Conventionally, a user unit includes data processing device(s), which can be a computer, a decoder or another similar element and a security module responsible for the cryptographic operations associated to the access or processing of the data. As it is well known, this security module can be essentially achieved according to four distinct forms. One of these is a microprocessor card, a chip card, or more generally an electronic module (taking the form of key, a badge, . . . ). This type of module is generally removable and connectable to the decoder. The form with electric contacts is the most widely used, but a connection without contact for example of the type ISO 14443 is not excluded.
A known second form is that of an integrated circuit shell, generally placed definitively and irremovably in the decoder. An alternative is made up of a circuit mounted on a display base or connector such as a SIM module connector.
In a third form, the security module is integrated into an integrated circuit shell also having another function, for example in a descrambling module of the decoder or the microprocessor of the decoder.
In a fourth embodiment, the security module is not produced in material form, but its function is implemented only in software form. Given that in the four cases, the function is identical although the security level differs, we can talk about a security module regardless of the way in which its function is carried out or the form that this module may take.
The user unit includes a unique identification number that can be stored in the processing means of the data and/or in the security module.
Conventionally, several user units form a group that is managed by a management centre. In the scope of embodiments of the present invention, the user units and the management centre can communicate between each other by way of a communication network that can be in particular a global network such as the Internet. According to the configuration of the network, a management centre can have difficulties in initiating a communication with a user unit. Preferably, it is the user unit that initiates the communication by sending a request to the management centre. This request can pass through several routing devices before reaching the management centre. At the moment in which the user unit starts the communication with the management centre, a communication channel between the management centre and the user unit is maintained open, so that communications can also be transmitted from the management centre towards the user unit.
A dynamic address is assigned to the user unit to allow communication with the management centre. This dynamic address is generally different for each communication session.
When a message must be sent back to the multimedia unit that has initiated the communication and transmitted the request, the management centre sends its message using the channel or dynamic address that is maintained open during the session.
The U.S. Pat. No. 5,278,829 describes a process that allows a management centre to send messages to a user unit. More precisely, this patent describes a control process of physical addresses of a receiver host, generally a computer, inside a network. This network is made up of a host transmitter and several host receivers. Each host is identified by a physical address. These physical addresses are stored in the host transmitter and are associated to a temporary value such as the date of their last use.
When the transmitter must send a message to a receiver, it searches for the physical address of this receiver in its memory. If it finds said address, it determines if the stored date is older than a threshold value. If this is not the case, the transmitter sends the message to the receiver. If the date is older than the threshold value, the transmitter sends a first message to the receiver, using the stored physical address. It then waits for a receipt from the receiver. If it receives this receipt, the transmitter sends the content to the receiver. On the contrary, if it does not receive a receipt, it diffuses a message to all the receivers requesting the receipt for this message. If it receives a receipt, it can then store the new physical address of the receiver that has sent back the receipt.
The method described in this patent only works in the very particular cases in which a host receiver almost never changes its physical address. In fact, as a message is transmitted to a physical address stored in the host transmitter, if the physical addresses are modified for each activation, the possibilities of a message arriving at the correct user unit are practically null.
Moreover, as the physical addresses are generally re-assigned, it is possible for the management centre to send a message to a user unit other than the desired unit even when this user unit sends back a receipt to the management centre to confirm the correct reception of the message.
In the conventional systems in which the physical addresses change and are re-assigned at each connection, the process described in U.S. Pat. No. 5,278,829 fails to work.
This process presents the drawback that the messages sent are very often unnecessary and occupy bandwidth which could be used in a much more suitable way. Moreover, the reception of the message by an undesired user unit can have consequences in terms of security.
Another process includes starting a reinitialization step when the user unit no longer works. The aim of this process is to transmit the unique identification number to the management centre, by means of a communication network, using a specific address.
In this case, the subscriber must wait until the reinitialization is completed. This can last a relatively long time, normally several minutes, during which time the decrypting of the data is not possible.
Another problem with the methods of the prior art is known under the term “Address spoofing” or address usurpation. Using this process, a user unit can modify an identifier connected to the communication address in such a way that the management centre believes it is communicating with a specific user unit when in reality it is transmitting data to another unit.