Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
  • G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/60—Protecting data
  • G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
  • G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
  • G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
  • G06F21/82—Protecting input, output or interconnection devices
  • G06F21/84—Protecting input, output or interconnection devices output devices, e.g. displays or monitors
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2149—Restricted operating environment

Definitions

• the invention relates to a method for controlling access to an audiovisual system by a plurality of users, and an apparatus for managing access control according to the method.
• Documents such as a simple text, or photos, or audio content, or audiovisual content may be subject to limited distribution.
• One way to control access to devices or documents is to lock them with a password. Once the password is entered on the keyboard and controlled, access is allowed to obtain specific information, downloading a file or document, viewing content, etc. But the password can be given to another person and therefore, does not allow to deliver access to a particular user.
• each user in front of a device identifies himself with a code, for example by entering a number on a remote control.
• a user administering the device introduces access rights for other users, for example, a parent sets access rights for a TV set-top box to children.
• Another way is to have the service provider define the access rights to users himself.
• Another solution is to provide the user with a secure and personalized smart card.
• the user enters his smart card into a reader of the device and identifies himself by his password.
• the fact that the secret information is stored only in the smart card allows granting access to the holder of this card.
• RFID contactless cards or microwave tags
• These objects contain an integrated circuit connected to a coil.
• the coil is for example a copper wire on a printed circuit.
• the coil subjected to an electric and / or magnetic field, produces an electric current which supplies the integrated circuit and allows it to transmit information via this same coil.
• the integrated circuit contains a memory and a reader of a code written in the memory. This code is emitted in series, superimposed on the electromagnetic field and can be picked up by an antenna. Since this code identifies the circuit, if the circuit is associated with an object, this object is also identified by the code.
• microwave tags are more and more numerous. For example, they are affixed to an object or incorporated in an object for payment at checkouts without human intervention in supermarkets.
• the very low cost of the labels allows a very wide diffusion to be used in association with very many objects.
• most users have microwave tags on them that emit a certain code. This particular code can be used to identify the owner of the object, which is typically a garment, or jewel, or any object it carries on it. Once the intended use during implantation is complete, the labels are no longer useful. It is then possible to associate in an audiovisual system equipped with a detector the presence of RFJD objects, a code issued to a user. Once the association is made, the audiovisual system is able to identify any user who is nearby. But he is not easy to set access rights when multiple users with different access rights are present.
• the document EP 1 760 621 filed by SAP AG describes a control of access to confidential information.
• People carry an RFID tag that contains a code that defines a level of security associated with the person. If a person not authorized to see information on a screen is detected near said screen, then the screen is automatically inhibited and nothing is displayed. In this way, even if an authorized person is present, the information will not be displayed to unauthorized persons.
• the document US 2003/0327243 filed by GRUTESER describes an information display system visible by a plurality of people present. A certain level of confidentiality is associated with the documents. People are provided with RFJD tags to identify them. If a person detected by his label is not authorized to view the information, it is not displayed. Similarly, if a person is detected by other means, a camera for example, but does not have a microwave tag, it is considered to be ineligible.
• the present invention will make it possible to use contactless dialogues or tags to perform an access control taking into account all the access rights of each user present.
• An object of the present invention is a method of controlling access to services provided by an apparatus to a plurality of users having particular access rights and located at a distance to receive signals transmitted by radio transmitting means, each user carrying on it at least one of said radio transmission means transmitting a specific code; characterized in that it comprises the following steps: - selection of a service associated with access rights,
• the device detects the users nearby and aggregates the access rights in order to grant or not access according to the users present.
• the aggregation of rights gives access to the services for which all the users present have individual access.
• the service offered by the device respects the access rights of each of the users present.
• one of the users has private access rights for a service, access to this service is granted to this user only if he is the only one present. In this way, it is possible to exclude access to a user when another user has a private right to the selected service.
• the service whose access is private is delimited in time or conceded for a given event, access is then allowed to other users present around the device at the end of the specified time or time. 'event. In this way, the device automatically detects the end of the private right, the end of the broadcast of a program for example, and gives overall access to all users present following this period or this event.
• the aggregation of rights gives access to this service if all the users present have individual access to this service and if one of them they pay the right of access.
• the invention also proposes an electronic system delivering at least one service to a plurality of users having particular access rights and situated at a distance enabling signals transmitted by radio transmission means to be received, each user relating to at least one of said radio transmission means transmitting a specific code; characterized in that it comprises:
• a means for selecting a service associated with access rights means for receiving the codes transmitted by the radio transmission means carried by the users,
• a means for identifying the users present by the codes transmitted by the radio transmission means a means for aggregating the access rights of all the users identified by the codes transmitted by the transmission means; means of allocating access to the service if the code of at least one user present authorizes access to this service.
• Such a device makes it possible to receive a command for selecting a service, to detect the users and to aggregate the access rights so as to grant or not access to this service according to the users present.
• FIG. 1 shows a known scheme of use of radio tags for the identification of previously referenced objects.
• FIG. 2 is an electronic system for detecting labels and granting access to services for users.
• - Figure 3 shows an example of a radio tag detection system installed in a living room.
• FIG. 4 presents a screen appearance with a window showing the different identifiers associated with the detected tags.
• FIG. 5 presents a flowchart of steps according to an exemplary embodiment.
• Electronic tags covers any contactless dialogue object, whether it is smart cards, or electronic tags or “radio tags” in English terminology, or in abbreviated RFID ( “Radio Frequency Identification”).
• Electronic tags consist of an electronic circuit and an antenna.
• the electronic circuit contains a code stored in a memory.
• a coil allows both circuit power and communication.
• the circuit is fed and emits automatically and serially its code on the air.
• the code of a label is similar to the bar code according to ISO 15693-3. In the exemplary embodiment described below, it is possible to use the last sixteen hexadecimal codes.
• passive and active tags There are passive and active tags, the latter have their own power supplies (battery, battery, solar cell, ).
• the passive "current" version operates between 125 and 135 KHz and is searchable from a few centimeters to 0.50 meters.
• a more elaborate version, still passive type operates at 13.56 MHz (ISO 15693-3) and is searchable up to a few meters.
• the electronic tags are intended to be contiguous for example to very high consumption products such as food products, or clothing.
• the versions detectable at a few meters are used in the marking of products of higher cost, for example leather jackets, silk scarves, ...
• These labels because of their tiny size (2 mm 2 or 3 mm 2 to 0.1 mm 2 ) are almost impossible to detect by the eye. The buyer has no reason to withdraw them.
• Figure 1 shows the prior art consisting of a conventional scheme of using electronic tags associated with objects.
• Electronic tags are glued or attached to objects which allows them to be referenced.
• Labels readers detection portal, portable readers, detector on the shelves
• local servers make it possible to count the stocks of objects, and at the final moment to identify the purchase by a user.
• FIG. 2 illustrates an electronic system comprising several devices including an apparatus 1 giving access to services and a display device 2.
• An apparatus 1 comprises a central unit 3 connected to a memory 12 composed of a program memory (ROM), a working memory (RAM), and a non-volatile memory to keep data such as user access rights.
• the device 1 also has an interface 5 for communication with a high-speed local digital bus 6 for transmitting audio / video data in real time.
• This network is for example an IEEE 1394 network.
• This digital bus also makes it possible to send data to a server.
• the receiver can also receive audio / video data from a broadcast network through a reception antenna associated with a demodulator 4.
• the apparatus further comprises an infrared signal receiver 7 for receiving the signals of a remote control 8, and audio / video decoding logic 10 for generating the audiovisual signals sent to the television screen 2.
• the apparatus 1 also has a clock 9 and a circuit 11 for displaying data on the screen , often called OSD circuit, of the English "On Screen Display” (meaning literally "on-screen display”).
• the OSD circuit 11 is a text and graphics generator which makes it possible to display on the screen menus, pictograms (for example, a number corresponding to the channel displayed), or which makes it possible to mix two audiovisual contents.
• the OSD circuit is in particular controlled by the Central Unit 3 associated with an executable module for managing the tags.
• This program module is typically implemented in the form of a resident executable code module in read-only memory 12 and data stored in working memory.
• the program module can also be realized in the form of a specialized circuit of the ASIC type for example.
• the apparatus 1 is connected to a radio interface 13 comprising an antenna making it possible to come into radio-frequency contact with electronic tags within a certain radius of action and to receive from them the codes entered in their memories.
• the radius of action of the antenna equipping the apparatus 1 is directly proportional to the power of the electromagnetic field emitted by this antenna. Currently, the radius of action is around 3 meters.
• the antenna of the apparatus 1 is preferably on the front face to detect the labels located at the front of the device.
• the system can triangulate the position of each tag.
• the device can indicate the location of each label allowing the wearer to easily identify themselves within a group of users.
• Figure 3 shows an example of a radio tag detection system installed in a room, the living room for example.
• the system is implemented in a decoder connected to a television screen.
• the electromagnetic field detects labels worn by three users, two labels applied on two chairs, one applied to the couch and a label attached to the pot of a plant.
• the system will try to identify the people carrying the label.
• the system exploits the acquired knowledge by associating them with the access rights and possibly the profile of the users who are detected close to the device.
• the first step is to associate the codes issued by the tags with one or more users. This is only possible if the label is worn by a user and not attached to a fixed object. A label attached to a wall or appliance chart can not be used to identify someone.
• the system will therefore, by learning, analyze the incoming and outgoing tags of the volume covered by the antenna of the interface 13. The learning step occurs as soon as there is a change in the environment of the tags around the device 1. This step consists of identifying all the tags that respond to the emission of the electromagnetic field emitted by the antenna of the device 1, and associating them with a clearly identified user, or possibly an object.
• the system comprises the apparatus 1, the control screen 2 and a keyboard connected or not to the apparatus 1 (for example a remote control 8) to receive commands from the users.
• Other user interfaces are possible, for example speech synthesis associated with a voice recognition system for collecting user information.
• the device 1 analyzes its environment and receives a number of codes from labels. The number of codes and the codes issued by the labels are displayed on the screen 2.
• this information appears in a window of the screen that the user can position at a place where the image is irrelevant, for example bottom left of the screen. Then, the users will enter and exit the detection radius of the tags transmitted by the antenna.
• the device 1 activates the radio interface which emits an electromagnetic field allowing the labels to send their codes.
• the program module compares all received codes with the one from the last scan. If a change occurs, that is, when a label appears or disappears from the field, the learning step is started by displaying a banner on the television screen 2. This banner indicates to the users present in front of the screen. screen the nature of change.
• Message I Message I
• Appearance of the code label 52B6 559F D524 2BE6 Give the name or number of the associated user: ..
• the user finds that approaching the system the message I appears or, that moving away the message II is displayed, then it can associate with the code of the label displayed by entering either its identifier , his name.
• the identifier is a number from 1 to 9.
• the name can be entered letter by letter using a menu with all the letters, a cursor that can be positioned on a letter using the keys. direction and an "OK" key to validate the letter on the cursor.
• a user can also bring an object into the detection radius and, in doing so, display a type I message. Having placed the object, if the user withdraws without causing the appearance of the message II then he concludes that the label is applied to the object. He then introduces using the keyboard code "0" indicating that this label is not associated with a user but an object considered immobile.
• the step of using the label management system consists in presenting the list of identifiers associated with each label that is in the electromagnetic field emitted by the device 1 or another device that has received device 1 the data associating the codes of the labels and the identifiers of associated users.
• the list is in the form of a window appearing, for example, at the top left of the screen 2.
• FIG. 4 shows a screen appearance with a window at the top left showing the state of the various tags detected.
• the window contains the following message:
• This text means that a label associated with Viviane, and two labels associated with Jocelyn have been detected, that seventeen labels associated with objects have been detected (including 15 to DVDs), and finally that two tags detected have not been detected. have been associated with a user or object during a learning step.
• the appearance and disappearance of this window are controlled by a specific key of the remote control 8.
• Another way of doing, possibly in addition to the first, is that the window appears at each change and disappears after a programmable duration, ten seconds for example. If the device is only audio type, a message developed by speech synthesis and content identical to the displayed messages described above, is issued by the device.
• the wallpaper program respects the rights of the two recognized users.
• the apparatus 1 establishes a lookup table associating tag references with user identities.
• the display of the window illustrated in Figure 4 gives an indication of the persons identified by the system.
• Each person likely to use the audio-visual system 1 has his access rights entered in the memory 12.
• There are several ways to introduce such rights For example, an administrator launches a configuration menu that presents a menu with the names of the users, and introduces the access rights for each user.
• a simple means of determining rights in the audiovisual field a scale of 1 to 4 of the level of morality where 1 represents a document accessible to all public and 4 a document visible only to adults.
• the memory 12 of the device maintains in its non-volatile portion 1 a table associating a user identity and a morality level. If the user is a child, its associated level is 4 and if it is an adult, its level is 1. If the person detected in front of the device 1 has a moral level of a value of 2 for example, the The apparatus only provides access to documents having an attribute of a morality value of 1 or 2. According to a preferred embodiment of the invention, if several users are present, the apparatus 1 will compare the associated morality levels. to each user and according to a first so-called "restrictive" strategy, the device 1 will choose as a reference, the one having the most restrictive profile.
• the level of morality is that of this child, that is to say: 1. If on the other hand, the device 1 detects 3 adults, each one being associated with the level the higher right, the reference value is the highest: 4. As a result, the aggregation of rights is to grant all users present the rights of the user who has the least.
• the table below illustrates the restrictive strategy:
• FIG. 5 representing a flowchart of steps of the program module executable by the device 1 according to an exemplary embodiment.
• This device is for example a television decoder designed to receive audiovisual services.
• a user selects a service (step 5.1), an audiovisual channel for example, using the remote control 8.
• the device receives the codes issued by the labels present in its environment .
• the device identifies the users present and extracts their access rights from the memory 12 (step 5.3).
• the apparatus 1 aggregates the access rights of the users present.
• the restrictive strategy described above consists of comparing all levels of access rights and retaining the most restrictive level. The rest of this document describes other strategies.
• the device tests whether the aggregated rights allow to watch the program broadcast by the selected service (step 5.5). For this purpose, the program module compares the access right associated with the program broadcast with the aggregated right.
• a message informs the decision of the device using a message displayed.
• this message specifies which user is present who is not authorized to use the service.
• a message is for example of the type: Message IV
• step 5.8 the apparatus 1 periodically analyzes the presence of the labels and remains in the same state as long as no appearance of new labels or disappearance of label occurs.
• the device jumps to step 5.2 to re-detect the present tags and re-aggregate the access rights of the users identified by the tags. The program will therefore loop constantly until the device turns off.
• Another strategy is possible to calculate the aggregation of rights.
• the device allows access to a paid service and that one of the users is a subscriber with the right to access this service. It will therefore be able to benefit other users present.
• the aggregation of rights is to grant all users present the rights of the user who has the most.
• the table below illustrates the expanded strategy:
• the user 1 who has the most rights in fact benefit the other two users. If subsequently, the user having acquired the right to access the service leaves, the remaining users continue to benefit from access to this service since it has been paid. The cessation of access occurs at the end of service or when the device is turned off.
• access rights may be set at the program level, or at the service provider or document producer level. It is possible, for example to reference an audiovisual channel with a global level of rights, a chain of cartoons for children will be referenced level 1 whatever the program broadcast. Another example is that of certain pornographic Internet site, the access to such a site is restricted to an adult audience, whatever the request of the user navigating on this site.
• a user's access right contains signaling specifying a private access to a service, that is to say taking into account the possible presence of another user.
• This strategy is for example implemented when a user has a subscription to access a website, a site for example for downloading and reproduction online audiovisual documents. The provider of this service may require that access to its site be restricted to its subscribers only. So, if the device 1 detects the presence of another user who is not a subscriber of this service, then access is denied.
• This strategy can lead to the following situation: two subscribers each having private access to a service, both services being different. If the two subscribers are together, they will have access to any service while if they are alone in front of the device 1, everyone has access to its service.
• a user has a private right to a service indefinitely, or for a specific period, or for a specific event. For example, a user is allowed to receive an event, for example an audiovisual program, and to view it. Then access to the channel that broadcasts this program becomes non-private.
• an event for example an audiovisual program
• the electronic tag is used to identify the wearer.
• the electronic tag also includes a programmable memory containing the access rights associated with the user.
• a communication is established enabling the tag to transmit the rights of the user to the device.
• the device does not need to maintain a database to associate the users, their identification codes and their rights.
• the electronic tag is then used to identify the user and also to carry his rights. Secure communication between the label and the device is advantageously put in place to prevent fraud. This communication is for example the same type as that between a contactless smart card and a card reader that gives access to a service.
• the present invention makes it possible to control access to programs, remote sites, audio-visual channels, games, and generally relates to any device delivering a service at the request of a user.
• the present invention can also be used to propose to all the users present lists of services accessible according to their access rights.
• the display of the list of services offered has two parts, the first presents the services accessible without any specific condition, the second includes paid services that require the agreement of at least one of the users to be offered.
• Access rights do not specify a preference between a service or another, that is, the service is accessible or not.
• the accessible services are listed in an order that is based on the preferences of the users present. These preferences are stored in the device 1, or downloaded from the smart cards held by each user. In this way, if among the accessible services, some correspond particularly to the preferences of the present users, they will be put first in the displayed list.

Landscapes

• Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Computer Hardware Design (AREA)
• Computer Security & Cryptography (AREA)
• General Engineering & Computer Science (AREA)
• Software Systems (AREA)
• General Physics & Mathematics (AREA)
• Physics & Mathematics (AREA)
• Bioethics (AREA)
• Health & Medical Sciences (AREA)
• General Health & Medical Sciences (AREA)
• Databases & Information Systems (AREA)
• Signal Processing (AREA)
• Medical Informatics (AREA)
• Multimedia (AREA)
• Computer Networks & Wireless Communication (AREA)
• Storage Device Security (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=40934002

Family Applications (1)

Country Status (5)

Families Citing this family (4)

Citations (1)

Family Cites Families (2)

• 2008
  • 2008-12-15 FR FR0858615A patent/FR2939930A1/fr not_active Withdrawn
• 2009
  • 2009-12-15 JP JP2011541397A patent/JP2012512475A/ja not_active Withdrawn
  • 2009-12-15 KR KR1020117013539A patent/KR20110095331A/ko not_active Application Discontinuation
  • 2009-12-15 WO PCT/EP2009/067215 patent/WO2010069968A1/fr active Application Filing
  • 2009-12-15 EP EP09797016A patent/EP2366165A1/de not_active Withdrawn

Patent Citations (1)

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events