EP1205072A1 - Systeme et procede permettant de distribuer de maniere securisee un contenu a des groupes ou a des destinataires - Google Patents

Systeme et procede permettant de distribuer de maniere securisee un contenu a des groupes ou a des destinataires

Info

Publication number
EP1205072A1
EP1205072A1 EP00952513A EP00952513A EP1205072A1 EP 1205072 A1 EP1205072 A1 EP 1205072A1 EP 00952513 A EP00952513 A EP 00952513A EP 00952513 A EP00952513 A EP 00952513A EP 1205072 A1 EP1205072 A1 EP 1205072A1
Authority
EP
European Patent Office
Prior art keywords
content
channel
key
program
provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00952513A
Other languages
German (de)
English (en)
Inventor
Baiju V. Patel
Mark J. Baugher
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Intel Corp
Original Assignee
Intel Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corp filed Critical Intel Corp
Publication of EP1205072A1 publication Critical patent/EP1205072A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • the present invention relates generally to data communications and, more specifically, to protection of digital content distributed over a multicast network.
  • Conditional access controls are sometimes used by television (TV) networks where content (e.g., subscriptions to packages of channels) is sold to customers.
  • Conditional access controls permit individual, authorized receivers to receive selected content on a broadcast network, while denying access to the content to unauthorized receivers.
  • TV networks may be analog or digital and there are at least several conditional access control mechanisms available for each type of service.
  • Conditional access controls provide at least two common functions. First, conditional access controls protect the operator of a broadcast network from theft of content by non- paying or other unauthorized customers. This function is important for home TV systems. Second, many conditional access controls use encryption to prevent theft of service. Conditional access controls have been promoted as a security solution for customers of business TV networks who are sensitive to having their business content disseminated unprotected over broadcast networks (such as satellite networks, for example).
  • digital TV content may also include data content, which may have a much higher value than traditional analog content (because original content can be retransmitted without any loss of information), and the same digital content may be distributed to selected groups of customers using multicast or unicast protocols for either data streams or files, additional functions for conditional access controls are desired to ensure that distributed digital content is protected against theft at the destinations to deter unauthorized copying and reuse of high-value data content.
  • Securing content that is multicast to a large group of customers may be accomplished through the use of symmetric key cryptography, asymmetric key cryptography, or both (e.g., a hybrid approach).
  • One approach is to use public key cryptography for authentication of the receiver prior to multicast distribution of the data, and to use a symmetric key to encrypt the multicast content. Once the receiver is authenticated, the receiver is given the symmetric key to decrypt the content.
  • One security limitation with this approach is that if one of the authorized receivers decides to share the symmetric key with unauthorized receivers, the unauthorized receivers may be able to receive the multicast content.
  • the risks associated with this problem increase when there are a very large number of authorized receivers, because there are more receivers who can violate the trust of the arrangement and distribute the key to unauthorized receivers.
  • the multicast content is distributed by satellite, if one of the authorized receivers decides to redistribute the key used for decryption, access to the content may become unlimited.
  • the receiver is authorized to receive the content, but is not trusted with the keys to that content, the keys may be protected through various known tamper resistant methods embedded in a trusted viewer application. This scheme complements communications security by protecting the keys used for communications security.
  • a mechanism combining communication security with content protection in a system is desired to protect multicast content both during transmission and upon reception within a broadcast or multicast network.
  • An embodiment of the present invention comprises an inter-network conditional access system for digital content.
  • the system includes at least one content provider to provide digital content, and at least one service provider, communicatively coupled to at least one content provider, to securely receive the digital content from at least one content provider and to securely distribute the digital content.
  • the content provider and the service provider may create a relationship of trust between themselves in one embodiment.
  • Another embodiment of the present invention comprises a method of providing digital content in an inter-network conditional access system.
  • the method includes encrypting digital content with at least one key, transmitting the encrypted digital content to at least one service provider, requesting creation of a secure channel for distribution of the encrypted digital content by at least one service provider, requesting creation of a program of data to be sent on the channel, the program comprising the encrypted digital content, and installing the at least one key at a content consumer for decrypting the program.
  • Another embodiment of the present invention comprises a method of providing digital content service in an inter-network conditional access system.
  • the method includes receiving encrypted digital content from at least one content provider, creating a secure channel for distribution of the encrypted digital content (a program), creating security keys for the program and sending the keys on the channel.
  • a key protects multiple digital content in the form of multiple programs of data to be distributed to a subscriber base using a cryptographic key for those programs.
  • Another embodiment of the present invention comprises a method of consuming content in an inter-network conditional access system.
  • the method includes receiving keys that were distributed on a secure channel, receiving a first key for gaining access to the secure channel, receiving a second key for decrypting the program communicated over the secure channel, the program comprising encrypted digital content, decrypting the program key on the channel using the first key, and decrypting the encrypted digital content using the second key.
  • FIG. 1 is a diagram illustrating three subsystems of an inter-network conditional access (ICA) system according to an embodiment of the present invention
  • Figure 2 is a diagram showing interfaces between a content provider (CP), a service provider (SP), and a content consumer (CC) according to the ICA system of Figure 1 ;
  • CP content provider
  • SP service provider
  • CC content consumer
  • Figure 3 is a diagram illustrating operations of a new channel function according to an embodiment of the present invention.
  • Figure 4 is a diagram illustrating operations of an add service provider channel member function according to an embodiment of the present invention.
  • Figure 5 is a diagram illustrating operations of an add content provider channel member function according to an embodiment of the present invention
  • Figure 6 is a diagram illustrating operations of a remove service provider channel member function according to an embodiment of the present invention
  • Figure 7 is a diagram illustrating operations of a remove content provider channel member function according to an embodiment of the present invention.
  • Figure 8 is a diagram illustrating operations of a new program function according to an embodiment of the present invention.
  • Figure 9 is a flow diagram illustrating an authentication/authorization operation according to an embodiment of the present invention.
  • Figure 1 0 is a flow diagram illustrating a content provider request channel operation according to an embodiment of the present invention
  • Figure 1 1 is a flow diagram illustrating a service provider request channel operation according to an embodiment of the present invention
  • Figure 1 2 is a flow diagram illustrating content provider and service provider assign channel keys operations according to an embodiment of the present invention
  • Figure 1 3 is a flow diagram illustrating a content consumer assign channel keys operation according to an embodiment of the present invention
  • Figure 1 4 is a flow diagram illustrating a service provider or content provider assign program keys operation according to an embodiment of the present invention
  • Figure 1 5 is a flow diagram illustrating a content consumer key program operation according to an embodiment of the present invention.
  • Figure 1 6 is a diagram illustrating a sample system suitable to be programmed according to an embodiment of methods of performing content provider, service provider and/or content consumer operations in accordance with the present invention.
  • An embodiment of the present invention includes a system and method for combining network security and application/content security to protect a service provider's data service and a content provider's data content in a multicast network environment.
  • An embodiment of the present invention allows security to be controlled and implemented from different locations within a network, such as at the content provider's location, at the service provider's network operations center (NOC), and at intermediate caching server systems.
  • NOC network operations center
  • conditional access may be applied to network environments supporting digital content distribution to receivers such as general purpose computer systems (e.g., personal computers (PC), and servers), although other devices such as set-top boxes, Internet appliances, digital televisions, televisions offering data services, and other data receiving devices, may also be used as content receivers.
  • digital content may be any digital data.
  • MPEG Moving Picture Experts Group
  • ISO International Standards Organization
  • digital content comprises Internet Protocol (IP) packets that are in the data services layer of an MPEG-2 transport stream.
  • IP Internet Protocol
  • Figure 1 is a diagram illustrating three subsystems of an inter-network conditional access (ICA) system according to an embodiment of the present invention.
  • a content provider (CP) 1 0 functions as a source of content.
  • the CP may be a general purpose computer system programmed for authoring or other generation and distribution of multimedia data content.
  • the CP may be any source of multimedia data, including a source of live data, such as may be received from motion picture cameras, video cameras, still cameras, and microphones, for example.
  • a content consumer (CC) 1 2 functions as a consumer or user of the content provided by the CP.
  • the CC may be a general purpose computer system (e.g., a PC or a server), set-top box, Internet appliance, consumer electronics product, digital television, a television (TV) offering data services, or other content receiving device.
  • the CP and CC may be coupled to communications networks 1 5 such as a public switched telephone network (PSTN), the Internet, local area networks (LANs), wide area networks (WANs), and other corporate intranets, and may employ various data delivery systems such as cable, satellite, fiber optic lines, modems, and broadcast antennas, for example.
  • PSTN public switched telephone network
  • LANs local area networks
  • WANs wide area networks
  • a service provider (SP) 14 functions as a distributor of the content and a provider of communications services between the CP and the CC.
  • the SP may also function as a digital broadcast system (DBS), such as a satellite network, for example.
  • DBS digital broadcast system
  • the CP of an ICA system may perform one or more of the following operations.
  • the CP encrypts digital content with at least one key, transmits the encrypted digital content to at least one service provider, and requests creation of a secure channel for distribution of the encrypted digital content by the service provider.
  • the CP also requests creation of a program to be sent on the channel (the program comprising the encrypted digital content) and installs at least one key at a content consumer for decrypting the program.
  • the SP of an ICA system may perform one or more of the following operations.
  • the SP receives encrypted digital content from at least one content provider, creates a secure channel for distribution of the encrypted digital content, creates a program for sending on the channel, and distributes the program.
  • the CC of an ICA system may perform one or more of the following operations.
  • the CC receives an announcement of program keys (which consists of at least keying material for that program such as a key and a time period for when the key is valid) to be distributed on a secure channel, receives a first key for gaining access to the secure channel, and receives a second key for decrypting the program data communicated over the secure channel.
  • the CC also receives the program on the channel, and decrypts the encrypted digital content (the program) using the second key.
  • a single CP may provide content to a single SP, which in turn provides service to one or more CCs.
  • a plurality of CPs may provide content to a single SP, which in turn provides service to one or more CCs.
  • multiple CPs may provide content to multiple SPs. These SPs then provide service to one or more CCs.
  • the ICA system may allow or disallow individual destination networks from being able to decrypt network content. This is accomplished through the distribution of keying material only to receivers that are authorized and authenticated.
  • the ICA system thereby supports encryption of network content "end-to-end" throughout the system.
  • Some CCs may additionally employ content protection through the use of a trusted agent and also a trusted viewer.
  • a trusted agent comprises system software that protects the channel key
  • a trusted viewer comprises application software that protects the program key and controls how content is accessed and used on a CC.
  • an ICA key server provides keys only to authorized and authenticated trusted viewers.
  • the ICA system comprises at least four characteristics that distinguish it from TV conditional access.
  • the ICA system supports conditional access to content stored in network packets and files and is capable of executing on general purpose computer systems.
  • the ICA system works over a variety of network types and communications devices including Ethernet connections, modems, cable modems, asynchronous digital subscriber lines (ADSL), digital video broadcasting (DVB) systems, and advanced television standards committee (ATSC) systems, for example.
  • the ICA system may operate over multiple networks, not just multiple network types. For example, inter-network conditional access may be applied to a data flow that originates on an Ethernet connection, traverses one or more networks, including the Internet, and is received on an Ethernet connection or by a modem.
  • the ICA system also uses both multicast and unicast protocols and may operate over broadcast as well as point-to- point networks.
  • a channel carries keys for programs, and a program is an address or group of addresses having one or more keys assigned to them.
  • the addresses may be unicast or multicast addresses.
  • each program may be carried out using a specific multicast address.
  • Addresses may be grouped into programs with each address in the program carrying a media stream or package.
  • a CP may provide the encryption capabilities. Encryption processing may be offloaded from a SP to a CP for purposes of allowing the CP to control content security.
  • a program may be content sent to one or more multicast addresses (e.g., a content channel) for a selected duration of time.
  • a program comprises a series of logically related packages or a stream of data sent on a channel.
  • a package comprises one or more files, which may be communicated repeatedly.
  • a stream comprises one or more data packets having a temporal relationship between the packets.
  • a program key is first announced to one or more CCs on a channel used for distributing program keys.
  • Authorization, channel and program information are kept in a database under the control of the CP or SP owner of the channel.
  • a database may be a set of data structures related to subscribers of channels and programs (e.g., CCs) and the data content they are authorized to receive.
  • the ICA system shown in Figure 1 provides service security and content security at least in part by creating trust relationships between the three subsystems. Creation of these trust relationships will be discussed below. Additionally, the system comprises three separate levels of security. First, a trusted group defined by access to a channel key allows access to a network service by application software of the content consumer (CC) that is authorized and authenticated by the owner of the service. The authorization and authentication may be of a particular computer system and/or user. Second, a member who is authorized and authenticated may gain access to a particular program key. Third, channel and program keys may be protected against access at the content consumer's computer by a trusted agent or trusted viewer that is authorized and authenticated to use specific channel and program keys without being able to directly read those keys. The use of trusted agents and trusted viewers are an optional content protection feature of the service. II. Interfaces for Access and Content Control
  • FIG 2 is a diagram showing interfaces between a content provider (CP), a service provider (SP), and a content consumer (CC) according to the ICA system of Figure 1 .
  • These interfaces may be implemented by any appropriate means, such as Internet connections, satellite transmissions, PSTN back-channels, cables, and LANs, for example, although the invention is not limited in scope in this respect.
  • One interface between a CP 1 0 and a SP 1 4 may be a request interface 20.
  • Request interface 20 may be used to request mutual authentication of the CP and the SP and to request the distribution of channel and program keys.
  • One interface between a SP 1 4 and a CC 1 2 may be a customer interface 22 where the CC may get the first key to a particular channel.
  • First customer interface 22 may be used to request authorization and authentication of the CC by the SP, to assign channel keys, to assign program keys, and to report programs.
  • One interface between a CP 1 0 and a CC 1 2 may be a second customer interface 24.
  • Second customer interface 24 may be used to request mutual authentication of the CC and CP, to assign channel keys, to assign program keys, and to report programs.
  • a first application tool interface 26 may be included in a CP 1 0 to initiate a launch of application software to control distribution of a program by the CP (e.g., such as a trusted server or player).
  • a second application tool interface 28 may be included in a CC 1 2 to initiate a launch of application software, such as a trusted viewer, for example, for receiving and rendering a program that is being sent either multicast or unicast.
  • a first database interface 30 may be included to connect CP 10 with CP database 32.
  • CP database 32 may be employed as necessary to store system data relating to channel members (e.g., users or CCs), channel keys, program keys, and authentication information (e.g., digital certificates as in a public key infrastructure (PKI), or other means).
  • a second database interface 34 may be included to connect SP 14 with SP database 36.
  • SP database 36 may be employed as necessary to store system data relating to channel members, channel keys, program keys and authentication information (e.g., digital certificates as in a public key infrastructure (PKI), or other means).
  • CC 1 2 may also be coupled by third database interface 37 to a CC database 38, for storing information relating to available channels and programs. It is well known that databases such as these support a variety of operations for updating and querying information contained in them.
  • the ICA system provides functions to accomplish a particular task. Functions comprise multiple, sequential operations across at least one of the system interfaces shown in Figure 2. In the aggregate, the functions implement network and content security in an inter-network conditional access system for multicasting digital content.
  • One embodiment of the present invention provides at least four functions: creating a channel for distribution of program keys, adding a member to the channel, removing a member from the channel, and distributing program keys on the channel.
  • One embodiment of the present invention provides at least seven operations: authenticate/authorize, request a channel be established, assign channel keys, assign program keys, report program, database update, and database select.
  • FIG. 3 is a diagram illustrating operations of a Create a Channel for Distribution of Program Keys function according to an embodiment of the present invention. This function requests an address from a SP by a CP for allocation as a channel on the SP's network.
  • a channel comprises an address for sending program keys. Keys for programs may be distributed to a particular channel address.
  • Channels may be created by a SP or a CP for the SP's network.
  • the Create a Channel for Distribution of Program Keys function may be implemented using the authenticate/authorize and request channel operations.
  • SP 14 and CP 10 authenticate 50 each other, and an authorization check is made by the SP to confirm the rights of the CP.
  • the CP then sends a request 52 to create a channel to the SP.
  • Either a SP or a CP may add a member (CC) to a channel to authorize a CC to provide a CC with a channel key and subsequently receive one or more program keys on the channel.
  • Figure 4 is a diagram illustrating operations of the Adding a Member to the Channel function according to an embodiment of the present invention. This function may be used following execution of a successful Create a Channel for Distribution of Program Keys function to add a content consumer (CC) to the channel.
  • SP database 36 may be updated 54 by specifying to SP 14 the channel members and the authorization/authentication information to be modified along with the requested modifications.
  • SP 14 and CC 1 2 authenticate 56 each other, and SP performs an authorization check to confirm that the CC has rights to become a member of the channel. If successful, the SP adds a channel member 58 by sending channel information to the CC, thereby installing the channel key at the CC at 60. The CC then receives zero or more program keys on the channel and installs them at 62.
  • Figure 5 is a diagram illustrating operations of adding a member to a channel that is owned by a CP according to an embodiment of the present invention.
  • This function may be used by the CP following execution of a successful Create Channel for Distribution of Program Keys functions to add content consumers (CCs) to the newly created channel, one at a time.
  • the SP does not have access to the unencrypted key to the channel nor to the program keys that are subsequently sent on the channel by the CP.
  • Adding a member to a channel owned by a CP may be implemented as follows. First, CP database 32 may be updated 64 by specifying to CP 1 0 the members, channel, and authorization/authentication information to be modified along with the requested modifications.
  • CP 1 0 and CC 1 2 authenticate 66 each other.
  • the CP adds a channel 68 by sending the channel key to the CC, thereby installing the channel at the CC.
  • the CP installs a channel key 70 at the CC for the new channel.
  • the CP also installs a program key 72 for zero or more programs to be received on the new channel. Additional keys may also be added for zero or more programs.
  • Either a SP or a CP may remove a member from a channel it owns.
  • Figure 6 is a diagram illustrating operations of removing a channel member from a channel owned by a SP according to an embodiment of the present invention. This function may be used by the SP to remove a CC from a channel. To accomplish this, the member's authorization (e.g., the selected CC) may be first removed from SP database 36 for this channel and then the keys for the channel may be changed for all other members of the group accessing the channel.
  • the member's authorization e.g., the selected CC
  • Removing a member from a channel function for an SP Channel may be implemented as follows. First, SP database 36 may be updated 74 by specifying to SP 1 4 the channel, member, and authorization/authentication information to be modified along with the requested modifications. Next, in one embodiment, the SP installs a new key 76 for the channel for all CCs subscribed to this channel except for the CC to be removed, thereby preventing the removed channel member from accessing the channel. In other embodiments, other well-known mechanisms for efficiently changing the keys at CC computers using multicast communications may be employed.
  • Figure 7 is a diagram illustrating operations of removing a member from a channel owned by a CP according to an embodiment of the present invention. This function may be used by the CP to remove a CC from a channel.
  • the member e.g., the selected CC
  • the keys for the channel may be changed for all other members of the group accessing the channel.
  • Database operations to reflect the change may be authenticated and may be initiated by any party that is authorized by the CP or the SP.
  • other well-known mechanisms for efficiently changing the keys at CC computers using multicast communications may be employed.
  • Removing a member from a channel for a CP channel may be implemented at the CP as follows. First, CP database 32 may be updated 78 by specifying to CP 1 0 the members, channels, and authorization/authentication information to be modified along with the requested modifications. Next, in one embodiment, the CP may install a new key 80 for the channel for the channel for all CCs subscribed to this channel except for the CC to be removed, thereby preventing the removed channel member from accessing the channel. In other embodiments, other well-known mechanisms for efficiently changing the keys at CC computers using multicast communications may be employed.
  • FIG. 8 is a diagram illustrating operations of a distributing program keys on a channel function according to an embodiment of the present invention. This function may be used in the ICA system to securely distribute program keys over a multicast network.
  • the distribute program keys function may be implemented as follows. First, CP database 32 may be updated 80 by specifying to CP 1 0 the program-specific information such as channel, start time, and stop time to be modified along with the requested modifications. Alternatively, SP database 36 may be updated by SP 14 with this information. Next, CP 1 0 and SP 14 authenticate 82 each other, and an authorization check is performed for the CP by the SP. The CP requests one or more program keys be sent on a channel from the SP by a distribute program keys on a channel 84 operation from the SP. The SP distributes the program key or keys 86 to CC 1 2. The CC then installs keys 88 for the decrypting program on the CC.
  • the CC reports the program 90 by informing a billing system (not shown) at the CP or the SP that the program key or keys are being used and optionally that the content is being received, decrypted and viewed.
  • new programs may be reported to a billing system or subscription system included in the CP or SP.
  • the communication from the CC to the CP or the SP may take place over a back channel (not shown).
  • One embodiment of the present invention provides at least seven operations to implement the system functions described above: authenticate/authorize, request channel, assign channel keys, assign program keys, report program, database update, and database select.
  • IPSec Internet Protocol Security
  • ITU International Telecommunications Union
  • PKI Public Key Infrastructure
  • both parties such as Content Provider (CP) and Service Provider (SP), CP and Content Consumer (CC), or SP and CC, mutually authenticate each other at the start of a communications or information exchange session.
  • CP Content Provider
  • SP Service Provider
  • CC Content Consumer
  • SP and CC mutually authenticate each other at the start of a communications or information exchange session.
  • One-way authentication there is no back-channel from one destination to the other as in many geosynchronous satellite communications arrangements.
  • One way authentication may be used in embodiments of the present invention through such means as "pre-shared" keys.
  • CP database 32 or CP database 36 may contain a shared secret key or a public key of a CC and data sent to the CC may be encrypted with this shared secret key or public key with the knowledge that only the CC who owns the corresponding secret key or private key portion of the public/private key pair will be able to decrypt the data.
  • the data may also be encrypted with the private key of the SP or CP and sent to the CC who has the corresponding public key of the public/private key pair of the sender (e.g., either the SP or the CP).
  • the receiver will only be able to decrypt data sent by the particular sender. This may be used to avoid impersonation of the sender.
  • the data that may be sent to the receiver may include a session key for a particular network stream of packets or a package of files that are being sent.
  • Authentication may be of two varieties, user authentication or platform authentication.
  • user authentication is when a person logs into a system using a password or even biometric data. The user may log in from different devices and be authenticated as a known user with known access rights to the system.
  • platform authentication is when a particular platform is authenticated using hardware and/or software features such as a unique identifier on a computer processor or a globally unique identifier on a version of the operating system that runs on the platform (such as a PC), or by a certificate, such as an X.509 certificate.
  • a caller-ID is a means of identifying an endpoint of a phone call, but the use of caller-ID does not identify which particular person is using the phone.
  • a dongle On a general purpose computer such as a PC, however, there are various means for uniquely identifying the particular computer, such as processor identifier, or by various other means that are collectively referred to as a "dongle. " When the platform is authenticated by means of a dongle, then some assurance is given that the platform serving as the source or receiver of data is the platform that is authorized to receive the data.
  • an authentication technique such as asymmetric public key cryptography (e.g., RSA or Diffie-Hellman) as described in various methods above may be used to encrypt or decrypt data that comprises a channel key.
  • this channel key is used to encrypt zero or more program keys.
  • the channel key is called the Key Encrypting Key (KEK).
  • the sender of the KEK has assurances that only an authenticated and authorized receiver can decrypt it and the receiver of a KEK can be assured that only an authenticated and authorized sender may have encrypted it.
  • the KEK may encrypt a symmetric key that is used to encrypt program keys called traffic encrypting keys (TEKs) .
  • TKIs traffic encrypting keys
  • the TEKs may be used to encrypt data (e.g., program keys and program data) such as network packets that are sent to a group of one or more receivers.
  • data e.g., program keys and program data
  • the KEKs and TEKs may form a tree with a KEK corresponding to a subtree of receivers and TEKs corresponding to packet transmissions sent to receivers.
  • FIG. 9 is a flow diagram illustrating an authentication/authorization operation according to an embodiment of the present invention.
  • a connection may be established between a two-party subset of the CP, SP or CC.
  • authentication may be performed using one of the methods described above. If authentication is successful at block 1 04, then the appropriate database is checked at block 1 05 to determine if the authenticated entity is authorized for the particular access. If authentication and authorization succeed at block 1 05, processing may performed, such as the transmission and/or the reception of data following the report of success shown in block 1 06. The error path of this processing occurs when the authentication/authorization operations of blocks 1 02 and 1 05 were not evaluated to be successful. This occurs when one of the parties did not successfully authenticate itself to the other or if the requesting entity was not authorized for the particular access. An authentication/authorization error may be processed in block 1 08, and in all cases, processing ceases at block 1 10.
  • authentication may occur at the session level, such as at the commencement of communications and prior to the exchange of data among communicating endpoints, or it may occur at the packet level, where each packet is authenticated.
  • session level such as at the commencement of communications and prior to the exchange of data among communicating endpoints
  • packet level where each packet is authenticated.
  • the fact that the two endpoints share a secret key that is used for encrypting packets is implicit packet-level authentication since neither endpoint may impersonate the other.
  • the situation becomes more complicated because any one of the endpoints may impersonate the sender when a symmetric key is used.
  • Embodiments of the present invention may employ of any of these means.
  • the request channel operation obtains a multicast address from a SP's multicast address space for access to the SP's network.
  • the request may result in a success or a failure.
  • a failure may result when there are no more addresses to assign, for example.
  • the request channel operation may be initiated as database operations performed against tables stored within the SP database and/or the CP database.
  • a database update attempt may trigger an address allocation request. The outcome of this request determines the success or failure of the operation.
  • a new channel record may be added to the database. Results of the request channel may need to be kept consistent with the SP and CP databases.
  • Figure 1 0 is a flow diagram illustrating a content provider request channel operation according to an embodiment of the present invention.
  • a request may be made by the CP to the SP to get address parameters.
  • a requested address range may be one parameter of the request; additional request parameters may include the duration of time that the address will be used for the channel.
  • the address may be obtained from the SP at block 1 24.
  • An example of an invalid parameter is a specification of a time duration or address range that cannot be satisfied. Otherwise, a new request to get address parameters from the SP is made again at block 1 20. If the request is successful at block 1 26, then processing ends at block 1 28. If the SP fails to successfully obtain a channel, the error may be processed at block 1 30.
  • Figure 1 1 is a flow diagram illustrating a service provider request channel operation according to an embodiment of the present invention.
  • the SP may wait for new channel requests.
  • a request is received from a CP at block 1 40
  • the request may be analyzed to determine its validity. If the request is valid at block 1 42, a multicast address may be allocated according to the request's parameters at block 1 44. If the request is invalid at block 1 42, the error may be processed at block 146 by reporting the error and returning to a wait state until the next CP request is received. An attempt may be made to allocate the address from a local or a hierarchical multicast address allocation server. If the attempt is unsuccessful at block 1 48, the error may be processed at block 1 46.
  • an update to a channel database may occur at block 1 50 as a transaction against all copies of database tuples for the channel at the SP database and the CP database.
  • the success of the request may be reported to the requesting CP.
  • SP request channel process then completes at block 1 54.
  • the assign channel keys operation installs a channel key for a content consumer (CC).
  • a channel is a multicast address and a key for encrypting program keys that are sent to the channel address.
  • a channel may carry one or more program keys encrypted with the channel key, and a program may be decrypted by a traffic encryption key (TEK).
  • TAK traffic encryption key
  • Information about channels may be represented as table entries in a subscriber database at the SP or the CP.
  • Figure 1 2 is a flow diagram illustrating content provider (CP) and service provider (SP) assign channel keys operations according to an embodiment of the present invention.
  • a CP or SP adds a member to a channel by giving an address for the channel and the channel keys to the channel member following an authentication/authorization step.
  • the key may be distributed to a channel member via unicast on a per channel member basis.
  • the channel key is used to encrypt program keys that are sent to the channel address.
  • the channel key may be communicated to the channel member by sending it directly to the channel member, by transmission on a unidirectional network such as a broadcast network, or may be distributed via a web request from the new channel member.
  • a channel may use a trusted agent to prevent unauthorized copying of keys or agent software.
  • a trusted agent protects the SP's keys using tamper-resistant techniques that prevent access to the keying material by application software other than the agent software that is authorized to use the key.
  • a channel member is a CC who gets notice of the existence of a channel when it receives the address and is assigned keys for it.
  • a database update may be performed after an assign channel keys operation is completed and the member is successfully added to the channel.
  • an assign channel keys request may be obtained.
  • the requesting member may be authenticated/authorized at block 1 64.
  • the member may be given keys to the channel at block 1 68.
  • the assign program keys operation succeeded, then the member was successfully added at block 1 70, the CP database (for CP processing) or the SP database (for SP processing) may be updated at block 1 72 to reflect the addition of the member to the channel. Processing is then complete at block 1 74. If an error is detected at blocks 1 62, 1 66, or 1 70, the error may be processed at block 1 76.
  • Figure 1 3 is a flow diagram illustrating a content consumer (CC) assign channel keys operation according to an embodiment of the present invention. If a CC is the target of the assign channel keys request (that is, a channel is being added to the channels accessible by this CC), then the processing shown in Figure 1 3 may be performed at the CC.
  • an assign channel keys request may be received from a SP or a CP. If the request is for this particular CC at block 1 82, the provider (either a CP or a SP) may be authenticated/authorized at block 1 84. If the authentication/authorization is successful at 1 86, the channel keys may be assigned and installed for use by the CC at block 1 88.
  • a trusted agent may be installed on the content consumer (CC).
  • the trusted agent handles the channel keys for the CC, and an SP or CP authenticates the trusted agent before providing a channel key to the CC.
  • the CC will also authenticate the SP or CP and will only proceed if the SP or CP is authenticated. If the key assignment was successful at block 1 90, the CC monitors program keying material for the channel at block 1 92. Processing is then complete at block 1 94. If an error is detected at block 1 82, 1 86, or 1 90, the error may be processed at block 1 96.
  • the assign program keys operation installs keys for a program.
  • the key may be for a single address or multiple addresses.
  • a program uses one or more keys to encrypt its data packet traffic.
  • a program may require a trusted viewer for accessing the encrypted content that will protect the key and content from unauthorized use.
  • the program key may be a tamper-resistant module.
  • Figure 1 4 is a flow diagram illustrating a service provider or content provider assign program keys operation according to an embodiment of the present invention.
  • a key request may be obtained by the SP or the CP to send program keys on a channel.
  • a key request may be for a new set of program keys for an announcement, streams or package program, or to refresh the keys of a program to exclude certain members that have been removed from the channel.
  • If the request is valid at block 302, one or more program keys may be generated at block 304. If the request is invalid at block 302, the error may be processed at block 306 and processing ends at block 308.
  • An invalid request may be to assign keys or refresh the keys of a non-existing program or to remove a non-existent member from a channel.
  • the generated key may be sent to a channel member. Key distribution may be done on a sub-tree basis using multicast or on a single member basis. If more program keys are to distributed at block 31 2, then assign program keys processing continues with the next member at block 31 0. Otherwise, at block 31 4, the SP database may be updated for SP assign program keys processing, or the CP database may be updated for CP assign program keys processing. The distributed database update reflects the new system state existing after the end of successful assign program keys processing. SP or CP assign program keys processing ends at block 308.
  • FIG. 1 5 is a flow diagram illustrating a content consumer assign program keys operation according to an embodiment of the present invention.
  • a trusted viewer may be installed at block 322.
  • a trusted viewer may be associated with a program.
  • an assign program keys request may be obtained.
  • the request to assign keys to a program may be sent to a CC by a SP or CP either unicast or multicast.
  • the assign program keys message may be received by a CC that is being removed as a channel member and thus that CC will not be able to decrypt the program key.
  • Program keys may be assigned on a sub-tree basis using multicast or on a single member basis.
  • one or more program keys may be updated at block 328.
  • Program keys may be updated by refreshing the TEKs that are associated with the program. Otherwise, a new assign program keys request may again be obtained at block 324.
  • the report program operation communicates when a CC joins or is receiving a program to a SP or a CP.
  • An update of the SP database or the CP database occurs after receipt of the report.
  • Parameters for the report may be obtained from an announcement, from a program key or channel key module, or may be viewer-specific.
  • the report program message may be multicast or unicast. Implementation of the report program operation does not assume tethered consumption of content, and the report may be web based or updated periodically. Additionally, in one embodiment, a back channel interface may be used to convey the report information to either the SP database or the CP database.
  • the ICA system may be used in one embodiment as follows.
  • a channel may be created, at least one user may be added, and keys to a channel may be requested and distributed.
  • program keys can be sent to the members, whereby the program keys are encrypted in the channel key and sent to the channel address.
  • Embodiments of the present invention accommodate various mechanisms for announcing, publicizing, notifying, sending and receiving program information such as distribution of digital information over packet networks. Besides adding users (which may be authenticated people or authenticated platforms), other operations may be used for removing users from the channel.
  • the operations of adding or removing users, who are CC members of a channel may be triggered by and may result in updates to a database management system operating at a SP or a CP.
  • a CC is removed from the channel, it may be necessary to change the channel key of all remaining CC members by assigning a new channel key to them.
  • a channel may be created by either the SP or the CP.
  • the user, the platform, or the computer software that causes a channel to be created may be authenticated.
  • a database record may be created that includes information such as a channel name, a channel network address, channel policy information (e.g., identification of cryptographic algorithm, modes, key lengths, who may join the channel, etc.), and a CP or SP channel owner.
  • a CC (platform or user) may be added to a channel through user intervention or as a result of an update to a database at the SP or CP.
  • the CC may be an authenticated platform or authenticated person.
  • a database record may be created that includes information such as a CC name, a CC credentials, and other information.
  • a CC receives a key to the channel upon being added to the ICA system. This channel key encrypts program keys, as described above.
  • Each program may have its own traffic encryption key and even its own channel in a 'pay per view' embodiment. Alternatively, each channel may be used to carry keys for multiple programs as in a subscriber embodiment.
  • a group of content consumers may receive multicast content that is 'pushed' to users as in Internet Protocol (IP) multicast networks.
  • IP Internet Protocol
  • multicast distribution of channel and program keys complements the multicast nature of the digital content distribution.
  • individual users may request digital content be delivered directly to them in a unicast embodiment of the present invention. If the digital content is delivered unicast to the CC, such as on networks that do not support multicast operation, then the keying material may also be requested and received unicast, such as channel and program keys that are 'pulled' to the CC by a web browser application.
  • the keying material may also be requested and received unicast, such as channel and program keys that are 'pulled' to the CC by a web browser application.
  • the CP database may be updated when the CP maintains the security associations (SAs) for the program as, for example, when a company is sending proprietary information to its offices using a network service provider and the program in question is not to be shared with the network service provider (SP).
  • SAs security associations
  • SP network service provider
  • Members may need to be removed from a channel when, for example, their subscription expires to channel content. This operation may be accomplished by multicast or unicast distribution of new channel keys to the remaining members of the channel.
  • multicast there are efficient means of distributing keys to large numbers of channel members that are logarithmic in complexity and which do not require unicast exchanges between the key management center in the CP or SP and individual members.
  • Those skilled in the art of multicast networking will recognize that a user may be added or removed from a channel with logarithmic message, storage and processing complexity when a tree or hierarchical structure is used.
  • Embodiments of the present invention use hierarchical data structures for managing keys to change the keys of members after a member is removed from a channel or before a new member is added to the channel.
  • the removal of a user may be accompanied by an update the database system in the CP or the SP to remove any association with the user and the channel or program.
  • Embodiments of the present invention may be implemented in hardware or software, or a combination of both. However, embodiments of the invention may be implemented as computer software executing on programmable systems comprising at least one processor, a data storage system (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device.
  • SPs service providers
  • CPs content providers
  • CCs content consumers
  • SPs service providers
  • Programmable software may be applied to input data to perform the functions described herein and generate output information. The output information may be applied to one or more output devices, in known fashion.
  • a processing system includes any system that has a processor, such as, for example, a digital signal processor (DSP), a microcontroller, an application specific integrated circuit (ASIC), or a microprocessor.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • the programs may be implemented in a high level procedural or object oriented programming language to communicate with a processing system.
  • the programs may also be implemented in assembly or machine language, if desired. In fact, the invention is not limited in scope to any particular programming language. In any case, the language may be a compiled or interpreted language.
  • the programs may be stored on a storage media or device (e.g., hard disk drive, floppy disk drive, read only memory (ROM), CD-ROM device, flash memory device, digital versatile disk (DVD), or other storage device) readable by a general or special purpose programmable processing system, for configuring and operating the processing system when the storage media or device is read by the processing system to perform the procedures described herein.
  • Embodiments of the invention may also be considered to be implemented as a machine-readable storage medium, configured for use with a processing system, where the storage medium so configured causes the processing system to operate in a specific and predefined manner to perform the functions described herein.
  • Sample system 400 may be used, for example, to execute the processing for methods employed by the content provider, service provider, or content consumer, in accordance with the present invention, such as the embodiment described herein.
  • Sample system 400 is representative of processing systems based on the PENTIUM®, PENTIUM® Pro, PENTIUM® II, PENTIUM® III, and CELERONTM microprocessors available from Intel Corporation, although other systems (including personal computers (PCs) having other microprocessors, engineering workstations, set-top boxes and the like) may also be used.
  • sample system 400 may be executing a version of the WINDOWSTM operating system available from Microsoft Corporation, although other operating systems and graphical user interfaces, for example, may also be used.
  • FIG. 1 6 is a block diagram of a system 400 of one embodiment of the present invention.
  • the computer system 400 includes a processor 402 that processes data signals.
  • the processor 402 may be a complex instruction set computer (CISC) microprocessor, a reduced instruction set computing (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, a processor implementing a combination of instruction sets, or other processor device, such as a digital signal processor, for example.
  • Figure 1 6 shows an example of an embodiment of the present invention implemented as a single processor system 400. However, it is understood that embodiments of the present invention may alternatively be implemented as systems having multiple processors.
  • Processor 402 may be coupled to a processor bus 404 that transmits data signals between processor 402 and other components in the system 400.
  • System 400 includes a memory 406.
  • Memory 406 may be a dynamic random access memory (DRAM) device, a static random access memory (SRAM) device, or other memory device.
  • Memory 406 may store instructions and/or data represented by data signals that may be executed by processor 402. The instructions and/or data may comprise code for performing any and/or all of the techniques of the present invention.
  • Memory 406 may also contain additional software and/or data (not shown).
  • a cache memory 408 may reside inside processor 402 that stores data signals stored in memory 406. Cache memory 408 in this embodiment speeds up memory accesses by the processor by taking advantage of its locality of access. Alternatively, in another embodiment, the cache memory may reside external to the processor.
  • a bridge/memory controller 41 0 may be coupled to the processor bus 404 and memory 406.
  • the bridge/memory controller 41 0 directs data signals between processor 402, memory 406, and other components in the system 400 and bridges the data signals between processor bus 404, memory 406, and a first input/output (I/O) bus 41 2.
  • the bridge/memory controller provides a graphics port for coupling to a graphics controller 41 3.
  • graphics controller 41 3 interfaces to a display device (not shown) for displaying images rendered or otherwise processed by the graphics controller 41 3 to a user.
  • First I/O bus 41 2 may comprise a single bus or a combination of multiple buses. First I/O bus 41 2 provides communication links between components in system 400.
  • a network controller 41 4 may be coupled to the first I/O bus 41 2.
  • the network controller links system 400 to a network that may include a plurality of processing systems (not shown in Figure 1 6) and supports communication among various systems.
  • the network of processing systems may comprise a local area network (LAN), a wide area network (WAN), the Internet, or other network.
  • a display device controller 41 6 may be coupled to the first I/O bus 41 2.
  • the display device controller 41 6 allows coupling of a display device to system 400 and acts as an interface between a display device (not shown) and the system.
  • the display device may comprise a television set, a computer monitor, a flat panel display, or other suitable display device.
  • the display device receives data signals from processor 402 through display device controller 41 6 and displays information contained in the data signals to a user of system 400.
  • camera 41 8 may be coupled to the first I/O bus to capture live events.
  • Camera 418 may comprise a digital video camera having internal digital video capture hardware that translates a captured image into digital graphical data.
  • the camera may comprise an analog video camera having digital video capture hardware external to the video camera for digitizing a captured image.
  • camera 41 8 may comprise a digital still camera or an analog still camera coupled to image capture hardware.
  • a second I/O bus 420 may comprise a single bus or a combination of multiple buses.
  • the second I/O bus 420 provides communication links between components in system 400.
  • a data storage device 422 may be coupled to the second I/O bus 420.
  • the data storage device 422 may comprise a hard disk drive, a floppy disk drive, a CD-ROM device, a flash memory device, or other mass storage device.
  • Data storage device 422 may comprise one or a plurality of the described data storage devices.
  • a keyboard interface 424 may be coupled to the second I/O bus 420.
  • Keyboard interface 424 may comprise a keyboard controller or other keyboard interface device.
  • Keyboard interface 424 may comprise a dedicated device or may reside in another device such as a bus controller or other controller device.
  • Keyboard interface 424 allows coupling of a keyboard to system 400 and transmits data signals from a keyboard to system 400.
  • a user input interface 425 may be coupled to the second I/O bus 420.
  • the user input interface may be coupled to a user input device, such as a mouse, joystick, or trackball, for example, to provide input data to the computer system.
  • Audio controller 426 may be coupled to the second I/O bus 420. Audio controller 426 operates to coordinate the recording and playback of audio signals.
  • a bus bridge 428 couples first I/O bridge 41 2 to second I/O bridge 420. The bus bridge operates to buffer and bridge data signals between the first I/O bus 41 2 and the second I/O bus 420.
  • Embodiments of the present invention are related to the use of the system 400 to provide a portion of an inter-network conditional access system.
  • provision of content provider, service provider, and/or content consumer operations may be performed by the system 400 in response to processor 402 executing sequences of instructions in memory 404.
  • Such instructions may be read into memory 404 from another computer-readable medium, such as data storage device 422, or from another source via the network controller 414, for example.
  • Execution of the sequences of instructions causes processor 402 to perform content provider, service provider, and/or content consumer operations according to embodiments of the present invention.
  • hardware circuitry may be used in place of or in combination with software instructions to implement embodiments of the present invention.
  • the present invention is not limited to any specific combination of hardware circuitry and software.
  • data storage device 422 may be used to provide long-term storage for the executable instructions and data structures for embodiments of methods of performing content provider, service provider, and/or content consumer operations in accordance with the present invention
  • memory 406 is used to store on a shorter term basis the executable instructions of embodiments of the methods for performing content provider, service provider, and/or content consumer operations in accordance with the present invention during execution by processor 402.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

L'invention concerne un système d'accès à un inter-réseau conditionnel unifiant la sécurité de réseau et la sécurité de contenu/application dans un système unique pour protéger un service d'un fournisseur de service et pour sécuriser un contenu d'un fournisseur de contenu dans un environnement de réseau à diffusion sélective. Le système comprend au moins un fournisseur de contenu destiné à fournir un contenu numérique, et au moins un fournisseur de service pour recevoir de manière sécurisée le contenu numérique d'au moins un fournisseur de contenu et pour distribuer de manière sécurisée le contenu numérique. Le fournisseur de contenu et le fournisseur de service peuvent créer un rapport de confiance entre eux. Le système comprend également la formation du ou des fournisseurs de service et la consommation sécurisée du contenu numérique. Le consommateur de contenu et le fournisseur de service peuvent également créer un rapport de confiance entre eux.
EP00952513A 1999-08-10 2000-08-02 Systeme et procede permettant de distribuer de maniere securisee un contenu a des groupes ou a des destinataires Withdrawn EP1205072A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US37175599A 1999-08-10 1999-08-10
PCT/US2000/021337 WO2001011883A1 (fr) 1999-08-10 2000-08-02 Systeme et procede permettant de distribuer de maniere securisee un contenu a des groupes ou a des destinataires
US371755 2003-02-21

Publications (1)

Publication Number Publication Date
EP1205072A1 true EP1205072A1 (fr) 2002-05-15

Family

ID=23465286

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00952513A Withdrawn EP1205072A1 (fr) 1999-08-10 2000-08-02 Systeme et procede permettant de distribuer de maniere securisee un contenu a des groupes ou a des destinataires

Country Status (5)

Country Link
EP (1) EP1205072A1 (fr)
JP (1) JP2003506974A (fr)
AU (1) AU6519600A (fr)
HK (1) HK1043273A1 (fr)
WO (1) WO2001011883A1 (fr)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1410140B1 (fr) * 2001-03-28 2017-02-15 NDS Limited Systeme et procede de gestion de droits numeriques
JP4552348B2 (ja) * 2001-04-20 2010-09-29 ソニー株式会社 通信システム
FR2858899B1 (fr) 2003-08-11 2005-12-02 Medialive Procede et systeme repartis securises pour la protection et la distribution de flux audiovisuels
BRPI0413462A (pt) * 2003-08-13 2006-10-17 Thomson Licensing método e dispositivo para proteger distribuição de conteúdo por uma rede de comunicação por meio de chaves de conteúdo
US20060095854A1 (en) * 2004-10-18 2006-05-04 Funk James M Method and apparatus for content download
US8528029B2 (en) * 2005-09-12 2013-09-03 Qualcomm Incorporated Apparatus and methods of open and closed package subscription
US8893179B2 (en) 2005-09-12 2014-11-18 Qualcomm Incorporated Apparatus and methods for providing and presenting customized channel information
EP1801725B1 (fr) * 2005-12-14 2009-09-23 Nvidia Corporation Moteur de délestage de sécurité de jeu de puces
EP1876549A1 (fr) 2006-07-07 2008-01-09 Swisscom Mobile AG Procédé et système pour la transmission de données chiffrées
JP2012084071A (ja) 2010-10-14 2012-04-26 Toshiba Corp デジタルコンテンツの保護方法、復号方法、再生装置、記憶媒体、暗号装置
US8661527B2 (en) 2011-08-31 2014-02-25 Kabushiki Kaisha Toshiba Authenticator, authenticatee and authentication method
JP5275432B2 (ja) 2011-11-11 2013-08-28 株式会社東芝 ストレージメディア、ホスト装置、メモリ装置、及びシステム
JP5204291B1 (ja) 2011-12-02 2013-06-05 株式会社東芝 ホスト装置、装置、システム
JP5204290B1 (ja) 2011-12-02 2013-06-05 株式会社東芝 ホスト装置、システム、及び装置
JP5112555B1 (ja) 2011-12-02 2013-01-09 株式会社東芝 メモリカード、ストレージメディア、及びコントローラ
JP5100884B1 (ja) 2011-12-02 2012-12-19 株式会社東芝 メモリ装置
JP5275482B2 (ja) 2012-01-16 2013-08-28 株式会社東芝 ストレージメディア、ホスト装置、メモリ装置、及びシステム
US9201811B2 (en) 2013-02-14 2015-12-01 Kabushiki Kaisha Toshiba Device and authentication method therefor
US8984294B2 (en) 2013-02-15 2015-03-17 Kabushiki Kaisha Toshiba System of authenticating an individual memory device via reading data including prohibited data and readable data
CN114268817B (zh) * 2021-12-29 2023-12-29 北京连屏科技有限公司 媒资管理方法

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI100563B (fi) * 1996-01-30 1997-12-31 Nokia Oy Ab Digitaalisten esitysobjektien salaus lähetyksessä ja tallennuksessa
US6055314A (en) * 1996-03-22 2000-04-25 Microsoft Corporation System and method for secure purchase and delivery of video content programs
US5787089A (en) * 1996-07-25 1998-07-28 Northern Telecom Limited Digital signal broadcasting
AU8764298A (en) * 1997-08-01 1999-02-22 Scientific-Atlanta, Inc. Source authentication of download information in a conditional access system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0111883A1 *

Also Published As

Publication number Publication date
WO2001011883A1 (fr) 2001-02-15
JP2003506974A (ja) 2003-02-18
AU6519600A (en) 2001-03-05
HK1043273A1 (zh) 2002-09-06

Similar Documents

Publication Publication Date Title
WO2001011883A1 (fr) Systeme et procede permettant de distribuer de maniere securisee un contenu a des groupes ou a des destinataires
US7995603B2 (en) Secure digital content delivery system and method over a broadcast network
CA2509206C (fr) Systeme de gestion de droits numeriques utilisant le provisionnement et l'authentification repartis
US6424717B1 (en) Encryption devices for use in a conditional access system
US6744892B2 (en) Method and apparatus for geographically limiting service in a conditional access system
US6292568B1 (en) Representing entitlements to service in a conditional access system
EP1010323B1 (fr) Verification de la source d'information de programme dans un systeme a acces conditionnel
US7328343B2 (en) Method and apparatus for hybrid group key management
US7149308B1 (en) Cryptographic communications using in situ generated cryptographic keys for conditional access
US20040003008A1 (en) Method for partially encrypting program data
EP1000509A1 (fr) Dispositifs de cryptage pour systeme a acces conditionnel
JP2005253109A (ja) 条件付きアクセスシステム
US20060047976A1 (en) Method and apparatus for generating a decrpytion content key
JP2005245010A (ja) 条件付きアクセスシステムにおけるダウンロード情報のソース認証
JP2005245007A (ja) 条件付きアクセスシステムにおけるサービスの登録
JP2006333531A (ja) 条件付きアクセスシステムにおけるサービスの認証
EP1290885B1 (fr) Systeme et procede de fourniture de contenu protege sur un reseau de diffusion
US20230132485A1 (en) System for Thin Client Devices in Hybrid Edge Cloud Systems
WO2016189105A1 (fr) Gestion de récepteurs de données multimédias numériques chiffrées diffusées
US8699710B2 (en) Controlled security domains
JP3654342B2 (ja) 条件付きアクセスシステムにおいて地理的にサービスを制限するための方法および装置
JP2003174440A (ja) コンテンツ配信方法,コンテンツ配信システム,認証機能付きルーティング装置およびクライアント装置
EP1193974A2 (fr) Représentation des autorisations d'accès aux services dans un système à accès conditionnel
Mittra Scalable secure group communication
IL152435A (en) Secure digital content delivery system and method over a broadcast network

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020208

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

RBV Designated contracting states (corrected)

Designated state(s): DE FR GB

17Q First examination report despatched

Effective date: 20040914

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20050712

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1043273

Country of ref document: HK