EP1133866A4 - Verfahren und gerät zum zugriff auf gespeicherte programme - Google Patents

Verfahren und gerät zum zugriff auf gespeicherte programme

Info

Publication number
EP1133866A4
EP1133866A4 EP99961566A EP99961566A EP1133866A4 EP 1133866 A4 EP1133866 A4 EP 1133866A4 EP 99961566 A EP99961566 A EP 99961566A EP 99961566 A EP99961566 A EP 99961566A EP 1133866 A4 EP1133866 A4 EP 1133866A4
Authority
EP
European Patent Office
Prior art keywords
scrambled data
key
entitlement
keys
time period
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP99961566A
Other languages
English (en)
French (fr)
Other versions
EP1133866A2 (de
Inventor
Brant L Candelore
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Electronics Inc
Original Assignee
Sony Electronics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/410,681 external-priority patent/US6363149B1/en
Application filed by Sony Electronics Inc filed Critical Sony Electronics Inc
Priority to EP10173434.1A priority Critical patent/EP2247106B1/de
Publication of EP1133866A2 publication Critical patent/EP1133866A2/de
Publication of EP1133866A4 publication Critical patent/EP1133866A4/de
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4408Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • the present invention relates to program viewing units such as set top boxes used in entertainment systems. More specifically, the present invention relates to a method and apparatus for scrambling program data such that the program data may be de-scrambled for viewing at a future time without experiencing the problems associated with key expiration.
  • Analog communication systems are rapidly giving way to their digital counterparts.
  • Digital television is currently scheduled to be available nationally to all consumers by the year 2002 and completely in place by the year 2006.
  • High- definition television (HDTV) broadcasts have already begun in most major cities on a limited basis.
  • the explosive growth of the Internet and the World Wide Web have resulted in a correlative growth in the increase of downloadable audiovisual files, such as MP3-formatted audio files, as well as other content.
  • Digital versatile disk (DVD) recorders Digital VHS video cassette recorders (D-VHS VCR), CD-ROM recorders (e.g., CD-R and CD-RW), MP3 recording devices, and hard disk-based recording units are but merely representative of the digital recording devices that are capable of producing high quality recordings and copies thereof, without the generational degradation (i.e., increased degradation between successive copies) known in the analog counterparts.
  • the combination of movement towards digital communication systems and digital recording devices poses a concern to content providers such as the motion picture and music industries, who desire to prevent the unauthorized and uncontrolled copying of copyrighted, or otherwise protected, material.
  • the DTDG Digital Transmission Copy Protection (DTCP) proposal is targeted for protecting copy-protected digital content, which is transferred between digital devices connected via a digital transmission medium such as an LEEE 1394 serial bus.
  • DTCP Digital Transmission Copy Protection
  • Device-based the proposal uses symmetric key cryptographic techniques to encode components of a compliant device. This allows for the authentication of any digital device prior to the transmission of the digital content in order to determine whether the device is compliant.
  • the digital content is itself encoded prior to transmission so that unauthorized copying of the content will result in copy having an unintelligible format.
  • the DHSG has determined three primary cases of detection and control that such a technology should accomplish: playback, record and generational copy control.
  • CA conditional access
  • a common key delivery method involves scrambling the content in program data with keys and control words.
  • the content in the program data may be scrambled using control words that may change periodically over time during the broadcast.
  • the control words are delivered into entitlement control messages in the program data and scrambled using a key injected in the entitlement management messages in the program data.
  • the key In order to de-scramble the content, the key must be derived and used to de-scramble the control words. The control words are then applied to de-scramble the content.
  • Viewers may be allowed to record program data with content in a scrambled format and have the content de-scrambled and displayed at a later time.
  • Program viewing units such as set top boxes may be designed to regulate the de-scrambling of the recorded content in the program data such that a record of the de-scrambling may be made and reported to the service providers. This allows the service providers to monitor the usage of program data by viewers and to bill the viewers.
  • Program viewing units may be configured with key management functions that support special revenue features such as pay per-view, pay-per play, pay-per-time, and other features.
  • a drawback of the current key delivery methods is that the service providers change the keys used to scramble control words periodically.
  • a program viewing unit may only de-scramble content in the program data if the current key provided by the service provider is the same as they key used to scramble control words in the recorded program data. De-scrambling of content may not be achieved by the program viewing unit after the key used to scramble the control words in the recorded program data expire.
  • the present invention provides a method for deriving past keys by using a one way function to relate an ordered sequence of keys to each other.
  • the present invention provides a method for providing future access keys by creating a plurality of entitlement control messages, each entitlement control message including an access key for a given time period.
  • the present invention provides a method for providing future access keys by creating an entitlement control message having a plurality of access keys corresponding to a plurality of time periods.
  • the present invention provides a method for tracking an entitlement history by creating an entitlement management message having an entitlement time history field that includes information about whether a user has entitlement to view content recorded during a past time period.
  • the present invention provides a method for authorizing access to stored digital programs by determining whether a program is old, determining whether a user is authorized to view the old program. If the user is not authorized, the user is asked whether the user wants to access old programs, and if the user wants to access old programs, displaying a plurality of payment options to the user.
  • FIG. 1 is a block diagram of an entertainment system according to an embodiment of the present invention.
  • Figure 2 is a block diagram of a program viewing unit according to an embodiment of the present invention
  • Figure 3 is a block diagram of a conditional access unit according to an embodiment of the present invention
  • Figure 4 is a diagram showing one embodiment of the storage requirements for keys.
  • Figures 5A and 5B show embodiments of methods of using a current key to derive past keys.
  • Figure 6A shows an embodiment of an entitlement control message.
  • Figures 6B, 6C, 6D and 6E show embodiments of entitlement control messages that include future keys.
  • Figures 7A and 7B show embodiments of creating entitlement control messages that include future keys.
  • Figures 8A, 8B, and 8C show embodiments of entitlement management messages that include entitlement history.
  • Figures 9A, 9B, 9C and 9D show embodiments of the present invention for authorizing access to stored digital programs.
  • Figure 10 shows an embodiment of a method to determine if a user is entitled to view a program that was delivered during a previous time period.
  • Figure 11 shows an embodiment of a method for allowing a user to obtain authorization to view program content from a previous time period.
  • FIG. 1 is a block diagram of an entertainment system 100 including one embodiment of the copy management system of the present invention.
  • the entertainment system 100 includes a digital device 110 for receiving a digital bitstream including program data from one or more service providers.
  • service or content providers can include terrestrial broadcasters, cable operators, direct broadcast satellite (DBS) companies, companies providing content for download via the Internet, or any similar such content and/or service provider.
  • the program data may include system information, entitlement control messages, entitlement management messages, content, and other data, each of which will be described briefly.
  • System information may include information on program names, time of broadcast, source, and a method of retrieval and decoding, and well as copy management commands that provide digital receivers and other devices with information that will control how and when program data may be replayed, retransmitted and/or recorded.
  • Copy management commands may also be transmitted along with entitlement control messages (ECM), which are generally used by the conditional access unit to regulate access to a particular channel or service.
  • ECM entitlement control messages
  • EMM Entitlement management messages
  • a decryption key is generally a code that is required to restore scrambled data, and may be a function of the rights granted.
  • content in the program data stream may include audio and video data, which may be in a scrambled or clear format.
  • the digital device 110 includes a digital receiver 111, which processes the incoming bitstream, extracts the program data therefrom, and provides the program data in a viewable format. The thus extracted program data is then provided to a decoding unit 112 for further processing, including separation of the system information from the content, as well as decoding, or decompressing, of the content to its original form.
  • the digital receiver 111 also regulates access to the program data by other components on the entertainment system 100, and according to one embodiment of the present invention, supports the simultaneous transmission of program data having content in a de-scrambled format (hereinafter referred to as "de- scrambled content”) and program data having content in a scrambled format (hereinafter referred to as "scrambled content").
  • the digital device 110 is a digital television set where the digital receiver 111 is a set-top box integrated therein, and the decoding unit 112 is an MPEG (Motion Picture Experts Group) decoder.
  • the digital television set's display (not shown) is, according to this embodiment, integrated within the digital device 110.
  • the digital device 110 may include only the digital receiver 111 and/or the decoder unit 112, with a display being external to the decoding device 110.
  • An example of this embodiment would be an integrated receiver/decoder (LRD) such as a stand-alone set-top box which outputs NTSC, PAL or Y p B p R signals. All such embodiments are included within the scope of the present invention.
  • Digital device 110 may be coupled to other components in the entertainment system 100 via a transmission medium 120.
  • the transmission medium 120 operates to transmit control information and data including program data between the digital device 110 and other components in the entertainment system 100. It will be appreciated that the entertainment system 100 of Figure 1 is merely an exemplary embodiment, and that other analog and/or digital components may be added or substituted for the components briefly described hereinafter.
  • the entertainment system 100 may include an audio system 130 coupled to the transmission medium 120.
  • the audio system 130 may include speakers and an audio player/recorder such as a compact disc player, a Sony MiniDisc ® player, or other magneto-optical disc that may be used to play and/or record audio data.
  • a digital VCR 140 such as a D-VHS VCR, may also be coupled to the digital device 110 and other components of the entertainment system 100 through the transmission medium 120.
  • the digital VCR 140 may be used to record analog or digital audio, video, and other data transmissions, and according to an embodiment of the present invention, may be used to record program data received by the digital device 110 and transmitted to the digital VCR over transmission medium 120.
  • a hard disk recording unit 150 may also be coupled to digital device 110 and other components via transmission medium 120.
  • the hard disk recording unit 150 may be a personal computer system, a stand-alone hard disk recording unit, or other hard disk recording device capable of recording analog or digital audio, video and data transmissions.
  • the hard disk recording unit 150 may be used to record program data received by the digital device 110 and transmitted to the hard disk recording unit 150 over transmission medium 120.
  • Display 160 may include a high definition television display, a monitor or other device capable of processing digital video signals.
  • display 160 may be a digital television set.
  • control unit 170 may be coupled to the transmission medium 120.
  • the control unit 170 may be used to coordinate and control the operation of some or each of the components on the entertainment system 100, as well and other electronic devices remotely coupled thereto.
  • FIG. 2 is a block diagram of one embodiment of the digital receiver 111 including the copy management system according to the present invention.
  • the digital receiver 111 includes a central processing unit (CPU) 210, which controls the overall operation of the digital receiver 111, and determines the frequency in which a selected channel is broadcast or otherwise transmitted. This information is then transmitted to a tuner 220, which then selects the appropriate frequency of the terrestrial, cable, satellite, or Internet transmission in which to receive the incoming digital bitstream, including program data.
  • the CPU 210 may also support a graphical user interface (GUI), such as an electronic programming guide (EPG), the latter allowing a user to navigate through various channels and program options to select a desired channel or program for viewing, listening, recording and the like.
  • GUI may be displayed on either a display (not shown) of digital device 110 (e.g., where digital device 110 is a digital television set), or on display 160 (e.g., where digital device 110 is a stand-alone set-top box).
  • EPG electronic programming guide
  • the tuner 220 Once the tuner 220 has selected the appropriate frequency, it amplifies the incoming digital bitstream, and provides the output bitstream to a demodulator unit 230.
  • the demodulator unit 230 receives the bitstream from the tuner 220 and demodulates the bitstream to provide program data as originally transmitted.
  • the type of demodulation effected by the demodulator unit 230 will of course depend on the type of transmission as well as the modulation process used in the transmission process. For example, in the case of cable transmissions and Internet transmissions received over cable modems, the demodulator unit 230 may perform quadrature amplitude demodulation (QAD), while for satellite broadcasts, quadrature phase shift key (QPSK) demodulation will likely be required.
  • QAD quadrature amplitude demodulation
  • QPSK quadrature phase shift key
  • demodulator unit 230 may also perform error correction on the received bitstream.
  • the thus demodulated bitstream is now preferably provided to a conditional access unit 240. (That portion of the demodulated bitstream that is not encrypted may bypass the conditional access unit 240 and be provided directly to the demultiplexer 250 as shown by the dashed lines in Figure 2. This might also be the case where none of the bitstream needs decrypting, and/or where there is no conditional access module).
  • the conditional access unit 240 generally performs key management and decryption, as well as de-scrambling functions as follows.
  • the CPU 210 may transmit packet identifier (PLD) information to the conditional access unit 240, such PLD information informing the conditional access unit 240 where in the program data the ECM may be found.
  • PLD packet identifier
  • the CPU 210 may instead receive the ECM and deliver it to the conditional access unit 240.
  • the conditional access unit 240 may have demultiplexing capabilities allowing it to directly obtain the location of the ECM from the bitstream itself.
  • the ECMs regulate a user's access to a particular channel or service, and determines the access rights that are needed to be held by a receiver 111 in order to grant access.
  • the ECMs may also be used to deliver a decrypting or de-scrambling key or to deliver information (e.g., an algorithm) as to how to derive a key that may be used to de-scramble scrambled content.
  • the conditional access unit 240 may de-scramble the content contained in the program data.
  • the conditional access unit may provide the key to the demultiplexer 250 which will perform the de-scrambling.
  • conditional access unit 240 is shown as an integral, or embedded, in that both the de-scrambling and decrypting functions are effected internally in receiver 111, the conditional access unit may also split or external.
  • An external conditional access unit de-scrambles the program data content and decrypts the keys externally; e.g., as is the case with the National Renewable Security System (NRSS) conditional access modules.
  • NRSS National Renewable Security System
  • a split conditional access unit the program data content is de-scrambled within the digital receiver 111, while the key decryption is completed externally, e.g., via a "smart card.” All of these systems are intended to be within the spirit and scope of the present invention.
  • the conditional access unit 240 de-scrambles the program data content
  • the program data is input to demultiplexer unit 250, which separates the system information from the content in the program data.
  • the demultiplexer unit 250 parses the program data for PLDs that are associated with system information, audio information, and video information, and then transmits the system information to the CPU 210 and the audio and video information to the decoder unit 112.
  • a digital interface unit 260 is coupled to the conditional access unit 240. Operation of this unit, which allows the receiver 111 to communicate with other digital components in the entertainment system 100, will be discussed at a later point.
  • the CPU 210, tuner 220, demodulator unit 230, conditional access unit 240, demultiplexer unit 250, and digital interface unit 260 may be implemented using any known technique or circuitry.
  • the CPU 210, tuner 220, demodulator unit 230, demultiplexer unit 250, and digital interface unit 260 all reside in a single housing, while the conditional access unit 240 resides in an external NRSS conditional access module (as discussed above).
  • the conditional access unit can take the form factor of either a Personal Computer Memory Card International Association (PCMCIA) or smart card.
  • PCMCIA Personal Computer Memory Card International Association
  • FIG. 3 shows a block diagram of one embodiment of the conditional access unit 240 of the copy management system of the present invention.
  • the conditional access unit 240 includes a processor unit 330, which receives the demodulated program data from the demodulator unit 230 and obtains PLD information identifying where ECMs may be found in the program data. Again, this packet identifier information may be provided by the CPU 210 or obtained directly from the bitstream by the conditional access unit 240 itself. It is also possible for the CPU 210 to deliver ECMs to the conditional access unit 240.
  • the processor unit 330 processes the ECMs and derives a key for de-scrambling the content.
  • the processor unit 330 then outputs program data and the key to a de-scrambler unit 340 over line, pin or set of pins 335 (hereinafter, "line 335").
  • the de-scrambler unit 340 receives the key and the program data off line 335 and processes the program data, including de- scrambling or decrypting the program data content with the key.
  • the de-scrambler unit 340 then transmits the program data with the now clear content over line, pin or set of pins 346 (hereinafter, "line 346") to the demultiplexer unit 250 ( Figure 2), and then to the decoding unit 112, and finally for display and viewing by a user.
  • line 346 line, pin or set of pins 346
  • the de-scrambler unit 340 also transmits the program data with the now clear content over line, pin or set of pins 345 (hereinafter, "line 345") to a re-scrambler unit 350.
  • the re-scrambler unit 350 receives the program data and processes the data, including re-scrambling the clear content.
  • Re-scrambling can use a similar algorithm as used in the de-scrambling process. For example, if DES could be used for both the de-scrambling and re-scrambling processes.
  • processor unit 330 the de-scrambler unit 340, and the re-scrambler unit 350 are shown as separate elements in Figure 3, these elements may be integrated in one device, or may be implemented using any known circuitry or technique).
  • the re-scrambler unit 350 may re-scramble the content in any one of several ways. For example, in one embodiment of the copy management system of the present invention, it may re-scramble the content using the ECMs originally transmitted in the received bitstream and received in receiver 111. Alternatively, separate re-scrambling keys may be transmitted in the original bitstream in separate ECMs and extracted by the re-scrambler unit 350 from the program data received from the de-scrambler unit 340.
  • the re-scrambler unit 350 may have encrypting or encoding capabilities, allowing it to re-scramble the content using a local key which may be unique to receiver 111.
  • a key would not be delivered using an ECM, but could be delivered to the re-scrambler unit 350 using an EMM.
  • the key could be a non-changeable key which has been created at the time of manufacture of the re-scrambler unit.
  • control words may be used in addition to keys.
  • the control words are first scrambled using a key, and then are inserted into the bitstream program data prior to transmission.
  • the control access unit 240 in order to de-scramble the content in the program data, the control access unit 240 must first derive the key (using any of the aforementioned methods) and then use the derived key to de-scramble the control words. The de-scrambled control words are then applied to de-scramble the content.
  • the re-scrambler unit 350 may scramble the content using one of several methods.
  • the re-scrambler unit 350 may use the originally transmitted control words and key to re-scramble the control words.
  • the re-scrambler unit 350 may use local control words and keys that are unique to the receiver 111. It will be appreciated to those skilled in the art that any one of the aforementioned methods of scrambling and de-scrambling may be used alone or in combination, and these and other similar methods are intended to be within the scope and spirit of the present invention.
  • the program data including the re-scrambled content is transmitted over line, pin or set of pins 355 (hereinafter, "line 355").
  • the re-scrambled program data is output over digital interface unit 260, as shown in Figure 2.
  • the digital interface unit 260 encodes this program data with copy management commands that indicate that the program data is "copy free.”
  • the digital interface unit 260 interfaces with the components on the transmission medium 120 (shown in Figure 1) to determine which components are authorized to decode the encoded program data, and then transmits a key to the authorized components for decoding the encoded program data.
  • the digital interface unit 260 initiates an authentication process that identifies devices that are authorized to decode encoded program data, and then encodes program data transmitted on the LEEE 1394 transmission medium using the DTDG's DTCP encoding scheme. It will be appreciated, however, that other encoding schemes may be implemented without detracting from the spirit and scope of the invention.
  • the conditional access unit 240 allows the user to simultaneously view a program in the clear while recording the scrambled version. It will be appreciated that, under this embodiment, the content provider can control when and if the user can copy or even view the content again given that the re- scrambled stream which is output over line 345 must be de-scrambled with the appropriate keys and/or control words before viewing, and thus must be processed by the conditional access unit 240.
  • the scrambled digital content may be recorded by a user in its scrambled format. There are several reasons for doing this. For example, permission to record the clear content of a program may not have been granted by the content provider even if it is marked with "copy never" attributes, but time shifting is desired. Alternatively, an entire digital transport stream is recorded containing a number of programs, only one of which may be descrambled and viewed at any one time. By playing back the scrambled content, unwatched portions of the stream may be accessed by descrambling and watching the unseen portion of the content.
  • the information used to descramble the content is provided by a key.
  • This key information may be encrypted.
  • the key, along with the information needed to decrypt the key, are sent to the conditional access 240 in an entitlement management message, or in an entitlement control message. If either of these messages are modified, the key information will also be modified and rendered useless.
  • the key information may change on a regular basis, for example, a monthly basis tied to a customer's billing cycle.
  • Figure 5 A shows one embodiment of a method of deriving past keys in order to reduce the storage requirements for keys.
  • the keys are related to one another by a one way function.
  • a previous key is hash of current key. If the conditional access unit has possession of the current key, it can determine previous keys that correspond to previous time periods. However, keys corresponding to future time periods cannot be determined or derived from the current key, because the keys are related in only one way.
  • the one way that the keys are related is from a current key to previous keys. In this way, by having the current key, a conditional access unit is able to hash and derive previous keys in order to descramble previously stored scrambled programming.
  • all of the possible keys may be computed ahead of time. For example, if a key were to change once a month for ten years, the one way function would need to be invoked 120 times (12 times per year * 10 years). The key that would be used first is the very last key computed. A system may run the hashing algorithm a thousand times, which would provide more than enough keys for at least 80 years at the rate of one key used per month.
  • FIG. 5B shows a flow diagram of one embodiment of the method for creating and using these keys.
  • a last key is created.
  • the last key and a one way function are used to create a next to last key, 510, so that the next to last key can be derived from the last key and the one way function, but the last key cannot be derived from the next to last key.
  • This process is then repeated a plurality of times, to create a series of keys, 515.
  • the previous keys in the series are related to subsequent keys by the one way function, such that a given key and the one way function can derive previous keys, but the given key and the one way function cannot derive subsequent keys.
  • a time period is assigned to each key, beginning with the first key in the series and ending with the last key, such that each key may be used to descramble content during the time period assigned to the key, 520.
  • the content of a program is scrambled and delivered to a user, 523.
  • a key and the one way function are transmitted to a conditional access unit, 525.
  • the key is used to gain access to the content which may be on a network or on a storage device, by using the key to descramble the content, 530.
  • the key and the one way function are used to derive a previous key from a previous time period, 535.
  • the previous key is used to descramble content from a previous time period, 540.
  • hashing algorithms examples include the secure hash algorithm (SHA) and media digest 5 (MD5).
  • SHA secure hash algorithm
  • MD5 media digest 5
  • DES digital encryption standard
  • Figure 5C shows an example of a hashing function using DES.
  • Figures 6B through 6E show embodiments for recording future access keys.
  • Figure 6A shows a conventional entitlement control message.
  • the key used to descramble the content is encrypted under the current group or service key 640, which is sent in the ECM 610.
  • the scrambled content may be recorded. However, the key may expire after a period of time. If a customer tries to view the recorded scrambled content at a later time, the conditional access element may not be able to recover the content if the key has expired. This is how payment is enforced by the service provider.
  • FIG. 6B shows one embodiment of entitlement control messages (ECMs) that contain fields encrypting future delivered group or service keys.
  • ECMs entitlement control messages
  • Each ECM 660 contains a key 680, 681, 682, 683 that corresponds to a given time period.
  • time X is the current key epoch
  • time X-l is the next epoch. If a customer were authorized to view an entire year of content, and if keys changed on a monthly epoch basis, then 12 different ECMs could be generated, included in the data stream, and recorded along with the content. Thus, a customer could record the content, and still have access to view the content for one year.
  • FIG. 7A shows a flow diagram for one embodiment of creating the ECMs of Figure 6B.
  • One or more keys are created, 710.
  • a time period is assigned to each key, where the time period may be a past, present, or future time period, 720.
  • a plurality of entitlement control messages are created so that each entitlement control message corresponds to a given time period, 730.
  • For each key place the key assigned to a given time period in the ECM corresponding to the given time period, 740.
  • the content of a program, together with the plurality of ECMs, are recorded, 750.
  • the key from the ECM that corresponds to the given time period is used to descramble the content of a program, 760.
  • FIGS 6C and 6D show another embodiment of an entitlement control message.
  • one ECM 674 is created, and includes multiple keys corresponding to multiple time periods.
  • each encrypted key 680, 681, 682, 683 may correspond to a monthly time period, for example.
  • ECM 675 has key information encrypted under several keys.
  • Key 684 is the current group or service key.
  • Keys 685, 686 are time keys. They are not based on the same time epoch as the group or service key, but instead are used for retrieval of stored content after the most recent epoch or epochs have expired.
  • a time key may be a vintage key.
  • a vintage key may unlock all material from a particular group or service after a certain amount of time has elapsed, for example, two or three years. This reduces the number of fields of encrypted key information, therefore, ECMs could be made shorter to conserve bandwidth.
  • Figure 6E shows another embodiment of the format of an entitlement control message 675.
  • This relies on a simple coverage key 687 that either never changes unless there is a security problem or break, or changes extremely slowly, for example, on the order of years.
  • the ECM access requirements 631 contain all the necessary information in order to recover the program.
  • This format may rely on the ECM signature 650 to verify that none of the access conditions have been modified.
  • This embodiment may benefit from public key cryptography, where the key used to decrypt or verify is not the key used to encrypt or sign messages.
  • a conditional access element that has been compromised and thoroughly analyzed would not necessarily break the system for all conditional elements.
  • the public key system would need to be broken as well.
  • the simple coverage key might not be required, as the key field along with other data could be encrypted with the signature.
  • Figure 7B shows a flow diagram of a method for creating one entitlement control message with a plurality of keys.
  • a plurality of keys are created.
  • One or more time periods are assigned to each key, where each time period may be a past, present or future time period, 770.
  • the plurality of keys are placed in the entitlement control message, 780.
  • the content of a program is recorded together with the entitlement control message, 785.
  • the content of a program is scrambled.
  • the scrambled content is transmitted, or delivered to a user, 790, along with the ECM, by delivering the content to a conditional access unit.
  • the content is descrambled using the appropriate key for the given time period from the ECM, 797.
  • the present invention may also track entitlements over time. For example, a new customer may be currently subscribed to a service, and is therefore entitled to view content delivered during the current billing period. However, the customer may not be authorized by the service to view content from previous periods. Therefore, if the service provider does not want a customer to have access to previously recorded content unless the customer pays for it, then the entitlement history of the customer has to be tracked. Information on whether a subscriber was authorized to view a service or package can be delivered in entitlement management messages, along with other entitlement information, as shown in figure 8 A. ECM 810 includes information about entitlements that the customer currently has, in field 830, as well as the customer's entitlement time history 840.
  • Figure 8B shows one embodiment of an entitlement management message 850 that tracks a user's entitlement history in field 870.
  • This entitlement time history may be delivered along with key and entitlement information.
  • Each bit shown in the entitlement time history field 870 represents whether or not a customer was subscribed or authorized for a service for one or more discrete time periods.
  • the first bit shown in Figure 8B may represent whether a customer has access to content recorded 24 months ago. If this bit is in a first state, which may be zero, for example, then the customer may not view content from this time period, even if the customer has the key information for this time period.
  • the memory required to store the entitlement time history information can be reduced using this method. For example, two years worth of information, with each bit representing one month, would only require 24 bits or 3 bytes of storage along with the header 860.
  • FIG. 8C shows an alternative embodiment of the entitlement management message 880.
  • the entitlement time history information 872 has several fields, where each field may correspond to several time periods. For example, if the first bit 890 represents whether a customer has had access at any time during a five month period, the memory required to store the entitlement history information is reduced.
  • Figure 10 shows one embodiment of a method for tracking the entitlement time history of a user.
  • An entitlement is granted to a user for one or more time periods, so that the user is entitled to view the content of programs that are delivered during the one or more time periods, 1010. These entitlement time periods are recorded, 1020.
  • An entitlement management message is created for the user, including an entitlement time history field, and the recorded entitlement time periods are placed in the field, 1030.
  • a user may select a stored program that was delivered or transmitted during a previous time period, 1040. The time period of the stored program is compared with the entitlement time history in the entitlement management message and determines if the user is entitled to view a program that was delivered during the previous time period, 1050.
  • FIGS 9A through 9D show embodiments for authorizing access to stored digital programs. Entitlements to view content recorded in the past may be granted to a customer. Thus, access to past content can be a service that is offered to a customer. For example, a server or recorder may record all programs that are broadcast during one day. Then, when a customer comes home from work, the customer can access the server to view the recorded content. A universal time counter will increment and identify the recorded program as "old" content. If it is old, then it is recorded on a medium such as a tape. A secondary conditional access element may then handle the stored content.
  • a screen may be displayed to the user so that the user can authorize and pay to view the content, as shown in figures 9A through 9C.
  • the user is notified that he or she is not authorized to view old content. The user may then receive authorization to view old content, by responding to a query, for example.
  • the user may receive authorization by paying to view the program.
  • the user may also receive authorization to view the program by subscribing to the time period when the program content was broadcast, or delivered, to customers.
  • the customer may receive access to view a program by subscribing to one of several past time periods, all of which include the program that the customer wishes to view.
  • Figure 9D shows one embodiment of displaying entitlement history to a customer.
  • a grid 910 includes several time periods 920 and a list of services or content 930. The time periods may be in a row, for example, and the services may be in a column. Thus, whether a customer is authorized to view content that was broadcast or delivered during a given time period can be easily determined by viewing the grid. For example, if box 940 in grid 910 is in a first state, then the customer is not authorized to view content from the Disney channel that was delivered between July and December of 2000. If the customer desires to view content from this service that was delivered during this time period, then delivery of past entitlements can be sent to the customer to retrieve stored programs. Thus, the customer can pay to fill in the fields of figure 9D. This allows selective enablement of past stored programs.
  • Figure 11 shows an embodiment of a method to obtain authorization to view content recorded or delivered during a previous time period. If a user is not authorized to view a program from a previous time period, a message is displayed to the user that indicates that the user is not authorized to view the program, 1110. A message is displayed to the user to determine if the user wants to receive authorization to view the program, 1120. If the user responds affirmatively, for example by inputting a response to the set top box using a computer input device, then a plurality of payment options are displayed to the user, 1130. The user then pays for the stored program from a previous time period by selecting one of the payment options, and authorization for the user to view the program is granted.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Television Signal Processing For Recording (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)
EP99961566A 1998-11-25 1999-11-03 Verfahren und gerät zum zugriff auf gespeicherte programme Ceased EP1133866A4 (de)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP10173434.1A EP2247106B1 (de) 1998-11-25 1999-11-03 Verfahren und gerät zum zugriff auf gespeicherte programme

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US11001798P 1998-11-25 1998-11-25
US110017P 1998-11-25
US09/410,681 US6363149B1 (en) 1999-10-01 1999-10-01 Method and apparatus for accessing stored digital programs
US410681 1999-10-01
PCT/US1999/025819 WO2000031956A2 (en) 1998-11-25 1999-11-03 A method and apparatus for accessing stored digital programs

Related Child Applications (1)

Application Number Title Priority Date Filing Date
EP10173434.1A Division EP2247106B1 (de) 1998-11-25 1999-11-03 Verfahren und gerät zum zugriff auf gespeicherte programme

Publications (2)

Publication Number Publication Date
EP1133866A2 EP1133866A2 (de) 2001-09-19
EP1133866A4 true EP1133866A4 (de) 2009-03-11

Family

ID=26807624

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99961566A Ceased EP1133866A4 (de) 1998-11-25 1999-11-03 Verfahren und gerät zum zugriff auf gespeicherte programme

Country Status (4)

Country Link
EP (1) EP1133866A4 (de)
JP (2) JP2002531013A (de)
AU (1) AU1811600A (de)
WO (1) WO2000031956A2 (de)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE60040724D1 (de) * 2000-04-07 2008-12-18 Irdeto Access Bv Datenverschlüsselungs und -entschlüsselungssystem
DE10044386A1 (de) * 2000-09-08 2002-04-04 Scm Microsystems Gmbh Adaptergerät für DVB
EP2824868A1 (de) 2001-08-24 2015-01-14 Thomson Licensing Lokales digitales Netz, Verfahren zum Einbau neuer Vorrichtungen sowie Datenübertragungs- und Datenempfangsverfahren in einem solchen Netz
CN1625740A (zh) * 2002-07-23 2005-06-08 三星电子株式会社 元数据的索引结构、提供元数据索引的方法、以及使用元数据的索引的元数据搜索方法和装置
US7366302B2 (en) * 2003-08-25 2008-04-29 Sony Corporation Apparatus and method for an iterative cryptographic block
EP1676281B1 (de) * 2003-10-14 2018-03-14 Selander, Göran Effiziente verwaltung von generationen kryptographischer schlüssel
EP1705906A1 (de) * 2005-03-04 2006-09-27 Nagravision S.A. Verfahren zur Verwaltung einer von einem Provider gesendete Programmtabelle
IL178488A0 (en) 2006-10-05 2008-01-20 Nds Ltd Improved key production system
EP3619632B1 (de) * 2017-05-04 2024-05-08 Brickell Cryptology LLC Gewährleistung von externer zugänglichkeit für vorrichtungen in einem netzwerk

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0817485A1 (de) * 1996-06-28 1998-01-07 THOMSON multimedia System mit bedingtem Zugang und dazugehöriger Karte
EP0858184A2 (de) * 1997-02-07 1998-08-12 Nds Limited System zum Schutz von digitalen Aufzeichnungen
WO1998043428A1 (en) * 1997-03-21 1998-10-01 Canal+ Societe Anonyme Method and apparatus for preventing fraudulent access in a conditional access system

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4613901A (en) * 1983-05-27 1986-09-23 M/A-Com Linkabit, Inc. Signal encryption and distribution system for controlling scrambling and selective remote descrambling of television signals
JPS6120442A (ja) * 1984-07-09 1986-01-29 Toshiba Corp 有料放送方式
US5075845A (en) * 1989-12-22 1991-12-24 Intel Corporation Type management and control in an object oriented memory protection mechanism
JP3023160B2 (ja) * 1990-10-11 2000-03-21 日本放送協会 放送受信制御方式
JPH0774744A (ja) * 1993-08-31 1995-03-17 Univ Waseda 情報提供方式
JP3394569B2 (ja) * 1993-09-07 2003-04-07 松下電器産業株式会社 秘密データ配送装置
JPH08125651A (ja) * 1994-10-28 1996-05-17 Hitachi Ltd 信号処理装置
US5758257A (en) * 1994-11-29 1998-05-26 Herz; Frederick System and method for scheduling broadcast of and access to video programs and other data using customer profiles
US5485577A (en) * 1994-12-16 1996-01-16 General Instrument Corporation Of Delaware Method and apparatus for incremental delivery of access rights
US6005938A (en) * 1996-12-16 1999-12-21 Scientific-Atlanta, Inc. Preventing replay attacks on digital information distributed by network service providers
JPH0934841A (ja) * 1995-07-21 1997-02-07 Fujitsu Ltd 記憶媒体のオンライン暗号解除システムおよび方法
JPH0993558A (ja) * 1995-09-28 1997-04-04 Toshiba Corp 複数スクランブル方式放送システム及びデコーダ
JPH103256A (ja) * 1995-10-16 1998-01-06 Sony Corp 暗号化方法、暗号化装置、記録方法、復号化方法、復号化装置及び記録媒体
EP0800745B1 (de) * 1995-10-31 2003-09-17 Koninklijke Philips Electronics N.V. Zeitverschobener bedingter zugang
JPH1041933A (ja) * 1996-07-22 1998-02-13 Fuji Xerox Co Ltd 復号装置
JPH10191302A (ja) * 1996-12-27 1998-07-21 Matsushita Electric Ind Co Ltd デジタル衛星放送受信装置
JP3659791B2 (ja) * 1998-03-23 2005-06-15 インターナショナル・ビジネス・マシーンズ・コーポレーション 小時間鍵生成の方法及びシステム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0817485A1 (de) * 1996-06-28 1998-01-07 THOMSON multimedia System mit bedingtem Zugang und dazugehöriger Karte
EP0858184A2 (de) * 1997-02-07 1998-08-12 Nds Limited System zum Schutz von digitalen Aufzeichnungen
WO1998043428A1 (en) * 1997-03-21 1998-10-01 Canal+ Societe Anonyme Method and apparatus for preventing fraudulent access in a conditional access system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"FUNCTIONAL MODEL OF A CONDITIONAL ACCESS SYSTEM", EBU REVIEW- TECHNICAL, EUROPEAN BROADCASTING UNION. BRUSSELS, BE, no. 266, 21 December 1995 (1995-12-21), pages 64 - 77, XP000559450, ISSN: 0251-0936 *
See also references of WO0031956A2 *

Also Published As

Publication number Publication date
JP2010257475A (ja) 2010-11-11
AU1811600A (en) 2000-06-13
JP2002531013A (ja) 2002-09-17
JP5457280B2 (ja) 2014-04-02
EP1133866A2 (de) 2001-09-19
WO2000031956A3 (en) 2000-10-19
WO2000031956A2 (en) 2000-06-02

Similar Documents

Publication Publication Date Title
US6363149B1 (en) Method and apparatus for accessing stored digital programs
US7702589B2 (en) Method for simulcrypting scrambled data to a plurality of conditional access devices
US9467658B2 (en) Method and apparatus for protecting the transfer of data
JP5577416B2 (ja) データ転送保護方法及び装置
US7567939B2 (en) Method and apparatus for implementing revocation in broadcast networks
CA2577327C (en) Retrieval and transfer of encrypted hard drive content from dvr set-top boxes
CA2366301C (en) A global copy protection system for digital home networks
JP5457280B2 (ja) 記録されたデジタルプログラムにアクセスするための方法及び装置
US7010685B1 (en) Method and apparatus for storing scrambled digital programs by filtering product identifier
US20030206631A1 (en) Method and apparatus for scrambling program data for furture viewing

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20010525

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

RIC1 Information provided on ipc code assigned before grant

Ipc: H04N 7/167 20060101AFI20061214BHEP

A4 Supplementary search report drawn up and despatched

Effective date: 20090210

17Q First examination report despatched

Effective date: 20091229

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 9/00 20060101AFI20120316BHEP

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20170627