Since the recent technical improvements in the field of broadband high data throughput networks and in the data processing devices, numerous solutions have been developed for fighting against fraudulent attempts to access to payload content data made available by servers in the network.
The content is exploited by user units or multimedia units defined herein as desktop or portable personal computers, digital television decoders, television sets, wireless terminals such as portable phones, etc. A specific client application such as, for example, a multimedia content player is installed in the user unit for listening or viewing audio/video content distributed by a server on the network. Conditional access and descrambling software and/or hardware modules complete the application for ensuring secure data processing within the unit.
The solutions adopted for preventing unauthorized access to payload content data on a network, are mainly based on a mutual authentication of the user unit with the content distribution server.
Document US20070283162A1 discloses a system and a method for detecting an unauthorized playback device. In a management server, a reception processing unit acquires a user terminal identifier and a first random number from a user terminal targeted for unauthorized playback device detection. The reception processing unit determines whether a second management server random number, which is stored in a storage unit in correspondence with the user terminal identifier, matches the first user terminal random number. If the two random numbers fail to match, a message indicating that a clone exists is displayed. If the two random numbers match, a terminal information generation unit of the management server generates a new random number, and writes this new random number as a second random number into the storage unit. The management server sends the second random number to the user terminal which updates the first user terminal random number to the second random number.
Document WO2006055545A2 discloses a system and method for providing secure communications between client communication devices and servers. A server generates a random offset, alters a server communication device dynamic credential by applying the random offset and stores the dynamic credential thus modified. The server sends, via a network, to a client communication device a signal including the random offset. The client communication device returns to the server a signal including a dynamic credential for verification by determining a difference between the server dynamic credential and the received dynamic credential. A presence of a cloned client communications device is detected on the basis of the difference.
Document WO2007096735A2 relates to mobile phones comprising each a personal token or SIM card used for authentication in a mobile telephony telecommunication network. The SIM card comprises a microprocessor, a memory, a stored secret key and a set of instructions for controlling the microprocessor into performing an authentication calculation on the basis of a received random number and on the basis of the stored secret key. The SIM card further includes a memory location dedicated for storing a counter value and instructions for making the counter value evolve each time the authentication calculation is performed. The counter value stored in the SIM card is compared with the counter value as received from a remote server performing the same authentication calculation as the SIM card. In case of mismatch between the two counter values, the SIM card is disabled and thus no more able to connect the mobile phone to the telecommunication network.
Document US2005239440A1 discloses a system comprising a plurality of client devices and a service provider. A client device is authenticated by using a one-time pad table stored in the client device, and a matching table maintained by the service provider. When a request for service is sent from the client to the service provider, the next unused pad is exchanged and verified with the current state of the service provider's copy of the table. If the one-time pad is the next unused code, service is granted, else the user is challenged to identify himself, which when successfully completed results in the client device being downloaded with a new one-time pad table, replacing the compromised table. Use of service by a cloned device causes the one-time pad table at the service provider to become out of synchronization with the authentic device's copy of the table, thereby setting up the ability to detect the fraud, stop the service consumption by the clone, and reprogram the authentic device to allow for uninterrupted service.
In case of interferences in the data transmission through the network between the server and the user units, or other data corruption coming from calculation errors at large data volume and high throughput, the above methods of mutual authentication or of detection of cloned devices may lack of efficiency. In fact, incorrect response to connection requests sent to the server or failures in encryption/decryption operations as well at user unit as at server side may result to unexpected rejection of genuine user units from the network.