de l'invention. Many techniques exist aimed at making the tattoo undetectable, difficult to remove or hide, and little alteration of the message. Some allow watermarking of compressed music in digital form without even decompressing it, which is well suited to the case of the invention.

Claims

REVENDICATIONS
1. Un dispositif décodeur d'informations chiffrées et comprimées, notamment d'informations vidéo, audio ou de texte, du type comprenant un boî- tier (10) coopérant avec un microcircuit sécurisé (22) comportant une mémoire et un processeur protégés à rencontre des tentatives d'analyse et de lecture et de recopie des informations conservées dans ce microcircuit, ce dispositif décodeur comportant :1. A device for decoding encrypted and compressed information, in particular video, audio or text information, of the type comprising a box (10) cooperating with a secure microcircuit (22) comprising a memory and a processor protected against interference attempts to analyze and read and copy the information stored in this microcircuit, this decoder device comprising:
- des moyens de réception en entrée de données chiffrées et compri- mées,means for receiving input of encrypted and compressed data,
- des moyens de déchiffrement (r5 ; r3, r4) des données ainsi reçues,means for decrypting (r5; r3, r4) the data thus received,
- des moyens de décompression (r2) des données ainsi déchiffrées, etmeans of decompression (r2) of the data thus decrypted, and
- des moyens de délivrance (r1 ) en sortie, sous une forme décodée exploitable par un utilisateur, des données déchiffrées et décomprimées, dispositif caractérisé en ce que le microcircuit sécurisé incorpore l'ensemble des moyens de déchiffrement (r5 ; r3, r4) et au moins une partie des moyens de décompression (r2), le flux (φ) de données déchiffrées et comprimées délivré par les moyens de déchiffrement aux moyens de décompression n'étant pas accessible depuis l'extérieur du microcircuit sé- curisé.- output means (r1) for output, in a decoded form exploitable by a user, decrypted and decompressed data, device characterized in that the secure microcircuit incorporates all of the decryption means (r5; r3, r4) and at least part of the decompression means (r2), the stream (φ) of decrypted and compressed data delivered by the decryption means to the decompression means not being accessible from outside the secure microcircuit.
2. Le dispositif de la revendication 1 , dans lequel le microcircuit sécurisé (22) est celui d'une carte à microcircuit (24) distincte du boîtier, ce dernier comportant des moyens de connexion permettant d'y coupler la carte à microcircuit.2. The device of claim 1, wherein the secure microcircuit (22) is that of a microcircuit card (24) separate from the housing, the latter comprising connection means making it possible to couple the microcircuit card there.
3. Le dispositif de l'une des revendications 1 et 2, dans lequel le microcircuit sécurisé est un microcircuit interne au boîtier.3. The device of one of claims 1 and 2, wherein the secure microcircuit is a microcircuit internal to the housing.
4. Le dispositif de l'une des revendications 2 et 3, dans lequel la liaison entre le microcircuit et le boîtier est une liaison de type série.4. The device of one of claims 2 and 3, wherein the connection between the microcircuit and the housing is a serial type connection.
5. Le dispositif de la revendication 4, dans lequel le flux de données déchiffrées et partiellement ou totalement décompressées est délivré par le microcircuit sur au moins l'un des contacts RFU selon ISO 7816-2. 5. The device of claim 4, in which the stream of decrypted and partially or fully decompressed data is delivered by the microcircuit on at least one of the RFU contacts according to ISO 7816-2.
6. Le dispositif de l'une des revendications 1 à 5, dans lequel le boîtier comporte une partie des moyens de décompression (r2), cette partie incluant des circuits propres à délivrer les données décomprimées en réponse à des commandes délivrées par le microcircuit sécurisé.6. The device of one of claims 1 to 5, in which the housing comprises part of the decompression means (r2), this part including circuits suitable for delivering the decompressed data in response to commands issued by the secure microcircuit .
7. Le dispositif de l'une des revendications 1 à 6, dans lequel le microcircuit sécurisé inclut en outre une partie des moyens de délivrance (r1 ) en sortie des données sous une forme décodée exploitable, cette partie incluant notamment des moyens de traitement ou de filtrage numériques.7. The device of one of claims 1 to 6, in which the secure microcircuit further includes a part of the delivery means (r1) at the output of the data in an exploitable decoded form, this part notably including processing means or digital filtering.
8. Le dispositif de l'une des revendications 1 à 7, dans lequel les données reçues en entrée le sont sous forme de paquets accompagnés de données associées, et les moyens de déchiffrement opèrent par mise en œuvre d'un premier algorithme (ALG1 ) permettant le calcul de clefs de pa- quet à partir desdites informations associées, et d'un deuxième algorithme (ALG2) reconstituant un flux (φ) d'informations déchiffrées à partir des paquets et des clefs de paquet calculés par le premier algorithme.8. The device of one of claims 1 to 7, wherein the data received as input is in the form of packets accompanied by associated data, and the decryption means operate by implementing a first algorithm (ALG1) allowing the calculation of packet keys from said associated information, and a second algorithm (ALG2) reconstructing a stream (φ) of information decrypted from packets and packet keys calculated by the first algorithm.
9. Le dispositif de l'une des revendications 1 à 8, comprenant des moyens de paiement conditionnant la délivrance en sortie des données sous une forme décodée exploitable à la vérification, par le microcircuit, de la réalisation préalable d'un payement en fonction d'informations tarifaires associées contenues dans une mémoire.9. The device of one of claims 1 to 8, comprising means of payment conditioning the output output of the data in a decoded form exploitable to the verification, by the microcircuit, of the prior realization of a payment according to 'associated tariff information contained in a memory.
10. Le dispositif de la revendication 9, dans lequel les informations tarifaires comportent une information d'identification d'utilisateur contenue dans une mémoire du microcircuit sécurisé.10. The device of claim 9, in which the tariff information includes user identification information contained in a memory of the secure microcircuit.
11. Le dispositif de l'une des revendications 1 à 10, comprenant des moyens d'enregistrement ou des moyens de couplage à des moyens d'enregistrement (38, 30, 32).11. The device of one of claims 1 to 10, comprising recording means or means for coupling to recording means (38, 30, 32).
12. Le dispositif de la revendication 11 , dans lequel les données délivrées aux moyens d'enregistrement sont des données comprimées et chiffrées. 12. The device of claim 11, wherein the data supplied to the recording means are compressed and encrypted data.
13. Le dispositif de l'une des revendications 1 à 12, dans lequel le microcircuit sécurisé comprend des moyens pour inclure un filigrane dans le flux de données déchiffrées et décomprimées délivré, ce filigrane incorporant un identifiant du microcircuit sécurisé. 13. The device of one of claims 1 to 12, in which the secure microcircuit comprises means for including a watermark in the stream of decrypted and decompressed data delivered, this watermark incorporating an identifier of the secure microcircuit.
PCT/FR1999/002016 1998-08-19 1999-08-19 Security device for decoding compressed encrypted data WO2000011866A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU51743/99A AU5174399A (en) 1998-08-19 1999-08-19 Security device for decoding compressed encrypted data

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
FR9810543A FR2782563B1 (en) 1998-08-19 1998-08-19 APPARATUS FOR PRODUCING AUDIO SIGNALS FOR A SOUND REPRODUCTION SYSTEM
FR98/10543 1998-08-19
FR9815377A FR2786973B1 (en) 1998-12-04 1998-12-04 SECURITY DEVICE FOR DECODING ENCRYPTED AND COMPRESSED INFORMATION, IN PARTICULAR VIDEO, AUDIO OR TEXT INFORMATION
FR98/15377 1998-12-04

Publications (1)

Publication Number Publication Date
WO2000011866A1 true WO2000011866A1 (en) 2000-03-02

Family

ID=26234505

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR1999/002016 WO2000011866A1 (en) 1998-08-19 1999-08-19 Security device for decoding compressed encrypted data

Country Status (2)

Country Link
AU (1) AU5174399A (en)
WO (1) WO2000011866A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008084425A2 (en) * 2007-01-11 2008-07-17 Nds Limited Processing video content

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0453737A1 (en) * 1990-03-07 1991-10-30 GAO Gesellschaft für Automation und Organisation mbH Probe for a credit card with moulded semiconductor chip
EP0714204A2 (en) * 1994-11-26 1996-05-29 Lg Electronics Inc. Illegal view and copy protection method in digital video system and controlling method thereof
EP0723371A1 (en) * 1995-01-17 1996-07-24 THOMSON multimedia S.A. Method and apparatus for protecting control signals in a conditional access system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0453737A1 (en) * 1990-03-07 1991-10-30 GAO Gesellschaft für Automation und Organisation mbH Probe for a credit card with moulded semiconductor chip
EP0714204A2 (en) * 1994-11-26 1996-05-29 Lg Electronics Inc. Illegal view and copy protection method in digital video system and controlling method thereof
EP0723371A1 (en) * 1995-01-17 1996-07-24 THOMSON multimedia S.A. Method and apparatus for protecting control signals in a conditional access system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PEYRET P ET AL: "SMART CARDS PROVIDE VERY HIGH SECURITY AND FLEXIBILITY IN SUBSCRIBERS MANAGEMENT", IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, vol. 36, no. 3, 1 August 1990 (1990-08-01), New York, NY, US, pages 744 - 752, XP000162915 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008084425A2 (en) * 2007-01-11 2008-07-17 Nds Limited Processing video content
WO2008084425A3 (en) * 2007-01-11 2008-10-23 Nds Ltd Processing video content
US8379852B2 (en) 2007-01-11 2013-02-19 Nds Limited Processing video content

Also Published As

Publication number Publication date
AU5174399A (en) 2000-03-14

Similar Documents

Publication Publication Date Title
EP1834442B1 (en) Method for transmission of digital data in a local network
US6240185B1 (en) Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
EP1261969A1 (en) Device for reading, recording and restoring digital data in a copy-protection system for said data
EP1497986B1 (en) Method for managing the rights of an encrypted content stored on a personal digital recorder
EP1305948A1 (en) Method for secure distribution of digital data representing a multimedia content
EP1733559A1 (en) Method and system for the secure diffusion of protected audiovisual flows to a dynamic group of receivers
EP1495637B1 (en) Secure method of storing encrypted data on a personal digital recorder
EP3114598B1 (en) Method for providing protected multimedia content to a terminal
EP1470714A1 (en) Secure device that is used to process high-quality audiovisual works
EP3380983B1 (en) Method for the identification of security processors
FR2848764A1 (en) Paying digital television signal access controlling procedure, involves emitting messages having contents for monitoring allocation of rights, and enabling additional offer of service/program to subscriber based on users profile
FR2786973A1 (en) Security device for decoding compressed encrypted data has safe microcircuit in magnetic card separate from case and also includes decompression circuits
WO2000011867A1 (en) Method for certified delivery of an audio, video or textual sequence
WO2000011866A1 (en) Security device for decoding compressed encrypted data
WO2004039075A2 (en) Adaptive and progressive audio stream descrambling
FR2910671A1 (en) Audiovisual content e.g. film, visualization number managing method for e.g. chip card, involves providing table having cells of temporal segments, and calculating visualization number already carried out from numbers stored in each cell
EP1723790B1 (en) Method for securing encrypted content broadcast by a broadcaster
EP2297954B1 (en) Updating of entitlements to access a protected audiovisual content
FR3053497A1 (en) METHOD FOR ENHANCING THE SECURITY OF A PEACE-BASED TELEVISION SYSTEM BASED ON PERIODIC PERIODIC RETRO-COMMUNICATION
MXPA00007898A (en) Recording of scrambled digital data
EP1547383A1 (en) Method for the secure transmission of audiovisual files
FR2747526A1 (en) INTERACTIVE GAME DEVICE COMPRISING A RECEIVER OF BROADCASTED INFORMATION, IN PARTICULAR A RADIO SET

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AU BA BB BG BR CA CN CU CZ EE GE HR HU ID IL IN IS JP KP KR LC LK LR LT LV MG MK MN MX NO NZ PL RO SG SI SK SL TR TT UA US UZ VN YU ZA

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase