EP1247399A1 - Acces conditionnel a des systemes video sur demande et securite associee - Google Patents

Acces conditionnel a des systemes video sur demande et securite associee

Info

Publication number
EP1247399A1
EP1247399A1 EP01904852A EP01904852A EP1247399A1 EP 1247399 A1 EP1247399 A1 EP 1247399A1 EP 01904852 A EP01904852 A EP 01904852A EP 01904852 A EP01904852 A EP 01904852A EP 1247399 A1 EP1247399 A1 EP 1247399A1
Authority
EP
European Patent Office
Prior art keywords
video
key
subscriber station
services
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP01904852A
Other languages
German (de)
English (en)
Inventor
Michael C. Bertram
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sedna Patent Services LLC
Original Assignee
Diva Systems Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Diva Systems Corp filed Critical Diva Systems Corp
Publication of EP1247399A1 publication Critical patent/EP1247399A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/472End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
    • H04N21/47202End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17309Transmission or handling of upstream communications
    • H04N7/17336Handling of requests in head-ends
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17345Control of the passage of the selected programme
    • H04N7/17354Control of the passage of the selected programme in an intermediate station common to a plurality of user terminals

Definitions

  • This invention relates generally to the field of video distribution networks.
  • this invention relates to conditional access and security for video on-demand distribution networks.
  • Conditional access for digitally transmitted services satisfies at least two important goals. First, it protects the content from theft during transmission.. Second, it provides specific controls over which target devices may access and use the content.
  • Problematic attributes of video on-demand services for conditional access systems include: 1) that video on-demand services use a large number of data streams (on the order of thousands); 2) that video on-demand services target data streams to individual users; and 3) that video on-demand services are not pre-scheduled.
  • the current practice for conditional access for digital broadcast services can be applied to video on-demand services, the different attributes discussed above lead to problems.
  • the current practices for conditional access typically are not designed to accommodate the generation and distribution of encryption keys and authorizations for thousands of services.
  • the generation and distribution time for on-demand authorizations is not fast enough to support timely decryption of video on- demand services. Therefore, there is a need for conditional access systems and methods for video on- demand services that protects the content from theft and controls access of target devices to the content.
  • a method for providing conditional access to video services for a plurality of subscriber stations comprises the steps of: authorizing the plurality of subscriber stations to receive the video services; receiving a first order for a first video service from a first subscriber station; and transmitting tuning data to the first subscriber station so that the first subscriber station is able to receive the first video service.
  • the present invention is also directed to preventing theft of the content of transmissions with a method comprising the additional steps of: scrambling the first video service using a first key to generate a first scrambled video service; generating a de-scrambling message having scrambling data to allow de-scrambling of the first video service by the plurality of subscriber stations; transmitting the first scrambled video service to the plurality of subscriber stations; and transmitting the de-scrambling message to the plurality of subscriber stations.
  • the present invention also includes a system that provides secure transmission and complete access control for target devices. Such a system includes a distribution center, a video-on-demand system, a transmission network and a plurality of target devices or subscriber stations.
  • FIG. 1 is a schematic diagram of a conventional video broadcast distribution network.
  • Figure 2 is a flow chart of the prior art method for processing of the content at the distribution center and transmission to subscriber stations.
  • Figure 3 A is a flow chart of the prior art method for receiving and processing a transmission at an authorized subscriber station.
  • Figure 3B is a flow chart of the prior art method for receiving and processing a transmission at an unauthorized subscriber station.
  • Figure 4 A is a schematic diagram of a video-on-demand system utilizing the present invention.
  • Figure 4B is a block diagram of a subscriber station in the system of Figure 4A.
  • Figure 5 is a flow chart of a preferred embodiment of the method for processing of the content at the distribution center and transmission to subscriber stations.
  • Figure 6 A is a flow chart of a preferred embodiment of the method for receiving and processing a transmission at a subscriber station that has requested video-on-demand services.
  • Figure 6B is a flow chart of a preferred embodiment of the method for receiving and processing a transmission at an subscriber station that has not requested video-on-demand services.
  • Figure 6C is a flow chart of a method for receiving and processing a transmission at a non-subscriber station attempting to pirate video-on-demand services.
  • Figure 7 is a block diagram illustrating the transmission of data and keys with respect to time according to the prior art.
  • Figure 8 is a block diagram illustrating the transmission of data and keys with respect to time according to the present invention.
  • Figure 9 is a block diagram illustrating a hybrid/fiber coax network and the use of keys per channel and program according to the present invention.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Throughout this description various terms are used to describe the invention.
  • Scrambling comprises a method of protecting a data stream by transforming the value bits in the stream based on a given key.
  • scrambling has the same meaning as encrypting.
  • De-scrambling comprises a method of transforming data stream bits back to their original value based on the use of a key.
  • de-scrambling has the same meaning as decryption.
  • a conditional access (CA) system is a system that generates keys, de-scrambling messages, and authorization messages supporting the scrambling and de-scrambling of, e.g., MPEG encoded programs.
  • a descrambling message comprises a conditional access message containing de-scrambling information for a particular MPEG program.
  • the de-scrambling information may be the de- scrambling key or the information a Set Top Box (or boxes) needs to generate or derive the de-scrambling key.
  • An authorization message comprises a conditional access message authorizing a particular Set Top Box to use a de-scrambling key to de-scramble a particular MPEG program.
  • Figure 1 is a schematic diagram of a conventional video broadcast network 100.
  • the conventional video broadcast distribution network 100 typically includes one or more broadcast sources 102a, 102b, and 102c, one or more distribution centers 104, one or more secondary distribution networks 106, and a plurality of targets or subscriber stations 108a-i.
  • the broadcast sources 102a, 102b, and 102c provided video and audio content for various channels in the broadcast network 100.
  • the broadcast sources 102a, 102b, and 102c include what are referred to as premium channels such as HBO, Showtime, Cinemax, etc.
  • the sources 102a, 102b, and 102c may also be, for example, pay-per-view (PPV) channels.
  • PSV pay-per-view
  • the sources 102a, 102b, and 102c are typically coupled via a primary distribution network (show as connector lines) to the distribution center 104.
  • the distribution center 104 may be, for example, a cable head-end.
  • the distribution center 104 receives the content from the broadcast sources 102a, 102b, 102c, and associates the content with channels and transmits the content over predetermined channels in the secondary distribution network 106.
  • the distribution center 104 is coupled via a secondary distribution network 106 to the subscriber stations 108a-i.
  • the secondary distribution network 106 comprises for example, various amplifiers, bridges, taps, and drop cables.
  • the subscriber stations 108a-i may be, for example, set-top boxes and associated television equipment for viewing the video content by end users.
  • FIG. 2 illustrates the processing of the video and audio signals (content) done at the distribution center 104 before transmission.
  • the distribution center 104 sends or distributes authorization for pre-scheduled services to the individual subscriber stations 108 in step 202. Then at some later time, the distribution center 104 scrambles a pre-scheduled service in step 206 and at the same time generates a de-scrambling message in step 208.
  • the distribution center 104 sends the scrambled pre-scheduled service and the de-scrambling message over the network 106.
  • Figure 3 A shows the prior art method for receiving and processing a transmission at an authorized subscriber station 108a-i.
  • Figure 3B shows the prior art method for receiving and processing a transmission at an unauthorized subscriber.
  • step 302 Parallel in time to, or even before or after step 302, the user inputs signals to a corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled service in step 306. Then in step 308, the subscriber station 108 receives the scrambled data for pre-scheduled service and a de-scrambling message. Once steps 302, 306, and 308 have been completed, the prior art process transitions to step 310. Now having received the necessary information from steps 302 and 308, the subscriber station 108 generates or derives the key using the de-scrambling message from step 308 if authorized. Next in step 312, the subscriber station 108 de-scrambles the pre-scheduled service using the derived key from step 310.
  • the subscriber station 108 can display the pre-scheduled service on a display device of the subscriber station 108.
  • the key is used to control access by the respective subscriber station 108 to the content.
  • a unique key is needed for each program, and each subscriber station 108a-I must receive the authorization before the key to the program can be decrypted in the prior art.
  • Figure 3B the processing that occurs when an unauthorized subscriber station 108 attempts to gain access to the content is illustrated.
  • Figure 3B is a flow chart of the prior art method for receiving and processing a transmission at an unauthorized subscriber station. For ease of understanding like reference numerals have been used for like steps.
  • the user inputs signals to a corresponding subscriber station 108 to tune the subscriber station 108 to the pre-scheduled service in step 306. Also in step 308, the subscriber station 108 receives the scrambled data for pre-scheduled service and the de-scrambling message. However, step 302 at the unauthorized subscriber station 108 are never completed. Rather as shown by the flow chart in step 316 the subscriber station 108 does not receive the authorization for pre-scheduled services. Therefore, the unauthorized subscriber station 108 is unable to perform step 310 and is unable to derive the key and de-scramble the signal for display in step 320.
  • Figures 3 A and 3B show the importance in the prior art of having a fairly small number of data streams (on the order of tens) that have many potential users, and that digital broadcast services can generally be pre-scheduled allowing authorization to be generated and distributed before they are needed.
  • Figure 4 is a schematic diagram of a system 400 utilizing the present invention. The present invention is directed to the addition of a video-on-demand system 402 and to providing conditional access and security in such a combined system 400. Again, for ease of understanding like reference numerals have been used for similar elements with the same functionality.
  • the combined system 400 preferably comprises one or more broadcast sources 102a/b/c, one or more video-on-demand (VOD) system 402, a distribution center 104, a VOD content server 404, a session manager 406, a transport multiplexer 410, a conditional access system, a secondary distribution network 106 and a plurality of subscriber stations 408a-408i.
  • VOD video-on-demand
  • An exemplary such video-on-demand system 400 is described in pending U.S. Patent Application Number 08/984,710, filed December 4, 1997, and entitled "System for Interactively Distributing Information Services," the disclosure of which is incorporated herein by reference. The following description will focus on differences from such a system.
  • the combined system 400 differs from the prior art of Figure 1 by providing video-on-demand data streams.
  • the system 400 has a plurality of VOD systems 402 to provide the content as requested by the subscriber stations 108a-108i in addition to the broadcast sources 102 used in traditional cable networks to provided video and audio content for various channels.
  • the VOD system 402 for example may include various movies that may be requested by the user. The available number of movies to the subscriber stations 108a-108i can be in the thousands.
  • Both the broadcast sources 102 and the VOD system 402 are coupled to provide their content to the distribution center 104, preferably via a primary distribution network.
  • the VOD system 402 preferably comprises a content server 404, a session manager 406, a transport stream multiplexer/scrambler 410 and a conditional access system 412.
  • the content server 404 stores the video content such thousands of movies, and in response to signals from the session manager 406 provides the video content to the transport stream multiplexer/scrambler 410.
  • the session manager 406 controls the content server 404, the transport stream multiplexer/scrambler 410 and the conditional access system 412 in response to user requests.
  • the session manager is coupled to each of these devices for sending control signals.
  • the session manager 406 is also coupled to each subscriber station 408 by a out of band communication channel 420 to receive input from the subscribers.
  • conditional access system 412 sends control signals, encryption keys and authorization messages to the transport stream multiplexer/scrambler 410.
  • control signals As will be known to those skilled in the art, multiple commercial vendors offer conditional access systems compatible with conditional access messaging defined by the MPEG-2 standard that could be used for conditional access system 412.
  • the transport stream multiplexer/scrambler 410 send the content and control signal in both scrambled and not scrambled format to the distribution center 104.
  • the session manager 406 also instructs the transport stream multiplexer/scrambler 410 which channels and program ID to use when transmitting the content.
  • the distribution center 104 is similar to that described above with reference to Figure 1.
  • the distribution center 104 transmits the typical broadcast content, but also transmits the content, access and communication necessary for VOD services.
  • the VOD system 402 may provide the functionality as described in U.S. Patent Application Serial No. 08/984,710, filed December 4, 1997, entitled "System for Interactively Distributing Information Service” which is incorporated herein by reference.
  • the distribution center 104 is coupled to the secondary distribution network 106.
  • the streams transmitted include both the typical broadcast content (A) but also video-on-demand services (B) as shown in the Figure 4.
  • the coupling of the distribution center 104 to the secondary distribution network 106 provides a return channel (shown by dotted line 420) for sending signals from the subscriber stations 408a-i to the VOD system 402, in particular, the session manager 406.
  • the VOD services are provided on channel resources that are re-used and reallocated to different subscribers, and the subscriber station requires tuning information to access the VOD services.
  • the distribution center 104 and the VOD system 402 are coupled via a secondary distribution network 106 to the subscriber stations 408a-408i.
  • the secondary distribution network 106 comprises for example, various amplifiers, bridges, taps, and drop cables.
  • the subscriber stations 408a-408i are, by way of example, set-top boxes and associated television equipment for viewing the video content by end users.
  • the subscriber stations 408a-408i or set-top boxes differ from the prior art in that they included added functionality in the form of programs downloaded or stored in ROM that provide the functionality described below with reference to Figures 6A-6C. More specifically, the programs provide method for ensuring that access to the VOD services are authorized and that does not suffer from the above-identified shortcomings of the prior art.
  • FIG 4B one exemplary embodiment for a subscriber stations 408 is shown.
  • Each subscriber station 408 preferably comprises a tuner/de-multiplexer 450, a controller 452, a de-scrambler 454, a key generator 456, a video decoder 457, and a display device 458.
  • the tuner/de-multiplexer 450 tunes to a particular frequency and program ID in response to signals from the controller 452.
  • the tuner/de-multiplexer 450 monitors the channels and extracts the signals for the identified channel.
  • the tuner/de- multiplexer 450 also extracts control information from the channel and provides it to the controller 452 and the key generator 456. General control signals, tuning information, and other communication with the session manager 406 are provided to the controller 452. .
  • the tuner/de-multiplexer 450 also extracts and provides entitlement management messages and entitlement control messages to the key generator 456.
  • the key generator 456 may be a smart card coupled to the subscriber station 408 or may be ROM included in the subscriber station 408.
  • the controller 452 enables the key generator 456 to derive a key that is sent to the de-scrambler 454 to de-scramble or decrypt the video content.
  • the video streams are presented to the video decoder 457 that converts the MPEG streams to an video analog signals. The analog signals are then presented to a display device 458.
  • the present invention is applicable to any variety of video distribution system whether is uses cable or some other media for distribution such as but not limited to a satellite system, a digital subscriber line system, and a microwave system.
  • a prefe ⁇ ed embodiment of the method for processing of the content at the distribution center 104 and transmission of the content to subscriber stations 408 according to the present invention is shown.
  • the method begins in step 501 by configuring the conditional access system 412 to scramble all the VOD programs as scrambled broadcast services. In other words, the VOD services are provisioned to be scrambled all the time.
  • step 502 at least one subscriber station 408 is authorized for all VOD services. More preferably, the present invention authorizes all subscriber stations 408 connected to the network for all VOD services. This authorization is preferably accomplished by having the server 404 send the authorization to the all subscriber stations 408.
  • An authorization message is a message authorizing a particular subscriber station to use a de-scrambling key to de-scramble a program.
  • authorization of the subscriber stations 408 is performed by sending an entitlement management message (EMM) from the distribution center 104 to each of the subscriber stations 408.
  • EMM entitlement management message
  • This step 502 is preferably performed at initialization of the communication between a particular subscriber station 408 and the system 400.
  • the method proceeds in parallel to steps 512, 506, 508. Since the system 400 provides the streams of video data in response to a request from respective subscriber station 408.
  • the duration between step 502 and the other steps 512, 506, 508 can vary significantly for each subscriber station 408 and may be any length of time.
  • step 512 using the return channel unique to the VOD system 400, the VOD system 402 and distribution center 104 receives a request or order for VOD services from a particular subscriber station 408.
  • step 514 responsive to the request, the VOD system 402 and distribution center 104 sends tuning data to the individual subscriber 408. This preferably accomplished by sending the frequency and MPEG program number by reference or value using the VOD downstream communication control path.
  • the actual information for tuning to the channel may be provided or this virtually may be done by providing a index to a table at the subscriber station 408 that is used to look up the value in a table.
  • This feature of the present invention is particularly advantageous because it solves the problem presented VOD services of targeting data streams to individual users.
  • the tuning information is know by the user, can be used to tune to the program and cannot be used to control access.
  • the transmission and use of the tuning information as described above permits the targeting of particular programs streams to particular users as was not possible in the prior art.
  • the VOD system 402 and distribution center 104 scrambles or encrypts the streams of the VOD service; and in step 508, the VOD system 402 and distribution center 104 generate a de- scrambling message for producing the key for decoding the streams of the VOD service.
  • the de-scrambling message preferably includes data that can be used by the subscriber station 408 to derive or generate the key.
  • the de-scrambling message preferably takes the form of an entitlement control message (ECM) in the MPEG protocol.
  • ECM entitlement control message
  • the present invention preferably uses the same key or key set for a number of programs.
  • the distribution center 104 transmits the scrambled VOD service and the de-scrambling message over the secondary distribution network 106. This completes the processes of the present invention at the distribution center 104.
  • the security of the content being distributed is maintained by the present invention using scrambling or encryption. Any one of the various and conventional encryption methods could be used.
  • the present invention is particularly advantageous because the system 400 uses the same keys for all subscriber stations 408. Thus, even with thousands of subscribers, the distribution of the keys is not problematic.
  • the keys are used to protect against theft of the transmission signal but are not use to control or prevent access by a subscriber station 408. While the present invention uses multiple keys for groups of subscribers, the present invention avoids the problem of the prior art of requiring a key for each subscriber station 408 connected to the network 106.
  • Figures 6A-6C the various processes that may occur at the subscriber stations 408 will be described. With the method of the present invention, there are three possible scenarios: an authorized user ordering VOD service, a subscriber not ordering VOD service, an attempt to pirate or steal VOD service.
  • FIG. 6A the prefe ⁇ ed method for receiving and processing a transmission at a subscriber station 408 that has requested video-on-demand services will be described.
  • the process begins in step 608 with the user inputting an order for VOD services, and the respective subscriber station 408 receiving input and generating an order for VOD services that is sent over the back channel to the video VOD system 402. Then in step 610, the subscriber station 408 receives tuning data indicating both which channel of a plurality of pre-defined VOD channels the content will be transmitted on and which PIDs (program identification numbers) the content will be marked with.
  • the PIDs are selected by the session manager 406 and sent by value or by reference to the server 404 and the subscriber station 408.
  • the sever 404 preferably provides the requested program on an available channel and the PIDs are included in the header of all packets sent on a stream and associated with the program.
  • step 612 the subscriber station 408 tunes to the channel specified by the tuning data from step 610.
  • step 606 the subscriber station 408 receives the scrambled or encrypted VOD service and the de-scrambling message in step 606 responsive the execution of step 510 by the distribution center 104.
  • step 606 the method continues in step 614.
  • the subscriber station 408 performed step 602 to receive authorization for all VOD service.
  • the subscriber station 408 performs step 602 responsive to step 502, and need perform step 602 only once upon initialization, and long before step 614. Such information would be stored at and by the subscriber station 408.
  • step 614 the subscriber station 408 uses the de-scrambling message, namely the decryption data, to derive or generate the key for de-scrambling the content.
  • step 616 the key is used to de-scramble the VOD service.
  • step 618 the subscriber station 408 decodes the signal and displays it the VOD on an associated display device. It should be noted that access to the VOD service is controlled in two ways. First, requiring the key for decryption protects all content of the VOD service.
  • the access to the VOD service for a particular subscriber station 408 is controlled by the VOD system 402 that controls whether the subscriber station 408 knows which channel is being used to provide the VOD service, thus, to which the subscriber station 408 must tune.
  • additional keys may be used to provide additional levels of security. For example, at a later time a second key may be substituted for the first key, where the first key and the second key are both members of a first set of keys, and where the decryption data is usable to decrypt each member of the first set of keys.
  • FIG. 6B illustrates the processing that occurs at the subscriber station 408 when no service has been requested.
  • the subscriber station 408 performs step 602 as do all subscriber stations 408 to become authorized for VOD services.
  • the subscriber station 408 will not send a request for VOD service to the VOD system 402 in step 620, and therefore, will also never receive the necessary tuning data in step 622.
  • any attempts in step 624 to get the VOD service without notifying the video VOD system 402 and thus not be charged is not possible.
  • FIG. 6B most clearly shows that it is the failure to provide tuning data in the present invention that prevents a authorized subscriber station 408 that has not ordered the VOD services from decoding the VOD services signal.
  • FIG 6C the processing that occurs at the subscriber station 408 when a non-subscriber attempts to pirate video-on-demand services will be described.
  • the non-subscriber by definition will not receive the authorization in step 628. Since the subscriber station 408 is a non-subscriber there will have been no initialization and not received the authorization in step 628. Nonetheless, the non-subscribing station 408 may through illegitimate means determine the tuning data in step 626.
  • the non-subscribing station 408 could tune to the channel having the VOD services.
  • the non-subscribing station 408 receives the scrambled VOD services and the de- scrambling message.
  • the non-subscribing station 408 will attempt to derive or generate the key, however, it does not have the authorization and data necessary to derive the key, and therefore will be unable to de-scramble the VOD services.
  • the lack of the authorization and thus the key provides the protection against theft of the VOD services.
  • Figures 7 & 8 Each Figure shows the distribution of keys for controlling access to the video content provided by the distribution center 104.
  • FIG 7 is a block diagram illustrating the transmission of data and keys with respect to the transport stream such as MPEG according to the prior art.
  • the prior art sends a different key associated with the program, and thus, controls access to the program.
  • each subscriber station 408 is enabled to access the program depending on whether the subscriber station 408 has received the key co ⁇ esponding to the program.
  • this is not problematic because there are relatively few programs.
  • VOD services there may be thousands of programs, and if each required a separate key, the distribution of the keys themselves would cause failures making the programs not accessible to the subscriber stations 408.
  • Figure 9 is diagram for a hybrid fiber/coax network 900 including a headend 902, plurality of nodes 904 providing a plurality of channel 906 each having a plurality of programs 908.
  • Figure 9 illustrates the use of the same key for each channel.
  • the number of keys to be distributed is reduced by a factor of n.
  • n is the number of programs 908 per channel or frequency.
  • this an 8:1 reduction in the number of keys needed.
  • this concept can be extended to used one key for groups of channel, or even one key for each node.
  • the present invention ensures that the distribution of keys is not a obstacle to providing the conditional access desired.
  • the present invention uses the mechanisms of (1) scrambling, (2) authorization messages and (3) tuning to control access.
  • the subscriber station 408 requires all three to be able to receive and de-scramble signals transmitted over the network 106 to the subscriber station 408.
  • the present invention minimizes traffic over the network 106 by using the same encryption decryption keys for the channels; and sending authorization messages upon initialization. Therefore, even though there are thousands of programs each being sent to individual subscriber, conditional access is maintained with nominal impact on network bandwidth. It is to be understood that the specific mechanisms and techniques that have been described are merely illustrative of one application of the principles of the invention. For example, while the present invention is described in application to a video on-demand system, it also has some application in other point cast on-demand services such as data. Numerous additional modifications may be made to the methods and apparatus described without departing from the true spirit of the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Graphics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

L'invention concerne un système qui offre une transmission en toute sécurité et un contrôle total d'accès pour des dispositifs cibles. Ce système comprend notamment un centre de distribution, un système vidéo sur demande, un réseau de transmission et plusieurs dispositifs cibles. Le système vidéo sur demande est intéressant en ce qu'il permet le chiffrement de la transmission, la transmission de clés d'accès et le contrôle d'accès. Les dispositifs cibles comportent également des circuits permettant de communiquer avec le serveur vidéo, de déchiffrer la transmission et de contrôler l'accès à des services vidéo. Un procédé permettant d'assurer, à des stations abonnées, un accès conditionnel à des services vidéo, consiste à autoriser ces stations à recevoir les services vidéo; à recevoir, d'une première station abonnée, une première commande d'un premier service vidéo; et à transmettre, à ladite première station, des données de réglage afin de lui permettre de recevoir le premier service vidéo. Le procédé permet également d'empêcher le vol du contenu des transmissions grâce aux mesures suivantes: brouillage du premier service vidéo au moyen d'une première clé qui produit un premier service vidéo brouillé; brouillage de la première clé au moyen des données de chiffrement pour produire une première clé brouillée; distribution des données de chiffrement permettant à la pluralité de stations abonnées de déchiffrer la première clé brouillée; transmission du premier service vidéo brouillé à la pluralité de stations abonnées; et transmission de la première clé brouillée à la pluralité de stations abonnées.
EP01904852A 2000-01-14 2001-01-12 Acces conditionnel a des systemes video sur demande et securite associee Withdrawn EP1247399A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US48306600A 2000-01-14 2000-01-14
US483066 2000-01-14
PCT/US2001/001173 WO2001052543A1 (fr) 2000-01-14 2001-01-12 Acces conditionnel a des systemes video sur demande et securite associee

Publications (1)

Publication Number Publication Date
EP1247399A1 true EP1247399A1 (fr) 2002-10-09

Family

ID=23918499

Family Applications (1)

Application Number Title Priority Date Filing Date
EP01904852A Withdrawn EP1247399A1 (fr) 2000-01-14 2001-01-12 Acces conditionnel a des systemes video sur demande et securite associee

Country Status (4)

Country Link
EP (1) EP1247399A1 (fr)
AU (1) AU2001232794A1 (fr)
CA (1) CA2396821A1 (fr)
WO (1) WO2001052543A1 (fr)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7747982B1 (en) 1999-10-13 2010-06-29 Starz Entertainment, Llc Distributing and storing content to a user's location
US7984463B2 (en) 2002-03-29 2011-07-19 Starz Entertainment, Llc Instant video on demand playback
US6983480B1 (en) 1999-10-13 2006-01-03 Starz Entertainment Group Llc Method for authorizing limited programming distribution
US8020186B1 (en) 1999-10-13 2011-09-13 Starz Entertainment, Llc Methods and systems for distributing on-demand programming
JP2003533075A (ja) * 1999-12-22 2003-11-05 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ データコンテンツへのアクセスを制御する条件付きアクセスシステム
US8707357B1 (en) 2001-04-23 2014-04-22 Starz Entertainment, Llc Thematic VOD navigation
US7464392B2 (en) 2001-11-20 2008-12-09 Starz Encore Group Llc Viewing limit controls
US7739707B2 (en) 2001-11-20 2010-06-15 Starz Entertainment, Llc Parental controls using view limits
US7486792B2 (en) 2002-08-23 2009-02-03 General Instrument Corporation Terrestrial broadcast copy protection system for digital television
GB2413026B (en) * 2003-02-12 2006-03-22 Video Networks Ltd System for capture and selective playback of broadcast programmes
AU2003214784A1 (en) * 2003-02-21 2004-09-09 Alif R And D Sdn Bhd System and method for providing secure video broadcasting services
SE0301728D0 (sv) * 2003-06-13 2003-06-13 Television And Wireless Applic Adapter arrangement, method, system and user terminal for conditional access
WO2005096767A2 (fr) 2004-04-05 2005-10-20 Comcast Cable Holdings, Llc Procédé et système d'approvisionnement d'un décodeur
US9740552B2 (en) 2006-02-10 2017-08-22 Percept Technologies Inc. Method and system for error correction utilized with a system for distribution of media
US8451850B2 (en) 2006-02-10 2013-05-28 Scott W. Lewis Method and system for distribution of media including a gigablock
US8566894B2 (en) 2006-02-10 2013-10-22 Scott W. Lewis Method and system for distribution of media

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0739135A1 (fr) * 1995-04-19 1996-10-23 General Instrument Corporation Of Delaware Procédure de protection de données pour sessions de communication point-a-point
US5870474A (en) * 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
WO1999007151A1 (fr) * 1997-08-01 1999-02-11 Scientific-Atlanta, Inc. Mecanisme et appareil pour l'encapsulation d'autorisation de prestation dans un systeme d'acces conditionnel
WO1999009743A2 (fr) * 1997-08-01 1999-02-25 Scientific-Atlanta, Inc. Reseau d'acces conditionnel

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4430669A (en) * 1981-05-29 1984-02-07 Payview Limited Transmitting and receiving apparatus for permitting the transmission and reception of multi-tier subscription programs
EP0148235B1 (fr) * 1983-06-30 1988-10-05 Independent Broadcasting Authority Systeme de television a emission chiffree
JPS60253386A (ja) * 1984-05-30 1985-12-14 Toshiba Corp ケ−ブルテレビジヨンシステムの制御装置
US4866770A (en) * 1986-07-08 1989-09-12 Scientific Atlanta, Inc. Method and apparatus for communication of video, audio, teletext, and data to groups of decoders in a communication system
US5247364A (en) * 1991-11-29 1993-09-21 Scientific-Atlanta, Inc. Method and apparatus for tuning data channels in a subscription television system having in-band data transmissions
US6118498A (en) * 1997-09-26 2000-09-12 Sarnoff Corporation Channel scanning and channel change latency reduction in an ATSC television receiver

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0739135A1 (fr) * 1995-04-19 1996-10-23 General Instrument Corporation Of Delaware Procédure de protection de données pour sessions de communication point-a-point
US5870474A (en) * 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
WO1999007151A1 (fr) * 1997-08-01 1999-02-11 Scientific-Atlanta, Inc. Mecanisme et appareil pour l'encapsulation d'autorisation de prestation dans un systeme d'acces conditionnel
WO1999009743A2 (fr) * 1997-08-01 1999-02-25 Scientific-Atlanta, Inc. Reseau d'acces conditionnel

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO0152543A1 *

Also Published As

Publication number Publication date
CA2396821A1 (fr) 2001-07-19
WO2001052543A1 (fr) 2001-07-19
AU2001232794A1 (en) 2001-07-24
WO2001052543A8 (fr) 2001-08-16

Similar Documents

Publication Publication Date Title
US20220021930A1 (en) Reduced Hierarchy Key Management System and Method
US9467658B2 (en) Method and apparatus for protecting the transfer of data
EP0739135B1 (fr) Schéma de protection de données pour sessions de communication point-a-point
KR101059624B1 (ko) 조건부 액세스 개인용 비디오 레코더
EP1618666B1 (fr) Procede et dispositif de protection de transfert de donnees
US8681979B2 (en) Conditional access system and method for prevention of replay attacks
US20040158721A1 (en) System, method and apparatus for secure digital content transmission
US20120201377A1 (en) Authenticated Mode Control
EP1247399A1 (fr) Acces conditionnel a des systemes video sur demande et securite associee
EP1534011A1 (fr) Système et procédé assurant la fourniture à la demande de contenus pre-cryptés par la suppression du message de commande d'admissibilité
JP2007173917A (ja) Vodプリスクランブルシステムにおける限定受信制御方法、限定受信制御システムおよび限定受信制御装置

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020731

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE TR

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: TV GATEWAY, LLC

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: SEDNA PATENT SERVICES, LLC

17Q First examination report despatched

Effective date: 20081017

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20090428