EP1175781A1 - Method and apparatus for access control of pre-encrypted on-demand television services - Google Patents
Method and apparatus for access control of pre-encrypted on-demand television servicesInfo
- Publication number
- EP1175781A1 EP1175781A1 EP00922124A EP00922124A EP1175781A1 EP 1175781 A1 EP1175781 A1 EP 1175781A1 EP 00922124 A EP00922124 A EP 00922124A EP 00922124 A EP00922124 A EP 00922124A EP 1175781 A1 EP1175781 A1 EP 1175781A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- odb
- accordance
- content
- encrypted content
- user terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000013475 authorization Methods 0.000 claims description 50
- 230000006854 communication Effects 0.000 claims description 17
- 238000004891 communication Methods 0.000 claims description 17
- 238000012545 processing Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 3
- 230000003116 impacting effect Effects 0.000 description 3
- 238000012805 post-processing Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000007175 bidirectional communication Effects 0.000 description 2
- 238000009795 derivation Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012958 reprocessing Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
- H04N21/23473—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption by pre-encrypting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/47—End-user applications
- H04N21/472—End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
- H04N21/47202—End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/64—Addressing
- H04N21/6405—Multicasting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/165—Centralised control of user terminal ; Registering at central
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
- H04N7/17318—Direct or substantially direct transmission and handling of requests
Definitions
- the present invention relates to the communication of information services over a communication network, and more particularly to providing access control for signals containing audiovisual content and services, such as on-demand television programming.
- signals containing audiovisual content and services such as on-demand television programming.
- systems In order to render subscription programming services and the like commercially viable, systems must be provided for preventing non-paying individuals from obtaining the services.
- Such "access control" systems can take various forms, but generally include some type of modification (e.g., scrambling) or encryption of the signals that carry the services. Only authorized subscribers have access to the elements (e.g., cryptographic keys) necessary to satisfactorily receive the signals.
- Pre-encryption is inherently not as secure as real-time encryption.
- on-demand content security requirements are less stringent than those of broadcast content. For example, there is no a priori knowledge of when certain content will be requested in the on-demand case. In the broadcast case, the content is always being sent and the schedules are known ahead of time .
- MPAA Motion Picture Association of America
- Entitlement control should be upgradeable without impacting content providers or server vendors. Stronger solutions should be able to be incorporated gradually as the need dictates.
- the present invention can be adapted for use with different types of provider networks, e.g. satellite and Internet based networks.
- the present invention provides a system having these and other advantages.
- the invention disclosed herein extends existing encryption capability, such as that provided by the Digicipher II (DCII) system available from General Instrument Corporation of Horsham, Pennsylvania, USA, the assignee of the present invention, to handle pre-encrypted content that is requested on demand by a viewer or is sent to a group of viewers.
- DCII Digicipher II
- the method of the invention is also upgradeable to facilitate implementations of entitlement control algorithms that vary in sophistication as the need dictates.
- the method is extensible to enable encryption control that is independent of the transport protocol used. Such protocols include, for example, MPEG-2 and Internet Protocol (IP) .
- IP Internet Protocol
- a method and apparatus are provided for access control of pre-encrypted on-demand content.
- the content is pre-encrypted by an encryption device controlled by a pre-encryption controller.
- the pre-encrypted content is forwarded from the encryption device to a server.
- the server may be a main server or a local distribution server.
- the pre-encryption controller provides a first tag to the user terminal and a second tag to the server. Said first tag being associated with said second tag and said second tag acts as a reference to the pre- encrypted content and associated first tag, wherein said first and second tags are unique to the pre- encrypted content and are tracked by the pre- encryption controller.
- the pre-encrypted content is communicated from the server to a user terminal via a first communication path.
- An entitlement authorization associated with the encrypted content is communicated to a user terminal (e.g., a "client device" such as a set-top box) via a second communication path independent of said first communication path.
- Authorization to access the pre-encrypted content is determined based on said entitlement authorization and said first tag upon demand of said content by a user.
- the user terminal may be a set-top box, a digital television or a host with point-of- deployment (POD) capability, or a personal computer (PC) or the like that provides the functionality of a set-top box.
- the pre-encryption controller acts to set up the encryption device for pre-encrypting the content.
- the set up of the encryption device is outside the scope of this invention. For background purposes, it will suffice to state that the pre- encryption controller, through bi-directional communication with the encryption device, configures the encryption device with appropriate parametric values and commands to enable the encryption device appropriately to encrypt the content.
- the server is a main server (e.g., a head-end server) which communicates the pre-encrypted content and first tag to the user terminal via a local distribution server.
- the pre-encryption controller is in communication with a local distribution controller (e.g., a head-end controller in a cable television implementation) , which local distribution controller communicates the entitlement authorization to the user terminal.
- the first tag is an opaque data block (ODB) and the second tag is a unique reference handle (URH) .
- ODB opaque data block
- UURH unique reference handle
- the ODB and URH are both forwarded to both the local distribution controller and the server from the pre-encryption controller. In an alternate embodiment, only the URH is forwarded to the main server and the ODB is communicated from the local distribution controller to the local distribution server.
- the ODB or the URH may be stored as an attribute of the encrypted content.
- both the URH and the ODB are stored as an attribute of the encrypted content.
- the ODB may be processed at the local distribution controller to generate a second ODB, which second ODB is forwarded from the local distribution controller to the local distribution server.
- This processing at the local distribution controller may include algorithmically modifying the ODB.
- Such reprocessing of the ODB at the local distribution controller provides an added level of security since the post-processing ODBs are no longer the same across multiple local distribution controllers .
- the ODB itself may be coded in a manner that is not readily discernable by third parties.
- the ODB content may include an encryption key to be used for decryption or used to derive the key for decryption.
- the ODB may also include a hierarchy of encryption keys whose ultimate use is the derivation of the relevant key for decryption but with added levels of security. In this manner the ODB content is securable as deemed necessary without burdening the content providers or service vendors.
- the ODB itself may also be encrypted, using, for example, the recipient's public key.
- the pre-encrypted content may be broadcast, multicast, or singlecast such that only a user terminal with appropriate entitlement authorization will be able to decrypt the broadcast, multicast, or singlecast content.
- the pre-encrypted content may be accessed via the Internet.
- the entitlement authorization may comprise at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
- a client application (typically software residing in a user terminal such as a set-top box) then requests specific content from the server, such as a video on demand (VOD) movie or any other interactive content.
- the ODB is forwarded from a server application to the client application software that typically resides in a central processor (CPU) of the user terminal.
- the server starts sending the pre-encrypted content to the user terminal.
- the ODB is then forwarded from the client application via an application program interface in the CPU to a kernel located in the user terminal.
- the ODB is then processed in the user terminal in conjunction with the received entitlement authorization to determine whether to decrypt the received pre-encrypted content . Processing may be provided by a secure processor located in the user terminal or a software task included in the user terminal CPU.
- the pre- encrypted content is received by the user terminal and decrypted when authorization is granted. Upon authorization, the content will be processed for display.
- the pre-encrypted content may be received by the secure processor via a conventional receiver circuit.
- the pre-encrypted content may be received by the secure processor via direct memory access from device memory.
- Figure 1 is a block diagram of the functional components of the flexible pre-encryption architecture of the invention
- Figure 2 is a block diagram of another embodiment of the functional components of the flexible pre-encryption architecture of the invention.
- FIG. 3 is a block diagram of the relevant components of a user terminal in accordance with the invention.
- Figure 1 illustrates the main components of an on-demand content communication system in accordance with the present invention.
- a method and apparatus are provided for access control of pre-encrypted on-demand content.
- the video encoder and post encoding processors are not shown, since they are well known in the art.
- any type of post processing to be done on the content file/data stream is performed prior to encryption.
- a pre-encryption controller 10 sets up an encryption device 14 for encryption of the content 15.
- a server 12 forwards the content file/stream to the encryption device 14 for encryption of the content prior to distribution ("pre-encryption").
- the encryption device encrypts the content file and forwards the pre-encrypted content back to the main server 12.
- the pre-encryption controller 10 acts to set up the encryption device 14 for pre-encrypting the content.
- the set up of the encryption device 14 is outside the scope of this invention. For background purposes, it will suffice to state that the pre- encryption controller 10, through bi-directional communication with the encryption device 14, configures the encryption device 14 with appropriate parametric values and commands to enable the encryption device 14 appropriately to encrypt the content .
- the pre-encrypted content is forwarded from the encryption device 14 to a server 12.
- the server may be a main server or a local distribution server.
- the pre-encryption controller provides a first tag and a second tag to the server 12 via line 17.
- the first tag is also provided to a user terminal 20 via line 19 or 21 depending upon the particular implementation, the first tag being associated with said second tag.
- the second tag acts as a reference to the pre-encrypted content and associated first tag, wherein the first and second tags are unique to the pre-encrypted content and are tracked by the pre-encryption controller 10.
- the pre-encrypted content is communicated from the server 12 to a user terminal 20 (e.g., a "client device" such as a set- top box) via a first communication path 21.
- a user terminal 20 e.g., a "client device” such as a set- top box
- An entitlement authorization associated with the encrypted content is communicated to the user terminal 20 via a second communication path 19 independent of the first communication path.
- Authorization to access the pre-encrypted content is determined at the user terminal 20 based on said entitlement authorization and the first tag upon demand of the content by a user.
- Communication from the user terminal 20 back to the server 12 is provided on line 23.
- the user terminal 20 may be a set-top box, a digital television or a host with point-of- deployment (POD) capability, or a personal computer (PC) or the like that provides the functionality of a set-top box.
- POD point-of- deployment
- PC personal computer
- the server is a main server 12' (e.g., a head-end server) which communicates the pre-encrypted content and first tag to the user terminal 20 via lines 25 and 27 and a local distribution server 18.
- the main server 12' can distribute the encrypted content to various local distribution servers (at various service provider locations, e.g., head-ends).
- the pre-encryption controller 10 is in communication with a local distribution controller 16, which controls, e.g., a cable television system or the like in a well known manner (e.g., a head-end controller in a cable television implementation) .
- the local distribution controller 16 communicates the entitlement authorization to the user terminal 20 via line 29.
- the first tag is an opaque data block (ODB) and the second tag is a unique reference handle (URH) .
- the URH may be generated as a function of the ODB.
- the ODB and URH are both forwarded to both the local distribution controller 16 (via line 11) and the main server 12' (via line 13) from the pre-encryption controller 10.
- only the URH is forwarded to the main server 12' and the ODB is communicated from the local distribution controller 16 to the local distribution server 18 via line 22.
- Either the ODB or the URH may be stored as an attribute of the encrypted content.
- both the URH and the ODB may be stored as an attribute of the encrypted content.
- the ODB may be processed at the local distribution controller 16 to generate a modified, second ODB, which second ODB is forwarded from the local distribution controller 16 to the local distribution server 18.
- This processing at the local distribution controller 16 may include algorithmically modifying the ODB. This may be done as an offline process. Such reprocessing of the ODB at the local distribution controller 16 provides an added level of security since the post-processing ODBs are no longer the same across multiple local distribution controllers.
- the system manufacturer specifies the ODB content and, for security reasons, the ODB itself may be coded in a manner that is not readily discernable by third parties.
- the ODB content may include an encryption key to be used for decryption or used to derive the key for decryption.
- the ODB may also include a hierarchy of encryption keys whose ultimate use is the derivation of the relevant key for decryption but with added levels of security.
- the ODB itself may also be encrypted (with an additional level of implementation complexity) using, for example, the recipient's public key.
- the ODB may be made available in advance since it is associated with the event or content to be viewed or received.
- Encryption of the ODB using the user' s public key is extremely useful for the IP transport case where the system administrator has to the option to make known what events are available when, e.g. via an Electronic Programming Guide (EPG) .
- EPG Electronic Programming Guide
- the ODB content is securable as deemed necessary without burdening the content providers or service vendors.
- the entitlement control is upgradeable without impacting the content providers or service vendors .
- the pre-encrypted content may be broadcast, multicast, or singlecast such that only a user terminal 20 with appropriate entitlement authorization will be able to decrypt the broadcast, multicast, or singlecast content.
- the pre-encrypted content may be accessed via the Internet .
- the entitlement authorization may comprise at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
- Figure 3 depicts the processing that takes place at the user terminal 20.
- the client application 40 (typically residing in a user terminal 20 such as a set-top box) then requests specific content from the server (either the server 12 of Figure 1 or local distribution server 18 of Figure 2), such as a video on demand (VOD) movie or any other interactive content.
- the server then sends the ODB to the client application device 40.
- the server 18 starts sending the pre-encrypted content to the user terminal 20.
- the client application 40 (e.g. software) running in the user terminal processor (CPU) 36 receives the ODB from a server application in the server 12 or local distribution server 18, as described in connection with Figures 1 and 2, and forwards it via an application program interface (API) 42 to the user terminal processor kernel 44.
- the ODB may be made available ahead of time, before the actual broadcast or multicast event commences. In this case the ODB may be requested by and sent to the user by the local distribution controller (16) .
- the ODB is then processed in the user terminal 20 in conjunction with the received entitlement authorization (as described in connection with Figures 1 and 2) to determine whether to decrypt the received pre-encrypted content. Processing may be provided by a secure processor 32 located in the user terminal 20 or a software task included in the CPU 36.
- the pre- encrypted content is received by the user terminal 20 and decrypted when authorization is granted. Upon authorization, the content will be processed for display.
- the pre-encrypted content may be received by the secure processor 32 via a conventional receiver circuit (i.e. receiver output of Figure 3).
- the pre-encrypted content may be received by the secure processor 32 via direct memory access from device memory 30.
- the decrypted output from the secure processor 32 is written back to memory 30 for further use by the CPU 36, or is forwarded to a demultiplexer/decoder 34 for further processing in a conventional manner.
- the present invention provides an improved method and apparatus for the delivery and access of pre-encrypted on- demand television services.
- the present invention provides a content pre-encryption method and apparatus that enables entitlement control to be effectively implemented independent of the transport protocol, e.g., MPEG-2 or Internet Protocol (IP), and to some extent independent of transmission mode (i.e., singlecast (e.g., on- demand) , multicast, or broadcast) .
- the present invention provides encryption and access control capability that can be offered as a separate service to content providers, server vendors, cable system operators, and/or Internet service providers, or the like.
- the present invention enables entitlement authorization that can vary in sophistication as deemed necessary without burdening the content providers or service vendors.
- the entitlement control is upgradeable without impacting the content providers or service vendors.
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Human Computer Interaction (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
A method and apparatus for providing access control of pre-encrypted on-demand television content. Existing encryption capability for cable television services or the like is extended to handle pre-encrypted content from a server (12) that is requested on demand by a viewer at a user terminal (20). Alternatively, the pre-encrypted content (provided, e.g. by an encryption device (14) can be broadcast or multicast from the server (12) to a group of viewers. The invention is upgradeable to facilitate implementations of entitlement control algorithms that vary in sophistication as the need dictates. Additionally, the method is extensible to enable access control of pre-encrypted content that is independent of the transport protocol used. Such protocols include, for example, MPEG-2 and Internet Protocol (IP) which may also utilize Public Key Cryptography.
Description
METHOD AND APPARATUS FOR ACCESS CONTROL OF PRE-ENCRYPTED ON-DEMAND TELEVISION SERVICES
This application claims the benefit of U.S. provisional patent application no.60/132, 366 filed May 4, 1999.
BACKGROUND OF THE INVENTION
The present invention relates to the communication of information services over a communication network, and more particularly to providing access control for signals containing audiovisual content and services, such as on-demand television programming. In order to render subscription programming services and the like commercially viable, systems must be provided for preventing non-paying individuals from obtaining the services. Such "access control" systems can take various forms, but generally include some type of modification (e.g., scrambling) or encryption of the signals that carry the services. Only authorized subscribers have access to the elements (e.g., cryptographic keys) necessary to satisfactorily receive the signals.
Current techniques for decryption of signals such as on-demand services may be based on real time hardware based encryption solutions or based on pre- encryption methods. Some configurations allow for
cost effective real time encryption at the transport level but are not as effective at a service level. Such problems, together with the following additional factors, require a new solution that provides a reliable and cost-effective means for access control of on-demand services:
1. Current real-time encryption does not meet the cost model for on-demand services, in that it is expensive to implement. 2. In some configurations real time encryption requires too much real-estate at service provider sites (currently, for example, various video-on-demand (VOD) vendors are consolidating their servers and signal modulators (e.g., QAM modulators) in space efficient packaging which bypasses a realtime encryption stage) .
3. Pre-encryption is inherently not as secure as real-time encryption. At the same time, on-demand content security requirements are less stringent than those of broadcast content. For example, there is no a priori knowledge of when certain content will be requested in the on-demand case. In the broadcast case, the content is always being sent and the schedules are known ahead of time .
4. MPAA (Motion Picture Association of America) has issues with clear (i.e., unencrypted)
content, such as movies, and expects such content to be protected.
5. Entitlement control should be upgradeable without impacting content providers or server vendors. Stronger solutions should be able to be incorporated gradually as the need dictates.
6. Secure content delivery of MPEG-2 (Motion Picture Experts Group) using Internet Protocol (IP) for point to point on demand services or multicast services must be facilitated.
7. Transport independent entitlement control
(e.g., MPEG-2 or IP) must be provided.
It would be advantageous to provide a method and apparatus for access control of on-demand services that addresses the above-noted issues. In particular, it would be advantageous to provide a content pre-encryption method that enables entitlement control to be effectively implemented independent of the transport protocol, e.g., MPEG-2 or IP.
It would be still further advantageous to provide such a capability that can be offered as a separate service to content providers, server vendors, and cable system operators. The present invention can be adapted for use with different
types of provider networks, e.g. satellite and Internet based networks.
The present invention provides a system having these and other advantages. In particular, the invention disclosed herein extends existing encryption capability, such as that provided by the Digicipher II (DCII) system available from General Instrument Corporation of Horsham, Pennsylvania, USA, the assignee of the present invention, to handle pre-encrypted content that is requested on demand by a viewer or is sent to a group of viewers. The method of the invention is also upgradeable to facilitate implementations of entitlement control algorithms that vary in sophistication as the need dictates. Additionally, the method is extensible to enable encryption control that is independent of the transport protocol used. Such protocols include, for example, MPEG-2 and Internet Protocol (IP) .
SUMMARY OF THE INVENTION
In accordance with the present invention, a method and apparatus are provided for access control of pre-encrypted on-demand content. In a simplified embodiment, the content is pre-encrypted by an encryption device controlled by a pre-encryption controller. The pre-encrypted content is forwarded from the encryption device to a server. The server may be a main server or a local distribution server. The pre-encryption controller provides a first tag to the user terminal and a second tag to the server. Said first tag being associated with said second tag and said second tag acts as a reference to the pre- encrypted content and associated first tag, wherein said first and second tags are unique to the pre- encrypted content and are tracked by the pre- encryption controller. The pre-encrypted content is communicated from the server to a user terminal via a first communication path. An entitlement authorization associated with the encrypted content is communicated to a user terminal (e.g., a "client device" such as a set-top box) via a second communication path independent of said first communication path. Authorization to access the pre-encrypted content is determined based on said entitlement authorization and said first tag upon demand of said content by a user.
The user terminal may be a set-top box, a
digital television or a host with point-of- deployment (POD) capability, or a personal computer (PC) or the like that provides the functionality of a set-top box. The pre-encryption controller acts to set up the encryption device for pre-encrypting the content. The set up of the encryption device is outside the scope of this invention. For background purposes, it will suffice to state that the pre- encryption controller, through bi-directional communication with the encryption device, configures the encryption device with appropriate parametric values and commands to enable the encryption device appropriately to encrypt the content. In an alternate embodiment, the server is a main server (e.g., a head-end server) which communicates the pre-encrypted content and first tag to the user terminal via a local distribution server. The pre-encryption controller is in communication with a local distribution controller (e.g., a head-end controller in a cable television implementation) , which local distribution controller communicates the entitlement authorization to the user terminal. In a preferred embodiment, the first tag is an opaque data block (ODB) and the second tag is a unique reference handle (URH) . The URH may be generated as a function of the ODB.
In one embodiment, the ODB and URH are both
forwarded to both the local distribution controller and the server from the pre-encryption controller. In an alternate embodiment, only the URH is forwarded to the main server and the ODB is communicated from the local distribution controller to the local distribution server.
In one embodiment the ODB or the URH may be stored as an attribute of the encrypted content. Alternatively, both the URH and the ODB are stored as an attribute of the encrypted content. The ODB may be processed at the local distribution controller to generate a second ODB, which second ODB is forwarded from the local distribution controller to the local distribution server. This processing at the local distribution controller may include algorithmically modifying the ODB. Such reprocessing of the ODB at the local distribution controller provides an added level of security since the post-processing ODBs are no longer the same across multiple local distribution controllers .
The ODB itself may be coded in a manner that is not readily discernable by third parties. Alternatively, the ODB content may include an encryption key to be used for decryption or used to derive the key for decryption. The ODB may also include a hierarchy of encryption keys whose ultimate use is the derivation of the relevant key for decryption but with added levels of security. In
this manner the ODB content is securable as deemed necessary without burdening the content providers or service vendors. In the on-demand case, the ODB itself may also be encrypted, using, for example, the recipient's public key.
The pre-encrypted content may be broadcast, multicast, or singlecast such that only a user terminal with appropriate entitlement authorization will be able to decrypt the broadcast, multicast, or singlecast content. Alternatively, the pre-encrypted content may be accessed via the Internet.
The entitlement authorization may comprise at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
In a preferred embodiment, a client application (typically software residing in a user terminal such as a set-top box) then requests specific content from the server, such as a video on demand (VOD) movie or any other interactive content. The ODB is forwarded from a server application to the client application software that typically resides in a central processor (CPU) of the user terminal. After this set-up is completed, the server starts sending the pre-encrypted content to the user terminal. The ODB is then forwarded from the client application via an application program interface in the CPU to a kernel located in the user terminal. The ODB is then
processed in the user terminal in conjunction with the received entitlement authorization to determine whether to decrypt the received pre-encrypted content . Processing may be provided by a secure processor located in the user terminal or a software task included in the user terminal CPU. The pre- encrypted content is received by the user terminal and decrypted when authorization is granted. Upon authorization, the content will be processed for display.
The pre-encrypted content may be received by the secure processor via a conventional receiver circuit. Alternatively, the pre-encrypted content may be received by the secure processor via direct memory access from device memory.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram of the functional components of the flexible pre-encryption architecture of the invention; Figure 2 is a block diagram of another embodiment of the functional components of the flexible pre-encryption architecture of the invention; and
Figure 3 is a block diagram of the relevant components of a user terminal in accordance with the invention.
DETAILED DESCRIPTION OF THE INVENTION
Figure 1 illustrates the main components of an on-demand content communication system in accordance with the present invention. In particular, a method and apparatus are provided for access control of pre-encrypted on-demand content. The video encoder and post encoding processors are not shown, since they are well known in the art. As will be appreciated by those skilled in the art, any type of post processing to be done on the content file/data stream is performed prior to encryption.
Referring to Figure 1, a pre-encryption controller 10 sets up an encryption device 14 for encryption of the content 15. A server 12 forwards the content file/stream to the encryption device 14 for encryption of the content prior to distribution ("pre-encryption"). The encryption device encrypts the content file and forwards the pre-encrypted content back to the main server 12. The pre-encryption controller 10 acts to set up the encryption device 14 for pre-encrypting the content. The set up of the encryption device 14 is outside the scope of this invention. For background purposes, it will suffice to state that the pre- encryption controller 10, through bi-directional communication with the encryption device 14, configures the encryption device 14 with appropriate parametric values and commands to enable the
encryption device 14 appropriately to encrypt the content .
In one embodiment as shown in Figure 1, the pre-encrypted content is forwarded from the encryption device 14 to a server 12. The server may be a main server or a local distribution server. The pre-encryption controller provides a first tag and a second tag to the server 12 via line 17. The first tag is also provided to a user terminal 20 via line 19 or 21 depending upon the particular implementation, the first tag being associated with said second tag. The second tag acts as a reference to the pre-encrypted content and associated first tag, wherein the first and second tags are unique to the pre-encrypted content and are tracked by the pre-encryption controller 10. The pre-encrypted content is communicated from the server 12 to a user terminal 20 (e.g., a "client device" such as a set- top box) via a first communication path 21. An entitlement authorization associated with the encrypted content is communicated to the user terminal 20 via a second communication path 19 independent of the first communication path. Authorization to access the pre-encrypted content is determined at the user terminal 20 based on said entitlement authorization and the first tag upon demand of the content by a user. Communication from the user terminal 20 back to the server 12 is provided on line 23.
The user terminal 20 may be a set-top box, a digital television or a host with point-of- deployment (POD) capability, or a personal computer (PC) or the like that provides the functionality of a set-top box.
In an alternate embodiment shown in Figure 2, the server is a main server 12' (e.g., a head-end server) which communicates the pre-encrypted content and first tag to the user terminal 20 via lines 25 and 27 and a local distribution server 18. The main server 12' can distribute the encrypted content to various local distribution servers (at various service provider locations, e.g., head-ends). The pre-encryption controller 10 is in communication with a local distribution controller 16, which controls, e.g., a cable television system or the like in a well known manner (e.g., a head-end controller in a cable television implementation) . The local distribution controller 16 communicates the entitlement authorization to the user terminal 20 via line 29.
In a preferred embodiment, the first tag is an opaque data block (ODB) and the second tag is a unique reference handle (URH) . The URH may be generated as a function of the ODB.
In one embodiment, the ODB and URH are both forwarded to both the local distribution controller 16 (via line 11) and the main server 12' (via line 13) from the pre-encryption controller 10. In an
alternate embodiment, only the URH is forwarded to the main server 12' and the ODB is communicated from the local distribution controller 16 to the local distribution server 18 via line 22. Either the ODB or the URH may be stored as an attribute of the encrypted content. Alternatively, both the URH and the ODB may be stored as an attribute of the encrypted content.
The ODB may be processed at the local distribution controller 16 to generate a modified, second ODB, which second ODB is forwarded from the local distribution controller 16 to the local distribution server 18. This processing at the local distribution controller 16 may include algorithmically modifying the ODB. This may be done as an offline process. Such reprocessing of the ODB at the local distribution controller 16 provides an added level of security since the post-processing ODBs are no longer the same across multiple local distribution controllers.
The system manufacturer specifies the ODB content and, for security reasons, the ODB itself may be coded in a manner that is not readily discernable by third parties. Alternatively, the ODB content may include an encryption key to be used for decryption or used to derive the key for decryption. The ODB may also include a hierarchy of encryption keys whose ultimate use is the derivation of the relevant key for decryption but with added levels of
security. In the on-demand case, the ODB itself may also be encrypted (with an additional level of implementation complexity) using, for example, the recipient's public key. In the case of broadcast or multicast content, the ODB may be made available in advance since it is associated with the event or content to be viewed or received. Encryption of the ODB using the user' s public key is extremely useful for the IP transport case where the system administrator has to the option to make known what events are available when, e.g. via an Electronic Programming Guide (EPG) . In this manner the ODB content is securable as deemed necessary without burdening the content providers or service vendors. In addition, the entitlement control is upgradeable without impacting the content providers or service vendors .
The pre-encrypted content may be broadcast, multicast, or singlecast such that only a user terminal 20 with appropriate entitlement authorization will be able to decrypt the broadcast, multicast, or singlecast content. Alternatively, the pre-encrypted content may be accessed via the Internet . The entitlement authorization may comprise at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
Figure 3 depicts the processing that takes place at the user terminal 20. The client application 40 (typically residing in a user terminal 20 such as a set-top box) then requests specific content from the server (either the server 12 of Figure 1 or local distribution server 18 of Figure 2), such as a video on demand (VOD) movie or any other interactive content. The server then sends the ODB to the client application device 40. After this set-up is completed, the server 18 starts sending the pre-encrypted content to the user terminal 20.
The client application 40 (e.g. software) running in the user terminal processor (CPU) 36 receives the ODB from a server application in the server 12 or local distribution server 18, as described in connection with Figures 1 and 2, and forwards it via an application program interface (API) 42 to the user terminal processor kernel 44. In the broadcast and multicast modes, the ODB may be made available ahead of time, before the actual broadcast or multicast event commences. In this case the ODB may be requested by and sent to the user by the local distribution controller (16) . The ODB is then processed in the user terminal 20 in conjunction with the received entitlement authorization (as described in connection with Figures 1 and 2) to determine whether to decrypt the received pre-encrypted content.
Processing may be provided by a secure processor 32 located in the user terminal 20 or a software task included in the CPU 36. The pre- encrypted content is received by the user terminal 20 and decrypted when authorization is granted. Upon authorization, the content will be processed for display.
The pre-encrypted content may be received by the secure processor 32 via a conventional receiver circuit (i.e. receiver output of Figure 3).
Alternatively, the pre-encrypted content may be received by the secure processor 32 via direct memory access from device memory 30. The decrypted output from the secure processor 32 is written back to memory 30 for further use by the CPU 36, or is forwarded to a demultiplexer/decoder 34 for further processing in a conventional manner.
It should now be appreciated that the present invention provides an improved method and apparatus for the delivery and access of pre-encrypted on- demand television services. In particular, the present invention provides a content pre-encryption method and apparatus that enables entitlement control to be effectively implemented independent of the transport protocol, e.g., MPEG-2 or Internet Protocol (IP), and to some extent independent of transmission mode (i.e., singlecast (e.g., on- demand) , multicast, or broadcast) . Additionally, the present invention provides encryption and access
control capability that can be offered as a separate service to content providers, server vendors, cable system operators, and/or Internet service providers, or the like. The present invention enables entitlement authorization that can vary in sophistication as deemed necessary without burdening the content providers or service vendors. In addition, the entitlement control is upgradeable without impacting the content providers or service vendors.
Although the invention has been described in connection with certain preferred embodiments, it should be appreciated that numerous adaptations and modifications may be made thereto without departing from the scope of the invention as set forth in the claims .
Claims
1. A method of providing access control for pre-encrypted on-demand content, comprising the steps of: pre-encrypting the content; forwarding the pre-encrypted content to a server; providing a first tag to a user terminal, said first tag being associated with a second tag; said second tag acting as a reference to the pre-encrypted content and associated first tag, wherein said first and second tags are unique to the pre-encrypted content and are tracked by a pre- encryption controller; providing at least said second tag to said server; communicating the pre-encrypted content from said server to said user terminal via a first communication path; communicating an entitlement authorization associated with the pre-encrypted content to said user terminal via a second communication path independent of said first communication path; and determining whether said user terminal is authorized to access said pre-encrypted content based on said entitlement authorization and said first tag upon demand of said content by a user.
2. A method in accordance with claim 1, wherein; the server is a main server; the main server communicates the pre-encrypted content and first tag to the user terminal via a local distribution server; and the pre-encryption controller is in communication with a local distribution controller, which local distribution controller communicates the entitlement authorization to the user terminal.
3. A method in accordance with claim 2, wherein: the first tag is an opaque data block (ODB) ; and the second tag is a unique reference handle (URH) .
4. A method in accordance with claim 3, comprising the further step of forwarding the ODB and associated URH to the local distribution controller.
5. A method in accordance with claim 3, wherein only the URH is forwarded to the main server, further comprising the steps of: communicating the ODB from the local distribution controller to the local distribution server .
6. A method in accordance with claim 5, wherein the ODB is processed at the local distribution controller to generate a second ODB, which second ODB is forwarded from the local distribution controller to the local distribution server.
7. A method in accordance with claim 3, wherein; the pre-encrypted content is broadcast; the ODB is broadcast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the broadcast content .
8. A method in accordance with claim 3, wherein: the pre-encrypted content is multicast; the ODB is multicast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the multicast content.
9. A method in accordance with claim 3, wherein: the pre-encrypted content is singlecast; the ODB is singlecast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the singlecast content.
10. A method in accordance with claim 3, wherein the entitlement authorization comprises at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
11. A method in accordance with claim 3, further comprising the steps of: forwarding the ODB from a server application via an application program interface in the user terminal to a kernel located in the user terminal; processing the ODB in conjunction with the received entitlement authorization such that the processor determines whether to decrypt the received pre-encrypted content; receiving the pre-encrypted content; decrypting the pre-encrypted content when authorization is granted; and processing the decrypted content for display.
12. A method in accordance with claim 11, wherein the pre-encrypted content is received by the secure processor via a receiver circuit.
13. A method in accordance with claim 11, wherein the pre-encrypted content is received by the secure processor via direct memory access from device memory.
14. A method in accordance with claim 3, wherein the ODB is coded in a manner that is not readily discernable by third parties.
15. A method in accordance with claim 3, wherein the ODB content includes one of an encryption key or a hierarchy of encryption keys.
16. A method in accordance with claim 3, wherein the ODB itself is encrypted.
17. A method in accordance with claim 16, wherein the ODB is encrypted using the user' s public key.
18. A method in accordance with claim 3, wherein the user terminal is one of a set-top box, a digital television or a host with point-of- deployment capability, or a personal computer.
19. A method in accordance with claim 3, wherein one of the URH and the ODB is stored as an attribute of the pre-encrypted content.
20. A method in accordance with claim 3, wherein each of the URH and the ODB are stored as an attribute of the pre-encrypted content.
21. A method in accordance with claim 3, wherein the pre-encrypted content is accessed via the Internet.
22. An apparatus for providing access control for pre-encrypted on-demand content, comprising: an encryption device for encrypting the content; a server for receiving the pre-encrypted content from the encryption device; a pre-encryption controller for generating a first tag and an associated second tag, said second tag acting as a reference to the pre-encrypted content and associated first tag, wherein said first tag and second tag are unique to the pre-encrypted content and are tracked by the pre-encryption controller; a user terminal for receiving entitlement authorization associated with the pre-encrypted content; said first tag being communicated to a user terminal and said second tag being communicated to the server; wherein the user terminal determines whether it is authorized to access said pre-encrypted content based on said entitlement authorization and said first tag upon demand of said content by a user.
23. An apparatus in accordance with claim 22, wherein; the server is a main server; the main server communicates the pre-encrypted content and first tag to the user terminal via a local distribution server; and the pre-encryption controller is in communication with a local distribution controller, which local distribution controller communicates the entitlement authorization to the user terminal.
24. An apparatus in accordance with claim 23, wherein: the first tag is an opaque data block (ODB) ; and the second tag is a unique reference handle (URH) .
25. An apparatus in accordance with claim 24, wherein the local distribution controller receives the ODB and associated URH from the pre-encryption controller.
26. An apparatus in accordance with claim 24, wherein: the main server receives only the URH from the pre-encryption controller; and the local distribution controller communicates the ODB to the local distribution server.
27. An apparatus in accordance with claim 26, wherein the ODB is processed at the local distribution controller to generate a second ODB, which second ODB is forwarded from the local distribution controller to the local distribution server.
28. An apparatus in accordance with claim 24, wherein; the pre-encrypted content is broadcast; the ODB is broadcast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the broadcast content.
29. An apparatus in accordance with claim 24, wherein: the pre-encrypted content is multicast; the ODB is multicast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the multicast content.
30. An apparatus in accordance with claim 24, wherein: the pre-encrypted content is singlecast; the ODB is singlecast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the singlecast content.
31. An apparatus in accordance with claim 24, wherein the entitlement authorization comprises at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
32. An apparatus in accordance with claim 24, wherein the user terminal comprises: a client application using a program interface for forwarding the ODB from the local distribution server to a kernel said kernel receiving the ODB the application program interface and the entitlement authorization from the local distribution controller; and a secure processor for receiving the ODB and entitlement authorization from the kernel and receiving the pre-encrypted content from the local distribution server, wherein the processor processes the ODB in conjunction with entitlement authorization such that the processor determines whether to decrypt the received pre-encrypted content .
33. An apparatus in accordance with claim 32, wherein the secure processor receives the pre- encrypted content via a receiver circuit.
34. An apparatus in accordance with claim 32, wherein the secure processor receives the pre- encrypted content via direct memory access from device memory.
35. An apparatus in accordance with claim 24, wherein the ODB is coded in a manner that is not readily discernable by third parties.
36. An apparatus in accordance with claim 24, wherein the ODB content includes one of an encryption key or a hierarchy of encryption keys.
37. An apparatus in accordance with claim 24, wherein the ODB itself is encrypted.
38. An apparatus in accordance with claim 37, wherein the ODB is encrypted using the user' s public key.
39. An apparatus in accordance with claim 24, wherein the user terminal is one of a set-top box, a digital television or a host with point-of- deployment capability, or a personal computer.
40. An apparatus in accordance with claim 24, wherein one of the URH and the ODB is stored as an attribute of the pre-encrypted content.
41. An apparatus in accordance with claim 24, wherein each of the URH and the ODB are stored as an attribute of the pre-encrypted content.
42. An apparatus in accordance with claim 24, wherein the pre-encrypted content is accessed via the Internet.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13236699P | 1999-05-04 | 1999-05-04 | |
US132366P | 1999-05-04 | ||
PCT/US2000/009800 WO2000067483A1 (en) | 1999-05-04 | 2000-04-12 | Method and apparatus for access control of pre-encrypted on-demand television services |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1175781A1 true EP1175781A1 (en) | 2002-01-30 |
Family
ID=22453686
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP00922124A Withdrawn EP1175781A1 (en) | 1999-05-04 | 2000-04-12 | Method and apparatus for access control of pre-encrypted on-demand television services |
Country Status (6)
Country | Link |
---|---|
EP (1) | EP1175781A1 (en) |
AU (1) | AU4235900A (en) |
CA (1) | CA2372810A1 (en) |
MX (1) | MXPA01010808A (en) |
TW (1) | TW511377B (en) |
WO (1) | WO2000067483A1 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE60140125D1 (en) | 2000-08-11 | 2009-11-19 | Nds Ltd | INCORRECT CONTENTS |
US20020083438A1 (en) * | 2000-10-26 | 2002-06-27 | So Nicol Chung Pang | System for securely delivering encrypted content on demand with access contrl |
US7257227B2 (en) * | 2000-10-26 | 2007-08-14 | General Instrument Corporation | System for denying access to content generated by a compromised off line encryption device and for conveying cryptographic keys from multiple conditional access systems |
US7080397B2 (en) | 2000-10-26 | 2006-07-18 | General Instrument Corporation | Communication protocol for content on demand system with callback time |
US6978022B2 (en) * | 2000-10-26 | 2005-12-20 | General Instrument Corporation | System for securing encryption renewal system and for registration and remote activation of encryption device |
EP1388126B1 (en) | 2001-05-17 | 2013-03-27 | Nokia Corporation | Remotely granting access to a smart environment |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3746098B2 (en) * | 1996-02-28 | 2006-02-15 | 株式会社日立製作所 | Data encryption device |
CN1231061C (en) * | 1997-03-21 | 2005-12-07 | 卡纳尔股份有限公司 | Broadcast and reception system, and conditional access system therefor |
US6049539A (en) * | 1997-09-15 | 2000-04-11 | Worldgate Communications, Inc. | Access system and method for providing interactive access to an information source through a networked distribution system |
-
2000
- 2000-04-12 MX MXPA01010808A patent/MXPA01010808A/en unknown
- 2000-04-12 WO PCT/US2000/009800 patent/WO2000067483A1/en not_active Application Discontinuation
- 2000-04-12 AU AU42359/00A patent/AU4235900A/en not_active Abandoned
- 2000-04-12 CA CA002372810A patent/CA2372810A1/en not_active Abandoned
- 2000-04-12 EP EP00922124A patent/EP1175781A1/en not_active Withdrawn
- 2000-04-19 TW TW89107372A patent/TW511377B/en active
Non-Patent Citations (1)
Title |
---|
See references of WO0067483A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2000067483A1 (en) | 2000-11-09 |
CA2372810A1 (en) | 2000-11-09 |
MXPA01010808A (en) | 2002-05-14 |
TW511377B (en) | 2002-11-21 |
AU4235900A (en) | 2000-11-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7383561B2 (en) | Conditional access system | |
EP2465262B1 (en) | Digital rights management protection for content identified using a social tv service | |
US8312265B2 (en) | Encrypting received content | |
US8667304B2 (en) | Methods and apparatuses for secondary conditional access server | |
US6978022B2 (en) | System for securing encryption renewal system and for registration and remote activation of encryption device | |
US5627892A (en) | Data security scheme for point-to-point communication sessions | |
KR100917720B1 (en) | Method for secure distribution of digital data representing a multimedia content | |
US20040083177A1 (en) | Method and apparatus for pre-encrypting VOD material with a changing cryptographic key | |
US20060200412A1 (en) | System and method for DRM regional and timezone key management | |
US20060190403A1 (en) | Method and Apparatus for Content Protection and Copyright Management in Digital Video Distribution | |
US20060069645A1 (en) | Method and apparatus for providing secured content distribution | |
KR20050103516A (en) | Conditional access personal video recorder | |
EP1206877B1 (en) | System and method for securing on-demand delivery of pre-encrypted content using ecm suppression | |
WO2000067483A1 (en) | Method and apparatus for access control of pre-encrypted on-demand television services | |
WO2016189105A1 (en) | Management of broadcast encrypted digital multimedia data receivers | |
KR101980928B1 (en) | Method, cryptographic system and security module for descrambling content packets of a digital transport stream | |
US20080101614A1 (en) | Method and Apparatus for Providing Secured Content Distribution | |
Tunstall et al. | Inhibiting card sharing attacks | |
KR20020043564A (en) | System and method for securing on-demand delivery of pre-encrypted content using ecm suppression |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20011124 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
RBV | Designated contracting states (corrected) |
Designated state(s): DE ES FR GB IE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20060328 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230525 |