Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L63/00—Network architectures or network communication protocols for network security
  • H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
  • H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
  • H04N21/25808—Management of client data
  • H04N21/25816—Management of client data involving client authentication
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
  • H04N21/25866—Management of end-user data
  • H04N21/25875—Management of end-user data involving end-user authentication
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
  • H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
  • H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
  • H04N21/433—Content storage operation, e.g. storage operation in response to a pause request, caching operations
  • H04N21/4334—Recording operations
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
  • H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
  • H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
  • H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
  • H04N21/4408—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream encryption, e.g. re-encrypting a decrypted video stream for redistribution in a home network
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
  • H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
  • H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
  • H04N21/47—End-user applications
  • H04N21/478—Supplemental services, e.g. displaying phone caller identification, shopping application
  • H04N21/4788—Supplemental services, e.g. displaying phone caller identification, shopping application communicating with other users, e.g. chatting
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
  • H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
  • H04N21/632—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing using a connection between clients on a wide area network, e.g. setting up a peer-to-peer communication via Internet for retrieving video segments from the hard-disk of other client devices
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
  • H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
  • H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
  • H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
  • H04N21/26609—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM] using retrofitting techniques, e.g. by re-encrypting the control words used for pre-encryption
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
  • H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
  • H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
  • H04N21/633—Control signals issued by server directed to the network components or client
  • H04N21/6332—Control signals issued by server directed to the network components or client directed to client
  • H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
  • H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
  • H04N7/00—Television systems
  • H04N7/16—Analogue secrecy systems; Analogue subscription systems
  • H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
  • H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

• the invention relates to a method for protecting a recorded multimedia content allowing the sharing of this recorded multimedia content between a set of several recorders and of several multimedia content players connected to each other via a long-distance network for transmitting information.
• the invention also relates to an authorization server, a sharing server, a recorder, a reader and a headend for the implementation of this method.
• the scrambling of the multimedia content makes it possible to submit the descrambling of these multimedia contents to the acquisition, for payment, of an access ticket the validity of which is verified at each access to the multimedia contents.
• a sharing network is a peer-to-peer network better known as peer-to-peer network.
• the sharing is done using hosted servers.
• a network head broadcasts scrambled multimedia content on a channel and Entitlement Control Message (ECM) messages containing CW 3 cryptograms of CW control words each for descrambling a respective cryptoperiod of the scrambled multimedia content,
• ECM Entitlement Control Message
• any one of the recorders receives the scrambled multimedia content and the ECM messages and decrypts the cryptogram CW 3 contained in the received ECM message with a subscription key Ka and protects the scrambled multimedia content from being read using a key KH e encrypting the control words decrypted with the local key KH e to generate cryptograms CW 6 ,
• the recorder records the cryptograms CW 6 and the multimedia content scrambled with the control words CW, [005]
• the recorder is implemented in a terminal inside which is also implemented a reader for reading or playing, in clear, the recorded multimedia content.
• in clear is meant that the multimedia content read is directly perceptible and understandable by a human being.
• the multimedia content in the clear is the result of a correct descrambling of the scrambled multimedia content.
• the local key KH e is generated locally by the terminal and kept secret in a security processor. Thus, only the player of this terminal can play in clear the recorded multimedia content protected by means of this key.
• the invention aims to remedy this disadvantage while preventing the sharing without any restriction of the recorded multimedia content through sharing networks.
• the invention therefore relates to a method of protecting a multimedia content in which:
• an authorization server common to all the readers, receives an identifier of the channel on which the multimedia content has been broadcast by the head of the network, e) in response to a request for reading the recorded multimedia content, by any of the readers, the authorization server determines whether or not this player is allowed to descramble the multimedia content recorded on this channel according to the access permissions associated with the reader and the received channel identifier.
• the cryptograms CW 6 are decrypted with the key KH e then CW control words and decrypted are re-encrypted with a local key KHI player and finally the cryptograms CW 1 are transmitted to the reader, and
• the reader downloads the scrambled multimedia content recorded by the recorder, receives the cryptograms CW 1 and decrypts them with its local key KHi then descrambles the downloaded multimedia content with the decrypted CW control words.
• the playback of multimedia content recorded on a channel is only possible if the player is associated with access permissions allowing him to view a recording of this channel.
• the operator of the channel can control the sharing of the recorded multimedia content in the same way that he can control which players are allowed to descramble in real time the multimedia content broadcast on this channel.
• descrambling in real time is meant the descrambling of the multimedia content as it is broadcast by the headend.
• control of access permissions is performed by an authorization server separate from the reader, which increases the robustness of the process vis-à-vis hacking attempts.
• the robustness of the method is also ensured by the fact that the cryptograms of the control words for descrambling the recorded multimedia content are only constructed if the reader is authorized to view this channel.
• step a) the broadcast ECM messages contain the identifier of the channel, the authorization server also receives the cryptograms CW 1 associated with the received string identifier, and the authorization server:
• the recorders each store in a memory space of its own or the multimedia content it has recorded, a sharing server, common to all recorders, builds a catalog containing at least one identifier of each associated recorded multimedia content at least one identifier of the recorder storing said recorded multimedia content, in response to the selection, in this catalog, by any one of the readers, of an identifier of a recorded multimedia content, the reader receives at least the one of the recorder identifiers storing this recorded multimedia content and downloads, through the long distance network of transmission of information, the multimedia content recorded from the recorder (s) whose identifier has been received;
• a sharing server common to all the recorders, constructs a catalog containing at least one identifier of each multimedia content recorded by the recorders, associated with a list of several recorder identifiers that recorded this multimedia content, in response to the selection, in this catalog, by any of the readers, of an identifier of a multimedia content, the authorization server attempts to establish a connection with a recorder corresponding to one of the recorder identifiers of the list associated with the identifier of the selected media for the cryptograms CW 6 and, if the connection fails, the authorization server attempts to establish a connection with another recorder corresponding to one of the other identifiers from the same list;
• the recorder transmits to the sharing server, the identifier of the recorded multimedia content and its own recorder identifier, and the sharing server constructs the catalog from the transmitted information. by the recorders;
• the headend transmits each associated ECM message with a current time fragment identifier, the string being divided into a multitude of successive time fragments so that the recorded multimedia content is distributed over a plurality of time fragments, the identifier fragment identifier uniquely one of these fragments and the current fragment identifier identifying the temporal fragment of the channel being broadcast by the headend, the duration of a temporal fragment being greater than or equal to the duration of a crypto,
• a sharing server common to all the recorders, constructs a list associating, for each complete fragment recorded by a recorder, the identifier of this fragment and at least one identifier of a recorder having recorded this complete fragment, and
• step g) for each fragment of the multimedia content, the recorder from which the cryptogram CW 6 can be obtained is identified by means of the recorder identifier associated with the identifier of this fragment in the list and this cryptogram CW 6 is obtained from the register thus identified;
• the head end transmits each associated ECM message with a current time fragment identifier, the string being divided into a multitude of successive time fragments so that the recorded multimedia content is distributed over a plurality of time fragments, the fragment identifier uniquely identifying one of these fragments and the current fragment identifier identifying the temporal fragment of the channel being broadcast by the headend, the duration of a temporal fragment being greater than or equal to the duration of a cryptoperiod,
• a sharing server common to all the recorders, constructs a list associating, for each complete fragment recorded by a recorder, the identifier of this fragment and at least one identifier of a recorder having recorded this complete fragment, and
• the reader identifies the recorder from which this fragment can be downloaded by means of the recorder identifier associated with the identifier of this fragment in the list and then downloads this fragment from the recorder identified;
• the sharing server selects only from the identifiers of these recorders a smaller number of recorder identifiers according to:
• the sharing server associates, in the constructed list, the identifier of this multimedia content or fragment only with the identifiers of selected recorders;
• the recorder In response to the recording of a complete fragment of the multimedia content, the recorder transmits to the share server the identifier of this complete fragment and its own recorder identifier, and the sharing server builds the list from these fragment and recorder identifiers passed.
• the use of a list of several recorder identifiers makes it possible to limit the errors caused by the disconnection of a recorder from the network; the use of fragments makes it possible to obtain the different control words necessary to display the multimedia content even if this multimedia content has not been recorded in its entirety by one and the same recorder;
• fragments makes it possible to download the multimedia content from different recorders
• the invention also relates to a recording medium comprising instructions for performing the above method when these instructions are executed by an electronic computer.
• the invention also relates to a server, a recorder or a reader for implementing the method above, in which this server, this recorder and / or this reader comprises:
• an information recording medium containing instructions for implementing the above method when these instructions are executed by the electronic computer.
• the authorization server can be configured to:
• the sharing server can be configured to:
• the recorder can be configured for: in response to the recording of a multimedia content, transmitting to the sharing server the identifier of the recorded multimedia content and its own recorder identifier, or
• the recorder in response to the recording of a complete fragment of the multimedia content, transmits to the share server the identifier of this complete fragment and its own logger identifier.
• the invention also relates to a head-end for the implementation of the method above, this head-end comprising a conditional access system, in which the conditional access system comprises:
• an information recording medium containing instructions for implementing the above method when these instructions are executed by the electronic computer.
• FIG. 1 is a schematic illustration of a system for transmitting and receiving scrambled multimedia contents
• FIGS. 2A and 2B are a flowchart of a first embodiment of a method for protecting a recorded multimedia content
• FIG. 3 is a flowchart of another embodiment of a method for protecting a recorded multimedia content.
• FIG. 1 represents a system 2 for transmitting and receiving scrambled multimedia contents.
• the multimedia contents transmitted are linearized multimedia contents.
• the linearized multimedia contents are multimedia contents whose broadcasting time is fixed at the head of the network independently of a user's command.
• the instants of diffusion are fixed by a grid of programs.
• multimedia content corresponds to a sequence of an audiovisual program such as a television program or a film broadcast on a television channel.
• the video on demand is not a linearized content since the instant of diffusion is fixed by the end user.
• the multimedia content in clear broadcast on a television channel are generated by one or more sources 4 and transmitted to a network head 6.
• the network head 6 simultaneously broadcasts each channel to a multitude of reception terminals through a network.
• network 8 for transmitting information.
• the broadcast multimedia contents are, for example, synchronized temporally with each other to respect a pre-established program schedule.
• the network 8 is typically a long-distance network for transmitting information such as the Internet or a satellite network or any other broadcast network such as that used for the transmission of digital terrestrial television (DTT).
• DTT digital terrestrial television
• the headend 6 includes an encoder 16 which compresses the multimedia contents it receives.
• Encoder 16 processes digital media content.
• this encoder operates in accordance with MPEG2 (Moving Picture Expert Group - 2) or ITU-T H264.
• the compressed multimedia contents are directed to an input of a multiplexer 26.
• Entitlement Control Message (ECM), Entitlement Management Message (EMM) messages and compressed multimedia contents are multiplexed by the multiplexer 26.
• ECM and EMM messages are provided by a conditional access system. Then, the multiplexed stream thus created is scrambled by a scrambler 22 before being transmitted on the network 8.
• the scrambler 22 scrambles each multiplexed stream to condition the visualization of multimedia content under certain conditions such as the purchase of an access ticket by users of receiving terminals.
• the scrambler 22 scrambles each multiplexed stream using control words CW t provided to it, and the system 28 of conditional access, by a generator 32 of keys. More precisely, each multiplexed stream is divided into a succession of cryptoperiods. During the entire duration of a cryptoperiod, the conditions of access to the scrambled multimedia content remain unchanged. In particular, throughout the duration of a cryptoperiod, the multimedia content is scrambled with the same control word CW t . Generally, the control word CW t varies from one cryptoperiod to another. In addition, the control word CW t is generally specific to a multimedia content, the latter being randomly or pseudo randomly shot. The index t is a serial number identifying the scrambled cryptoperiod with this control word CW t .
• multimedia content all the components of the multimedia content, that is to say including audio, video, teletext, are scrambled with the same control word CW t .
• the multimedia contents are scrambled at the level TS ("Transport Stream").
• this scrambling complies with a standard such as DVB-CSA ("Digital Video Broadcasting - Common Scrambling Algorithm", whose implementation is described in DVB ETR 289), ISMA Cryp (Internet Streaming Media Alliance Encryption and Authentication), SRTP (Secure Real-Time Transport Protocol), AES ("Advanced Encryption Standard", whose implementation is described in the standard ATIS-0800006), ... etc.
• DVB-CSA Digital Video Broadcasting - Common Scrambling Algorithm
• ISMA Cryp Internet Streaming Media Alliance Encryption and Authentication
• SRTP Secure Real-Time Transport Protocol
• AES Advanced Encryption Standard
• the system 28 is better known by the acronym CAS (Conditional Access System). For each channel, the system 28 generates ECM t (Entitlement Control Message) messages containing at least the cryptogram CW t Ka of the control word CWt generated by the generator 32 and used by the scrambler 22 to scramble the cryptoperiod t of the channel.
• the cryptogram CW t Ka is obtained by the system 28 by encrypting the control word CW t using a subscription key K a .
• the key K a is typically a key that is modified at most once a month.
• a B the cryptogram obtained by encrypting the data A with the aid of the key B.
• the system 28 inserts into each ECM in particular:
• a cryptographic redundancy MAC such as a digital signature
• the time index ECM-RER identifies the cryptoperiod CP t of the multimedia content that must be descrambled with the control word CW t .
• the time index ECM-RER is a counter incremented by a predetermined step each time a new message ECM t is sent on the chain corresponding to the identifier CHANNEL-ID. This time index is reset at regular intervals.
• the AECM-REF duration of this interval is greater than 2 hours and preferably greater than 24 hours or 48 hours.
• the system 28 can also insert in the ECM messages:
• fragment identifiers are described with reference to the method of FIG. 3.
• the ECM message containing the pair of cryptograms CW t K CW t + i Ka is noted ECMt in the remainder of the description, where the index t is a serial number identifying the time position of this ECM message with respect to other different ECM messages issued to descramble the same multimedia content. Right here, the index t identifies the cryptoperiod CP t that can be descrambled using the control word CW t contained in the message ECM t .
• the scrambling and multiplexing of the multimedia contents is in accordance with the DVB-Simulcrypt protocol (ETSI TS 103 197).
• the system 28 also generates EMM (Entitlement Management Message) messages.
• EMM messages contain, in particular, the access titles intended for reception terminals or the subscription key K a .
• the EMM messages can be addressed to a single particular reception terminal among all the terminals of the system 2.
• ECM and EMM messages correspond to the syntax defined in the DVB ETR 289 standard ("Support for use of scrambling and conditional access within digital broadcasting systems").
• the system 28 includes in particular a 34 authorization server better known by the acronym SAS (Subscriber Authorization System).
• SAS Subscriber Authorization System
• the server 34 is in particular configured to allow and, alternately, prevent viewing of a recorded multimedia content.
• it is connected to a bidirectional network 36 for information exchange.
• the network 36 is the Internet network.
• the server 34 comprises a programmable electronic calculator 38 capable of executing instructions recorded on an information recording medium.
• it is connected to a memory 40 containing instructions for the execution of the method of FIG. 2 or 3 when they are executed by the computer 38.
• the memory 40 also comprises a table 42 associating with each identifier STB- ID of a receiving terminal of system 2, the following fields:
• a cryptographic key K T R specific to the headend 6 is also stored in the memory 40.
• the server 34 also records in the memory 40, the ECM messages t broadcast by the network head 6 during the last x hours, where x is a number greater than two. For example, x is greater than 24 or 48. x is also selected so that the recording time of an ECM message t in the memory 40 does not exceed the AECM-REF time. Preferably, x is less than 168.
• the system 2 also includes a sharing server 50 able to build a catalog of the various recorded multimedia contents available in the system 2.
• the server 50 is connected to the network 36. It comprises an electronic calculator 52 adapted to execute instructions recorded on an information recording medium.
• it is connected to a memory 54 containing instructions for the execution of the method of FIG. 2 or 3, when they are executed by the computer 52.
• this memory 54 also comprises a catalog 56 and a database. data 58.
• the catalog 56 associates with each RECORD-ID identifier of a recorded multimedia content, the following information:
• the catalog 56 preferably contains other information on the recorded multimedia content such as the title of the recorded multimedia content and a brief description of this content.
• the database 58 associates with each STB-ID of a terminal, the following information:
• the geographical position indicator may be an Internet Protocol (IP) address, a Wifi node identifier or a DSLAM (Digital Subscriber Line Access Multiplexer).
• IP Internet Protocol
• Wifi node identifier a Wifi node identifier
• DSLAM Digital Subscriber Line Access Multiplexer
• the system 2 typically comprises several thousand receiving terminals. These terminals are better known as the "set-top box". To simplify FIG. 1, only three terminals 60 to 62 have been represented.
• the terminal 60 has the ability to record multimedia content. It is also able to play multimedia content recorded by any of the system terminals 2 and display this multimedia content recorded in clear on a display 63.
• the display 63 is for example a screen.
• the headend 6 generally has the ability to descramble, as it is received, a multimedia content broadcast by the headend 6 to display it in clear on a screen.
• the terminal 60 is equipped with an electronic computer 64 connected to an information recording medium 66.
• This computer 64 is able to execute instructions recorded on the medium 66 to implement the method. of FIG. 2 or 3.
• the support 66 notably comprises the instructions:
• conditional access agent 70 a conditional access agent
• the support 66 also includes the identifier STB-ID for uniquely identifying this terminal among all the terminals of the system 2
• the computer 64 is also connected to a mass memory 74 for storing the recorded multimedia contents.
• This memory 74 is typically a mass storage device such as a hard disk, a USB (Universal Serial Bus) or the like.
• this memory 74 is housed inside the terminal 60 or directly connected to this terminal.
• the terminal 60 also includes a security processor 76 which processes confidential information such as cryptographic keys. To preserve the confidentiality of this information, this processor 76 is designed to be as robust as possible against attack attempts by hackers. It is therefore more robust with respect to these attacks than the other components of the terminal 60.
• the processor incorporates its own electronic computer 77 connected to its own memory 78 accessible only by the processor 77.
• the memory 78 is incorporated in the processor so that it is protected and made as robust as possible.
• the processor 76 is a removable security processor such as a smart card.
• the memory 78 comprises in particular the cryptographic key KH, specific to the terminal 60.
• KH the cryptographic key
• this key KHi is transmitted to the terminal 60 in an EMM message or registered during the personalization of the smart card, that is to say during the manufacture thereof.
• the index "i" of the key KH identifies the terminal.
• terminals 61 and 62 are identical to the terminal 60 except that they are connected, respectively, to screens 80 and 82.
• the terminals used to record are called “recorders” and the terminals used to play the recorded multimedia content are called “readers”.
• KH e and KHi are also noted KHi keys, respectively, of the recorder and the reader.
• the headend 6 transmits to each terminal, for example by means of EMM messages, its configuration, that is to say the only information contained in table 42 which concerns him.
• each terminal conditional access agent records the received configuration. Phase 150 then ends.
• the headend 6 broadcasts a scrambled multimedia stream in which the multimedia content is multiplexed with ECM t corresponding messages.
• ECM messages t thus contain the cryptograms of the control words for descrambling this multimedia content.
• a recording phase 170 then begins.
• Phase 170 begins with a step 172 of acquiring a command from the user to record the currently broadcast multimedia content.
• the module 68 receives and demultiplexes the received multimedia stream to extract an SPTS stream (Single Program Transport Stream) containing the video, audio and teletext components of this single multimedia content.
• the module 68 also extracts from this multimedia stream the ECM messages t corresponding to the multimedia content to be recorded and transmits them to the conditional access agent 70.
• the agent 70 performs various checks. For example, it checks that the recorder 60 is allowed to record multimedia contents. This verification is done for example using the content of the "Record-A" field previously received. It also verifies during this step that the message ECM t corresponding to the multimedia content does not include any recording prohibition. Incorporation into the ECM messages t of a recording prohibition makes it possible to prevent the recording of certain multimedia contents received, for example, to respect copyrights. If for one of the reasons mentioned above, the recording of the multimedia content is not possible, then the process returns to step 172. In the opposite case, the agent 70 proceeds to a step 178.
• the agent 70 generates a RECORD-ID identifier for identifying the recorded multimedia content.
• the method of generating this identifier is such that the generated RECORD-ID identifier makes it possible to quickly identify the multimedia content whatever the recorder that generates it.
• this RECORD-ID is generated from the recording start date and the CHANNEL-ID of the recorded TV channel. This identifier can be generated based also on the terminal identifier STB-ID.
• the agent 70 sends the RECORD-ID identifier to the module 68 and each ECM message t received to the smart card 76.
• the smart card 76 verifies the following conditions: the message ECM t corresponding to the multimedia content does not include any recording prohibition, and
• the smart card decrypts the cryptograms CW t Ka and CW t + i Ka contained in the ECM t messages received to obtain the control words CW t and CW W in clear. This decryption is performed using the subscription key Ka.
• the key Ka is transmitted by the head end, by EMM message, to the terminals having subscribed to unscramble the multimedia content.
• the key K a is the same for all terminals allowed to descramble multimedia content.
• the smart card 76 protects the recorded multimedia content. For this purpose, here it encrypts the control words CW t and CW t + i with the local key KH e . Then, the cryptograms CW t KHe and CW t + i KHe are transmitted to the agent 70.
• step 190 in response, the agent 70 builds a license for playing the recorded multimedia content. Specifically, in step 190, the agent 70 associates each cryptogram CW t the time index ECM-Khe REFtidentifying the crypto t CP multimedia content to be unscrambled with the control word CW t.
• the agent 70 records each cryptogram CW t KHe associated with its time index ECM-RE in a block of control words.
• the agent 70 also inserts the required moral level.
• the agent 70 determines the lifetime of the license by adding to the current date, the duration contained in the field "Life-T".
• the module 68 stores the scrambled multimedia content in the memory 74 associated with the license built by the agent 70.
• phase 170 the recorded multimedia content remains scrambled and is not descrambled to be re-encrypted again.
• the recorder 60 transmits the license built to the authorization server 34.
• the authorization server 34 ensures the authenticity of the identifier CHANNEL-ID associated with cryptograms CW t KHe in the license received. Here, he compares the control words contained in the license with those contained in the ECM t messages that he has recorded for the string corresponding to the CHANNEL ID contained in the license. If the license control words match those recorded in the ECM messages t broadcast on this channel, then the CHANNEL ID contained in the license is correctly authenticated. For example, in step 196, the server 34 extracts the cryptograms CW t Ka from ECM messages t broadcast on this channel and corresponding to the ECM-RE time indexes contained in the license. For this purpose, the server 34 saves as and when they broadcast all ECM t messages of all channels and keeps them associated with their respective CHANNEL ID ID, for the duration of x hours. Then he deciphers:
• the server 34 may send an invalidating message of the recording to the recorder 60 to prevent the use of this recorded multimedia content.
• the authorization server 34 generates an authentication ticket from the control words CW t contained in the license, the identifier CHANNEL-ID extracts messages. ECM used in step 196 and a secret specific to the head end 6. For example, the authentication ticket corresponds to the signature of these control words and the identifier CHANNEL-ID using of the key K TR .
• the server 34 transmits the authentication ticket built to the recorder 60 via the network 36.
• the recorder 60 receives this ticket and saves it in the memory 74 associated with the recorded multimedia content and the license built.
• the recorder 60 transmits to the server 50 sharing the information necessary for it to build or update the catalog 56 of the multimedia content recorded by the different recorders of the system 2. Typically, the recorder 60 transmits the following information:
• the recorder can also transmit to the server 50 other information related to the recorded multimedia content such as its name and a brief description of this multimedia content.
• the title and the description of the recorded multimedia content are for example obtained from the information on this multimedia content given by an EPG (Electronic Program Guide) service.
• the server 50 builds or updates the catalog 56.
• the recording phase ends in a step 206.
• any reader of the system 2 may request to play any multimedia content recorded by any recorder.
• the remainder of this description is made in the particular case where it is the reader 61 which requests to read the multimedia content recorded by the recorder 60 during a phase 208.
• This phase 208 begins with a step 210 of acquiring a request to play a recorded multimedia content. This reading request is acquired by the reader 61.
• the reader 61 checks whether it is authorized to read the shared recorded multimedia contents. This check is made from the contents of the "SHARE-A" field received. If not, the process returns to step 210.
• the reader 61 connects to the server 50 sharing via the network 36. During this step, the reader transmits to the server 50 its STB-ID.
• the server 50 transmits to the reader 61 information on the multimedia contents present in the catalog 56.
• the reader 61 presents the user with this information via an interface man-machine.
• the man-machine interface is the screen 80.
• the reader 61 transmits the RECORD-ID identifier of a multimedia content selected by the user from the information presented.
• the server 50 builds a list of one or more recorders storing the selected multimedia content. For example, here, if there are fewer than two STB-IDs associated with the selected RECORD-ID, then the constructed list includes all these STB-IDs. If there are more than two STB-IDs associated with the selected RECORD-ID, then the server 50 selects a restricted number of STB-IDs to build the list. For example, the server 50 selects only the identifiers of the recorder or recorders that are either closest to the player or have the best bandwidth.
• the server 50 determines the geographical proximity of the reader and the recorders from the reader's STB-ID, the STB-IDs associated with the RECORD-ID identifier selected in the catalog 56, and from the database. 58. With the aid of this database 58, it can also select the recorder or recorders that have the best bandwidth for transmitting multimedia content.
• step 220 the STB IDs of the selected recorders are grouped together to form the list of recorders. This list also contains the STB-URL network address of each selected recorder.
• the server 50 transmits to the reader 61, which receives it, this list associated with the selected RECORD ID.
• the reader 61 sends a license request to the authorization server 34 via the network 36.
• This request contains in particular the list of recorders, the selected RECORD-ID and the identifier STB-ID of the reader 61.
• the server 34 receives this list and, in response, connects to at least one of the recorders of the list of recorders received. For example, for this, the server first attempts to connect to the first recorder in this list. If the connection through the network 36 with this recorder can not be established, then it attempts to connect to the second recorder appearing in this list and so on until it successfully connects to the recorder. one of the recorders in this list. Eventually, after unsuccessfully trying to connect to each recorder in the list, the server 34 may connect to the server 50 to obtain additional addresses of recorders capable of providing the same multimedia content. Thus, the use of a list of recorders can limit problems caused by a disconnection of a recorder. For the rest, it is assumed that the server 34 has connected to the recorder 60.
• the server 34 transmits the license application.
• This license request includes the selected RECORD-ID.
• the recorder 60 sends the server 34 the license and the authentication ticket associated with the selected RECORD ID.
• the server 34 receives the license and verifies the authenticity of the identifier CHANNEL-ID contained in this license. For example, it signs the control words and the identifier CHANNEL-ID contained in the license in the same way as in step 198. If the signature thus obtained corresponds to the authentication ticket, then the authenticity of the CHANNEL-ID is confirmed. Otherwise, the process returns to step 210.
• the server 34 checks whether the reader 61 is authorized to access the multimedia content broadcast on the television channel identified by the identifier CHANNEL-ID.
• the server 34 compares:
• the content of the field "AA” is automatically built by the server 34 from the access titles to which subscribed the user of the terminal.
• the access permissions contained in the "AA" field are identical to the access titles of the reader.
• the player can only play multimedia contents recorded on channels for which he has subscribed.
• step 240 of construction of a license for the reader 61 If the identifier CHANNEL-ID of the license does not correspond to the access authorizations, then the process returns to step 210. In the opposite case, a step 240 of construction of a license for the reader 61.
• the server 34 decrypts the cryptograms CW t KHe of the control word block of the received license to obtain the control words CW t in the clear. Then, the control words CW t are encrypted using the local key KH, the reader 61. The keys KHi and KH e are obtained from the table 42 using the identifier STB-ID of the recorder 60 and the reader 61.
• a step 242 once the construction of the license is complete, the server 34 transmits to the reader 61 this license built and the authentication ticket received.
• the fact of sending to the reader 61 the authentication ticket enables this reader to act as a recorder of this multimedia content with other readers.
• the reader receives this license and this authentication ticket.
• the reader 61 downloads Peer-to-peer the selected multimedia content.
• a step 246 it connects to at least one of the recorders identified by the list of recorders received in step 222.
• the reader 61 attempts to connect to the first recorder identified in this list via the network 36. In the event of failure, it repeats this attempt with one of the following recorders of this list until it succeeds in successfully connecting to the one of these recorders.
• the recorder from which the license was built is not necessarily the same as the one from which the multimedia content will be downloaded.
• the reader 61 connects to the recorder 60.
• the reader 61 downloads the multimedia content corresponding to the RECORD-ID identifier from the memory 74 of the recorder 61. Then, it decrypts the cryptograms CW 'contained in the block of control words of the received license. It uses the control words CW t thus obtained to descramble the scrambled multimedia content downloaded from the recorder 61.
• the descrambled multimedia content is transmitted to the display 80 to be displayed in a manner directly perceptible and understandable by a human being.
• the method of FIG. 3 represents another possible embodiment of the method of FIG. 2. Since these methods are similar, only the differences between these methods are described in detail.
• step 262 for broadcasting multimedia contents on a television channel.
• This step 262 is identical to step 162 except that the head end inserts in each ECM message a FRAG-ID identifier of a television channel fragment.
• each television channel is divided into a temporal succession of consecutive temporal fragments.
• each fragment corresponds to a time interval or to a very specific time slot of the television channel broadcast.
• Fragment IDs uniquely identify a particular piece of the TV channel.
• the fragment identifier incorporated in the ECM message is the identifier of the current fragment, that is to say the fragment of the television channel currently broadcast by the headend.
• a fragment is composed of an integer number of cryptoperiods.
• the number of cryptoperiods of a fragment is at least one and, preferably, more than nine or ninety cryptoperiods.
• a fragment corresponds to a duration of several minutes whereas a cryptoperiod corresponds to a duration of less than one minute.
• a cryptoperiod lasts 10s.
• multimedia content extends over several immediately consecutive fragments.
• the step 262 continues with a phase 266 of recording a multimedia content by any of the recorders of the system 2.
• this phase 266 is identical to the phase 170 except that the Steps 174 to 204 are repeated for each fragment of the multimedia content. This phase 266 will therefore not be described in more detail.
• the identifier RECORD-ID generated during step 178 is denoted FRAG-ID because it corresponds to the fragment identifier.
• the server 50 constructs a catalog of the different fragments recorded by the different recorders.
• This catalog contains for each recorded fragment the STB-ID identifiers of the recorders storing this fragment as well as the start date of this fragment, the duration of this fragment and the FRAG-ID identifier of this fragment.
• phase 270 After being recorded, a fragment or set of fragments can be read during a phase 270.
• This phase 270 is identical to the phase 208 except that the steps 216, 218 and 242 are respectively replaced by steps 276. , 278 and 290.
• the reader 61 In step 276, the reader 61 generates a human-machine interface enabling it to select a succession of fragments recorded on a given television channel. For example, via this human-machine interface, the reader 61 acquires the TV channel's CHANNEL-ID, a recording start date, and a recording time.
• step 278 the search criteria acquired by the reader 61 are transmitted to the server 50. From these search criteria, the server 50 selects the different identifiers FRAG-ID corresponding. The following steps 220 to 240 are repeated for each FRAG-ID identifier selected in step 278.
• step 290 the different licenses built for each of the selected fragments are concatenated to build a complete license. It is this complete license which is transmitted to the reader.
• the access criteria and the strictest validity date among the licenses built for each of the fragments are assigned to this full license. It is this complete license that is sent to the reader 61.
• steps 244 to 248 are repeated for each selected fragment.
• the method of Figure 3 allows the player to view a multimedia content composed of several fragments recorded, possibly by different recorders.
• the Peer-to-Peer download may be replaced by a download from the sharing server.
• the multimedia content is saved in scrambled form in the memory 54 of the sharing server.
• the content recorded multimedia is downloaded from the recorder, by the sharing server, at the same time that the recorder sends him the information necessary to build the catalog.
• the recorder stores the recording of the multimedia content directly in the memory 54.
• the recorder does not need the memory 74.
• the downloading of the multimedia contents recorded by the reader can be realized in different ways. For example, this download can be performed in streaming reading more known under the term "Streaming".
• the reader can also simultaneously connect to several recorders, identified in the list he has received, to download at the same time several different fragments of the multimedia content.
• the list of recorders from which the player can download the multimedia content can also be updated dynamically.
• the reader can connect to the share server to update this list.
• the list of recorders constructed by the sharing server contains a single recorder identifier STB-ID.
• the key KH is not necessarily unique to a single terminal.
• the key KH can also be the same for a group of p terminals, where p is a natural number strictly greater than one and strictly less than N, N being the total number of terminals of the system 2.
• the recorder descrambles the multimedia content to be recorded with the control words in clear CW t and then re-scrambles the multimedia content with one or more keys of its own. For example, the recorder scrambles the media content with a KH cm key. The recorded media content is scrambled multimedia content with key KH cm. Then, the method is, for example, the same as that previously described except that the cryptogram KH cm KHe is used instead of cryptograms CW t KHe .
• the authorization server can perform other operations than those described above. For example, it can reverse the bit order of the control words inserted in the license built according to the type of reader that required this license.
• the recorder transmits a predetermined number of ECM messages preferably greater than two or five to the authorization server.
• the authentication ticket is constructed based on the control words and CHANNEL ID of the television channel of each of these ECM messages.
• the authorization server verifies that the control words of the authentication ticket correspond to control words contained in the control word block of the license received. If these control words match, the server 34 retrieves the identifier CHANNEL-ID in the authentication ticket.
• the recorder stores one or more ECM messages. These ECM messages then form the authentication ticket. In this embodiment, the recorder no longer has to send one or more received ECM messages to obtain in response an authentication ticket.
• the string identifier is encoded in each control word.
• the server 34 can then establish the identifier CHANNEL-ID from the control words of the received license.
• the verification of the authenticity of the identifier CHANNEL-ID can be done in many different ways.
• the authentication of the identifier CHANNEL-ID can be omitted.
• the ECM-RE identifiers are generated by the recorder.
• the network 8 and the network 36 may be merged. This is particularly the case if the broadcast of television channel is through the Internet.
• the readers and the recorders are not necessarily identical.
• the drive may have no security processor.
• the decryption is performed by the conditional access agent executed by the reader's computer.
• the sharing server may be integrated with the conditional access system 28.
• the conversion of the license of the recorder into a license usable by the reader may be performed by other devices than the authorization server.
• this conversion is done by a modem
• ADSL Alternative Digital Subscriber Line
• the recorded multimedia content can be downloaded from the memory of another terminal than the terminal which has recorded it.
• the player 61 can receive and locally record media originally recorded by the recorder 60 and later share that recorded media content with the player 62.
• the authorization or not to record multimedia content is deduced from the access titles of the terminals. For example, these access titles are compared with access rights contained in ECM messages received to deduce the authorization and, alternately, the prohibition to record the multimedia content.
• the access authorization contained in the field "AA" is not necessarily identical to the access titles of the same reader.
• ⁇ access permission may include a date from which the recorded multimedia content sharing service has been activated. The player is not allowed to play media stored before that date.
• the access authorization may also be completely independent of the access credentials of the reader. For example, the player has access titles that do not have the recorded channel so that it can not view it in real time. However, his access authorization allows him to view multimedia content recorded on this channel. In the latter case, the access authorization may exclude certain multimedia contents recorded on this channel according to criteria such as the date, the time of recording and the duration of the recording.
• the string identifier received by the authorization server can be direct if the access permission directly encodes string identifiers.
• the comparison can also be indirect.
• the received string identifier is used to retrieve information that is in turn compared to the access permission.
• the string identifier is used with the recording start date to identify, in a database, the type of the media content.
• the type can be selected from the group consisting of "Movie”, “Documentary", “News", “Cartoons”. Then the identified type is compared to the access authorization.
• the scrambling of the multimedia contents can be realized differently.
• the scrambling is performed at a level other than the TS level as proposed in the Ismacryp specification.
• the different components of multimedia content, such as video and audio, are not necessarily entangled with the same control word.
• the recording of a multimedia content can be programmed by the user.
• the server 50 can also select the STB-IDs to be included in the list of recorders so as to minimize the number of recorders selected in accordance with FIG. preferably choosing the recorder (s) on which are stored the largest number of selected fragments.

Landscapes

• Engineering & Computer Science (AREA)
• Signal Processing (AREA)
• Multimedia (AREA)
• Databases & Information Systems (AREA)
• Computer Security & Cryptography (AREA)
• Computer Graphics (AREA)
• General Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Computer Hardware Design (AREA)
• Computing Systems (AREA)
• Storage Device Security (AREA)
• Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Applications Claiming Priority (2)

Publications (1)

Family

ID=46001181

Family Applications (1)

Country Status (7)

Families Citing this family (12)

Family Cites Families (19)

• 2011
  • 2011-04-19 FR FR1153391A patent/FR2974475B1/fr active Active
• 2012
  • 2012-04-12 EP EP12717074.4A patent/EP2700239A1/de not_active Withdrawn
  • 2012-04-12 RU RU2013151260/08A patent/RU2547228C1/ru not_active IP Right Cessation
  • 2012-04-12 CN CN201280019264.0A patent/CN103535044B/zh not_active Expired - Fee Related
  • 2012-04-12 WO PCT/EP2012/056607 patent/WO2012143278A1/fr active Application Filing
  • 2012-04-12 US US14/112,420 patent/US8996870B2/en active Active
  • 2012-04-18 TW TW101113859A patent/TWI452888B/zh not_active IP Right Cessation

Non-Patent Citations (2)

Also Published As

Similar Documents

Legal Events