Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
  • H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
  • H04N21/25808—Management of client data
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
  • H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
  • H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
  • H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
  • H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
  • H04N21/64—Addressing
  • H04N21/6405—Multicasting
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N5/00—Details of television systems
  • H04N5/76—Television signal recording
  • H04N5/91—Television signal processing therefor
  • H04N5/913—Television signal processing therefor for scrambling ; for copy protection
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
  • H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

• Protocol for controlling the mode of access to data transmitted in point-to-point or point-to-point mode
• the invention relates to a protocol for controlling the mode of access to data and the application of such a protocol to operations for controlling access to this data in the context of transactions or electronic commerce.
• the aforementioned data, and the information supported by them can be transmitted in clear or, on the contrary, encrypted or scrambled. Encryption or scrambling of this data makes it possible to ensure more stringent access control, access to scrambled or encrypted data being able to be totally prohibited.
• Access control to data has experienced unprecedented growth, thanks to the advent of techniques for transmitting information over a network.
• Access control systems meeting the requirements of the aforementioned standard make it possible to remotely manage access control to scrambled data by means of a service key and transmitted between a transmission center and at least a receiving station.
• the transmission center includes a module for calculating a control word, CW, containing at least the service key, and a module for encrypting the control word using an operating key, SOK, for generating a cryptogram of the control word.
• Access control management is carried out using access rights or titles, registered on the subscription medium and access title control parameters, or access criteria, generated from the program.
• a generator of access title control messages, ECM messages containing at least the cryptogram of the control word and access title control parameters, designated access criteria, and a module generating access credential management messages, EMM messages, are provided.
• ECM messages and EMM messages may be multiplexed in the stream of scrambled information transmitted.
• Each receiving station comprises at least one terminal for descrambling scrambled data and an access control module comprising a security processor hosted for example by an access control card, playing the role of subscription support, and introduced into the terminal.
• the security processor includes the SOK operating key and access titles, stored in secure internal memory, and a decryption module.
• the security processor makes it possible, from the operating key and the cryptogram of the control word, to restore the service key, on a criterion of verification of at least one of the registered access titles, from the transmitted access criteria.
• Each descrambling terminal includes a descrambling module making it possible, from the restored service key, to descramble the scrambled data transmitted, for use by the authorized subscriber user holding the subscription medium.
• Such a character of independence makes it possible, in particular, to manage subscriptions of subscribers and / or groups of subscribers independently of the management of the operating key SOK, which can then be modified by the authority responsible for ensure the operation of the access control system on the basis of criteria relating only to the security of the data transmitted, in order to ensure the non-compromise of this operating key and, consequently, of the cryptogram of the control word then finally scrambled data.
• the above-mentioned standard UTE C90-007 provides for a system for addressing EMM messages according to group addressing.
• Each subscriber thus has, independently of the conditional access process proper, a group address attached to a service identifier. From this address, the authority responsible for operating the access control system, the broadcasting operator, can hide or select one or more groups.
• the addressing associated with the service identifier parameter has the highest priority level.
• UTE C90-007 allow to define modes of access limited to:
• the aforementioned access modes appear to be substantially compartmentalized. In particular, they do not allow, by reason of their definition and coding, to a user having acquired access tickets by booking session intervals, to access scrambled data transmitted in access mode by impulse purchase for example. Indeed, within the framework of strict compliance with the provisions of the aforementioned standard, the emission of ECM messages comprising parameters for controlling access rights, or access criteria, corresponding to one of the access modes previous, gives any program or scrambled data transmission a corresponding access mode, independently of the scrambling process proper of the aforementioned data. In addition, broadcasting operators are asking for new access modes, which, not listed in the text of the aforementioned standard, cannot therefore be implemented in the absence of a specific definition and coding of these latter.
• Such access modes concern, for example: - access to a plurality N of broadcasts of the same broadcast program;
• the present invention relates to the implementation of a protocol for controlling the mode of access to data on the basis of access rights or titles and access criteria for defining or specific coding allowing the implementation of the most diverse access modes and / or combinations of access modes.
• Another object of the present invention due to the diversity and flexibility of the access modes capable of being defined, coded and implemented in accordance with the access mode control protocol according to the invention, is the application of such a protocol to access to data of all kinds, scrambled or unscrambled, the mode of definition and coding of the titles and access criteria allowing adaptation and application of the protocol, object of the invention, to any information.
• Another object of the present invention is the implementation of a protocol for controlling the mode of access to data, based on access rights or titles and access criteria subject to a validity condition of at least one access right or an electronic token holder of access values.
• the protocol for controlling the mode of access to data from access rights and access criteria subject to a condition of validity of at least one access right or of an electronic token holder of values d access, object of the present invention is remarkable in that it consists in establishing each access right and each electronic token holder of access value, acquired by an authorized user, in the form of a first set of variables constituted by independent variables and linked variables.
• the independent variables of this first set contain at least one validity duration variable and one identification number variable for each right or access title respectively of each electronic token holder. It also consists in establishing each access criterion in the form of a second set of variables constituted by independent variables and linked variables.
• the independent variables of this second set contain at least one access date variable, an access criterion type identification variable and an access right or electronic token identification number variable, and, in the case of '' an electronic token holder, an access cost variable. It also consists in establishing a proposed mode of access to the data in the form of a logical combination of access criteria to generate access constraints.
• the protocol object of the present invention finds application to point-to-point or multipoint toll transmission of data, whether this data is encrypted or scrambled or not.
• the protocol which is the subject of the present invention finds application in controlling access to television or broadcast programs, in point-to-multipoint transmission, when the digital data, the support of these programs, is scrambled or encrypted.
• the transmission in the latter case, can be carried out either by radio network, by wired terrestrial network or by IP network.
• FIG. 1 shows, by way of illustration, an example of implementation of the protocol object of the present invention, at a server center, the transmission of data to which access is granted can be performed, following verification access mode, via a network using the IP protocol for example;
• FIG. 2a represents, by way of illustration, a first variant of implementation of the protocol object of the present invention represented in FIG. 1, the remote client terminal having access rights and one or more specific electronic token holders, from which an access mode proposal request can be transmitted to the server center;
• FIG. 2b represents, by way of illustration, a second variant of implementation of the protocol object of the present invention, as shown in FIG. 2a, in which the data for which access is requested is divided into quanta of data, following a pre-validation of the access mode proposal request, and a control message containing specific access criteria associated with a current quantum of data are transmitted to the remote terminal, the mode control operation d 'access proper being then implemented at the remote terminal considered for each quantum of data and for the control message associated with the latter;
• - Figure 2c shows, by way of illustration, a third variant of implementation of the protocol object of the present invention, corresponding to a simplification of the second variant according to Figure 2b, in which, following an authentication of the request for proposal mode of access, the pre-validation step is deleted, the control of the access mode being carried out on the other hand, at the remote terminal, in a manner similar to that of FIG. 2b;
• FIG. 3a shows, by way of illustration, another example of implementation of the protocol object of the present invention, the transmission of the data for which access is requested being carried out in a point-to-multipoint mode, from a broadcast network, between a transmission center and at least one terminal ensuring the descrambling of the data when the latter are scrambled, an access control module equipped with a security processor being associated with the aforementioned terminal;
• FIG. 4a represents, by way of illustration, a flowchart for controlling the mode of access to an access right required by the subscribed user, the aforementioned access right being able to be registered either at a remote terminal, during a point-to-point transmission, either in an access control module associated with a descrambling terminal, during a point-to-multipoint transmission;
• FIG. 4b represents, by way of illustration, a flowchart for controlling the access mode during the acquisition of an access unit intended for an electronic token holder, this acquisition being proposed in punctual mode, during a point-to-point transmission, respectively in impulse mode, during a point-to-multipoint transmission;
• FIG. 4c represents, by way of illustration, a flowchart for controlling the access mode during the acquisition of an access right intended for an electronic token holder, this acquisition being proposed in punctual mode, during a point-to-point transmission, respectively in impulse mode, during a point-to-multipoint transmission;
• FIG. 4d represents, by way of illustration, a flowchart for controlling the access mode during the acquisition of a new electronic token holder, this acquisition being proposed in punctual mode during a point-to-point transmission, respectively in impulse mode, during point-to-multipoint transmission;
• FIG. 5 shows, by way of illustration, the diagram of an installation, emission center, allowing the combination of two access conditions, according to an access mode by impulse mode acquisition of a fixed price or mode d access on an existing package, accompanied by a reading of consumption of access units by the subscriber, during a transmission in point-to-multipoint mode, the transmitted data being, moreover, scrambled.
• the protocol object of the present invention can be implemented, firstly, when the data object of the access is transmitted in point-to-point mode between a center server and a remote terminal, the transmission of the aforementioned data being carried out, by way of nonlimiting example, according to the IP protocol for example.
• Access to the service is then made, for a fee, from access rights and access criteria, the control of the access mode being subject to a condition of validity of at least one of the rights of the aforementioned access which benefits the authorized subscriber subscriber or an electronic token holder for example.
• the protocol object of the present invention advantageously consists in establishing each access right and each electronic token holder acquired by the authorized user or the subscriber in the form of a first set of variables consisting of independent variables and related variables.
• step A of FIG. 1 The step of establishing each access right is represented in step A of FIG. 1, the access rights being denoted AR and the electronic token holder being denoted PU, each one verifying the relation (1):
• PU [Validity] Purseld [PurseSubld] PurseUnits [RE]
• the coding of the AR access rights and the PU electronic token holders makes it possible to confer a generic character on these insofar as the independent variables contain at least one validity duration variable and one identification number variable for each access right or each token holder electronic, and, in the case of electronic token holders, a unit credit variable.
• - Validity indicates a validity interval, which can be fixed, and represented by a start date and an end date of access right, or sliding and then defined in number of days, expiration date. The validity interval can then be transformed into a fixed value at the first use for example.
• the validity variable is optional. When the validity variable field is empty, the validity variable not being coded, the access right is always valid. Such a coding mode corresponds for example to the allocation of a permanent right according to the choices of the broadcasting operator or the server center.
• the above variables correspond to identifiers and sub-identifiers of a right allowing in particular to reference this right in the access criteria. It is understood in particular that the identifier being a mandatory independent variable, the sub-identifier being optional, the Rightld identifier makes it possible to reference the same family of services for an operator, such as for example a game access service and the RightSubld sub-identifier is used to reference a game among this family, one or more games if necessary.
• - Level the aforementioned variable defines a level value representative of a maximum access position for the right considered.
• this variable defines the amount, in access value, of the electronic token holder associated with the access rights of the authorized user.
• the unit of such an access amount can be different from one token holder or electronic wallet to another, with different identifiers, i.e. access values or unit values. different access account.
• - RE represents a variable linked to the independent Purse Units variable, the RE variable designating a so-called deferral variable allowing the carry-over of the content of the electronic token holder considered, or of the credit balance of the latter, to a token holder of the same kind or on the same wallet or electronic token holder with an identical identifier.
• variable RE is optional and that it can also include a deadline for postponing the token holder denoted Rdate and in a variable for maximum postponement of the token holder denoted RPurse.
• the protocol which is the subject of the present invention also consists in establishing each access criterion in the form of a second set of variables constituted by independent variables and linked variables, this step being represented in step B of FIG. 1.
• the variables independent of access criteria contain at least one access date variable noted Date, an identification variable of type of access criterion and a linked variable in the type of access criteria, the identification variable in the type of access criteria corresponding to a variable of identification numbers of access rights or electronic token holder, as will be described below.
• the access criteria advantageously include the following access criteria verifying the relation (2): - Criterion per nominal access right noted ACAR:
• - Date date of the access criterion. The date must be within the validity period of the AR access right or the PU electronic token holder used.
• - Unitld UnitSubld variable for identifying and under-identifying an access unit allowing the accumulation of access units, in particular for a statement or subsequent consultation of the consumption of each electronic token holder.
• Cost variable for the cost of the one-time acquisition variable for the cost of the one-time acquisition, the Cost variable being a complex variable verifying the relationship:
• Costld designates the acquisition identifier
• CostUnits designates the one-time acquisition cost in a given electronic token holder.
• CostMax maximum cost variable, designates a ceiling from which the criterion is verified with authorization or prohibition of access. The costs of all consumption with the same identifier and sub-identifier of the criterion accessed are cumulated to compare with this ceiling for example.
• the protocol which is the subject of the present invention then consists, in step C, of establishing a proposal for a mode of access to the data in the form of a set of logical combinations of access criteria for defining access constraints.
• Step C is then followed by a step D consisting in subjecting the proposed mode of access 9 to an evaluation of the access constraints vis-à-vis the access rights and electronic token holder acquired.
• step D verifies the relation (4):
• Step D is then followed by a step E consisting in verifying the true value of the evaluation S.
• the access mode is accepted and access to the data is continued in step F for the true value of l evaluation E. Access to the data is not continued in the opposite case when the evaluation E is not verified in step G of FIG. 1.
• each access criterion comprises constraint variables to be applied to the variables of the access rights AR or electronic token holder PU to carry out the implementation of the steps D, E above and thus ensure the control of the mode d 'access required by the subscriber.
• step C consisting in establishing a proposed access mode can consist, in step C1a, in transmitting, from the remote terminal of address j to the server center, an access request comprising at least access rights or the electronic token holder, this request verifying for example the relation (5): 9.9. (AR, PU) (5)
• the C2a one-step server center extracts the rights
• FIG. 2b A second alternative embodiment of the protocol which is the subject of the present invention will now be described with FIG. 2b.
• the data transmission is carried out in point-to-point mode, a preflight check being carried out at the server center, while the process of controlling the access mode properly said is performed at each remote terminal of address j.
• the authorized user transmits a request for a proposal for an access mode in step C1b and the server performs the extraction of rights AR and of the electronic token holder PU at l 'step C2b.
• Step C2b is followed by a test step C3b, called pre-validation, carried out at the server center and consisting in verifying certain aspects of the validity of the transaction.
• the pre-validation step, in step C3b can consist, for example, of verifying, in addition to certain parameters of identification of the requesting user subscriber, the character of solvency, that is to say the presence of tokens. in the PU electronic token holder.
• step C3b On a negative response in step C3b, the absence of continuation of the access mode is incurred in step C4b.
• a step C5b is launched, which consists for example in defining a quantum
• a control message ECM kj ⁇ noted ACAR, ACU is calculated, this control message of course containing the access criteria as defined in accordance with the protocol object of the present invention.
• this then consists of a step C6b in carrying out the transmission not only of the aforementioned quantum of data, but also of the control message to the remote terminal of address j.
• this operating mode is particularly advantageous in the case of a point-to-point transmission according to the IP protocol insofar as the transmission of the data to which access is requested is carried out in packets, the quantum of data QISOKDI ⁇ J can correspond to a determined number of packets, which can be linked to the remaining value of the electronic token holder PU for example.
• a step C8b is called to calculate the proposed access mode r?
• step Db consisting in carrying out the evaluation for the above-mentioned access mode proposal 9 ⁇ (.).
• the access mode control process can then be continued in accordance with FIG. 1, the access mode continuation being carried out as long as the evaluation for each access mode proposition of rank k is evaluated at the true value. .
• the second mode of implementation of the protocol object of the present as shown in Figure 2b allows on the one hand, thanks to the upstream control performed through the pre-validation in step C3b, perform direct management of each electronic token holder PU at the server center and, on the other hand, remove any need to perform a consumption statement at the remote terminal of address j.
• a simplified version in a third variant of implementation of the protocol which is the subject of the present invention a simplified version with respect to the mode of implementation of FIG. 2b, will now be described in conjunction with FIG. 2c.
• FIG. 2c it is considered, in a step C1c, that the authorized user subscriber simply sends a request to the server, this request being denoted 91 j (-, -).
• This request can simply include the address j of the remote terminal Tj, parameters for identifying the requester and justifying their authorization to interrogate the server center.
• the aforementioned request also includes a reference to the requested service, that is to say to the data for which access is requested.
• a step C2c is called, which corresponds to steps C5b and C6b of FIG. 2b, step C2c corresponding to the transmission of the quantum of data and of the control message previously described in connection with FIG. 2b.
• step C4c On reception of the successive quanta of data at the remote terminal of address j, a step C4c is called, which consists in establishing the proposed access mode in the same way as in step C8b in FIG. 2b.
• Step C4c is followed by a step De consisting in carrying out the evaluation of the proposed mode of access S ⁇ .) Previously described in connection with FIG. 2b.
• the access mode control process can then be continued by steps E, F and G of FIG. 1 in the same way as in the case of FIG. 2b.
• the mode of implementation according to the third variant of implementation of FIG. 2c of the protocol which is the subject of the present invention makes it possible to carry out the entire evaluation process at each remote terminal of address j, the operations at host level being reduced to their simplest expression, and consisting in subdividing the service support data into successive amounts of information.
• this variant embodiment requires verification or consumption statements made from each authorized subscriber having a remote terminal with address j.
• a preferred mode of implementation of the protocol for controlling the mode of access to data which is the subject of the present invention will now be described, secondly, in conjunction with FIGS. 3a and 3b in the case of a transmission of this data in multipoint point mode.
• step A consisting in establishing each access right AR and each electronic token holder PU, described in conjunction with FIG. 1, can consist to be transmitted, to each descrambling terminal T, and to the access control module associated with this last, in a step A ', messages for managing access rights and electronic token holders, these messages verifying the relationship (6):
• step A ′ is followed by a step B ′ making it possible to establish each access criterion in accordance with step B of FIG. 1 and advantageously consisting in transmitting to each descrambling terminal T, and to the access control module associated with each of these access control messages checking the relation (7):
• each remote terminal 1 and by the security processor PS f associated with each of the latter, of the aforementioned messages, the content of these messages, after verification, is stored in the access control module, which can then proceed, at step C, to the establishment of the access mode proposal in a similar manner to step C of FIG. 1, then to step D of evaluation of the mode proposal d above access.
• the protocol for controlling the access mode is continued in steps E, F, G in the same way as in the case of FIG. 1.
• the latter is however, implemented at the level of each terminal T f and of the security processor PS, of the access control module associated with each of the latter.
• This possibility of controlling access mode appears to be particularly advantageous insofar as any subscriber, provided with a descrambling terminal T, and an access control module equipped with a security processor PS, can see offer, at any time, a possibility of access at the sole initiative of the broadcasting operator.
• step consisting in establishing each access right and each electronic token holder can consist, in a step A ", in transmitting, to each authorized user, messages verifying the relation (10):
• These access proposal offer messages contain at least the AR or electronic token holder access rights PU, a proposal or offer date date variable PD, as well as a Cost cost variable defined from constraints on the identification number variable of at least one electronic token holder PUId and of an account unit variable denoted UC of this or these corresponding electronic token holders.
• the messages verifying the relation (10) can correspond either: - to an impulsive proposal for acquiring access rights:
• Cost Costld Purseld [PurseSubld] CostUnits.
• Date defines the date of the offer PD
• AR defines the right of access as defined previously in the description
• Cost defines the cost variable, as previously mentioned with the set of parameters, Costld designating a purchase identifier, Purseld designating an electronic token holder identifier, PurseSubld, an electronic token holder sub-identifier and CostUnits corresponding to the UC account unit previously defined in the description.
• the link between identifiers and sub-identifiers and the actual access mode is then carried out in the form of wording recorded in clear in the data blocks of the control module d 'access, the latter can be achieved in the form of a microprocessor card, as mentioned above, in order to allow a presentation in clear to the subscriber by simple display.
• the corresponding data blocks are on the other hand write-protected under the control of the broadcasting operator.
• FIGS. 4a to 4d A more detailed description of specific applications of the access mode control protocol which is the subject of the present invention will now be given in connection with FIGS. 4a to 4d in different situations corresponding to the acquisition of AR access rights, the acquisition by punctual action or by impulsive purchase of units via an electronic token holder, the acquisition of a right via a punctual offer or impulse purchase offer, by the through an electronic token holder, and the acquisition, in punctual or impulse mode, of a new electronic token holder through an electronic token holder held by the subscriber in his access control module or dedicated microprocessor card.
• the different variables constituting the access rights AR and the access criteria AC correspond to coded values the wording of which can be translated in clear for the purposes of informing the subscriber user.
• Purseld token credit / subscription package / session package / duration package / volume package.
• coded values of the aforementioned variables and their wording can be defined in private data, of text or digital type for example, in the access control module or microprocessor card and, in particular, in the memory areas of the security processor equipping them.
• values of the above coded variables and the corresponding wording can be established according to the table below:
• the access rights are defined by the Rightld identification variables for the rights corresponding to the labels of subscription, session, geographic group respectively;
• the token holders are defined by the variable Purseld for the values corresponding to the labels credit of tokens, subscription package, session package, time package, volume package respectively.
• a conversion rate can advantageously be used, the conversion rate making it possible to modulate the access mode selected by the subscribed user as a function of the access mode granted and the counting unit of the information or data accessed, the unit corresponding to monetary account units, for example Euros or other, subscription or number units.
• an overdraft can be associated and granted for certain access modes such as for example the credit package or the token credit. The value of the associated overdraft is given in real value.
• Unitld access unit variables can correspond to a time unit label, time during which access to information or data is granted, or in volume unit, volume of information or data to which the access is granted.
• a conversion rate parameter is provided, allowing to modulate the access mode taking into account the unit used, the second for the time unit, the Koctet per example for the volume unit.
• variable of access unit, identifier and sub-identifier of an access unit can for example correspond to a volume unit such that the Koctet, as mentioned previously in the description.
• the unit of time, the second can, on the contrary, be used for point-to-multipoint transmissions in which the transmission is substantially regular and regulated by the periodic sending of the ECM messages of change of the service key or control word. for example.
• FIGS. 4a to 4d are given, these examples corresponding to specific modes of implementation of the evaluation step from the access proposal step, as described previously in the description for steps D and C of FIG. 1 or the variant embodiments of the latter according to FIGS. 2a to 2c and 3a, 3b.
• the access mode proposal makes it possible to carry out the evaluation of the access constraints established on the basis of the access criteria ACAR, ACU applied to the access rights AR respectively to the electronic token holder PU.
• variables of the access rights will be designated by simple designations corresponding substantially to the preceding designations, while the corresponding variables of the access criteria will be designated by variables indexed by the letters AC for recall their belonging to the definition of the aforementioned access criteria and distinguish them, if necessary, from the corresponding variables defining the access rights.
• Control_ACAR Evaluation of the access mode control on criteria by right of access as such.
• Control_ACAR Evaluation of the access mode control on criteria by right of access as such.
• the aforementioned access mode criterion is checked if it exists in the dedicated file of the subscriber's access control module, that is to say of the microprocessor card of which he is the holder or in the latter's remote terminal, an access right verifying the test 40a according to which the identification of the right designated by the RightldAc access criterion is equal to the identification of the right of the Rightld subscriber.
• a step 40b of end of evaluation for the right considered FE is called which can cause an alarm at the remote terminal or the descrambling terminal.
• test 40c is called consisting in verifying whether the right sub-identifier of the RightSubld access criterion A c is equal to access right sub-identifier or if one of the two sub-identifiers is not specified.
• step 40c checks the relationship:
• the test 40c can, if necessary, be executed in a similar manner on the combination of variable / sub-variable RightSubld A c [Level], when the sub-variable Level is present.
• the end of assessment step 40b for the right considered FE is called again.
• the step 40d is called consisting of a verification test of the level of the access criterion vis-à-vis the corresponding level of the access right registered in the subscriber card or in the remote terminal thereof.
• the 40d test checks the relationship:
• LAC ⁇ L or W ⁇ The notation W ⁇ . Indicates that one of the variables of level LAC of the access criterion respectively L of the right of access is not specified, this condition being noted in a manner analogous to test 40c.
• the end of evaluation step for the right considered FE of step 40b is called.
• the AR right registered in the card is considered valid from the point of view of the definition of the corresponding access mode vis-à-vis the access criterion designated by the broadcaster corresponding controls.
• the verification steps 40a, 40c, 40d in fact correspond to a verification of the access mode and of the compatibility of the access modes registered with the subscriber as an access right with respect to the criteria of access transmitted by ECM control messages.
• the process for verifying the aforementioned access mode is then followed, on a positive response to the test step 40d, with a temporal verification of the access mode under the following conditions: the aforementioned temporal verification applies to three different situations depending on whether the AR access right registered in the subscriber's access control module, or in the terminal of this last, corresponds to a right to fixed dates, to a right to activable dates or to a right without date.
• variable Validity of the access right AR corresponds to a start date and an end date of the right. These dates are generally designated by Dates and the Date variable of each access criterion ACAR, ACU is designated by Date A c-
• the temporal verification of the access mode can consist in carrying out a 40th test consisting in verifying whether the dates Dates defining the validity variable Validity of the access right constitute fixed dates.
• a 40f test is called, which consists in checking whether the date Dat ⁇ Ac of the access criterion is understood, in the broad sense, between the start date and the end date of the abovementioned right of access.
• the 40f test checks the relationship: Dat ⁇ To this Validity where Validity represents the fixed dates Dates of the registered access right AR.
• step 40g On negative response to test 40f, an end of evaluation step 40g, similar to step 40b previously mentioned, is called. This step may include an alarm intended to inform the user subscriber.
• a test 40i which consists in checking whether the registered access right AR includes activatable dates.
• a 40j test is called, which consists in checking whether the date of the access criterion Dat ⁇ Ac is less than or equal to the expiration date of the registered access right AR.
• the 40j test checks the relationship:
• an end of evaluation step 40k analogous to the preceding step 40b, is called, an alarm being able to be triggered at the level of the remote terminal or of the descrambling terminal.
• step 401 On the contrary, on a positive response to the test 40j, a step 401 is called.
• the right to activatable date is activated, that is to say that this right is transformed into a right on fixed dates.
• This operation is carried out in step 40n, the transformation operation consisting in taking as the fixed start date of validity the current effective date, Date, contained in the access control message, taking into account the agreement given by the maid.
• Step 40n can then be followed by a return to the right criteria verification process on fixed dates, that is to say by a return upstream of the test 40f for example, to ensure similar subsequent management for example of the right to fixed dates thus created by the user.
• a step of requesting agreement 40m is called, this step being followed by a return upstream of the test step 401 to continue the process.
• a verification test 40p is called, which consists in verifying that the registered AR right is a right undated, that is to say a right whose Validity parameter is in fact not specified, the right, in this case, can be validated.
• the Access control process is continued by the call of the aforementioned step 40h, no control being carried out on the date of the transmitted access criterion.
• the process described in connection with FIG. 4b allows the acquisition of a unit by acquisition operation, such as impulse purchase, via an electronic token holder stored in the subscriber's access control module or in the card of it.
• the protocol object of the present invention appears particularly remarkable insofar as, due to the similar coding mode of the electronic token holders PU and the access rights AR, the same test criteria can be applied substantially to the electronic token holders and to the AR registered access rights for this reason.
• test steps 40a, 40c and 40d no longer relate to the identifiers of the access rights and the access criteria respectively of the sub-identifiers of access rights and of access criteria and level of access criteria and access rights, but, on the contrary, respectively on electronic token holder identifiers, electronic token holder sub-identifiers and cost of the operation of acquiring a token holder electronic vis-à-vis the remaining units in the electronic token holder entered in the subscriber's card.
• PurseldAc Purseld, the identifier of the token holder transmitted by the ACU access criterion is equal to the identifier of the Purseld token holder entered in the subscriber's card;
• Cost AC (PUId, UC) with UC ⁇ CO the cost of the operation of acquiring a right via a token holder entered in the card is less than or equal to the remaining CO units of the token holder of the subscriber.
• steps 40e, 40f to 40m, 40p, 40q represent the same test and / or operation steps as in the case of FIG. 4a, the variables Dat ⁇ A c and Validity representing however the date of impulsive acquisition of the right by an electronic token holder respectively the validity variable.
• step 40n in FIG. 4b does not concern the transformation of the right to fixed dates, as in the case of FIG. 4a, but the transformation of the electronic token holder into a token holder on fixed dates, under operational conditions similar to those in Figure 4a for the acquired right of access.
• the request for agreement 40m may consist, on the one hand, in the request for agreement for the activation the electronic token holder, which is transformed into an electronic token holder with fixed dates and, on the other hand, into the request for a final purchase agreement for the unit in question.
• step 40h is called, for which the evaluation or the evaluation variable EVC is considered to be true.
• a unit consumption parameter designated by UC archiving, is stored, this parameter can be characterized by the identifier and sub-identifier of units resulting from the operation and the number of units consumed with l identifier and sub-identifier of the electronic token holder associated with these.
• This operation is carried out in step 40ha, prior to step 40h for example.
• FIG. 4c Purchase_AR; This operation comprises the same steps 40a, 40b, 40c, 40d allowing the implementation of the access mode verification as in the case of FIG. 4b.
• the different variables represent, for these tests, the same elements as in the case of FIG. 4b.
• Step 40ha is then followed by a step 40hb of recording the right proper at the level of the access control module available to the subscriber.
• Validity designates the validity variable of the electronic token holder inscribed in the card and Dat ⁇ Ac designates the date on which the operation is actually executed.
• FIG. 4d Purchase_PU; This operation allows the impulsive purchase of a new electronic token holder via an electronic token holder registered in the subscriber's access control module if the conditions below are satisfied.
• the process represented in FIG. 4d comprises the same steps for verifying the mode of access with tests 40a, 40c, 40d, then of temporal verification of the mode of access, steps 40e to 40h, 40i to 40n, 40p, 40q and 40ha being identical to those of FIG. 4c for this reason.
• the step of evaluating the constraints of the access rights and the electronic token holder acquired preferably comprises a step of verifying the mode of access and the compatibility of the rights registered with regard to the access criteria, then, in the case of the aforementioned figures, a step of temporal verification of the access mode.
• command messages can be programmable, so as to include a logical combination of conditions whose binary result of the True or False logical verification makes it possible to generate a conditional branching of actions, these actions being processed sequentially by the terminal or the destination security processor.
• the protocol which is the subject of the present invention in particular for achieving the combination of different access modes, appears to be particularly well suited to applications in point-to-multipoint transmission when the data is transmitted in a scrambled manner. , as described previously in the description.
• a point-to-multipoint transmission mode is not limiting and it is entirely it is conceivable to transmit the data in clear, or even in scrambled form, by a point-to-point transmission via an IP type transmission protocol for example.
• the protocol which is the subject of the present invention, in this application for combining distinct access modes will be described when the latter is implemented from a transmission center CE to a descrambling terminal denoted T, equipped with an access control module CAM, formed for example by a microprocessor card and equipped with a security processor PS ,.
• the emission center CE can advantageously include, as shown in FIG. 5, a subscriber commercial management system, noted SGC, connected to a unit managing ATM access titles, the assembly allowing '' generate messages, called subscription management messages or EMM messages for Entitlement Management Messages.
• the EMM messages are transmitted to a messaging broadcaster DM and a data collector makes it possible to collect data from each subscriber via a return channel, such as for example the switched telephone network or the like.
• the return channel makes it possible to ensure the return of fundamental information in order to carry out invoicing for example and thus remunerate the broadcaster or the beneficiaries of the latter.
• the data collector is of course directly connected to the system managing the GTA access titles.
• a CTA access ticket controller generates control messages called ECM messages for Entitlement Control Messages.
• the set of EMM messages and ECM messages delivered by the messaging broadcaster DM respectively by the CTA can then be multiplexed with the data in clear, which, before transmission, can be coded and then scrambled in a manner known as such.
• the transmission to the descrambling terminal is then carried out either by satellite or by terrestrial cable for example.
• the ECM messages containing the cryptogram of the control words can then make it possible to descramble the data scrambled on reception at the level of the descrambling terminal T, taking into account the existence of access rights AR and / or of electronic token holder PU registered in the access control module CAM ,,, as described previously in the description.
• access control by subscription can be carried out on the basis of a criterion by right of access, as described in connection with FIG. 4a by a message of the Control_ACAR type.
• impulse purchase offers associated with the program allow access, such as:
• the protocol which is the subject of the present invention then consists in synchronizing the following messages, ECM messages and EMM messages, the aforementioned EMM messages being designated EPM messages because of the access mode offer offered by the latter.
• the message ECM comprises the logical combination of the decryption of the control word at the level of the security processor PS, associated with the descrambling terminal and with the execution of the decryption of the control word CW from the key current operations.
• variable Storable corresponds to the possibility of registration or not by the user.
• the access mode control process will now be described in two distinct situations corresponding on the one hand to the case where the subscriber already has the subscription plan and / or on the other hand, the subscriber does not have the plan number of subscriptions, package number B. In the latter case, he must acquire the subscription package, then the subscription in this package to be able to access the broadcast program.
• the subscriber's access control module contains:
• the procedure for checking the access mode is as follows: the subscriber will charge his access mode in his subscription plan B.
• ECM message the subscriber does not access the broadcast data program because he does not have the subscription.
• the descrambling terminal T performs a search for proposals for access mode by impulse purchase associated with the scrambled data program broadcast. He presents these proposals to the CAM access control module.
• EPM impulse purchase messages • Processing of EPMi, Purchase_AR message, according to Figure 4c.
• the proposed mode of access indicates that the right can be purchased through a Purseld type 20 token holder for a cost of 1 depending on the conversion rate.
• table T3 the concepts of unit conversion rate and overdraft, if any, correspond to the concepts previously defined in the description. The same is true for the validity variables.
• the data in this table can correspond, for example, to the data on the consumption of access rights and to the subscription associated with the previous consumption, as described previously in connection with table T4.
• these contents of the statement are not accessible in writing by the user and can be transmitted as a statement of consumption to the emission center CE by the return channel.
• the CAM access mode module contains:
• the procedure for controlling the access mode is as follows:
• the terminal T f performs a search for acquisition proposals in impulse mode associated with the broadcast program. These proposals are presented to the CAM f access control module.
• the acquisition proposal indicates that the subscription package A can be purchased via a token holder type 10 for a cost of 10 units of account.
• the credit allocated to the latter is none other than a type 10 token holder (see Table T6) valid on the date of purchase. The number of units equal to 50 is sufficient.
• the subscriber's card responds with an agreement request indicating the package used, this agreement request corresponding substantially to the test operation £ 40 in FIG. 4c. The subscriber can then acquire the subscription package via his credit and he can then buy the subscription through this package which is also a type 20 token holder.
• the re-transmission of impulse purchase EPM 2 messages causes the purchase of the subscription package A with the credit that is debited.
• the processing of the EPM T message of the Purchase_AR type is as follows: the proposed acquisition of access mode indicates that the right can be acquired via a type 20 token holder for a cost of one unit account (Confer the wording of the corresponding message in table T2).
• the credit data simply indicating the existence of an electronic token holder of type 10, token credit.
• the CAM access control module responds by notifying the absence of a relevant electronic token holder. The subscriber cannot therefore acquire the required subscription.
• the subscriber accesses the broadcast program, because he has, of course, the subscription.
• the card contains the information stored below, according to table T7: Table T7 Labels and conversion rates in the card (Private data)
• This information includes the labels and conversion rates in the card in the form of private data.
• the data stored in the card contains data relating to the consumption of access rights, data from subscription plan A associated with the preceding consumption, data from consumption of access rights, the service plan. subscription A associated with the previous consumption and the subscription associated with the previous consumption being explained.
• statement content information can then be established according to table T8:
• the data in table T8 can correspond to the data on consumption of access rights, subscription package A associated with the previous consumption, consumption of access rights and subscription associated with previous consumption, data which can only be read by the user.
• a combination of generic access modes can be implemented by synchronization of a succession of ECM messages and EMM messages.
• a control of the access mode by criterion per unit of quantity of data accessed can be carried out from an access mode by criterion by nominal access right, through a proposal d acquisition in impulsive mode of right of access respectively of electronic token holder.

Landscapes

• Engineering & Computer Science (AREA)
• Multimedia (AREA)
• Signal Processing (AREA)
• Databases & Information Systems (AREA)
• Computer Security & Cryptography (AREA)
• Computer Graphics (AREA)
• Storage Device Security (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=8870391

Family Applications (1)

Country Status (8)

Families Citing this family (24)

Family Cites Families (8)

• 2001
  • 2001-12-12 FR FR0116059A patent/FR2833446B1/fr not_active Expired - Fee Related
• 2002
  • 2002-12-09 KR KR1020047008973A patent/KR100847338B1/ko not_active IP Right Cessation
  • 2002-12-09 US US10/498,320 patent/US20050108563A1/en not_active Abandoned
  • 2002-12-09 AU AU2002364820A patent/AU2002364820A1/en not_active Abandoned
  • 2002-12-09 CN CNB028280385A patent/CN100367796C/zh not_active Expired - Fee Related
  • 2002-12-09 WO PCT/FR2002/004237 patent/WO2003051055A1/fr active Application Filing
  • 2002-12-09 EP EP02801107A patent/EP1454489A1/de not_active Withdrawn
  • 2002-12-09 JP JP2003551996A patent/JP4249626B2/ja not_active Expired - Fee Related

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events