GB2453924A - Encrypted Mobile TV broadcast with encrypted content key while key encryption key is delivered over phone network - Google Patents

Encrypted Mobile TV broadcast with encrypted content key while key encryption key is delivered over phone network Download PDF

Info

Publication number
GB2453924A
GB2453924A GB0718826A GB0718826A GB2453924A GB 2453924 A GB2453924 A GB 2453924A GB 0718826 A GB0718826 A GB 0718826A GB 0718826 A GB0718826 A GB 0718826A GB 2453924 A GB2453924 A GB 2453924A
Authority
GB
United Kingdom
Prior art keywords
key
encrypted
broadcast
user terminal
content
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0718826A
Other versions
GB0718826D0 (en
Inventor
Mark Priestley
Timothy Wright
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vodafone Group PLC
Original Assignee
Vodafone Group PLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vodafone Group PLC filed Critical Vodafone Group PLC
Priority to GB0718826A priority Critical patent/GB2453924A/en
Publication of GB0718826D0 publication Critical patent/GB0718826D0/en
Priority to ES08164940.2T priority patent/ES2479115T3/en
Priority to EP08164940.2A priority patent/EP2061244B1/en
Publication of GB2453924A publication Critical patent/GB2453924A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • H04L29/06721
    • H04L29/06979
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • H04N21/63345Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/643Communication protocols
    • H04N21/64315DVB-H
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption

Abstract

In the art is known to encrypt <B>11</B> broadcast content <B>13</B>, such as TV programmes, with a traffic encryption key (TEK). This TEK is then encrypted with a session encryption key (SEK) and the encrypted TEK <B>15</B> is broadcast with the content. The SEK is separately distributed <B>43</B> to user terminals <B>1</B> over a point to point network, such as a mobile phone network <B>3</B>, where is used to decrypt the TEK and thus the content. The SEK may be protected with user terminal public/private keys during this distribution. The known SEK is a symmetric key and is therefore vulnerable when sent to broadcasters for encrypting the TEK. The invention proposes making the SEK and asymmetric public/private key pair, such that only the public part SEK_pub <B>27</B> is sent to the broadcaster. Hence even if it is compromised the TEK and the content cannot be accessed without the private part SEK_priv.

Description

PROTECTION OF BROADCAST CONTENT
The present invention relates to a method of controlling the use, by a USer terminal registered with a telecommunications network, of content broadcast by broadcasting means and encrypted by a key. The present invention also relates to apparatus for controlling use of broadcast content.
Mobile TV broadcast over a broadcast hearer (e.g. DV B-H) has security issues which are not present when the same content is delivered over a point-to-point hearer (e.g. streamed over a 3G network). Over a broadcast hearer the content is broadcast and so can in principle he received by anyone with the right type of receiver. However, to be able to charge for the broadcast content the service provider needs to be able to control who can and cannot access the services.
This is typically achieved by encrypting the broadcast content and providing mechanisms for legitimate subscribers to obtain the keys necessary to decrypt that content. The generic term for these mechanisms and the channel encryption is service protection. There are a number of standardised service protection solutions.
Generally service protection uses a hierarchy of keys in which each layer of keys is used to protect the content or keys in the layer below. In this document the terms "encrypt" and "encrypted" are used to mean that a key is either used directly to encrypt the content in question or a key derived from the referenced key is used to encrypt the content in question. Integrity and/or authenticity of the content being encrypted may be provided by other cryptographic mechan is ins.
The content is encrypted using Traffic Encryption Keys (TEKs), in conjunction with a standardised protection protocol (e.g. IPsec. SRTP), before being broadcast. TEKs change frequently (often every minute or less) to prevent an attack based on accessing the TEKs within a device and redistributing the TEKs to unauthorised receivers.
Legitimate subscribers cannot decrypt the broadcast channel without access to the TEKs. TEKs are themselves encrypted using Service Encryption Keys (SEKs). The encrypted TEKs are sent, along with the encrypted content, over the broadcast channel. In terrestrial and satellite digital TV systems these protected TEKs are called Entitlement Control Messages (ECMs). In the OMA BCAST specillcalions these protected TEKs arc called "keystrearn messages" or Short Term Key Messages (STKMs).
Legitimate subscribers cannot extract the TEK from the keystream messages without access to the relevant Service Encryption Key (SEK). Only legitimate subscribers should have access to the Service Encryption Key.
A service provider will usually assign a separate SEK for each channel they broadcast. If a user subscribes to more than one channel they will require a SEK for each channel to which they subscribe.
Service Encryption Keys (SEKs) can have lifetimes of tens of minutes to months, although by definition they should be significantly longer lived than the TEKs that they protect. By changing the lifetime of a SEK the Service Provider can control the duration of subscription thai can be offered to their users (although other mechanisms are possible). In some cases SEKs can have a lifetime equal to that of a single programme, for example a pay per view him or sporting event. In such a case SEKs are often called "Programme Encryption Keys" or PEKs. Some solutions, such as l8Crypt/DRM profile, allow nesting of PEKs and SEKs, e.g. PEKs are encrypted using SEKs.
SEKs are normally sent over a point-to-point channel and arc encrypted using another key, referred to herein as a "User Key". The User Key is unique to a particular subscriber and may be the highest level key within the service protection key hierarchy. The DVB-H TPDC I 8Crypi. profile and OMA BCAST DRM profile specifications use OMA DRM Version 2 Rights Objects (ROs) [OMA DRM] to securely send the SEK to individual terminals. The OMA BCAST Sniartcard Profile uses the MIKEY protocol IIETF MIKEYI to securely send the SEK to the user's USIM (via the user's terminal).
In both cases these messages are referred to as Long Term Key Messages (LTKMs).
Conventionally, the SEKs, and any keys derived from SEKs to encrypt the TEKs are symmetric keys. This means that the same key is used to encrypt the TEK as is used to decrypt the TEK.
Service Protection platfi)rms must support a STKM generator and an LTKM generator. A number of mobile network operators (MNOs) may for reasons of economy share elements of a Service Protection platform, e.g. the STKM generator. It is less likely that MNOs will share an LTKM generator as this generates messages that are specifically for their customers and typically sent over the cellular network and not the broadcast bearer.
A problem with the MNOs sharing the STKM generator is that the STKM generator needs access to the SEK in order to generate the STKMS (e.g. the TEKs encrypted by the SEKs). However, SEKs are operator-specific, and are very valuable keys. Releasing the SEKs to the shared STKM generator in the broadcast platform is a security risk to the MNOs. lithe SEK became known to an unauthorised entity, that entity could decrypt the protected broadcast content by using the SEK to extract the TEK from the STKM and then using the extracted TEK to decrypt the protected content.
According to a first aspect of the present invention, there is provided a mcthod of controlling use, by a user terminal registered with a service provider, of content broadcast by broadcasting means and encrypted by a first key, the method including providing the first key, encrypted by a second key, to the broadcasting means for broadcast to the terminal with the encrypted content; and selectively providing a key corresponding to the second key to the user terminal by point to point communication between the telecommunications network and the user terminal; wherein the second key and the corresponding key are different but related keys, and the corresponding key enables decryption of the encrypted content.
For example the corresponding key may enable the extraction of the first key.
which in turn enables the decryption of the broadcast content.
In the embodiment the first key is a Traffic Encryption Key (TEK). The second key and the corresponding key are respective parts of a Service Encryption Key (SEK) public/private key pair (SEK_pub/SEK_priv).
The first key/TEK may he directly encrypted by the second key/SEK_pub or the second key/SEK_pub may be used to derive another key that are used to encrypt the first key/TEK. If the first key/TEK is encrypted by a key derived from the second key/SEK, then the terminal must perform the corresponding derivation function using the corresponding key/SEK_priv to obtain the key needed to decrypt the TEK.
In the embodiment the first key/TEK, encrypted by the second key/SEK_pub, and data relating to the keys and services that they protect, comprises a Short Term Key Message (STKM). As the STKM is generated by encrypting the first key/TEK with the second key/SEK_pub and combing the SEK encrypted TEK with data relating to the keys and services that they protect, the STKM generator can be shared between a plurality of Service Providers (e.g. Mobile Network Operators) without a significant security risk, in contrast to the prior art. Even if the second key/SEK_pub became known, this would not enable the unauthorised extraction of the first key/TEK from the STKM. The first key/TEK may only he extracted from the STKM by an entity that has the corresponding key/SEK_priv. As the corresponding key/SEK_priv is transmitted by a point to point communication from the Service Provider to the mobile terminal, it is less likely that this will be intercepted. This is especially true in the embodiment where the corresponding key/SEK_priv is sent protected by a User Key (UK) shared between the Service Provider and the user terminal -preferably in a secure module thereof. The UK may he pre-conligured on the user terminal at the time of manufacture, on a smartcard for insertion into the user terminal, or generated "on-the-fly" using information pre-provisioned at the tinle of manufacture.
The embodiment provides signilicant security improvements by using a public/private key pair for the SEK, in contrast to the symmetric SEKs of the prior art described above. The embodiment allows the broadcasting means and a STKM generator to be shared between a plurality of Service Providers without significantly compromising security. Such an arrangement of shared resources was not possible with the prior art arrangement, without compromising security.
In the embodiment the corresponding key/SEK_priv enables the first key/TEK from the STKM to he decrypted. The secure module on the mobile terminal then is able to use the decrypted first key/TEK required to decrypt the encrypted content received on the broadcast channel and to reproduce that content on the mobile terminal.
In the embodiment security may he further enhanced by securing the corresponding key/SEK_priv in the secure module. The secure module may he implemented by the mobile terminal, for example, or may be implemented on a sniartcard such as a Universal Integrated Circuit Card (UICC) that may optionally also implement a Subscriber Identity Module (SIM) or Universal SIM (USIM) or other application. Smartcards are highly secure, tamperproof hardware elements that arc (rusted by the Mobile Network Operators. The risk of the corresponding key/SEK_priv being obtained illegitimately from the Smaricard is very small.
According to a second aspect of the present invention, there is provided apparatus for controlling use, by a user terminal registered with a telecommunications network, of content broadcast by broadcasting means and encrypted by a first key, the apparatus including means for providing the lrst key. encrypted by a second key, to the broadcasting means for broadcast to the terminal with the encrypted content and means for selectively providing a key corresponding to the second key to the user terminal by point to point communication between the telecommunications network and the user terminaL wherein the second key and the corresponding key arc different but related keys, and the corresponding key enables decryption of the encrypted content.
The telecommunications network may be a GSM, GPRS or UMTS cellular network, for example.
For a better understanding of the present invention an embodiment will now be described by way of example, with reference to the accompanying drawing, the single figure of which shows schematically the elements of a broadcast system in accordance with an embodiment of the invention.
Mobile terminal I includes a display 2 and keypad 4. The terminal 1 is registered with a Mobile Network Operator (MNO) 3 (or other service provider) and is provided with secure module 5. The secure module 5 is implemented on a smart card in the embodiment, but this is not essential.
Optionally, the smart card may inc]ude a Subscriber Identity Module (SIM or USIM), which may allow the MNO 3 to authenticate the user of the terminal I using GSM or UMTS authentication. The secure module 5 allows the service provider to securely share a key specific to the user, the "User Key" (UK), with the secure module 5. The User Key may he pre-provisioncd at manufacture of the secure module 5 or generated "on-the-fly" using information j)re-provisioned at the time of manufacture.
If the secure module 5 comprises a SIM or USIM, or if a SIM/USIM is provided elsewhere for use by the terminal, authentication information may he stored on the SIM/USIM under the control of the MNO 3. The MNO 3 itselF stores details of each of the SIM/USIM issued under its control. In operation of MNO 3, the terminal I is authenticated (for example, when the user activates the terminal in the network with a view to making or receiving calls) by the network sending a challenge to the terminal I incorporating the SIM/USIM in response to which the SIM/USIM calculates a reply (dependent on the SIM/USIM predetermined information held Ofl the authentication means 5 -typically an authentication algorithm and a unique key Ki) and transmits it back to the MNO 3. The MNO 3 includes an authentication processor which generates the challenge and which receives the reply from the terminal I. Using information pre-stored concerning the content of the relevant SIM/US1M authentication means 5, the authentication processor calculates the expected value of the reply from the mobile terminal 1. If the reply received matches the expected calculated reply, the SIM/USIM and the associated mobile terminal are considered to he authenticated. The SIM/USIM used by the terminal 1 may be a SIM of the type defined in the GSM or UMTS standards specifications, or may be a simulation of a SIM -that is, software or hardware that performs a function corresponding to that of the SIM. The SIM may be in accordance with the arrangement described in WO-A-2004 036513.
The MNO 3 comprises a User Key (UK) generator or store, which is operable to generate or retrieve the User Key for each user. The User Key of the user is stored in the secure module authentication means 5 in store 39.
The terminal I is operable to receive broadcast content, such as content broadcast by DVB-H. The broadcast content is also receivable by other terminals, such as terminal I. Broadcast platform 7 receives content 9, br example, video, from a content provider (not shown). The broadcast platform 7 comprises a content encrypter II which is operable to encrypt the content 9 using a Traffic Encryption Key (TEK) generated by TEK generator 12. The broadcast platform 7 is operable to transmit the encrypted content 1 3 to the mobile terminal I. To facilitate decryption of the encrypted content 13 by the mobile terminal 1, the broadcast platform 7 also broadcasts Short Term Key Messages (STKMs) 15 which include the TEKs. The STKM 15 includes the TEK in encrypted form. The TEK is encrypted by a Service Encryption Key (SEK). In accordance with an important feature of the embodiment, the SEK used to encrypt the TEK is the public part of a public/private key pair.
MNO 3 includes an SEK generator 17 that is operable to generate the public and private key pair (SEK_pub and SEK_priv).
When the SEK public and private key pair is generated by SEK generator 17 in MNO, in addition to a public key message 27 being sent to a STKM 2() generator 21, the corresponding private key is passed to LTKM generator 41.
The LTKM generator 41 generates LTKMs 43 which comprises the private key protected by the User Key (UK) for mobile terminal I. The LTKM 43 is transmitted by a point-to-point channel. That is, the LTKM 43 is transmitted only to the mobile terminal I and is not broadcast to a multiplicity of terminals.
For example, the LTKM may be transmitted by SMS, WAP push or by any other convenient mechanism, such as over an IP bearer.
The mobile terminal I includes a message processor 37 in the secure module 5 for processing LTKM message 43. On receipt of the LTKM 43 by the mobile terminal 1, the mobile terminal I passes the LTKM 43 to the message processor 37. The message processor 37 retrieves the User Key (UK) from the storage location 39. The User Key retrieved from the store 39 of the secure module 5 enables the extraction of the private key (SEK_priv) from the LTKM 43. The private key is then stored in store 44 on the secure module 5.
When the broadcast platform 7 wishes to broadcast an STKM 15, the broadcast platform issues an STKM request 19 to the STKM generator 21. The STKM request 19 includes the TEK from the broadcast platform 7 to he included in the STKM. On receipt of the STKM request 19, the STKM generator 21 determines whether it has an appropriate SEK public key (SEK_pub) stored in public key store 23 in order to generate the STKM. If it is determined that the relevant SEK public key is not present in the public key store 23, the STKM generator 21 issues an SEK request 25 to the MNO 3. The SEK generator 17 of the MNO 3 then generates an SEK public and private key pair in the manner described above. The SEK public key (SEK_pub) generated by the SEK generator 17 or stored in the public key store 23 is transmitted to the STKM generator 21 in message 27. The generated SEK private key (SEK_priv) is stored in private key store 29 in MNO 3. The private key is transmitted to the mobile terminal I and stored in store 44 in the manner described above.
On receipt of the message 27, the STKM generator 21 stores the SEK public key in public key store 23. As the STKM generator 21 now has the appropriate public key to generate the STKM in response to the STKM request 19 received from the broadcast platform 7. The STKM generator 21 then retrieves the relevant public key from the public key store 23 and generates the STKM 33, which is transmitted to the broadcast platform 7. The broadcast platform 7 then transmits the STKM 33 to the mobile terminal I in STKM 15.
The mobile terminal I includes a filter or de-rnultiplexer 35 which receives data from the broadcast platform 7 arid separates out the STKM I 5 from the broadcast encrypted coiitent 13.
When the STKM 15 is extracted from the broadcast data received by the mobile terminal 1 by the filter/de-multiplexer 35, the STKM is passed to the message processor 37, which is also operable to process the STKM message 15. The extracted content is passed to content decryption module 45. The message processor 37 retrieves the private key (SEK_priv) from the store 44 and uses this to extract the TEK present in the STKM message 15. Because the private key (SEK_priv) retrieved from the store 44 is the private key corresponding to the pub]ic key (SEK_pub) used to protect the TEK, the TEK can he extracted by the message processor 37 using the corresponding private key. The message processor 37 then passes the extracted TEK to the content decryption module 45, which decrypts the encrypted content 13 using the TEK and allows the content to be consumed -for example, it to be displayed on the screen of the mobile terminal I and reproduced through the loudspeakers of the mobile terminal I. A second MNO 47 shares the broadcast platform 7 and the STKM generator 21 with the first MNO 3. When the STKM generator 21 receives an STKM request 19 from the broadcast platform 7, the STKM request 19 enables the STKM generator 2110 identify for which MNO an STKM has been requested and therefbre which SEK public key is required. For example, if the relevant public key is not present in the store 23 and an SEK from the second MNO 47 is required. the STKM generator 21 is operable to obtain from the second MNO 47 an SEK public key by sending an SEK request to second MNO 47. in a similar manner to the sending of the SEK request message 25 to the MNO 3.
The second MNO 47 comprises an SEK generator, private key store and LTKM generator which operate in a similar manner to the SEK generator 17.
private key store 29 and LTKM generator 41 of the MNO 3. The second MNO 47 establishes User Keys (UKs) for its subscribers and stores these on the secure modules of its subscribers in a similar manner to the first MNO 3. The second MNO 47 also sends LTKM 43, similar to the LTKM 43 sent by the first MNO 3.
II
The broadcast platform 7 and the STKM generator 21 can he shared by the MNOs 3,47 with little risk of a security compromise because only the SEK public keys of the MNOs 3,47 are provided to the shared STKM generator 21 (for subsequent broadcast by the broadcast plattbrni 7). The corresponding SEK private keys are never provided to the shared STKM generator 21. The SEK private keys are transmitted by a point to point communication in LTKMs 43 by MNO 3 (and the corresponding LTKM for the MNO 47). Further, the LTKM are protected using the relevant User Key (UK) to further enhance security.
Although two MNOs 3.47 are shown in the embodiment, it should he understood that the broadcast platform 7 and STKM generator 2 1 may he shared by a multiplicity of MNOs.
The scheme used to broadcast the content is DVB-H in the embodiment.
However, other broadcasting schemes can be used, such as DVB-T, T-DMB, DAB-IP, ISDB-T, TDtv or Media FLO.
In the embodiment, the content is video (moving pictures and sound).
However, it should be understood that the content could he of other types -e.g. sound oniy, still pictures (slide show), etc. In the embodiment, the STKM generator 21 and the broadcast platform 7 may be a single Unit.
The secure module 5 may he implemented in hardware or software.

Claims (29)

1. A method of controlling use, by a user terminal registered with a telecommunications network, of content broadcast by broadcasting means and encrypted by a first key, the method including providing the first key, encrypted by a second key, to the broadcasting means for broadcast to the terminal with the encrypted content and selectively providing a key corresponding to the second key to the user terminal by point to point communication between the telecomniunications network and the user terminal: wherein the second key and the corresponding key are different hut related keys, and the corresponding key enables decryption of the content.
2. The method of claim I, wherein the second key and the corresponding key are a public, private key pair.
3. The method of claim I or 2, wherein the point to point communication between the telecommunications network and the user terminal sends the corresponding key encrypted by a further key.
4. The method of claim 1,2 or 3, wherein the second key and the corresponding key are generated by the telecommunications network, and wherein the second key is provided by the telecommunications network to encryption means to enable encryption of the first key.
5. The method of claim 4, wherein the encryption means is shared by a plurality of telecommunications networks.
6. The method of any one of claims 1 to 5, wherein the broadcasting means is shared by a plurality of telecommunications networks.
7. The method of claim 4 or 5, wherein the broadcast means transmits the first key to the encryption means, and wherein the encryption means encrypts the first key using the second key received from the telecommunications network, and transmits the lrst key. encrypted by the second key, to the broadcast means, for onward broadcast to the user terminal.
8. The method of any one of claims 1 to 7, wherein the user terminal includes authentication means for storing authentication data for authenticating the user terminal with the telecommunications network.
II)
9. The method of any one of claims I to 8. wherein the user terminal includes a secure module for storing the corresponding key.
10. The method of any one of claims I to 9, wherein the user terminal includes means for receiving the broadcast encrypted content and the broadcast first key, encrypted by the second key, and for separating the encrypted content from the first key, encrypted by the second key.
11. The method of any one of claims I to 10, wherein the user terminal includes an application for accessing the corresponding key and for receiving the first key, encrypted by the second key, and for deriving the first key therefrom to enable consumption of the content.
12. The method of any one of claims 1 to II. wherein the content is broadcast by at least one of DV H-H and DVB-T.
13. The method of any one of claims I to 12, wherein the telecommunications network compn ses a mobile or cellular telecommunications network, such as GSM, GPRS, UMTS or 4G/SAE/LTE.
14. Apparatus for controlling use, by a user terminal registered with a telecommunications network, of content broadcast by broadcasting means and encrypted by a first key, the apparatus including means for providing the first key, encrypted by a second key, to the broadcasting means for broadcast to the terminal with the encrypted content: and means for selectively providing a key corresponding to the second key to the user terminal by point to point communication between the telecommunications network and the user terminal: wherein the second key and the corresponding key are different but related keys, and the corresponding key enables decryption of the content.
15. The apparatus of claim 14, wherein the second key and the corresponding key are a public, private key pair.
16. The apparatus of claim 14 or 15, wherein the point to point communication between the telecommunications network and the user terminal sends the corresponding key encrypted by a further key.
17. The apparatus of claini 14,15 or 16, including first key encryption means, and wherein the second key is provided to the encryption means to enable encryption of the first key.
18. The apparatus of claim 17, wherein the encryption means is shared by a plurality of telecommunications networks.
19. The apparatus of any one of claims 14 to I 8, wherein the broadcasting means is shared by a plurality of telecommunications networks.
20. The apparatus of claim 17 or 18, wherein the broadcast nieans transmits the first key to the encryption means, and wherein the encryption means is operable to encrypt the first key using the second key.
21. The apparatus of any one of claims 14 to 20, including the user terminal.
IS
22. The apparatus of claim 21, wherein the user terminal includes authentication means for storing authentication data for authenticating the user terminal with the telecommunications network.
23. The apparatus of any one of claims 14 to 22, wherein the user terminal includes a secure module for storing the corresponding key.
24. The apparatus of claims 2 I,22 or 23, wherein the user terminal includes means for receiving the broadcast encrypted content and the broadcast first key, encrypted by the second key, and for separating the encrypted content from the first key, encrypted by the second key.
25. The apparatus of any one of claims 2 I to 24, wherein the user terminal includes an application for accessing the corresponding key and for receiving the first key, encrypted by the second key, and for deriving the first key therefrom to enable consumption of the content.
26. The apparatus of any one of claims 14 to 25, wherein the content is broadcast by at least one of DVH-H and DVB-T.
27. The apparatus of any one of claims 14 to 26, wherein the telecommunications network comprises a mobile or ccl]ular teleconimunications network, such as GSM, GPRS, UMTS or 4G/SAE/LTE.
28. A method of controlling use of content, substantially as hereinbefore described with reference to and/or substantially as illustrated in the accompanying drawing.
29. Apparatus substantially as hereinbefore described with reference to and/or substantially as illustrated in the accompanying drawing.
GB0718826A 2007-09-27 2007-09-27 Encrypted Mobile TV broadcast with encrypted content key while key encryption key is delivered over phone network Withdrawn GB2453924A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
GB0718826A GB2453924A (en) 2007-09-27 2007-09-27 Encrypted Mobile TV broadcast with encrypted content key while key encryption key is delivered over phone network
ES08164940.2T ES2479115T3 (en) 2007-09-27 2008-09-23 Protection of broadcast content with key distribution through the telecommunications network
EP08164940.2A EP2061244B1 (en) 2007-09-27 2008-09-23 Protection of broadcast content with key distribution using telecommunications network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0718826A GB2453924A (en) 2007-09-27 2007-09-27 Encrypted Mobile TV broadcast with encrypted content key while key encryption key is delivered over phone network

Publications (2)

Publication Number Publication Date
GB0718826D0 GB0718826D0 (en) 2007-11-07
GB2453924A true GB2453924A (en) 2009-04-29

Family

ID=38701721

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0718826A Withdrawn GB2453924A (en) 2007-09-27 2007-09-27 Encrypted Mobile TV broadcast with encrypted content key while key encryption key is delivered over phone network

Country Status (3)

Country Link
EP (1) EP2061244B1 (en)
ES (1) ES2479115T3 (en)
GB (1) GB2453924A (en)

Cited By (68)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2507191A (en) * 2012-10-17 2014-04-23 Box Inc Remote key encryption key management in a collaborative cloud based environment
US8719445B2 (en) 2012-07-03 2014-05-06 Box, Inc. System and method for load balancing multiple file transfer protocol (FTP) servers to service FTP connections for a cloud-based service
US8745267B2 (en) 2012-08-19 2014-06-03 Box, Inc. Enhancement of upload and/or download performance based on client and/or server feedback information
US8868574B2 (en) 2012-07-30 2014-10-21 Box, Inc. System and method for advanced search and filtering mechanisms for enterprise administrators in a cloud-based environment
US8892679B1 (en) 2013-09-13 2014-11-18 Box, Inc. Mobile device, methods and user interfaces thereof in a mobile device platform featuring multifunctional access and engagement in a collaborative environment provided by a cloud-based platform
US8914900B2 (en) 2012-05-23 2014-12-16 Box, Inc. Methods, architectures and security mechanisms for a third-party application to access content in a cloud-based platform
US8990307B2 (en) 2011-11-16 2015-03-24 Box, Inc. Resource effective incremental updating of a remote client with events which occurred via a cloud-enabled platform
US8990151B2 (en) 2011-10-14 2015-03-24 Box, Inc. Automatic and semi-automatic tagging features of work items in a shared workspace for metadata tracking in a cloud-based content management system with selective or optional user contribution
US9015601B2 (en) 2011-06-21 2015-04-21 Box, Inc. Batch uploading of content to a web-based collaboration environment
US9019123B2 (en) 2011-12-22 2015-04-28 Box, Inc. Health check services for web-based collaboration environments
US9027108B2 (en) 2012-05-23 2015-05-05 Box, Inc. Systems and methods for secure file portability between mobile applications on a mobile device
US9054919B2 (en) 2012-04-05 2015-06-09 Box, Inc. Device pinning capability for enterprise cloud service and storage accounts
US9063912B2 (en) 2011-06-22 2015-06-23 Box, Inc. Multimedia content preview rendering in a cloud content management system
US9098474B2 (en) 2011-10-26 2015-08-04 Box, Inc. Preview pre-generation based on heuristics and algorithmic prediction/assessment of predicted user behavior for enhancement of user experience
US9117087B2 (en) 2012-09-06 2015-08-25 Box, Inc. System and method for creating a secure channel for inter-application communication based on intents
US9135462B2 (en) 2012-08-29 2015-09-15 Box, Inc. Upload and download streaming encryption to/from a cloud-based platform
US9195519B2 (en) 2012-09-06 2015-11-24 Box, Inc. Disabling the self-referential appearance of a mobile application in an intent via a background registration
US9197718B2 (en) 2011-09-23 2015-11-24 Box, Inc. Central management and control of user-contributed content in a web-based collaboration environment and management console thereof
US9195636B2 (en) 2012-03-07 2015-11-24 Box, Inc. Universal file type preview for mobile devices
US9213684B2 (en) 2013-09-13 2015-12-15 Box, Inc. System and method for rendering document in web browser or mobile device regardless of third-party plug-in software
US9237170B2 (en) 2012-07-19 2016-01-12 Box, Inc. Data loss prevention (DLP) methods and architectures by a cloud service
US9292833B2 (en) 2012-09-14 2016-03-22 Box, Inc. Batching notifications of activities that occur in a web-based collaboration environment
US9311071B2 (en) 2012-09-06 2016-04-12 Box, Inc. Force upgrade of a mobile application via a server side configuration file
US9369520B2 (en) 2012-08-19 2016-06-14 Box, Inc. Enhancement of upload and/or download performance based on client and/or server feedback information
US9396245B2 (en) 2013-01-02 2016-07-19 Box, Inc. Race condition handling in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9396216B2 (en) 2012-05-04 2016-07-19 Box, Inc. Repository redundancy implementation of a system which incrementally updates clients with events that occurred via a cloud-enabled platform
US9413587B2 (en) 2012-05-02 2016-08-09 Box, Inc. System and method for a third-party application to access content within a cloud-based platform
US9483473B2 (en) 2013-09-13 2016-11-01 Box, Inc. High availability architecture for a cloud-based concurrent-access collaboration platform
US9495364B2 (en) 2012-10-04 2016-11-15 Box, Inc. Enhanced quick search features, low-barrier commenting/interactive features in a collaboration platform
US9507795B2 (en) 2013-01-11 2016-11-29 Box, Inc. Functionalities, features, and user interface of a synchronization client to a cloud-based environment
US9519886B2 (en) 2013-09-13 2016-12-13 Box, Inc. Simultaneous editing/accessing of content by collaborator invitation through a web-based or mobile application to a cloud-based collaboration platform
US9519526B2 (en) 2007-12-05 2016-12-13 Box, Inc. File management system and collaboration service and integration capabilities with third party applications
US9535924B2 (en) 2013-07-30 2017-01-03 Box, Inc. Scalability improvement in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9553758B2 (en) 2012-09-18 2017-01-24 Box, Inc. Sandboxing individual applications to specific user folders in a cloud-based service
US9558202B2 (en) 2012-08-27 2017-01-31 Box, Inc. Server side techniques for reducing database workload in implementing selective subfolder synchronization in a cloud-based environment
US9575981B2 (en) 2012-04-11 2017-02-21 Box, Inc. Cloud service enabled to handle a set of files depicted to a user as a single file in a native operating system
US9602514B2 (en) 2014-06-16 2017-03-21 Box, Inc. Enterprise mobility management and verification of a managed application by a content provider
US9633037B2 (en) 2013-06-13 2017-04-25 Box, Inc Systems and methods for synchronization event building and/or collapsing by a synchronization component of a cloud-based platform
US9652741B2 (en) 2011-07-08 2017-05-16 Box, Inc. Desktop application for access and interaction with workspaces in a cloud-based content management system and synchronization mechanisms thereof
US9665349B2 (en) 2012-10-05 2017-05-30 Box, Inc. System and method for generating embeddable widgets which enable access to a cloud-based collaboration platform
US9691051B2 (en) 2012-05-21 2017-06-27 Box, Inc. Security enhancement through application access control
US9705967B2 (en) 2012-10-04 2017-07-11 Box, Inc. Corporate user discovery and identification of recommended collaborators in a cloud platform
US9712510B2 (en) 2012-07-06 2017-07-18 Box, Inc. Systems and methods for securely submitting comments among users via external messaging applications in a cloud-based platform
US9756022B2 (en) 2014-08-29 2017-09-05 Box, Inc. Enhanced remote key management for an enterprise in a cloud-based environment
US9773051B2 (en) 2011-11-29 2017-09-26 Box, Inc. Mobile platform file and folder selection functionalities for offline access and synchronization
US9792320B2 (en) 2012-07-06 2017-10-17 Box, Inc. System and method for performing shard migration to support functions of a cloud-based service
US9794256B2 (en) 2012-07-30 2017-10-17 Box, Inc. System and method for advanced control tools for administrators in a cloud-based service
US9894119B2 (en) 2014-08-29 2018-02-13 Box, Inc. Configurable metadata-based automation and content classification architecture for cloud-based collaboration platforms
US9953036B2 (en) 2013-01-09 2018-04-24 Box, Inc. File system monitoring in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9959420B2 (en) 2012-10-02 2018-05-01 Box, Inc. System and method for enhanced security and management mechanisms for enterprise administrators in a cloud-based environment
US9978040B2 (en) 2011-07-08 2018-05-22 Box, Inc. Collaboration sessions in a workspace on a cloud-based content management system
US10038731B2 (en) 2014-08-29 2018-07-31 Box, Inc. Managing flow-based interactions with cloud-based shared content
US10110656B2 (en) 2013-06-25 2018-10-23 Box, Inc. Systems and methods for providing shell communication in a cloud-based platform
US10200256B2 (en) 2012-09-17 2019-02-05 Box, Inc. System and method of a manipulative handle in an interactive mobile user interface
US10229134B2 (en) 2013-06-25 2019-03-12 Box, Inc. Systems and methods for managing upgrades, migration of user data and improving performance of a cloud-based platform
US10235383B2 (en) 2012-12-19 2019-03-19 Box, Inc. Method and apparatus for synchronization of items with read-only permissions in a cloud-based environment
US10452667B2 (en) 2012-07-06 2019-10-22 Box Inc. Identification of people as search results from key-word based searches of content in a cloud-based environment
US10530854B2 (en) 2014-05-30 2020-01-07 Box, Inc. Synchronization of permissioned content in cloud-based environments
US10554426B2 (en) 2011-01-20 2020-02-04 Box, Inc. Real time notification of activities that occur in a web-based collaboration environment
US10574442B2 (en) 2014-08-29 2020-02-25 Box, Inc. Enhanced remote key management for an enterprise in a cloud-based environment
US10599671B2 (en) 2013-01-17 2020-03-24 Box, Inc. Conflict resolution, retry condition management, and handling of problem files for the synchronization client to a cloud-based platform
US10713624B2 (en) 2012-02-24 2020-07-14 Box, Inc. System and method for promoting enterprise adoption of a web-based collaboration environment
US10725968B2 (en) 2013-05-10 2020-07-28 Box, Inc. Top down delete or unsynchronization on delete of and depiction of item synchronization with a synchronization client to a cloud-based platform
US10846074B2 (en) 2013-05-10 2020-11-24 Box, Inc. Identification and handling of items to be ignored for synchronization with a cloud-based platform by a synchronization client
US10915492B2 (en) 2012-09-19 2021-02-09 Box, Inc. Cloud-based platform enabled with media content indexed for text-based searches and/or metadata extraction
US11210610B2 (en) 2011-10-26 2021-12-28 Box, Inc. Enhanced multimedia content preview rendering in a cloud content management system
US11232481B2 (en) 2012-01-30 2022-01-25 Box, Inc. Extended applications of multimedia content previews in the cloud-based content management system
US11531648B2 (en) 2013-06-21 2022-12-20 Box, Inc. Maintaining and updating file system shadows on a local device by a synchronization client of a cloud-based platform

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1119132A2 (en) * 2000-01-19 2001-07-25 Research In Motion Limited Broadcasting encrypted messages using session keys
US20030198351A1 (en) * 2002-04-18 2003-10-23 International Business Machines Corporation Method, system and program product for modifying content usage conditions during content distribution
WO2005045554A2 (en) * 2003-11-11 2005-05-19 Nokia Corporation System and method for using drm to control conditional access to broadband digital content
EP1659736A2 (en) * 2004-11-19 2006-05-24 LG Electronics Inc. Conditional access for a multimedia broadcast service using a wireless terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2001283949A1 (en) * 2000-08-15 2002-02-25 Telefonaktiebolaget Lm Ericsson (Publ) Network authentication by using a wap-enabled mobile phone
US7349886B2 (en) * 2005-03-25 2008-03-25 Widevine Technologies, Inc. Securely relaying content using key chains
EP1826931B1 (en) * 2006-02-27 2018-12-19 Samsung Electronics Co., Ltd. Method and system for protecting broadcast service/content in a mobile broadcast system, and method for generating short term key message therefor

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1119132A2 (en) * 2000-01-19 2001-07-25 Research In Motion Limited Broadcasting encrypted messages using session keys
US20030198351A1 (en) * 2002-04-18 2003-10-23 International Business Machines Corporation Method, system and program product for modifying content usage conditions during content distribution
WO2005045554A2 (en) * 2003-11-11 2005-05-19 Nokia Corporation System and method for using drm to control conditional access to broadband digital content
EP1659736A2 (en) * 2004-11-19 2006-05-24 LG Electronics Inc. Conditional access for a multimedia broadcast service using a wireless terminal

Cited By (86)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9519526B2 (en) 2007-12-05 2016-12-13 Box, Inc. File management system and collaboration service and integration capabilities with third party applications
US10554426B2 (en) 2011-01-20 2020-02-04 Box, Inc. Real time notification of activities that occur in a web-based collaboration environment
US9015601B2 (en) 2011-06-21 2015-04-21 Box, Inc. Batch uploading of content to a web-based collaboration environment
US9063912B2 (en) 2011-06-22 2015-06-23 Box, Inc. Multimedia content preview rendering in a cloud content management system
US9978040B2 (en) 2011-07-08 2018-05-22 Box, Inc. Collaboration sessions in a workspace on a cloud-based content management system
US9652741B2 (en) 2011-07-08 2017-05-16 Box, Inc. Desktop application for access and interaction with workspaces in a cloud-based content management system and synchronization mechanisms thereof
US9197718B2 (en) 2011-09-23 2015-11-24 Box, Inc. Central management and control of user-contributed content in a web-based collaboration environment and management console thereof
US8990151B2 (en) 2011-10-14 2015-03-24 Box, Inc. Automatic and semi-automatic tagging features of work items in a shared workspace for metadata tracking in a cloud-based content management system with selective or optional user contribution
US11210610B2 (en) 2011-10-26 2021-12-28 Box, Inc. Enhanced multimedia content preview rendering in a cloud content management system
US9098474B2 (en) 2011-10-26 2015-08-04 Box, Inc. Preview pre-generation based on heuristics and algorithmic prediction/assessment of predicted user behavior for enhancement of user experience
US9015248B2 (en) 2011-11-16 2015-04-21 Box, Inc. Managing updates at clients used by a user to access a cloud-based collaboration service
US8990307B2 (en) 2011-11-16 2015-03-24 Box, Inc. Resource effective incremental updating of a remote client with events which occurred via a cloud-enabled platform
US10909141B2 (en) 2011-11-29 2021-02-02 Box, Inc. Mobile platform file and folder selection functionalities for offline access and synchronization
US11853320B2 (en) 2011-11-29 2023-12-26 Box, Inc. Mobile platform file and folder selection functionalities for offline access and synchronization
US9773051B2 (en) 2011-11-29 2017-09-26 Box, Inc. Mobile platform file and folder selection functionalities for offline access and synchronization
US11537630B2 (en) 2011-11-29 2022-12-27 Box, Inc. Mobile platform file and folder selection functionalities for offline access and synchronization
US9019123B2 (en) 2011-12-22 2015-04-28 Box, Inc. Health check services for web-based collaboration environments
US11232481B2 (en) 2012-01-30 2022-01-25 Box, Inc. Extended applications of multimedia content previews in the cloud-based content management system
US10713624B2 (en) 2012-02-24 2020-07-14 Box, Inc. System and method for promoting enterprise adoption of a web-based collaboration environment
US9195636B2 (en) 2012-03-07 2015-11-24 Box, Inc. Universal file type preview for mobile devices
US9054919B2 (en) 2012-04-05 2015-06-09 Box, Inc. Device pinning capability for enterprise cloud service and storage accounts
US9575981B2 (en) 2012-04-11 2017-02-21 Box, Inc. Cloud service enabled to handle a set of files depicted to a user as a single file in a native operating system
US9413587B2 (en) 2012-05-02 2016-08-09 Box, Inc. System and method for a third-party application to access content within a cloud-based platform
US9396216B2 (en) 2012-05-04 2016-07-19 Box, Inc. Repository redundancy implementation of a system which incrementally updates clients with events that occurred via a cloud-enabled platform
US9691051B2 (en) 2012-05-21 2017-06-27 Box, Inc. Security enhancement through application access control
US9280613B2 (en) 2012-05-23 2016-03-08 Box, Inc. Metadata enabled third-party application access of content at a cloud-based platform via a native client to the cloud-based platform
US9552444B2 (en) 2012-05-23 2017-01-24 Box, Inc. Identification verification mechanisms for a third-party application to access content in a cloud-based platform
US8914900B2 (en) 2012-05-23 2014-12-16 Box, Inc. Methods, architectures and security mechanisms for a third-party application to access content in a cloud-based platform
US9027108B2 (en) 2012-05-23 2015-05-05 Box, Inc. Systems and methods for secure file portability between mobile applications on a mobile device
US9021099B2 (en) 2012-07-03 2015-04-28 Box, Inc. Load balancing secure FTP connections among multiple FTP servers
US8719445B2 (en) 2012-07-03 2014-05-06 Box, Inc. System and method for load balancing multiple file transfer protocol (FTP) servers to service FTP connections for a cloud-based service
US9712510B2 (en) 2012-07-06 2017-07-18 Box, Inc. Systems and methods for securely submitting comments among users via external messaging applications in a cloud-based platform
US9792320B2 (en) 2012-07-06 2017-10-17 Box, Inc. System and method for performing shard migration to support functions of a cloud-based service
US10452667B2 (en) 2012-07-06 2019-10-22 Box Inc. Identification of people as search results from key-word based searches of content in a cloud-based environment
US9237170B2 (en) 2012-07-19 2016-01-12 Box, Inc. Data loss prevention (DLP) methods and architectures by a cloud service
US9794256B2 (en) 2012-07-30 2017-10-17 Box, Inc. System and method for advanced control tools for administrators in a cloud-based service
US8868574B2 (en) 2012-07-30 2014-10-21 Box, Inc. System and method for advanced search and filtering mechanisms for enterprise administrators in a cloud-based environment
US8745267B2 (en) 2012-08-19 2014-06-03 Box, Inc. Enhancement of upload and/or download performance based on client and/or server feedback information
US9369520B2 (en) 2012-08-19 2016-06-14 Box, Inc. Enhancement of upload and/or download performance based on client and/or server feedback information
US9729675B2 (en) 2012-08-19 2017-08-08 Box, Inc. Enhancement of upload and/or download performance based on client and/or server feedback information
US9558202B2 (en) 2012-08-27 2017-01-31 Box, Inc. Server side techniques for reducing database workload in implementing selective subfolder synchronization in a cloud-based environment
US9135462B2 (en) 2012-08-29 2015-09-15 Box, Inc. Upload and download streaming encryption to/from a cloud-based platform
US9450926B2 (en) 2012-08-29 2016-09-20 Box, Inc. Upload and download streaming encryption to/from a cloud-based platform
US9311071B2 (en) 2012-09-06 2016-04-12 Box, Inc. Force upgrade of a mobile application via a server side configuration file
US9117087B2 (en) 2012-09-06 2015-08-25 Box, Inc. System and method for creating a secure channel for inter-application communication based on intents
US9195519B2 (en) 2012-09-06 2015-11-24 Box, Inc. Disabling the self-referential appearance of a mobile application in an intent via a background registration
US9292833B2 (en) 2012-09-14 2016-03-22 Box, Inc. Batching notifications of activities that occur in a web-based collaboration environment
US10200256B2 (en) 2012-09-17 2019-02-05 Box, Inc. System and method of a manipulative handle in an interactive mobile user interface
US9553758B2 (en) 2012-09-18 2017-01-24 Box, Inc. Sandboxing individual applications to specific user folders in a cloud-based service
US10915492B2 (en) 2012-09-19 2021-02-09 Box, Inc. Cloud-based platform enabled with media content indexed for text-based searches and/or metadata extraction
US9959420B2 (en) 2012-10-02 2018-05-01 Box, Inc. System and method for enhanced security and management mechanisms for enterprise administrators in a cloud-based environment
US9705967B2 (en) 2012-10-04 2017-07-11 Box, Inc. Corporate user discovery and identification of recommended collaborators in a cloud platform
US9495364B2 (en) 2012-10-04 2016-11-15 Box, Inc. Enhanced quick search features, low-barrier commenting/interactive features in a collaboration platform
US9665349B2 (en) 2012-10-05 2017-05-30 Box, Inc. System and method for generating embeddable widgets which enable access to a cloud-based collaboration platform
US9628268B2 (en) 2012-10-17 2017-04-18 Box, Inc. Remote key management in a cloud-based environment
GB2507191B (en) * 2012-10-17 2015-03-04 Box Inc Remote key management in a cloud-based environment
GB2507191A (en) * 2012-10-17 2014-04-23 Box Inc Remote key encryption key management in a collaborative cloud based environment
US10235383B2 (en) 2012-12-19 2019-03-19 Box, Inc. Method and apparatus for synchronization of items with read-only permissions in a cloud-based environment
US9396245B2 (en) 2013-01-02 2016-07-19 Box, Inc. Race condition handling in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9953036B2 (en) 2013-01-09 2018-04-24 Box, Inc. File system monitoring in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9507795B2 (en) 2013-01-11 2016-11-29 Box, Inc. Functionalities, features, and user interface of a synchronization client to a cloud-based environment
US10599671B2 (en) 2013-01-17 2020-03-24 Box, Inc. Conflict resolution, retry condition management, and handling of problem files for the synchronization client to a cloud-based platform
US10846074B2 (en) 2013-05-10 2020-11-24 Box, Inc. Identification and handling of items to be ignored for synchronization with a cloud-based platform by a synchronization client
US10725968B2 (en) 2013-05-10 2020-07-28 Box, Inc. Top down delete or unsynchronization on delete of and depiction of item synchronization with a synchronization client to a cloud-based platform
US9633037B2 (en) 2013-06-13 2017-04-25 Box, Inc Systems and methods for synchronization event building and/or collapsing by a synchronization component of a cloud-based platform
US10877937B2 (en) 2013-06-13 2020-12-29 Box, Inc. Systems and methods for synchronization event building and/or collapsing by a synchronization component of a cloud-based platform
US11531648B2 (en) 2013-06-21 2022-12-20 Box, Inc. Maintaining and updating file system shadows on a local device by a synchronization client of a cloud-based platform
US10110656B2 (en) 2013-06-25 2018-10-23 Box, Inc. Systems and methods for providing shell communication in a cloud-based platform
US10229134B2 (en) 2013-06-25 2019-03-12 Box, Inc. Systems and methods for managing upgrades, migration of user data and improving performance of a cloud-based platform
US9535924B2 (en) 2013-07-30 2017-01-03 Box, Inc. Scalability improvement in a system which incrementally updates clients with events that occurred in a cloud-based collaboration platform
US9483473B2 (en) 2013-09-13 2016-11-01 Box, Inc. High availability architecture for a cloud-based concurrent-access collaboration platform
US8892679B1 (en) 2013-09-13 2014-11-18 Box, Inc. Mobile device, methods and user interfaces thereof in a mobile device platform featuring multifunctional access and engagement in a collaborative environment provided by a cloud-based platform
US9704137B2 (en) 2013-09-13 2017-07-11 Box, Inc. Simultaneous editing/accessing of content by collaborator invitation through a web-based or mobile application to a cloud-based collaboration platform
US9213684B2 (en) 2013-09-13 2015-12-15 Box, Inc. System and method for rendering document in web browser or mobile device regardless of third-party plug-in software
US9519886B2 (en) 2013-09-13 2016-12-13 Box, Inc. Simultaneous editing/accessing of content by collaborator invitation through a web-based or mobile application to a cloud-based collaboration platform
US10044773B2 (en) 2013-09-13 2018-08-07 Box, Inc. System and method of a multi-functional managing user interface for accessing a cloud-based platform via mobile devices
US10530854B2 (en) 2014-05-30 2020-01-07 Box, Inc. Synchronization of permissioned content in cloud-based environments
US9602514B2 (en) 2014-06-16 2017-03-21 Box, Inc. Enterprise mobility management and verification of a managed application by a content provider
US9756022B2 (en) 2014-08-29 2017-09-05 Box, Inc. Enhanced remote key management for an enterprise in a cloud-based environment
US11146600B2 (en) 2014-08-29 2021-10-12 Box, Inc. Configurable metadata-based automation and content classification architecture for cloud-based collaboration platforms
US10038731B2 (en) 2014-08-29 2018-07-31 Box, Inc. Managing flow-based interactions with cloud-based shared content
US10708321B2 (en) 2014-08-29 2020-07-07 Box, Inc. Configurable metadata-based automation and content classification architecture for cloud-based collaboration platforms
US10708323B2 (en) 2014-08-29 2020-07-07 Box, Inc. Managing flow-based interactions with cloud-based shared content
US9894119B2 (en) 2014-08-29 2018-02-13 Box, Inc. Configurable metadata-based automation and content classification architecture for cloud-based collaboration platforms
US10574442B2 (en) 2014-08-29 2020-02-25 Box, Inc. Enhanced remote key management for an enterprise in a cloud-based environment
US11876845B2 (en) 2014-08-29 2024-01-16 Box, Inc. Configurable metadata-based automation and content classification architecture for cloud-based collaboration platforms

Also Published As

Publication number Publication date
EP2061244B1 (en) 2014-04-23
GB0718826D0 (en) 2007-11-07
ES2479115T3 (en) 2014-07-23
EP2061244A1 (en) 2009-05-20

Similar Documents

Publication Publication Date Title
EP2061244B1 (en) Protection of broadcast content with key distribution using telecommunications network
US8677147B2 (en) Method for accessing services by a user unit
US7698568B2 (en) System and method for using DRM to control conditional access to broadband digital content
EP2461539B1 (en) Control word protection
US8205243B2 (en) Control of enhanced application features via a conditional access system
JP2001519629A (en) Method and apparatus for transmitting an encrypted data stream
MX2007013885A (en) Fine grain rights management of streaming content.
EP2724546B1 (en) Receiver software protection
KR20060107806A (en) System and method for using drm to control conditional access to broadband digital content
US20060174351A1 (en) Method and system for CAS key assignment for digital broadcast service
CA2586172C (en) System and method for providing authorized access to digital content
CN101335579A (en) Method implementing conditional reception and conditional receiving apparatus
US9544276B2 (en) Method for transmitting and receiving a multimedia content
AU2014292293A1 (en) Method for protecting decryption keys in a decoder and decoder for implementing said method
WO2006112581A1 (en) A conditional access system in digital multimedia broadcasting system and method thereof
KR100966413B1 (en) Method for controlling access to specific services from a broadcaster
JP2006333350A (en) Digital broadcasting system, digital broadcast receiver, broadcasting apparatus, and management apparatus
US20170318263A1 (en) Method and apparatus for supporting multiple broadcasters independently using a single conditional access system
US20050129234A1 (en) Method to update access right to conditional access data
CN101193308A (en) Method and device for playing video/audio signals in communication network
JP2007181224A (en) Digital broadcast receiving method
Wright Security considerations for broadcast systems
EP2109314A1 (en) Method for protection of keys exchanged between a smartcard and a terminal
Yang et al. Authentication scheme and simplified CAS in mobile multimedia broadcast
KR101240659B1 (en) Cas system and method for digital broadcating receiver

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)