EP1133866A4 - Verfahren und gerät zum zugriff auf gespeicherte programme - Google Patents
Verfahren und gerät zum zugriff auf gespeicherte programmeInfo
- Publication number
- EP1133866A4 EP1133866A4 EP99961566A EP99961566A EP1133866A4 EP 1133866 A4 EP1133866 A4 EP 1133866A4 EP 99961566 A EP99961566 A EP 99961566A EP 99961566 A EP99961566 A EP 99961566A EP 1133866 A4 EP1133866 A4 EP 1133866A4
- Authority
- EP
- European Patent Office
- Prior art keywords
- scrambled data
- key
- entitlement
- keys
- time period
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 230000006870 function Effects 0.000 claims description 32
- 238000012545 processing Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 abstract description 11
- 230000002441 reversible effect Effects 0.000 abstract 1
- 230000005540 biological transmission Effects 0.000 description 28
- 238000007726 management method Methods 0.000 description 23
- 238000010586 diagram Methods 0.000 description 10
- 238000013475 authorization Methods 0.000 description 8
- 230000008859 change Effects 0.000 description 5
- 230000033001 locomotion Effects 0.000 description 4
- 238000004549 pulsed laser deposition Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000002716 delivery method Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 230000015556 catabolic process Effects 0.000 description 2
- 238000006731 degradation reaction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000003466 anti-cipated effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 239000002360 explosive Substances 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000010363 phase shift Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4408—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
Definitions
- the present invention relates to program viewing units such as set top boxes used in entertainment systems. More specifically, the present invention relates to a method and apparatus for scrambling program data such that the program data may be de-scrambled for viewing at a future time without experiencing the problems associated with key expiration.
- Analog communication systems are rapidly giving way to their digital counterparts.
- Digital television is currently scheduled to be available nationally to all consumers by the year 2002 and completely in place by the year 2006.
- High- definition television (HDTV) broadcasts have already begun in most major cities on a limited basis.
- the explosive growth of the Internet and the World Wide Web have resulted in a correlative growth in the increase of downloadable audiovisual files, such as MP3-formatted audio files, as well as other content.
- Digital versatile disk (DVD) recorders Digital VHS video cassette recorders (D-VHS VCR), CD-ROM recorders (e.g., CD-R and CD-RW), MP3 recording devices, and hard disk-based recording units are but merely representative of the digital recording devices that are capable of producing high quality recordings and copies thereof, without the generational degradation (i.e., increased degradation between successive copies) known in the analog counterparts.
- the combination of movement towards digital communication systems and digital recording devices poses a concern to content providers such as the motion picture and music industries, who desire to prevent the unauthorized and uncontrolled copying of copyrighted, or otherwise protected, material.
- the DTDG Digital Transmission Copy Protection (DTCP) proposal is targeted for protecting copy-protected digital content, which is transferred between digital devices connected via a digital transmission medium such as an LEEE 1394 serial bus.
- DTCP Digital Transmission Copy Protection
- Device-based the proposal uses symmetric key cryptographic techniques to encode components of a compliant device. This allows for the authentication of any digital device prior to the transmission of the digital content in order to determine whether the device is compliant.
- the digital content is itself encoded prior to transmission so that unauthorized copying of the content will result in copy having an unintelligible format.
- the DHSG has determined three primary cases of detection and control that such a technology should accomplish: playback, record and generational copy control.
- CA conditional access
- a common key delivery method involves scrambling the content in program data with keys and control words.
- the content in the program data may be scrambled using control words that may change periodically over time during the broadcast.
- the control words are delivered into entitlement control messages in the program data and scrambled using a key injected in the entitlement management messages in the program data.
- the key In order to de-scramble the content, the key must be derived and used to de-scramble the control words. The control words are then applied to de-scramble the content.
- Viewers may be allowed to record program data with content in a scrambled format and have the content de-scrambled and displayed at a later time.
- Program viewing units such as set top boxes may be designed to regulate the de-scrambling of the recorded content in the program data such that a record of the de-scrambling may be made and reported to the service providers. This allows the service providers to monitor the usage of program data by viewers and to bill the viewers.
- Program viewing units may be configured with key management functions that support special revenue features such as pay per-view, pay-per play, pay-per-time, and other features.
- a drawback of the current key delivery methods is that the service providers change the keys used to scramble control words periodically.
- a program viewing unit may only de-scramble content in the program data if the current key provided by the service provider is the same as they key used to scramble control words in the recorded program data. De-scrambling of content may not be achieved by the program viewing unit after the key used to scramble the control words in the recorded program data expire.
- the present invention provides a method for deriving past keys by using a one way function to relate an ordered sequence of keys to each other.
- the present invention provides a method for providing future access keys by creating a plurality of entitlement control messages, each entitlement control message including an access key for a given time period.
- the present invention provides a method for providing future access keys by creating an entitlement control message having a plurality of access keys corresponding to a plurality of time periods.
- the present invention provides a method for tracking an entitlement history by creating an entitlement management message having an entitlement time history field that includes information about whether a user has entitlement to view content recorded during a past time period.
- the present invention provides a method for authorizing access to stored digital programs by determining whether a program is old, determining whether a user is authorized to view the old program. If the user is not authorized, the user is asked whether the user wants to access old programs, and if the user wants to access old programs, displaying a plurality of payment options to the user.
- FIG. 1 is a block diagram of an entertainment system according to an embodiment of the present invention.
- Figure 2 is a block diagram of a program viewing unit according to an embodiment of the present invention
- Figure 3 is a block diagram of a conditional access unit according to an embodiment of the present invention
- Figure 4 is a diagram showing one embodiment of the storage requirements for keys.
- Figures 5A and 5B show embodiments of methods of using a current key to derive past keys.
- Figure 6A shows an embodiment of an entitlement control message.
- Figures 6B, 6C, 6D and 6E show embodiments of entitlement control messages that include future keys.
- Figures 7A and 7B show embodiments of creating entitlement control messages that include future keys.
- Figures 8A, 8B, and 8C show embodiments of entitlement management messages that include entitlement history.
- Figures 9A, 9B, 9C and 9D show embodiments of the present invention for authorizing access to stored digital programs.
- Figure 10 shows an embodiment of a method to determine if a user is entitled to view a program that was delivered during a previous time period.
- Figure 11 shows an embodiment of a method for allowing a user to obtain authorization to view program content from a previous time period.
- FIG. 1 is a block diagram of an entertainment system 100 including one embodiment of the copy management system of the present invention.
- the entertainment system 100 includes a digital device 110 for receiving a digital bitstream including program data from one or more service providers.
- service or content providers can include terrestrial broadcasters, cable operators, direct broadcast satellite (DBS) companies, companies providing content for download via the Internet, or any similar such content and/or service provider.
- the program data may include system information, entitlement control messages, entitlement management messages, content, and other data, each of which will be described briefly.
- System information may include information on program names, time of broadcast, source, and a method of retrieval and decoding, and well as copy management commands that provide digital receivers and other devices with information that will control how and when program data may be replayed, retransmitted and/or recorded.
- Copy management commands may also be transmitted along with entitlement control messages (ECM), which are generally used by the conditional access unit to regulate access to a particular channel or service.
- ECM entitlement control messages
- EMM Entitlement management messages
- a decryption key is generally a code that is required to restore scrambled data, and may be a function of the rights granted.
- content in the program data stream may include audio and video data, which may be in a scrambled or clear format.
- the digital device 110 includes a digital receiver 111, which processes the incoming bitstream, extracts the program data therefrom, and provides the program data in a viewable format. The thus extracted program data is then provided to a decoding unit 112 for further processing, including separation of the system information from the content, as well as decoding, or decompressing, of the content to its original form.
- the digital receiver 111 also regulates access to the program data by other components on the entertainment system 100, and according to one embodiment of the present invention, supports the simultaneous transmission of program data having content in a de-scrambled format (hereinafter referred to as "de- scrambled content”) and program data having content in a scrambled format (hereinafter referred to as "scrambled content").
- the digital device 110 is a digital television set where the digital receiver 111 is a set-top box integrated therein, and the decoding unit 112 is an MPEG (Motion Picture Experts Group) decoder.
- the digital television set's display (not shown) is, according to this embodiment, integrated within the digital device 110.
- the digital device 110 may include only the digital receiver 111 and/or the decoder unit 112, with a display being external to the decoding device 110.
- An example of this embodiment would be an integrated receiver/decoder (LRD) such as a stand-alone set-top box which outputs NTSC, PAL or Y p B p R signals. All such embodiments are included within the scope of the present invention.
- Digital device 110 may be coupled to other components in the entertainment system 100 via a transmission medium 120.
- the transmission medium 120 operates to transmit control information and data including program data between the digital device 110 and other components in the entertainment system 100. It will be appreciated that the entertainment system 100 of Figure 1 is merely an exemplary embodiment, and that other analog and/or digital components may be added or substituted for the components briefly described hereinafter.
- the entertainment system 100 may include an audio system 130 coupled to the transmission medium 120.
- the audio system 130 may include speakers and an audio player/recorder such as a compact disc player, a Sony MiniDisc ® player, or other magneto-optical disc that may be used to play and/or record audio data.
- a digital VCR 140 such as a D-VHS VCR, may also be coupled to the digital device 110 and other components of the entertainment system 100 through the transmission medium 120.
- the digital VCR 140 may be used to record analog or digital audio, video, and other data transmissions, and according to an embodiment of the present invention, may be used to record program data received by the digital device 110 and transmitted to the digital VCR over transmission medium 120.
- a hard disk recording unit 150 may also be coupled to digital device 110 and other components via transmission medium 120.
- the hard disk recording unit 150 may be a personal computer system, a stand-alone hard disk recording unit, or other hard disk recording device capable of recording analog or digital audio, video and data transmissions.
- the hard disk recording unit 150 may be used to record program data received by the digital device 110 and transmitted to the hard disk recording unit 150 over transmission medium 120.
- Display 160 may include a high definition television display, a monitor or other device capable of processing digital video signals.
- display 160 may be a digital television set.
- control unit 170 may be coupled to the transmission medium 120.
- the control unit 170 may be used to coordinate and control the operation of some or each of the components on the entertainment system 100, as well and other electronic devices remotely coupled thereto.
- FIG. 2 is a block diagram of one embodiment of the digital receiver 111 including the copy management system according to the present invention.
- the digital receiver 111 includes a central processing unit (CPU) 210, which controls the overall operation of the digital receiver 111, and determines the frequency in which a selected channel is broadcast or otherwise transmitted. This information is then transmitted to a tuner 220, which then selects the appropriate frequency of the terrestrial, cable, satellite, or Internet transmission in which to receive the incoming digital bitstream, including program data.
- the CPU 210 may also support a graphical user interface (GUI), such as an electronic programming guide (EPG), the latter allowing a user to navigate through various channels and program options to select a desired channel or program for viewing, listening, recording and the like.
- GUI may be displayed on either a display (not shown) of digital device 110 (e.g., where digital device 110 is a digital television set), or on display 160 (e.g., where digital device 110 is a stand-alone set-top box).
- EPG electronic programming guide
- the tuner 220 Once the tuner 220 has selected the appropriate frequency, it amplifies the incoming digital bitstream, and provides the output bitstream to a demodulator unit 230.
- the demodulator unit 230 receives the bitstream from the tuner 220 and demodulates the bitstream to provide program data as originally transmitted.
- the type of demodulation effected by the demodulator unit 230 will of course depend on the type of transmission as well as the modulation process used in the transmission process. For example, in the case of cable transmissions and Internet transmissions received over cable modems, the demodulator unit 230 may perform quadrature amplitude demodulation (QAD), while for satellite broadcasts, quadrature phase shift key (QPSK) demodulation will likely be required.
- QAD quadrature amplitude demodulation
- QPSK quadrature phase shift key
- demodulator unit 230 may also perform error correction on the received bitstream.
- the thus demodulated bitstream is now preferably provided to a conditional access unit 240. (That portion of the demodulated bitstream that is not encrypted may bypass the conditional access unit 240 and be provided directly to the demultiplexer 250 as shown by the dashed lines in Figure 2. This might also be the case where none of the bitstream needs decrypting, and/or where there is no conditional access module).
- the conditional access unit 240 generally performs key management and decryption, as well as de-scrambling functions as follows.
- the CPU 210 may transmit packet identifier (PLD) information to the conditional access unit 240, such PLD information informing the conditional access unit 240 where in the program data the ECM may be found.
- PLD packet identifier
- the CPU 210 may instead receive the ECM and deliver it to the conditional access unit 240.
- the conditional access unit 240 may have demultiplexing capabilities allowing it to directly obtain the location of the ECM from the bitstream itself.
- the ECMs regulate a user's access to a particular channel or service, and determines the access rights that are needed to be held by a receiver 111 in order to grant access.
- the ECMs may also be used to deliver a decrypting or de-scrambling key or to deliver information (e.g., an algorithm) as to how to derive a key that may be used to de-scramble scrambled content.
- the conditional access unit 240 may de-scramble the content contained in the program data.
- the conditional access unit may provide the key to the demultiplexer 250 which will perform the de-scrambling.
- conditional access unit 240 is shown as an integral, or embedded, in that both the de-scrambling and decrypting functions are effected internally in receiver 111, the conditional access unit may also split or external.
- An external conditional access unit de-scrambles the program data content and decrypts the keys externally; e.g., as is the case with the National Renewable Security System (NRSS) conditional access modules.
- NRSS National Renewable Security System
- a split conditional access unit the program data content is de-scrambled within the digital receiver 111, while the key decryption is completed externally, e.g., via a "smart card.” All of these systems are intended to be within the spirit and scope of the present invention.
- the conditional access unit 240 de-scrambles the program data content
- the program data is input to demultiplexer unit 250, which separates the system information from the content in the program data.
- the demultiplexer unit 250 parses the program data for PLDs that are associated with system information, audio information, and video information, and then transmits the system information to the CPU 210 and the audio and video information to the decoder unit 112.
- a digital interface unit 260 is coupled to the conditional access unit 240. Operation of this unit, which allows the receiver 111 to communicate with other digital components in the entertainment system 100, will be discussed at a later point.
- the CPU 210, tuner 220, demodulator unit 230, conditional access unit 240, demultiplexer unit 250, and digital interface unit 260 may be implemented using any known technique or circuitry.
- the CPU 210, tuner 220, demodulator unit 230, demultiplexer unit 250, and digital interface unit 260 all reside in a single housing, while the conditional access unit 240 resides in an external NRSS conditional access module (as discussed above).
- the conditional access unit can take the form factor of either a Personal Computer Memory Card International Association (PCMCIA) or smart card.
- PCMCIA Personal Computer Memory Card International Association
- FIG. 3 shows a block diagram of one embodiment of the conditional access unit 240 of the copy management system of the present invention.
- the conditional access unit 240 includes a processor unit 330, which receives the demodulated program data from the demodulator unit 230 and obtains PLD information identifying where ECMs may be found in the program data. Again, this packet identifier information may be provided by the CPU 210 or obtained directly from the bitstream by the conditional access unit 240 itself. It is also possible for the CPU 210 to deliver ECMs to the conditional access unit 240.
- the processor unit 330 processes the ECMs and derives a key for de-scrambling the content.
- the processor unit 330 then outputs program data and the key to a de-scrambler unit 340 over line, pin or set of pins 335 (hereinafter, "line 335").
- the de-scrambler unit 340 receives the key and the program data off line 335 and processes the program data, including de- scrambling or decrypting the program data content with the key.
- the de-scrambler unit 340 then transmits the program data with the now clear content over line, pin or set of pins 346 (hereinafter, "line 346") to the demultiplexer unit 250 ( Figure 2), and then to the decoding unit 112, and finally for display and viewing by a user.
- line 346 line, pin or set of pins 346
- the de-scrambler unit 340 also transmits the program data with the now clear content over line, pin or set of pins 345 (hereinafter, "line 345") to a re-scrambler unit 350.
- the re-scrambler unit 350 receives the program data and processes the data, including re-scrambling the clear content.
- Re-scrambling can use a similar algorithm as used in the de-scrambling process. For example, if DES could be used for both the de-scrambling and re-scrambling processes.
- processor unit 330 the de-scrambler unit 340, and the re-scrambler unit 350 are shown as separate elements in Figure 3, these elements may be integrated in one device, or may be implemented using any known circuitry or technique).
- the re-scrambler unit 350 may re-scramble the content in any one of several ways. For example, in one embodiment of the copy management system of the present invention, it may re-scramble the content using the ECMs originally transmitted in the received bitstream and received in receiver 111. Alternatively, separate re-scrambling keys may be transmitted in the original bitstream in separate ECMs and extracted by the re-scrambler unit 350 from the program data received from the de-scrambler unit 340.
- the re-scrambler unit 350 may have encrypting or encoding capabilities, allowing it to re-scramble the content using a local key which may be unique to receiver 111.
- a key would not be delivered using an ECM, but could be delivered to the re-scrambler unit 350 using an EMM.
- the key could be a non-changeable key which has been created at the time of manufacture of the re-scrambler unit.
- control words may be used in addition to keys.
- the control words are first scrambled using a key, and then are inserted into the bitstream program data prior to transmission.
- the control access unit 240 in order to de-scramble the content in the program data, the control access unit 240 must first derive the key (using any of the aforementioned methods) and then use the derived key to de-scramble the control words. The de-scrambled control words are then applied to de-scramble the content.
- the re-scrambler unit 350 may scramble the content using one of several methods.
- the re-scrambler unit 350 may use the originally transmitted control words and key to re-scramble the control words.
- the re-scrambler unit 350 may use local control words and keys that are unique to the receiver 111. It will be appreciated to those skilled in the art that any one of the aforementioned methods of scrambling and de-scrambling may be used alone or in combination, and these and other similar methods are intended to be within the scope and spirit of the present invention.
- the program data including the re-scrambled content is transmitted over line, pin or set of pins 355 (hereinafter, "line 355").
- the re-scrambled program data is output over digital interface unit 260, as shown in Figure 2.
- the digital interface unit 260 encodes this program data with copy management commands that indicate that the program data is "copy free.”
- the digital interface unit 260 interfaces with the components on the transmission medium 120 (shown in Figure 1) to determine which components are authorized to decode the encoded program data, and then transmits a key to the authorized components for decoding the encoded program data.
- the digital interface unit 260 initiates an authentication process that identifies devices that are authorized to decode encoded program data, and then encodes program data transmitted on the LEEE 1394 transmission medium using the DTDG's DTCP encoding scheme. It will be appreciated, however, that other encoding schemes may be implemented without detracting from the spirit and scope of the invention.
- the conditional access unit 240 allows the user to simultaneously view a program in the clear while recording the scrambled version. It will be appreciated that, under this embodiment, the content provider can control when and if the user can copy or even view the content again given that the re- scrambled stream which is output over line 345 must be de-scrambled with the appropriate keys and/or control words before viewing, and thus must be processed by the conditional access unit 240.
- the scrambled digital content may be recorded by a user in its scrambled format. There are several reasons for doing this. For example, permission to record the clear content of a program may not have been granted by the content provider even if it is marked with "copy never" attributes, but time shifting is desired. Alternatively, an entire digital transport stream is recorded containing a number of programs, only one of which may be descrambled and viewed at any one time. By playing back the scrambled content, unwatched portions of the stream may be accessed by descrambling and watching the unseen portion of the content.
- the information used to descramble the content is provided by a key.
- This key information may be encrypted.
- the key, along with the information needed to decrypt the key, are sent to the conditional access 240 in an entitlement management message, or in an entitlement control message. If either of these messages are modified, the key information will also be modified and rendered useless.
- the key information may change on a regular basis, for example, a monthly basis tied to a customer's billing cycle.
- Figure 5 A shows one embodiment of a method of deriving past keys in order to reduce the storage requirements for keys.
- the keys are related to one another by a one way function.
- a previous key is hash of current key. If the conditional access unit has possession of the current key, it can determine previous keys that correspond to previous time periods. However, keys corresponding to future time periods cannot be determined or derived from the current key, because the keys are related in only one way.
- the one way that the keys are related is from a current key to previous keys. In this way, by having the current key, a conditional access unit is able to hash and derive previous keys in order to descramble previously stored scrambled programming.
- all of the possible keys may be computed ahead of time. For example, if a key were to change once a month for ten years, the one way function would need to be invoked 120 times (12 times per year * 10 years). The key that would be used first is the very last key computed. A system may run the hashing algorithm a thousand times, which would provide more than enough keys for at least 80 years at the rate of one key used per month.
- FIG. 5B shows a flow diagram of one embodiment of the method for creating and using these keys.
- a last key is created.
- the last key and a one way function are used to create a next to last key, 510, so that the next to last key can be derived from the last key and the one way function, but the last key cannot be derived from the next to last key.
- This process is then repeated a plurality of times, to create a series of keys, 515.
- the previous keys in the series are related to subsequent keys by the one way function, such that a given key and the one way function can derive previous keys, but the given key and the one way function cannot derive subsequent keys.
- a time period is assigned to each key, beginning with the first key in the series and ending with the last key, such that each key may be used to descramble content during the time period assigned to the key, 520.
- the content of a program is scrambled and delivered to a user, 523.
- a key and the one way function are transmitted to a conditional access unit, 525.
- the key is used to gain access to the content which may be on a network or on a storage device, by using the key to descramble the content, 530.
- the key and the one way function are used to derive a previous key from a previous time period, 535.
- the previous key is used to descramble content from a previous time period, 540.
- hashing algorithms examples include the secure hash algorithm (SHA) and media digest 5 (MD5).
- SHA secure hash algorithm
- MD5 media digest 5
- DES digital encryption standard
- Figure 5C shows an example of a hashing function using DES.
- Figures 6B through 6E show embodiments for recording future access keys.
- Figure 6A shows a conventional entitlement control message.
- the key used to descramble the content is encrypted under the current group or service key 640, which is sent in the ECM 610.
- the scrambled content may be recorded. However, the key may expire after a period of time. If a customer tries to view the recorded scrambled content at a later time, the conditional access element may not be able to recover the content if the key has expired. This is how payment is enforced by the service provider.
- FIG. 6B shows one embodiment of entitlement control messages (ECMs) that contain fields encrypting future delivered group or service keys.
- ECMs entitlement control messages
- Each ECM 660 contains a key 680, 681, 682, 683 that corresponds to a given time period.
- time X is the current key epoch
- time X-l is the next epoch. If a customer were authorized to view an entire year of content, and if keys changed on a monthly epoch basis, then 12 different ECMs could be generated, included in the data stream, and recorded along with the content. Thus, a customer could record the content, and still have access to view the content for one year.
- FIG. 7A shows a flow diagram for one embodiment of creating the ECMs of Figure 6B.
- One or more keys are created, 710.
- a time period is assigned to each key, where the time period may be a past, present, or future time period, 720.
- a plurality of entitlement control messages are created so that each entitlement control message corresponds to a given time period, 730.
- For each key place the key assigned to a given time period in the ECM corresponding to the given time period, 740.
- the content of a program, together with the plurality of ECMs, are recorded, 750.
- the key from the ECM that corresponds to the given time period is used to descramble the content of a program, 760.
- FIGS 6C and 6D show another embodiment of an entitlement control message.
- one ECM 674 is created, and includes multiple keys corresponding to multiple time periods.
- each encrypted key 680, 681, 682, 683 may correspond to a monthly time period, for example.
- ECM 675 has key information encrypted under several keys.
- Key 684 is the current group or service key.
- Keys 685, 686 are time keys. They are not based on the same time epoch as the group or service key, but instead are used for retrieval of stored content after the most recent epoch or epochs have expired.
- a time key may be a vintage key.
- a vintage key may unlock all material from a particular group or service after a certain amount of time has elapsed, for example, two or three years. This reduces the number of fields of encrypted key information, therefore, ECMs could be made shorter to conserve bandwidth.
- Figure 6E shows another embodiment of the format of an entitlement control message 675.
- This relies on a simple coverage key 687 that either never changes unless there is a security problem or break, or changes extremely slowly, for example, on the order of years.
- the ECM access requirements 631 contain all the necessary information in order to recover the program.
- This format may rely on the ECM signature 650 to verify that none of the access conditions have been modified.
- This embodiment may benefit from public key cryptography, where the key used to decrypt or verify is not the key used to encrypt or sign messages.
- a conditional access element that has been compromised and thoroughly analyzed would not necessarily break the system for all conditional elements.
- the public key system would need to be broken as well.
- the simple coverage key might not be required, as the key field along with other data could be encrypted with the signature.
- Figure 7B shows a flow diagram of a method for creating one entitlement control message with a plurality of keys.
- a plurality of keys are created.
- One or more time periods are assigned to each key, where each time period may be a past, present or future time period, 770.
- the plurality of keys are placed in the entitlement control message, 780.
- the content of a program is recorded together with the entitlement control message, 785.
- the content of a program is scrambled.
- the scrambled content is transmitted, or delivered to a user, 790, along with the ECM, by delivering the content to a conditional access unit.
- the content is descrambled using the appropriate key for the given time period from the ECM, 797.
- the present invention may also track entitlements over time. For example, a new customer may be currently subscribed to a service, and is therefore entitled to view content delivered during the current billing period. However, the customer may not be authorized by the service to view content from previous periods. Therefore, if the service provider does not want a customer to have access to previously recorded content unless the customer pays for it, then the entitlement history of the customer has to be tracked. Information on whether a subscriber was authorized to view a service or package can be delivered in entitlement management messages, along with other entitlement information, as shown in figure 8 A. ECM 810 includes information about entitlements that the customer currently has, in field 830, as well as the customer's entitlement time history 840.
- Figure 8B shows one embodiment of an entitlement management message 850 that tracks a user's entitlement history in field 870.
- This entitlement time history may be delivered along with key and entitlement information.
- Each bit shown in the entitlement time history field 870 represents whether or not a customer was subscribed or authorized for a service for one or more discrete time periods.
- the first bit shown in Figure 8B may represent whether a customer has access to content recorded 24 months ago. If this bit is in a first state, which may be zero, for example, then the customer may not view content from this time period, even if the customer has the key information for this time period.
- the memory required to store the entitlement time history information can be reduced using this method. For example, two years worth of information, with each bit representing one month, would only require 24 bits or 3 bytes of storage along with the header 860.
- FIG. 8C shows an alternative embodiment of the entitlement management message 880.
- the entitlement time history information 872 has several fields, where each field may correspond to several time periods. For example, if the first bit 890 represents whether a customer has had access at any time during a five month period, the memory required to store the entitlement history information is reduced.
- Figure 10 shows one embodiment of a method for tracking the entitlement time history of a user.
- An entitlement is granted to a user for one or more time periods, so that the user is entitled to view the content of programs that are delivered during the one or more time periods, 1010. These entitlement time periods are recorded, 1020.
- An entitlement management message is created for the user, including an entitlement time history field, and the recorded entitlement time periods are placed in the field, 1030.
- a user may select a stored program that was delivered or transmitted during a previous time period, 1040. The time period of the stored program is compared with the entitlement time history in the entitlement management message and determines if the user is entitled to view a program that was delivered during the previous time period, 1050.
- FIGS 9A through 9D show embodiments for authorizing access to stored digital programs. Entitlements to view content recorded in the past may be granted to a customer. Thus, access to past content can be a service that is offered to a customer. For example, a server or recorder may record all programs that are broadcast during one day. Then, when a customer comes home from work, the customer can access the server to view the recorded content. A universal time counter will increment and identify the recorded program as "old" content. If it is old, then it is recorded on a medium such as a tape. A secondary conditional access element may then handle the stored content.
- a screen may be displayed to the user so that the user can authorize and pay to view the content, as shown in figures 9A through 9C.
- the user is notified that he or she is not authorized to view old content. The user may then receive authorization to view old content, by responding to a query, for example.
- the user may receive authorization by paying to view the program.
- the user may also receive authorization to view the program by subscribing to the time period when the program content was broadcast, or delivered, to customers.
- the customer may receive access to view a program by subscribing to one of several past time periods, all of which include the program that the customer wishes to view.
- Figure 9D shows one embodiment of displaying entitlement history to a customer.
- a grid 910 includes several time periods 920 and a list of services or content 930. The time periods may be in a row, for example, and the services may be in a column. Thus, whether a customer is authorized to view content that was broadcast or delivered during a given time period can be easily determined by viewing the grid. For example, if box 940 in grid 910 is in a first state, then the customer is not authorized to view content from the Disney channel that was delivered between July and December of 2000. If the customer desires to view content from this service that was delivered during this time period, then delivery of past entitlements can be sent to the customer to retrieve stored programs. Thus, the customer can pay to fill in the fields of figure 9D. This allows selective enablement of past stored programs.
- Figure 11 shows an embodiment of a method to obtain authorization to view content recorded or delivered during a previous time period. If a user is not authorized to view a program from a previous time period, a message is displayed to the user that indicates that the user is not authorized to view the program, 1110. A message is displayed to the user to determine if the user wants to receive authorization to view the program, 1120. If the user responds affirmatively, for example by inputting a response to the set top box using a computer input device, then a plurality of payment options are displayed to the user, 1130. The user then pays for the stored program from a previous time period by selecting one of the payment options, and authorization for the user to view the program is granted.
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Television Signal Processing For Recording (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP10173434.1A EP2247106B1 (de) | 1998-11-25 | 1999-11-03 | Verfahren und gerät zum zugriff auf gespeicherte programme |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11001798P | 1998-11-25 | 1998-11-25 | |
US110017P | 1998-11-25 | ||
US09/410,681 US6363149B1 (en) | 1999-10-01 | 1999-10-01 | Method and apparatus for accessing stored digital programs |
US410681 | 1999-10-01 | ||
PCT/US1999/025819 WO2000031956A2 (en) | 1998-11-25 | 1999-11-03 | A method and apparatus for accessing stored digital programs |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP10173434.1A Division EP2247106B1 (de) | 1998-11-25 | 1999-11-03 | Verfahren und gerät zum zugriff auf gespeicherte programme |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1133866A2 EP1133866A2 (de) | 2001-09-19 |
EP1133866A4 true EP1133866A4 (de) | 2009-03-11 |
Family
ID=26807624
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99961566A Ceased EP1133866A4 (de) | 1998-11-25 | 1999-11-03 | Verfahren und gerät zum zugriff auf gespeicherte programme |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1133866A4 (de) |
JP (2) | JP2002531013A (de) |
AU (1) | AU1811600A (de) |
WO (1) | WO2000031956A2 (de) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE60040724D1 (de) * | 2000-04-07 | 2008-12-18 | Irdeto Access Bv | Datenverschlüsselungs und -entschlüsselungssystem |
DE10044386A1 (de) * | 2000-09-08 | 2002-04-04 | Scm Microsystems Gmbh | Adaptergerät für DVB |
EP2824868A1 (de) | 2001-08-24 | 2015-01-14 | Thomson Licensing | Lokales digitales Netz, Verfahren zum Einbau neuer Vorrichtungen sowie Datenübertragungs- und Datenempfangsverfahren in einem solchen Netz |
CN1625740A (zh) * | 2002-07-23 | 2005-06-08 | 三星电子株式会社 | 元数据的索引结构、提供元数据索引的方法、以及使用元数据的索引的元数据搜索方法和装置 |
US7366302B2 (en) * | 2003-08-25 | 2008-04-29 | Sony Corporation | Apparatus and method for an iterative cryptographic block |
EP1676281B1 (de) * | 2003-10-14 | 2018-03-14 | Selander, Göran | Effiziente verwaltung von generationen kryptographischer schlüssel |
EP1705906A1 (de) * | 2005-03-04 | 2006-09-27 | Nagravision S.A. | Verfahren zur Verwaltung einer von einem Provider gesendete Programmtabelle |
IL178488A0 (en) | 2006-10-05 | 2008-01-20 | Nds Ltd | Improved key production system |
EP3619632B1 (de) * | 2017-05-04 | 2024-05-08 | Brickell Cryptology LLC | Gewährleistung von externer zugänglichkeit für vorrichtungen in einem netzwerk |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0817485A1 (de) * | 1996-06-28 | 1998-01-07 | THOMSON multimedia | System mit bedingtem Zugang und dazugehöriger Karte |
EP0858184A2 (de) * | 1997-02-07 | 1998-08-12 | Nds Limited | System zum Schutz von digitalen Aufzeichnungen |
WO1998043428A1 (en) * | 1997-03-21 | 1998-10-01 | Canal+ Societe Anonyme | Method and apparatus for preventing fraudulent access in a conditional access system |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4613901A (en) * | 1983-05-27 | 1986-09-23 | M/A-Com Linkabit, Inc. | Signal encryption and distribution system for controlling scrambling and selective remote descrambling of television signals |
JPS6120442A (ja) * | 1984-07-09 | 1986-01-29 | Toshiba Corp | 有料放送方式 |
US5075845A (en) * | 1989-12-22 | 1991-12-24 | Intel Corporation | Type management and control in an object oriented memory protection mechanism |
JP3023160B2 (ja) * | 1990-10-11 | 2000-03-21 | 日本放送協会 | 放送受信制御方式 |
JPH0774744A (ja) * | 1993-08-31 | 1995-03-17 | Univ Waseda | 情報提供方式 |
JP3394569B2 (ja) * | 1993-09-07 | 2003-04-07 | 松下電器産業株式会社 | 秘密データ配送装置 |
JPH08125651A (ja) * | 1994-10-28 | 1996-05-17 | Hitachi Ltd | 信号処理装置 |
US5758257A (en) * | 1994-11-29 | 1998-05-26 | Herz; Frederick | System and method for scheduling broadcast of and access to video programs and other data using customer profiles |
US5485577A (en) * | 1994-12-16 | 1996-01-16 | General Instrument Corporation Of Delaware | Method and apparatus for incremental delivery of access rights |
US6005938A (en) * | 1996-12-16 | 1999-12-21 | Scientific-Atlanta, Inc. | Preventing replay attacks on digital information distributed by network service providers |
JPH0934841A (ja) * | 1995-07-21 | 1997-02-07 | Fujitsu Ltd | 記憶媒体のオンライン暗号解除システムおよび方法 |
JPH0993558A (ja) * | 1995-09-28 | 1997-04-04 | Toshiba Corp | 複数スクランブル方式放送システム及びデコーダ |
JPH103256A (ja) * | 1995-10-16 | 1998-01-06 | Sony Corp | 暗号化方法、暗号化装置、記録方法、復号化方法、復号化装置及び記録媒体 |
EP0800745B1 (de) * | 1995-10-31 | 2003-09-17 | Koninklijke Philips Electronics N.V. | Zeitverschobener bedingter zugang |
JPH1041933A (ja) * | 1996-07-22 | 1998-02-13 | Fuji Xerox Co Ltd | 復号装置 |
JPH10191302A (ja) * | 1996-12-27 | 1998-07-21 | Matsushita Electric Ind Co Ltd | デジタル衛星放送受信装置 |
JP3659791B2 (ja) * | 1998-03-23 | 2005-06-15 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 小時間鍵生成の方法及びシステム |
-
1999
- 1999-11-03 EP EP99961566A patent/EP1133866A4/de not_active Ceased
- 1999-11-03 AU AU18116/00A patent/AU1811600A/en not_active Abandoned
- 1999-11-03 JP JP2000584672A patent/JP2002531013A/ja active Pending
- 1999-11-03 WO PCT/US1999/025819 patent/WO2000031956A2/en active Application Filing
-
2010
- 2010-06-14 JP JP2010134832A patent/JP5457280B2/ja not_active Expired - Lifetime
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0817485A1 (de) * | 1996-06-28 | 1998-01-07 | THOMSON multimedia | System mit bedingtem Zugang und dazugehöriger Karte |
EP0858184A2 (de) * | 1997-02-07 | 1998-08-12 | Nds Limited | System zum Schutz von digitalen Aufzeichnungen |
WO1998043428A1 (en) * | 1997-03-21 | 1998-10-01 | Canal+ Societe Anonyme | Method and apparatus for preventing fraudulent access in a conditional access system |
Non-Patent Citations (2)
Title |
---|
"FUNCTIONAL MODEL OF A CONDITIONAL ACCESS SYSTEM", EBU REVIEW- TECHNICAL, EUROPEAN BROADCASTING UNION. BRUSSELS, BE, no. 266, 21 December 1995 (1995-12-21), pages 64 - 77, XP000559450, ISSN: 0251-0936 * |
See also references of WO0031956A2 * |
Also Published As
Publication number | Publication date |
---|---|
JP2010257475A (ja) | 2010-11-11 |
AU1811600A (en) | 2000-06-13 |
JP2002531013A (ja) | 2002-09-17 |
JP5457280B2 (ja) | 2014-04-02 |
EP1133866A2 (de) | 2001-09-19 |
WO2000031956A3 (en) | 2000-10-19 |
WO2000031956A2 (en) | 2000-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6363149B1 (en) | Method and apparatus for accessing stored digital programs | |
US7702589B2 (en) | Method for simulcrypting scrambled data to a plurality of conditional access devices | |
US9467658B2 (en) | Method and apparatus for protecting the transfer of data | |
JP5577416B2 (ja) | データ転送保護方法及び装置 | |
US7567939B2 (en) | Method and apparatus for implementing revocation in broadcast networks | |
CA2577327C (en) | Retrieval and transfer of encrypted hard drive content from dvr set-top boxes | |
CA2366301C (en) | A global copy protection system for digital home networks | |
JP5457280B2 (ja) | 記録されたデジタルプログラムにアクセスするための方法及び装置 | |
US7010685B1 (en) | Method and apparatus for storing scrambled digital programs by filtering product identifier | |
US20030206631A1 (en) | Method and apparatus for scrambling program data for furture viewing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20010525 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04N 7/167 20060101AFI20061214BHEP |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20090210 |
|
17Q | First examination report despatched |
Effective date: 20091229 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/00 20060101AFI20120316BHEP |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20170627 |