Some embodiments are directed to a method and to a device allowing an access control system to be applied to the protection of streamed video. The inventive system and associated method allow an existing access control system of Marlin type to be used innovatively based on the execution of two successive operation phases allowing DRM rights to be acquired followed by the delivery of content and the decryption thereof.

A method to identify the origin of a security module in a pay-tv system comprising: receiving by the pay-tv decoder system at least a first stream, a second stream and a control word stream, the first and second streams being encrypted by a first and a second control word, respectively, extracting from the control word stream, entitlement messages containing a main control word allowing retrieval of the first and second control words and access conditions, transferring the control word stream to the security module and checking the access conditions, selecting a current control word from the first or second control word based on part of the internal parameter, transmitting the current control word to the pay-tv decoder, selecting a current stream from the first or second stream in accordance with the selection of the first or second control word, and decrypting the current stream with the current control word.

Provided are an electronic device, a broadcast service providing system, and an operation method therefor of the electronic device. The electronic device includes a communicator; a memory for storing one or more instructions; and a processor for executing one or more instructions stored in the memory, wherein, by executing one or more instructions, the processor: receives identification information of one or more broadcast service providers available for the electronic device from a broadcast service management server in response to transmission of information enabling position identification of the electronic device to the broadcast service management server via a network; displays a user interface including the received identification information; accesses a selected broadcast service provider server in response to a user input having selected one broadcast service provider on the basis of the identification information of the one or more broadcast service providers through the user interface; and receives and stores conditional reception system software from the broadcast service provider server.

The present invention provides an audiovisual access criterion updating method, for updating an audiovisual access criterion in an audiovisual access criterion managing device, the audiovisual access criterion managing device managing the audiovisual access criterion of a content signal, the audiovisual access criterion updating method includes: a step of receiving update information descriptive of update content of the audiovisual access criterion and identification information of the audiovisual access criterion managing device by an updating code generating system; a step of generating an updating code by the updating code generating system according to the update information and the identification information; a step of receiving the updating code by the audiovisual access criterion managing device; and a step of updating the audiovisual access criterion by the audiovisual access criterion managing device according to the updating code.

Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure output domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication.

The present invention provides a conditional access method for an intelligent operating system that comprises a trusted execution environment. A digital TV module acquires all channel messages and a control management message. A media play module distributes a DescramblerId and sends the acquired videoPid, audioPid, casId, ecmPid and emmPid and the descrambler message DescramblerId to a conditional access module. The conditional access module selects a registered conditional access application module according to the casId. The conditional access application module acquires corresponding ecm Data and emm Data from the digital TV module, and sends the ecm Data and emm Data to the conditional access module. The conditional access module sends the messages to a trusted application module. The trusted application module performs parse to acquire EK1, EK2 and ECW. The security chip controls a descrambler corresponding to the DescramblerId to perform descrambling according to the acquired messages.

A method implemented by a set top box that encrypts communications for a channel stacking switch (CS) using a public key of the CSS, the method comprising: obtaining a message from a head end; extracting electronic counter measure (ECM) data from the message; sending the ECM data to the CSS; receiving, in response to the sending, a new public key of the CSS; encrypting communications for the CSS using the new public key of the CSS. Also, a method for implementation by a CSS, comprising: maintaining a private key and a public key; obtaining ECM data sent by a set top box in communication with the CSS; obtaining an identifier of the CSS; formulating a new public key based on the private key, the identifier and the ECM; rendering the new public key available to the set top box.

A pay television satellite broadcast includes validation data that can be used to validate authenticity of live global positioning system (GPS) data. The validation data may be included within entitlement messages and encrypted for security and selective reception by authorized receivers. A navigation system may compute checksums of received live GPS data and compare with the validation data for a match. A decision about whether or not to use the live GPS data may be taken based on whether or not the computed checksums match the validation data received via the pay television satellite broadcast signals.

There is provided a receiving apparatus including circuitry that is configured to receive a broadcasting stream including digital data according to an IP (Internet Protocol) having a protocol stack of layers. The circuitry is configured to use a first key acquired based on a first control signal at a first layer to decode a second key included in a second control signal transferred at a second layer, and decrypt an encoded component that corresponds to a particular broadcasting service which is included in a stream obtained through the broadcasting stream, the second layer being a higher layer than the first layer in the protocol stack.

A system and method for generating, providing and/or receiving services for companion devices and for communication between primary device and companion device.