FR2846831A1 - Pseudo on-demand broadcast system, e.g. for video, transmitting information elements to all receivers for encrypted storage after filtering according to individual selection criteria - Google Patents

Abstract

A broadcaster (2) simultaneously transmits information elements (IEs), along with data describing them, via a network (1) to all user set-top boxes (8). A receiver (3) filters the IEs according to local criteria and then records selected information in a hard disc (5) without user intervention. Preferably the information is stored in an encrypted form and viewing is authorized by a control center (6) which receives details of the IEs that have been stored. The information storage selection criteria may be altered by the user via a presentation selection unit (4).

Description

The present invention relates to a transmission-reception system for

  make available to a large number of users, and by means of a broadcast network, Elementary Information (high volume, lE) simultaneously, in a safe and apparently prompt manner when the bandwidth of the network is limitation. In all the situations where many users must be able to choose and have access to a set of data available from a data center via a network, the delivery time is difficult to control. In some cases (computer networks), the transmission is traditionally carried out "point-to-point" between the transmitter and each receiver. IE is consumed after download in local memory or in real time (streaming). The transmission seems immediate but the mobilization of the data server and the network increases in proportion to the number of users, resulting in a delay in obtaining a larger download or an insufficient real time obtaining quality. The situation is not really improved by systems that aim to "mutualise" transmissions between users through a "point-to-multipoint" broadcast network. Their purpose is to unload the data server and the network by determining groups of receivers that have chosen the same IDs. This principle induces by nature a delay between the choice and the provision of an IE, a delay statistically proportional to the number of "shared" receivers for this IE. In other cases (satellite television networks), the transmission is traditionally organized in "point-to-multipoint" to all receivers (broadcast) and the IE is consumed in real time (viewing on the television screen or registration). The

  Pay-Per-View services achieve the "mutualisation" of the users by inviting them to synchronize on the beginnings of the IEs and it is generally necessary to repeat several times the diffusion of each IE for their comfort.

  In summary: the problem arises from network bandwidth and data server limitations as the number of users increases. A solution

  certainly passes by the use of "point-to-multipoint" transmissions but then an uncontrolled delay of provision of the IES chosen by the users seems unavoidable. As a result, it is impossible to produce an information system without delay for the provision of a mass-demand IE transmission service to a large number of users.

  -2 The system according to the invention partially overcomes these disadvantages by taking advantage of a storage memory on the receiving equipment. It does not allow all users regardless of their number to have any IE instantly because this is strictly impossible in the assumption of study or bandwidth of the network is a limitation. But it allows, by relying on "point-to-multipoint" transmissions, to ensure that the user of the receiver can immediately have an IE he desires among a set of already registered 45 (locally) in its receiver, and to ensure that the transmitter does not have to repeat transmissions of lEs in order to increase their probability of use. In parallel, the system according to the invention ensures the protection of

  content (IEs) stored in the receivers.

  1. The system (FIG. 1) is composed according to a first characteristic 50 of a broadcasting network (1) which enables the transmitter (2) to simultaneously transmit data, and in particular IES, to boxes (8). ) equipped with a receiver (3). Each simultaneous transmission is initiated by the transmitter (2) on a channel known a priori by the receivers (3, in contrast to the traditional "client server" model where transactions are initiated by the 55 receivers). 1.1 According to a first variant embodiment, the broadcast network (1) carries out several simultaneous transmissions on several channels simultaneously, the maximum number of channels being limited by physical characteristics (bandwidth, number of electronic filters of the reception equipment). 1.2 According to a second variant embodiment, the broadcast network (1) has a return path from the receivers (3) to the transmitter (2). The data transmission method (network protocol) uses this return channel to ensure the routing of all data. This variant is independent of the control center (6) below, although it may correspond (possibly partially) to the same physical network 65 that it uses (see Figure 1). 1.3 According to a third embodiment, the broadcast network (1) carries data in an encrypted manner to ensure their confidentiality. This variant is independent of the recording / encryption means (5) and control center (6) described below. 2. The system is composed according to a second characteristic of a transmitter (2) which transmits the ones one after the other without delay on a channel of the broadcast network (1). Since all the IES to be broadcast constitute a finite set, the transmitter resumes the transmission of the first IE after that of the last without delay, thus organizing an infinite cycle. 2.1 According to a first embodiment variant, the transmitter (2) transmits descriptive data of the IEs at the same time as the ISEs. These data are integral parts of the IE or (preferably) they are transmitted by another channel of the broadcast network (1) at the same time as the IE (see the first embodiment of 1). The descriptive data of an IE carries information about the nature of the content of this IE. It is at least a textual identification that allows the user to recognize each IE. Descriptive data known as "particular" also carry additional information serving to force the behavior of the boxes (8), ie the joint behavior of the receiver (3) and the recording / encryption means (5). . It can be a priority of the IE affected by the issuer (2), its popularity (estimate of the proportion of users who consumed IE, known a priori or measured through the control center 6 , see the third embodiment variant of 6) or else an IE lock command (see the presentation / selection means 4) in the recording / encoding means (5), without this list being be limiting. This variant allows the designer of the system to organize the promotion of the lEs to the housings (8) according to criteria responding to a desired information model. 2.2 According to a second variant embodiment, the transmitter (2) carries out the cyclic transmission of several sets of IES on several channels simultaneously and independently 95 by exploiting the first variant embodiment of the broadcasting network (1). 2.3 According to a third embodiment, the transmitter (2) modifies all the ls diffused in the cycle to adapt its publication to external criteria (editorial choice), or to take into account the consumption measures of the lEs (when the control center 6 is present), or else 100 to take account of user requests made by means outside the scope of the present invention (eg the election of new ones to be broadcast). 2.4 According to a fourth variant embodiment when the control center (6) is present, the transmitter (2) provides in the particular descriptive information of an IE the encryption secret (session key) to be used by the users. recording / encryption means (5) of the housings (8). This variant assumes the existence of a communication network between the transmitter (2) and the control center (6) outside the scope of the invention. The transmitter (2) gets through this network the unique identifier of the doublet of secrets and the secret of -4

  encryption itself (according to the fifth embodiment of the control center 6) that it transmits in the particular descriptive data with the IE.

  This variant leaves the designer of the system according to the invention the possibility of

  to have the IE encrypted in a common way by all the boxes (8).

  3. The system is composed according to a third characteristic of receivers (3) equipped with the electronic means necessary for receiving the data from the broadcast network (1), their possible decryption (according to the

  third embodiment of the broadcast network 1), and their filtering. The receiver (3) is physically located in the housing (8). For the purposes of the description of the invention, the receiver (3) is considered to have a central processing unit (microprocessor). By convention and without prejudice to other possible embodiments of the invention, this processing unit plays

  a federating role of the equipment located in the housing (8), ie the receiver (3), the recording / encryption means (5) and the consumption means (7). The receiver (3) is also provided with an optional connection electronics via a network to the control center (6) and / or 125 to the presentation / selection means (4, see second variant embodiment). This network is not the broadcast network (1), in the sense that it is not a broadcast network but a server-client type transaction support between 8 and 6 or between 4 and 8. It can borrow ( possibly partly) the same physical network as (1). Here also this connection electronics is assigned by convention to the receiver (3) for the purposes of the

  description of the invention. It should be remembered only that it is located in the housing (8). The receiver (3) is set to receive the lEs on a given channel of the broadcast network (1) and possibly the description data on another channel of this network (according to the first variant of the transmitter 2). It operates a listening and filtering process and when an IE meets the criteria of

  local selection (see the first embodiment variant below), it transmits the corresponding data from the broadcast network (1) to the recording / encryption means (5). The receiver processing unit (3 or possibly itself) proceeds by replacing the previously recorded ones 140 after the storage memory of (5) has been completely filled.

  The strategy for choosing the replaced IE (s) uses their seniority, the amount of potentially freed memory and potentially any particular descriptive and descriptive information available in the case of the first variant of the sending feature means ( 2). It applies only to those that have not been locked in memory by the user (see Presentation / Selection 4). The algorithm corresponding to this strategy is not in itself characteristic of the invention. The receiver processing unit (3 or possibly the recording / encrypting means 5 itself) re-allocates the corresponding memory space 150 of an IE once it has been transmitted to the user (for the last time allowed, see the fourth variant below) via the means of consumption (7). When the control center (6) is present, the receiver (3) has an authentication secret of the housing (8) from (6, see first variant of 6). This secret is stored in a permanent memory 155 located in the housing (8) and as much as possible in a hidden manner from any external electronic equipment. It is important that the authentication secret can not be discovered or that the package (8) as a whole can not be replicated. At the time of the user's consumption of an IE, the receiver (3) connects to the control center using the authentication secret and a signature to prove the identity of the box (8). It then transmits the consumption indication of the IE, and when the recording / encryption means (5) performs encryption (see the first embodiment variant of 5), it receives (confidentially) the decryption secret associated with the housing (8, see control center 6). When the control center (6) is not present, the receiver (3) does not have a

  authentication secret and the possible deciphering secret necessary for the consumption operation is then obtained locally (see third variant below). 3.1 According to a first variant embodiment, the receiver filters the description data (according to the first variant embodiment of the transmitter 2) and does not record by (5) only certain IES corresponding to

  selection criteria. The verification of these criteria is performed by the receiver processing unit according to any sequence of syntactical, arithmetic and logical operations relating to the descriptive data and adjustment data of the receiver (3). These setting data are predefined in a permanent memory 175 located in the housing (8) where they are entered by the user via the presentation / selection means (4, see third variant embodiment). This variant allows the user of the housing (8) to adapt the local recording behavior of its housing (Figure 2). 3.2 According to a second variant embodiment, the receiver (3) operates the filtering and the recording previously described on more than one channel simultaneously and -6

  independently (first variant embodiment of the broadcast network 1).

  3.3 According to a third embodiment, the receiver (3) makes or not the encryption of the contents of lEs registered by the recording / encryption means (5). If so and if the control center 185 (6) is not present, the encryption secret is (preferentially) stored in a permanent memory located in the housing (8) or (non-preferentially) obtained of the user by the presentation / selection means (4). If so also and if the control center (6) is present, the encryption secret is (preferentially) obtained from (6) 190 through transactions provided for this purpose, or (non-preferentially ) obtained from the user by the presentation / selection means (4) and at the initiative of the user. This secret must be hidden as much as possible from external electronic systems when the means of registration / encryption (5) uses a symmetric algorithm (see fourth variant of the 195 means 5, otherwise it is a public key ). 3.4 According to one

  fourth embodiment, the receiver (3) or the control center (6) allows more than one successive consumption of the same IE (Figure 3).

  In the first case, the number of allowed consumptions comes from the particular descriptive data of the IE or it is predefined for all the lEs. 200 In the second case, the number of authorized consumptions remaining is transmitted during the transaction with the control center (6) initiated by the receiver (3) at the time of consumption. According to a fifth variant embodiment, the receiver (3) makes the encryption of the IE from an encryption secret (session key) received in the particular descriptive data 205. It also memorizes with the encrypted IE the unique identifier of the doublet of secrets (see fifth embodiment of the control center 6). This identifier is later used at the time of consumption to obtain the decryption key of IE from the center of

control (6).

  4. The system is composed according to a fourth characteristic of a

  means of presentation and selection (4) of the recorded LEDs and settings of the housing (8). The user has the possibility through him to view the descriptions of the IDs and to send orders to the central unit of the receiver (3, according to the description convention). The lock order of an IE indicates 215 to (3, or indicates to 3 to indicate by means of encryption record 5) of not

  and replace it with another received from that moment until the EI is consumed (for the last time allowed) or unlocked. The consumption order indicates to (3, or indicates to 3 to indicate by means of registration encryption 5) to transmit the IE to the user using the means of 220 consumption (7) and to reassign the corresponding memory space then (for the last authorized consumption, see the fourth embodiment of the receiver 3). The unlock command indicates the inverse of the lock command (Figure 3). The presentation of the IDs to the user comprises at least and for each IE its identifier and an indication of its state 225 (locked or not, number of times it has been consumed according to fourth embodiment of the receiver 3). 4.1 According to a first variant embodiment, the presentation comprises all or part of the descriptive information known to the receiver (3) and / or determined by (3) and by the recording / encryption means (5). 4.2 According to a second variant embodiment, the presentation / selection means (4) is located in the housing (8) or it is remote from the

  housing (8) connected by a network to the housing. This network is not the broadcast network (1), in the sense that it is not a broadcast network but a server-client type transaction support between 4 and 8. It can borrow (possibly partly) the same physical network as (1). According to the convention of description of the invention, the connection means of the receiver (3)

  is used for this purpose. 4.3 According to a third variant embodiment, the presentation / selection means (4) enables the user to adjust the selection criteria for the IES (corresponding to the first variant embodiment of the receiver 3). 4.4 According to a fourth variant embodiment (not recommended), the presentation / selection means (4) allows the user to enter the authentication secret logically associated with the box (8). 4.5 According to a fifth variant embodiment (not recommended) and if the characteristic means (6) is not present, the selection presentation means (4) makes it possible to enter the encryption secret and the decryption secret associated with the box ( 8), as well as the encryption secret to be used for a remote device (see

  second embodiment of 7).

  5. The system is composed according to a fifth characteristic of a means for recording IES with possible encryption (5). The recording / encryption means (5) is physically located in the housing (8). The storage capacity is an order of magnitude minimum of 20 times the maximum volume of the ISs. When the receiver (3) instructs it to record a new -8 IE, the recording / encrypting means (5) receives from the receiver (3) the data of the IE and any associated descriptive data (according to the first 255 variant embodiment of 2). 5.1 According to a first embodiment, the recording / encryption means (5) encrypts or not the data. If so, it transforms the data of an IE received from the receiver (3) on the fly by a reversible algorithm using an encryption secret logically associated with the housing (8). Conversely, at the moment of the consumption operation, when the receiver (3, under the effect of the

  presentation / selection 4 and according to the description convention) requests to consume an IE, the means of recording / encryption (5) reads the data corresponding to the registered content of the IE, decrypts them by means of the decryption secret logically associated with the housing (8) and transmits 265 to the consumption means (7, see first embodiment). The

  means of recording / encryption (5) can at the request of the receiver (3, under the effect of a request of the means of presentation / selection 4 and according to the description convention), perform the preceding read / decrypt process and in addition to re-encrypting the content of the IE by means of another encryption secret logically associated with another box (8),

  before transmitting it to the consumption means (7, see second variant embodiment). Here it is considered for the sake of the description of the invention that the recording / encrypting means (5) is in charge of the preceding re-encryption function. It is only a description convention that does not prejudge other possible realizations (see also

  third embodiment of the consumption means 7). 5.2 According to a second variant embodiment, the recording / encryption means (5) performs several operations simultaneously as a) recording with encryption b) reading with decryption and c) re encryption. It includes 280 electronic and / or software means to allow operations a + b (recording new ones during the consumption of one of them), b + c (consumption by equipment), or more are possible without delay. According to a third variant embodiment, the recording / encryption means (5) allows the encryption recording 285 independent of several lEs corresponding to several channels according to the first variant of the broadcast network (1, this variant being able to consider software by time multiplexing the encryption process). 5.4 According to a fourth variant embodiment, the recording / encryption means (5) uses a public key algorithm or a symmetrical algorithm 290. The algorithm itself is not characteristic of the invention. 5.5 According to a fifth embodiment (in particular when the control center 6 is not present), the recording / encryption means (5) keeps in its local memory, or in a permanent memory located in the housing (8). ), the encryption and decryption secrets logically 395 associated with the housing (8), and therefore does not get them from the receiver (3). It is

  important that these secrets be protected from external electronic systems.

  5.6 According to a sixth variant embodiment (in particular when the control center 6 is present), the recording / encrypting means obtains from the control center (6) the encryption and decryption secrets associated with the box (8), and this via the receiver (3) according to the description convention.

  6. The system is composed according to a sixth optional feature of a control center (6) which verifies the effective consumption of IlEs by the housings (8). Optionally, the control center (6) provides the encryption and decryption secrets associated with the boxes. It can also change these secrets over time. The housing (8) is connected to the center of

  control (6) via a network that is not the broadcast network (1), in the sense that it is not a broadcast network but a server-client type transaction medium between (8) ) and (6) but which may correspond (possibly partially) to the same physical network as (1). For the 310 needs of the description and by convention, it is considered that the housing (8)

  uses the connection means of the receiver (3) for this purpose. When the control center (6) is present, the receiver (3) informs the control center during each consumption operation of IE by a transaction. 6.1 According to a first variant embodiment, the control center (6) presents a client server transaction server 315 that is secure or not to the receivers (3). In

  the affirmative (recommended), and during each transaction, the receiver (3) proves the identity of the housing (8) by means of an electronic signature using the authentication secret of the housing (8, see the description of the receiver 3) at the control center (6). The control center (6) receives the indication of 320 consumption of an IE and optionally provides the decryption secret of

  IE confidentially. 6.2 A second embodiment consists for the control center (6) to use a public or symmetric key encryption system (corresponding to the fourth variant of 5). In the case of a public key algorithm, we must remember for all descriptions that

  - 1 0 325 the encryption secret is a public key that does not have to be protected, whether in client server transactions, or in the permanent memories located in the housing (8). 6.3 A third embodiment consists for the control center (6) to inform the transmitter (2) on the effective consumption measurements of the lEs by the housings (8). It is considered here that the transmitter (2) and the control center (6) are connected by a network outside the scope of the invention. This possibility is exploited by the sender (2) to provide effective measures of popularity of the ls diffused in the descriptive data, and by the receiver (3) to take them into account in the selection criteria of lsEs. 6.4 A fourth embodiment consists for the 335 control center (6) to modify the encryption secrets of the housings (8) over time. In this case, it provides the new encryption secret of each box (8) at the time of an consumption transaction of IE by this box and at the same time as the old decryption secret, or during transactions provided for this purpose. effect and initiated by the housings (8). 6.5 A 340 variant embodiment consists for the control center to be allocated

  and to provide the transmitter (2, according to the fourth variant embodiment of the transmitter) encryption secrets and provide the boxes the corresponding decryption secrets. The doublet is uniquely identified by an identifier assigned by the control center (6) and transmitted with the encryption key 345 to the transmitter (2).

  7. The system is composed according to a seventh characteristic of a means of consumption of lEs (7) by the user. The user is either a device that is assumed to have no digital recording means (usually indirectly a human being), or other electronic equipment 350 having a digital recording means. The equipment is connected via an interface to the consumption means (7). The consumption means (7) is physically located in the housing (8). Under the effect of a request of the presentation / selection means (4), the receiver (3) uses the recording / encryption means (5) to read (and decrypt) the IE and the consumption means (7). ) 355 to transmit the contents of the IE to the outside of the system (note the

  conventional character for the description of the invention of this rolefederator of the receiver 3). 7.1 According to a first embodiment, the consumption means (7) transmits the IE "in clear", possibly decrypted by (5), to a device without digital recording means (for example 360 to a display screen in the case of a human user). The way

- 1I1

  The consumer may perform a decode processing operation of the IE so that it can be interpreted by the equipment. 7. 2 In a second variant embodiment, the consumption means (7) delivers M'IE "scrambled", decrypted by the encryption recording means (5) then re 365 encrypted even medium (5, according to the description convention used for the

  means of recording / encryption 5 which considers that 7 does not have a clean encryption means) for a device with digital recording means to the interface. This equipment is considered another box in the sense of the encryption secret. The secret 370 is obtained either via the receiver (3, according to the description convention) of the

  control center (6), either of the equipment itself by the communication protocol, or by a user input via the presentation / selection means (4). 7.3 In a third embodiment, the consumption means (7) has a means for realizing the re375 encryption of the IE to the equipment with a digital recording means. The encryption secret is obtained by the same methods as

  in the second variant above.

  The system is composed according to an eighth characteristic of a housing (8) which groups the receiver (3), the recording / encryption means (5) and the consumer means (7). The meaning of the case (8) is that the three means

  previous characteristics are located within it, and that the encryption and decryption secrets are logically associated with the housing (8), either by the control center (6), or by the fact that they are kept in a permanent memory located in the housing (8). By local is meant the 385 equipment located in the, and the functions performed inside the housing (8).

  8.1 According to a first variant embodiment, the housing may or may not have a

physical reality.

  The accompanying drawings illustrate the invention: Figure 1 shows the system components. Figure 2 illustrates the filter behavior and 390 registration of two receivers. In this figure, the EI, 3 is recorded simultaneously in both boxes. FIG. 3 shows the successive states of the memory locations corresponding to the IES in response to external events on the housing (8). FIG. 4 shows a hardware architecture of the housing (8) and of the selection presentation means (4) in which 395 (4) is "close" to (8) and in which the consumption means (7)

  has no means of clean encryption (according to second variant of 7).

  The invention is particularly intended for the realization of video-on-demand systems in digital television or in computer science. In the case of digital television, it can be implemented using the last generation 400 or Set Top Boxes (STB) decoders which have a high capacity hard disk (of the order of 80 gigabytes) and part of which would then be reserved for the operation of the invention. An IE such as a 1 hour video program in MPEG2 quality at 2 Mbps corresponds to about 1, 5 gigabytes so 20 lEs correspond to 30 gigabytes. In addition to recent methods of MPEG2 405 compression (case of application outside the norm that specifies a

  minimum bit rate of 1.5 Mbps), and MPEG4 allow to use encoding bit rates of the order of 1 Mbps of acceptable visual and sound quality.

  The transmitter (2) is a service provider (a digital television channel) which broadcasts a set of MPEG2 video program files (the 410 lEs) according to Digital Video Broadcasting (DVB) in DSM-CC (Data

  Storage Management, method of transmission for data files).

  The transmitter (2) also broadcasts the description data of all the subjects of the cycle in the standardized tables "EIT schedule" of the DVB standard (the interactive applications of the EPG genre for "Electronic Program 415 Guide" exploit this type of tables data to present to users

  future programs on different services). A resident application of the STB (or an interactive application downloaded from the service) filters these descriptions and has the 'lEs' recorded in the STB's hard disk. The encryption (5) should preferably be realized by a dedicated electronic means 420 coupled to the hard disk so as to allow a

  decryption encryption on the fly. It can also be realized by software but in this case, it is probably necessary to admit the following consequences: 1) the means of registration will be inoperative during a delay related to the encryption operation after each receipt of IE. 2) There will be a delay of 425 latency required to decrypt the program between choice and consumption (note however that this time is limited and does not depend on the number of users of the system). One possibility is to directly use and record the received program in DVB TS (Transport Stream, transmission method for real-time data). When the broadcast network 430 (1) uses encryption (by a DVB access control system), this solution is more easily implemented than the local encryption. It corresponds to the case where the session keys are transmitted in the particular descriptive data of the IE. Program encryption is not specific to the STB in which this program is registered. In other words, all STBs have the same encrypted image of the IE. The presentation / selection (4) is performed by the STB using its OSD (On Screen Display), an electronic means in digital television that allows interactive applications to display information on the television screen overprinting the television. video, and by the remote control and front 440 manual front controls. The programs (IEs) can be presented in the same way as an EPG application or "Pay-per-View" in order to unify the user's perception of the available programs immediately (according to the invention) and programs available traditionally (ie) in the future. The control center (6) is a secure computer server (for example by means of the "Secure Socket Layer" server client protocol, SSL) receiving a connection initiated by the STB's modem and carried by the terrestrial public network for example. For authentication, each receiver is provided with a unique private key known only to him. This key is the only piece of information to protect in STB's permanent memory. The ciphers use for example a public key algorithm. The public key (used for encryption) does not have to be protected, only private keys are protected. The control center (6) therefore manages only the private key of each STB. At the time of consumption, the STB authenticates itself to (6) then gets its secret decryption key confidentially and is the only one to be able to 455 do it. The control center (6) indicates the number of remaining consumption allowed in return. In the case of re-encryption to a remote device, the STB uses the public key of this one (which is not a secret). This key is for example entered by the remote control, and verified or directly obtained by the protocol between equipment, or obtained 460 from the control center (6). Local consumption is achieved by re-reading the

  file on the disk, decryption on the fly, and feed TS data to the MPEG2 decoder circuit input of the STB. Consumption to a remote device is the same except that data is directed (re-) encrypted to the STB's equipment interface (a 465 parallel link or a high-speed serial port such as USB).

  In the case of computing, the invention is implemented by means of networks that support simultaneous transmissions (ability to simultaneously transmit the same message to several receivers). This is for example - 14 of the multicast extension of the IPv4 protocol according to RFC1112 and the protocol 470 multicast "native" in IPv6. The realization principle is similar to the above except that a computer plays the roles of (3), (5), (7) and (8). It listens and receives video audio files (IEs) on a multicast IP channel (Class D address in lPv4). The encryption process can be performed by a dedicated equipment coupled to the hard disk or by software then accepting 475 as before and probably a dead time after encryption of each IE, and a limited time delay between the choice of a program and its consumption . One possible application of the invention is for the housing (8) to constitute a head-end providing a memory cache function between a low bandwidth multicast network (for example a channel on a satellite DVB-RCS network 480 or by cable) and a high bandwidth local area network (LAN) or metropolitan area network (MAN). The selection / presentation means (4) is realized by a remote workstation which carries out the downloading of the program file over the broadband network (to the extent that the broadband network supports the number of users), the station 485 work also plays the role of "other equipment". The principle of delivering the content recoded by the box for a remote device

  guarantees the security of the programs downloaded on the workstations.

-15

Claims (5)

  1 1) Transmitting-receiving system enabling a group of electronic boxes (8) to have elementary information (Ie) coming from an electronic transmitter (2) via a diffusion network (1) characterized in that the LEDs are filtered by each receiver (3) and then recorded spontaneously, ie without the intervention of the user of the box (8), in a storage memory (5) with a capacity much greater than volume of any IE. 2) System according to claim 1 characterized in that the center of   control (6) is informed and authorizes the consumption of IE by the user of the housing (8).   3) System according to claim 2 characterized in that lEs are recorded encrypted in the storage memories (5) of the housings (8). 4) System according to claim 1 characterized in that the control center and absent and the lEs are recorded encrypted in the   storing memories (5) of the housings (8).   System according to Claim 1, characterized in that the transmitter (2)   performs the cycle transmission of a set of IES, each to the group of receivers (3) and simultaneously between the receivers (3) by means of a diffusion network (1).   6) System according to claim 1 characterized in that the transmitter (2) transmits descriptive data of the ES at the same time as the   to the group of receivers by means of the broadcast network (1).   7) System according to claim 6 characterized in that the transmitter (2) 25 influences the recording behavior of the housings (8) by sending a priority information associated with the IE in the descriptive data. 8) System according to claim 6 characterized in that the transmitter (2) influences the recording behavior of the housings (8) by sending a measure of the popularity associated with the IE in the descriptive data. 9) System according to claim 2 characterized in that the transmitter (2)   uses the control center (6) to determine the popularity of the IDs. - 16   ) System according to claim 5 characterized in that the transmitter (2) 35 modifies all IlEs diffused.   I 1) System according to claim 1 characterized in that the housing (8) replaces the old IlEs stored in the storage memory (5) by the news received.   12) System according to claim 6 characterized in that the housing (8) 40 has selection criteria, applicable on descriptive data of the ES and conditioning the registration of IlEs in the storage medium (5).   13) System according to claim 11 characterized in that the lEs   stored in the casing an unlocked or locked character 45 indicating whether or not they can be replaced.   14) System according to claim 1 characterized in that   the routing of all the data composing the IE is guaranteed by the use of an adequate communication protocol in the broadcast network (1).   15) System according to claims 2 or 3 characterized in that the   control center (6) authenticates the housing (8) by means of a   digital signature and a secret held by the case (8).   16) System according to claims 3 or 4 characterized in that the   data corresponding to each IE are stored encrypted in the memory (5) in a specific manner of the housing (8), ie by means of a different secret (or public key) for each housing (8).   17) System according to claim 3 characterized in that the center of   control (6) transmits the decryption secret to the housing (8) so that the recording / encrypting means (5) decrypts the stored ones.   18) System according to claim 4 characterized in that the housing (8)   has a decryption secret that is used by the means   registration I encryption (5) to decrypt the registered lEs. 65 19) System according to claims 6 characterized in that the transmitter   (2) transmits to the boxes (8) the encryption secret in the descriptive data of an IE, thus allowing identical encryption of this IE in all cases.   20) System according to claim 3 characterized in that the control center modifies the secrets of encryption and decryption of casings (8) over time.   21) System according to claim 1 characterized in that the user of the housing (8) consumes lEs already stored in the storage memory (5) via the means of consumption (7), with or without digital storage.   22) System according to claim 21, characterized in that the user of the box (8) uses the IEs without any other delay than the delay inherent in the capacity of reading and local decryption of the IE by the recording means 80. encryption (5) and that the processing time of the means of consumption (7).   23) System according to claim 21 characterized in that the user without digital recording means of the housing (8) consumes the IE in deciphered form.   24) System according to claim 21, characterized in that a user (equipment) equipped with a digital recording capacity of the IES,   consumes IE in (re) encrypted form.   System according to claim 24, characterized in that the (re) encryption is realized specifically for the equipment, by means of a secret or an encryption key transmitted by the equipment by means of consumption (7).   26) System according to claims 3 and 24 characterized in that the (re) encryption is performed specifically for the equipment, by means of a secret or an encryption key obtained from the control center 95 (6).   27) System according to claims 4 and 24 characterized in that the (re) encryption is performed by a public key algorithm for the equipment, and by means of a public key entered via the intermediary 100 of the presentation / selection means .   28) System according to claim 13 characterized in that the means of   presentation / selection (4) allows the user to indicate a lock or unlock command on each IE registered to the box (5). - 18   29) System according to claim 12 characterized in that the means of   presentation I selection (4) allows the user to enter / edit the   selection criteria applicable by the housing (5) to the new ones.   30) System according to claim (1) characterized in that the means of   presentation I selection (4) can be remote from the housing (8).   31) System according to claims 5, 6, 7, 8, 9, 10, 28, 29, and 30   characterized in that the process of selecting the LEDs in each housing (8) depends on the LEDs emitted by the transmitter (2), the local settings 115 of this housing, the descriptive information of the ES transmitted by (2,   which information forcing the recording behavior of the boxes), so that the sets of eEs recorded in each recording / encryption means (5) actually results from an interactive behavior between all users of the 120 boxes (8) and the transmitter (2).   32) System according to claim 1 characterized in that the receiver (3), the encryption recording means (5) and the means of   consumption (7) are located in a housing (8).