KR20080014929A - System and method for using drm to control conditional access to broadband digital content - Google Patents

Abstract

A system and method is disclosed for providing DRM in a broadcast environment. In accordance with the embodiment, a DRM system distributes encrypted service keys over the mobile telephone network to a mobile terminal. The mobile terminal receives the encrypted service key and uses it to decrypt encrypted content keys received from a DVB set top box. The decrypted content keys are sent to the set box over local link where they are used to decrypt encrypted broadcast content. A power management technique for mobile receivers is also disclosed that enables the receiver hardware to power off during a portion of the rendering process.

Description

System and method for using DRM to control conditional access to broadband digital content}

The present invention relates generally to the secure transmission and use of IP datacast content. More particularly, the present invention relates to ensuring broadband digital content delivery and rights management using mobile terminals.

DVB provides a standard for the distribution of digital broadcast video content. One of the issues with the adoption of DVB is that the initial digital content provided by the standard can potentially be recorded and distributed without loss of quality and without the consent of the content owner. To avoid unauthorized distribution, the DVB standard has a mechanism for encrypting content that is distributed before transmission. DVB, however, does not represent a digital rights management (DRM) scheme or key delivery standard. These two elements ensure secure transmission and conditional access to protected content. DVB leaves this aspect of content protection in the development of proprietary DRM systems.

The encryption of content delivered to any rights management system is relatively simple. More difficult is to distribute conditional access to the permissions required to decrypt and use the distributed information. The authorization implements what the end user will do with the encrypted content, for example, how long will the content be played or for a limited number of copies of the content.

DRM achieves conditional access to content by passing the keys required to decrypt the content into a tightly controlled system in which the rights themselves cannot be copied or distributed freely, which is described in US Patent Application Publication No. 2003-0076955-A1. See. Successful control of these privileges requires that they be treated individually to limit the distribution of privileges beyond a particular authorized end user.

Current DVB DRM solutions transmit these rights as vouchers sent with the same broadcast that performs DVB transmission. This approach can be very wasteful in bandwidth because each user needs to receive a personalized credential. As the number of tokens increases, the bandwidth of the broadcast link, which will have to carry digital content, will be unnecessarily wasted. This method of sending a token is particularly wasteful because every user who receives the broadcast will receive not only the token intended for that user, but also the token intended for all other users.

Another approach to providing DRM is to distribute credentials over other communication links, such as telephone lines, using a set top box with special equipment such as smart cards and modems. However, the special equipment required to perform the rights transfer prevents wireless broadcasters from controlling the end user's equipment efficiently, which may be the way cable operators may do.

While wireless broadcasters want to develop additional broadcast payment systems, they cannot do so without first developing an integrated hardware infrastructure for end users, including DRM infrastructure (hardware and software) and billing mechanisms. The investment required to build a system is significant for any single broadcast channel. In addition, end users will not be able to invest in systems that only work for one channel or acquire new equipment.

The present invention seeks to ensure broadband digital content delivery and rights management using mobile terminals.

The problems identified above are addressed by systems and methods for controlling conditional access to DVB content and technological advances are made in the art. An exemplary embodiment of the present invention includes a DRM system for encrypting a DVB service key and generating credentials that describe the rights associated with the use of DVB. The credential certificate and the encrypted service key are sent to a mobile terminal programmed to decrypt the service key according to the authority clearly expressed in the credential table. The DVB display device receives the content encrypted with the content key and also receives the version of the content key that was encrypted with the service key. The DVB display device sends the encrypted content key to the mobile terminal. The mobile terminal decrypts the content key with the service key according to the rights defined in the certificate. The mobile terminal sends the decrypted content key to the DVB display device, which is used to decrypt the encrypted content.

The present invention guarantees broadband digital content delivery and rights management using mobile terminals.

In one preferred embodiment of the present invention, a method for protecting broadcast digital content comprises encrypting digital content with a first key; Encrypting the first key with the second key; Broadcasting encrypted digital content and an encrypted first key; Protecting the second key and assigning rights to the second key; Transmitting the protected second key and the assigned authority to the mobile terminal on the mobile communication network through the protected certificate; And transmitting the executable application decrypted using the second key to the mobile terminal.

A method for protecting broadcast digital content includes receiving encrypted digital content and an encrypted first key at a content display device; Receiving a protected second key and assigned authority at the mobile terminal via the protected certificate; Transmitting the encrypted first key from the content display device to the mobile terminal; decrypting the encrypted first key as a protected second key according to the assigned authority; Transmitting the decrypted first key from the mobile terminal to the content display device; And decrypting, at the content display device, the encrypted digital content with the decrypted first key.

In still another preferred embodiment of the present invention, a method for viewing protected digital content includes receiving encrypted digital content and an encrypted first key through a one-way transmission link at a first display device; Receiving the protected second key and the assigned authority on the mobile communication network at the mobile terminal through the protected certificate; Receiving a protected executable application decrypted using the second key; Transmitting the encrypted first key from the content display device to the mobile terminal through a two-way transmission link; Decrypting the encrypted first key as a protected second key in accordance with the assigned authority; Transmitting the decrypted first key from the mobile terminal to the content display device; And decrypting, at the content display device, the encrypted digital content with the decrypted first key.

In another preferred embodiment of the present invention, a system for protecting digital video broadcast content includes a mobile communication network; a computer coupled to the mobile communication network; A mobile terminal connected to a mobile communication network; A content receiver connected to the mobile terminal via a short range communication network, the content receiver being programmed to receive one-way content transmissions containing encrypted digital content and at least one encrypted first key, the content receiver being encrypted Is further programmed to transmit the first key to the mobile terminal; The computer protects a second key and creates a right to identify an authorized use of the second key and transmits the protected second key, the right, and a protected execution application to the mobile terminal on the mobile communication network. The protected second key and the right are transmitted via a protected certificate; The mobile terminal is programmed to use the protected second key to decrypt the encrypted first key according to the authority and transmit the decrypted first key to the content receiver; The content receiver is further programmed to decrypt encrypted digital content with the decrypted first key, and the protected execution application is decrypted using the second key.

In another preferred embodiment of the present invention, a system for displaying protected digital content includes a mobile communication network; A mobile terminal connected to a mobile communication network; A content receiver connected to the mobile terminal via a local area network and capable of receiving broadcast content, the content receiver including a broadcast containing encrypted digital content, at least one encrypted first key, and a protected execution application; Programmed to receive content transmissions, the content receiver being further programmed to transmit the encrypted first key to the mobile terminal via the local area network; The mobile terminal is programmed to decrypt the encrypted first key according to the authority using the protected second key and transmit the decrypted first key to the content receiver via the local area network, the mobile terminal displaying the protected certificate. Receive the protected second key and the right via; The content receiver is further programmed to decrypt encrypted digital content with the decrypted first key, and the protected execution application uses decryption DRM using the second key.

In another preferred embodiment of the present invention, a method for protecting broadcast digital content comprises encrypting digital content with a first key; Encrypting the first key with the second key; Broadcasting an encrypted first key; Broadcasting the encrypted digital content into a plurality of segments; Protecting the second key and assigning rights to the second key; Transmitting the protected second key and the assigned authority to the mobile terminal on at least one of the plurality of networks via the protected certificate; and transmitting the executable application decrypted using the second key to the mobile terminal. It includes; step.

In another preferred embodiment of the present invention, a method for protecting broadcast digital content comprises encrypting digital content with a first key; Encrypting the first key as a second key; broadcasting the encrypted digital content into multiple segments, each segment being broadcast in less time than rendering the encrypted digital content contained in the segment. step; Protecting the second key and assigning rights to the second key; Transmitting the protected second key and the assigned authority to the mobile terminal on the mobile communication network through the protected certificate; and transmitting the executable application decrypted using the second key to the mobile terminal. .

In another preferred embodiment of the present invention, a method for viewing protected digital content comprises receiving and buffering a broadcast segment of encrypted digital content and an encrypted first key with a broadcast receiver of a mobile terminal, Turning off the broadcast receiver after being received; Receiving the protected second key and the assigned authority on the mobile communication network at the mobile terminal through the protected certificate; Receiving a protected executable application decrypted using the second key; Decrypting the encrypted first key as a protected second key in accordance with the assigned authority; Decrypting the broadcast segment of encrypted digital content with the decrypted first key; Rendering the digital content; And waiting for the turn-on of the broadcast receiver after a predetermined period of time.

In another embodiment of the present invention, a system for protecting digital video broadcast content includes a mobile communication network; A computer connected to a mobile communication network; A mobile terminal connected to the mobile communication network, the mobile terminal including a content receiver and a content rendering device; The content receiver is programmed to receive one-way content transmissions containing a plurality of segments of encrypted digital content and at least one encrypted first key; The computer protects a second key and creates a right to identify an authorized use of the second key and transmits the protected second key, the right, and a protected execution application to the mobile terminal on the mobile communication network. The protected second key and the right are transmitted via a protected certificate; The mobile terminal is programmed to decrypt the encrypted first key according to the right, using the protected second key, and the content receiver is further programmed to decrypt the encrypted digital content with the decrypted first key; The mobile terminal is programmed to turn off the content receiver after receiving a first segment of encrypted digital content and then turn on the content receiver after a predetermined period of time to receive a second segment of encrypted digital content; The content rendering device renders the decrypted digital content, and the protected executable application is decrypted using the second key.

In another embodiment of the present invention, a system for displaying protected digital content includes a mobile communication network; A mobile terminal connected to a mobile communication network, the mobile terminal including a content receiver capable of receiving broadcast content and a rendering device capable of rendering content; The content receiver is programmed to receive broadcast content transmissions containing segments of encrypted digital content, at least one encrypted first key, and a protected execution application, wherein the content receiver establishes a local area network based on the encrypted first key. Further programmed to transmit to the mobile terminal via; The mobile terminal is programmed to decrypt the encrypted first key according to the authority, using the protected second key, and the content receiver is further programmed to decrypt the encrypted digital content with the decrypted first key, and the mobile terminal Receives the protected second key and the right through a protected certificate; The mobile terminal is programmed to turn off the content receiver after receiving a first segment of encrypted digital content and then turn on the content receiver after a predetermined period of time to receive a second segment of encrypted digital content; The rendering device renders the decrypted digital content, and the protected execution application is decrypted using the second key.

According to another embodiment of the present invention, an electronic device in which digital content is rendered includes: a memory in which program code is stored; a processor arranged to communicate with the memory to perform instructions according to the stored program code; And a content receiving hardware device arranged to communicate with the processor, wherein the program code, when executed by the processor, broadcast content transmissions containing segments of the encrypted digital content and the at least one encrypted first key. Using the second key, decrypting the encrypted first key in accordance with a right and receiving the second key and the right in a protected token; and decrypting encrypted digital content Decrypting with the first key, wherein the processor turns off the content receiving hardware device after receiving the first segment of encrypted digital content and then turns on the content receiving hardware device after a predetermined period of time. Receive a second segment of encrypted digital content and at least one of the first keys I am decrypted and then the encrypted digital content is decrypted.

The problems identified above are addressed by systems and methods for controlling conditional access to DVB content and technological advances are made in the art. An exemplary embodiment of the present invention includes a DRM system for encrypting a DVB service key and generating credentials that describe the rights associated with the use of DVB. The credential certificate and the encrypted service key are sent to a mobile terminal programmed to decrypt the service key according to the authority clearly expressed in the credential table. The DVB display device receives the content encrypted with the content key and also receives the version of the content key that was encrypted with the service key. The DVB display device sends the encrypted content key to the mobile terminal. The mobile terminal decrypts the content key with the service key according to the rights defined in the credential table. The mobile terminal sends the decrypted content key to the DVB display device, which is used to decrypt the encrypted content.

In a further exemplary embodiment of the invention, the DRM system sends an executable application to the mobile terminal. The mobile terminal then runs an application that handles service and content key decryption and enforces the assigned rights.

In a further exemplary embodiment of the present invention, both the DRM system and the mobile terminal operate in accordance with the OMA DRM standard protecting the service key to protect the service key defining the credential and enforce the authorized authority to the mobile terminal.

In a further embodiment of the invention the mobile terminal is connected to the DVB display device via Bluetooth.

In a further embodiment of the invention the mobile phone billing system is used to charge for the use of DVB content.

The system and method of the present invention provide an efficient and secure method for transmitting DRM rights in a DVB environment. The present invention has the advantage that transmission and authorization control can occur in a protected manner using a separate distribution path without unnecessary waste of broadcast transmission bandwidth. In addition, in a particularly advantageous embodiment, the present invention uses the mobile DRM standard and mobile telephone infrastructure established for the charging and content control in place.

1 shows a schematic content encryption and delivery scheme. Clear, ie unencrypted, DVB content 1c first encrypts according to the DVB common scrambling algorithm (DVB CSA 5). The DVB CSA 5 takes clear DVB content and a random CSA control word 10 as input. The DVB CSA 5 then employs a symmetric encryption algorithm to produce encrypted DVB content 1e. The CSA control word 10 must later be used by a decryption algorithm to decrypt the encrypted DVB content 1e and restore the usable clear DVB content. Therefore, the CSA control word can be thought of as the key to the distributed encrypted content. It is now safe for the encrypted DVB content 1e to broadcast freely via the broadcast channels 50 to the DVB end user 40. Regarding end users, only one symbol pointing to end users 40 is shown in the figure, but it should be understood that any number of end users may receive broadcast content. In addition, the identified end user 40 represents many hardware and software structures that perform DVB functions, such as receiving and decrypting DVB content and messages. End user structures may be implemented by any suitable known equipment, such as a TV, tuner or set top box, programmed to operate in accordance with the DVB standard and the disclosed system.

The process described so far is defined by the DVB standard and therefore must be consistent among the various DVB implementations. However, encrypted DVB content received by end users 40 will only be useful if it can be decrypted. To do so, the end user 40 will require a copy of the CSA control word 10. However, the DVB standard does not dictate how to safely transmit control words to end users. It also does not dictate how the control words are used once only in accordance with the rights defined in the content providers. Therefore, a complete DRM system must protect the secrets of the control words during the transfer and restrict their use by end users in accordance with the authority granted by the content provider. The general approach to carrying out this proprietary aspect of a DVB system is shown as a dotted rectangle in FIG. 1.

First, the CSA control word 10 is encrypted 20 with a service key (SK) 22. The service key is used to encrypt all CSA control words associated with a particular DVB service, such as premium channel or pay-per-view event. But other services will probably use a different key. The encrypted CSA control word is added to the entitlement control message (ECM) 25. In addition to the encrypted CSA control word, the ECM 20 may also include header information or other related data. The ECM is then sent to the end users 40 over the broadcast network.

The encrypted CSA control word contained in the ECM must be decrypted before it can be used to decrypt the encrypted DVB content. Thus, the service key SK 22 must be delivered to the end user. To do so securely, the service key is encrypted 28 with a user key UK 27 unique to a particular end user. Typically the UK is stored on a protected smart card in an end user set-top box. The encrypted SK is then used to generate an Entitlement Management Message (EMM) 29. The EMM may also include header or authorization information. The authorization information sent will, for example, instruct the end user how to make the protected content available.

Unlike the previous encryption steps, the user key does not need to be sent to the end users 40 because the end user's hardware is preprogrammed to decrypt the data encrypted with the user's UK. Multiple procedures can be employed to ensure the confidentiality and usability of the UK. For example, the end user's hardware can be preprogrammed with a shared secret known by the DVB system. Alternatively, public key cryptography can be used to encrypt SK without having to know the end user's UK. In either case, upon receiving the EMM, the end user decrypts the service key and then this service key is used to decrypt the CSA control word, which ultimately is used to decrypt the broadcast content.

As shown in Fig. 2, the general approach for the delivery of DVB content is modified to employ a mobile terminal 70. Delivery of encrypted DVB content 1e and encrypted control words in ECM 25 is performed as shown in FIG. However, the introduction of a mobile terminal allows the system of FIG. 2 to release service requirements and DRM implementations from DVB broadcasters to mobile telephone / data networks.

The content provider, that is, the broadcaster, delivers SK to the DRM system along with other data related to the content. In practical use this could be achieved by the server of the content provider creating and sending the SK via any known intercomputer communication method.

In one embodiment, SK already encrypted by the UK is sent to the EMM. The DRM system adds the specific formatting and authorization information required and then sends the EMM to the mobile terminal.

In an alternative embodiment, as shown in FIG. 2, the broadcaster may provide SK to the DRM system 30 prior to encryption using the UK 27. This will limit the volume of data traffic between the DVB broadcaster and the DRM system 30, since SK is common to all users, while encrypted EMMs are user specific and must be generated for each end user requiring service. . These two examples demonstrate that various aspects of the DVB encryption / broadcast and DRM system can be divided among DVB and DRM service providers in any number of ways, including a system where the DVB provider may also perform DRM services. do.

Enforcement provided by the DRM system may be performed by any known DRM technique. For example, mobile terminals participating in the system may be designed from the ground up to include UK and DRM software and / or hardware protecting the UK. This software and / or hardware will ensure that the mobile uses the UK only in accordance with instructions provided by the DRM system. In this embodiment, the DRM system needs to know the UK, that is, the shared secret, or need to know how to encrypt the content so that the UK can decrypt it, that is, the public key cryptogram.

Returning to the embodiment of FIG. 2A, once the DRM system 30 receives the SK 22, it provides the DRM protection to the SK and distributes it to the end user via the mobile telephone network. The DRM system may be implemented by a computer or a group of computers programmed and connected to a mobile telephone network to perform the disclosed operations so as to transfer data to mobile terminals.

The DRM system may also have stored data about the user such as, for example, identifier data (name, address, phone number), data about its DRM compliant device, data about content subscriptions, data about billing, and the like. The DRM system may communicate with the mobile network operator for charging, for example.

One of the functions of the DRM system in this embodiment is to provide the DRM infrastructure to the mobile terminal 70. As shown in FIG. 2, the DRM system provides the protection application 36 containing the UK 27 in the mobile terminal 70. This protection application runs on the mobile terminal and performs DRM operations, such as key decryption and authority enforcement, for example. The protection application can be programmed according to any known methods for providing a protected calculation. Moreover, once installed in the mobile terminal, the protection application provides DRM enforcement for any number of EMMs sent by the system. This embodiment is particularly advantageous because it provides delivery of the UK. Thus, a mobile terminal that has never participated in a particular DRM system can be started, and the system can refresh the UK for the mobile terminal to provide updated security.

In addition to providing a protection application, the DRM system must also be programmed to provide the mobile terminal with rights to instruct the protected SK and its use. This is accomplished by encrypting / wrapping 34 the SK to create an EMM wrapped with a DRM certificate 35 indicating the usage rights for the SK. Thus, computers implementing the DRM system 30 are programmed to wrap and encrypt 34, ie, encapsulate EMM and other data in the DRM certificate 35. DRM system 30 communicates with mobile terminals via mobile communication network 80 to deliver DRM messages and objects, such as DRM certificates and protection applications.

As a rights object, the DRM certificate could also contain protection rights definitions that indicate the number and type of uses that can be performed on content related to SK. The DRM certificate may further include other data, such as data relating to the requested / ordered content and data relating to charging or payment. The DRM token may be expressed in an authorization expression language such as ODRL or in an extensible generating language such as XML or any derivative thereof.

However, the functionality of a privilege object can be implemented in a less flexible manner by reprogramming the privilege into a system or protected application. For example, a protection application can be programmed to only allow a certain set of privileges, such as one play, for all EMMs it receives.

Now it returns to the operation of the mobile terminal and the operations performed at the end user 40. As mentioned above, the end user 40 employs means to receive DVB encrypted content and provide output via the display. In the disclosed embodiment this operation is performed by a DVB set top box, but the disclosed operations can be implemented by any hardware known in the art that can be integrated into a TV or perform the disclosed functions.

As shown in Figure 3, a DVB set top box communicates with a mobile terminal over any known communication link, such as a wired connection or a wireless RF or infrared link. One advantageous embodiment would employ Bluetooth in the communication between the set top box and the mobile terminal because it is a definite standard and provides a secure connection made between the set top box and the mobile terminal. As discussed above, mobile terminal 70 is a simple hardware device coupled to a mobile communication network and programmed to perform the disclosed functions of a DRM system.

The process begins with an end user ordering protected DRM content. The lists of available content can be set up for browsing on a television via a DVB network or set top box or via its user interface on the mobile terminal itself. When a user browses content with a mobile terminal, the mobile terminal may receive data describing content choices available and connected to servers in the DRM system or from other sources. Alternatively, the available content can be browsed and ordered through the voice telephony network.

In either case, once the user has selected a particular piece of content, the DRM system 30 is notified and begins to push the required DRM tokens and software towards the mobile terminal 70. The use of mobile terminals in the ordering process enables DVB content providers to charge for content using the mobile charging network. In other words, if a user orders a paper view movie, the fee for that movie may simply be added to the user's mobile phone bill.

The process of using the content with the ordered content begins. As shown in Fig. 3, the set top box 41 has received or previously received and stored the encrypted DVB content 1e and the ECM 25 associated therewith. However, the set top box cannot use any of the encrypted DVB content 1e without the CSA control words contained in the ECM. However, the ECM must be decrypted with a suitable service key to obtain a clear CSA control word. To do this, the set top box 41 passes the ECM 25 to the mobile terminal 70 via the Bluetooth link 90. Since the ECM contains an encrypted CSA control word, the Bluetooth link does not need to be protected at this stage. Advantageously, many set top boxes already perform similar functions and send the received ECM to the smart card for decryption. Thus, set-top boxes only need to be re-designated to communicate with mobile terminals instead of smart cards.

As described above and shown in FIG. 3, the mobile terminal 70 has received a protection application 36 and a DRM certificate 35 from the DRM system 30. The process for decrypting a CSA control word is as follows, preferably the same terminal is hardware and / or software designed to perform security processing and resists tampering by individual ones attempting to interfere with the applied DRM. Has a mobile DRM engine 72. The mobile DRM engine runs a protection application 36 with secure access to the UK 27. The protection application considers the DRM certificate 35 and the ECM 25 as inputs.

The DRM will then determine whether the rights represented by the DRM certificate allow for the required use, such as play of DVB content. If the required use is allowed, the protection application uses the UK to decrypt the SK contained in the EMM (74). The decrypted SK is then used to decrypt the CSA control word contained in the ECM to produce a clear CSA control word 10. The clear CSA control word is then sent back to the set-top box via a Bluetooth link. Preferably, the clear, ie unencrypted, transmission of the CSA control word to the set top box occurs on a secure Bluetooth link. The Bluetooth link secure connection provides the authentication, authorization, and encryption (encryption of plain text) that is made.

Deploying a protected application to run a DRM system is particularly beneficial because the protected application can be tailored to the end user's specific mobile terminal and / or set-top box to ensure compatible behavior for users regardless of the equipment employed. to be.

Upon receipt of the decrypted CSA control word 10, the DVB set top box performs DVB CSA decryption 43 using the CSA control word. This creates clear DVB content 1c and this content can then be output to the display 46 for use. Display 46 is just a general representation for the use of the content. In practice, the content may be music, software, or the like, each of which will be available on a suitable device.

In alternative embodiments, the protected application may have an expiration date as represented by a DRM certificate and the protected application will become inoperable after the expiration date or the protected application is discarded or entirely or partially overwritten, Will be deleted. A protection application that has been disabled in one embodiment of the invention will be reactivated with a response message from the DRM system, where the reactivation message can be a DRM certificate that includes another protection application.

Other embodiments could use a mobile phone network to receive location information from the network. The location of the mobile terminal can be easily determined down to the cell level and the location data is available in the visitor location register (VLR) of the network. The received location information can be used as part of access control. For example, a DRM certificate may contain geographic constraints that can be applied using this feature.

Another advantageous embodiment would use a mobile terminal in connection with any nearby device that receives DVB content. If a Bluetooth connection is used, the Bluetooth service discovery protocol and the Bluetooth pairing mechanism will provide a trust relationship that can be used to identify the required set-top box. This functionality will allow the user to buy and use content at a friend's house or elsewhere.

In another advantageous embodiment, the DRM system may affect the use of mobile terminals and may implement the standard DRM infrastructure of the Open Mobile Alliance (OMA).

The benefits of delivering EMMs and DRM rights using OMA compliant mobiles are two parts. First, mobile terminals are a common piece of hardware owned by most individuals, and therefore broadcasters can provide additional services without mobilizing special hardware for all potential end users. Secondly, the use of mobile terminals also allows broadcasters to adopt standard mobile DRM systems such as OMA, eliminating the need to develop and maintain special systems at cost. Both of these advantages lead to a system where end users can employ standard equipment to get premium DVB content right away. This makes the system more marketable compared to the system where users have to plan ahead to get premium content and get special equipment.

In general, OMA defines software and hardware standards for mobile terminals. The OMA DRM standard allows compliant devices to implement and participate in rights management systems, including secure delivery of protected content and executable applications, such as Java applets. The OMA compliant mobile terminal will then run the application containing the required UK and other security procedures necessary to ensure protection of the protected content. The protected content in the present invention is simply SK and CSA control words rather than actual usable media. Additional details of the OMA DRM system can be found in the OMA publications, including OMA, DRM Content Format Version 1.0; OMA, Digital Rights Management Version 1.0; And OMA rights expression language version 1.0, all of which are available at www.openmobilealliance.com and are incorporated herein by reference.

In the context of the present invention, the DRM system will make protection applications and DRM certificates in accordance with the OMA standard. And the mobile terminal will be designed and programmed to follow the OMA standard when running OMA applications and following the DRM certificate.

As noted above, the disclosed invention may be implemented in any hardware capable of performing the disclosed operations. For example, in another embodiment, all of the end user functions of the disclosed invention have a receiving device, a rendering hardware device, and a memory device containing a software program that implements the disclosed procedures, eg, a mobile phone, laptop or eye opening information. It may be implemented in a single mobile terminal such as a portable terminal. Such devices are becoming more and more popular entertainment sources as improvements to networks and portable devices provide richer and more diverse content to end users. For example, mobile phone handsets with relatively large color screens are likely to be popular devices for watching video broadcasts.

However, using a mobile terminal that handles broadcast content presents some additional problems that need to be addressed. One of the most concerned problems for any mobile device is the available battery life. Receiving broadcast content is particularly battery intensive because the receiving circuits of the mobile terminal must remain active during the entire broadcast. For example, the power consumption required to receive a broadcast of a movie or television show (program) may significantly reduce the available battery life of the device.

An exemplary embodiment of the present invention provides a solution to reduce battery usage in broadcast situations. This solution relates to providing broadcasts to mobile devices in time sliced and time compressed segments.

In other words, if the broadcast link has sufficient bandwidth to send a segment of the broadcast content in less time than when rendering the content contained in the segment, then the receiver may send the content after the content has been transmitted. Power can be saved because it can be turned off while playing. For example, if the network broadcasts content at 3 megabits / second and the content is rendered at 300 kilobits / second, the receiver of the mobile terminal only needs to be turned on for 1 second to receive 10 seconds of content. The receiver is then turned off for nine seconds while rendering the content, reducing power consumption by 90%. Broadcast of live content under this technique will require some transmission delay that matches the segment length employed. For example, if a broadcaster chooses to transmit content in one minute segments, it will have to buffer one minute of content before starting the transmission of the first segment. Thus, the broadcast will be delayed by about one minute.

This time slice technique also has the advantage of facilitating transitions between cells in a cellular environment where the mobile device moves from cell to cell. As the mobile terminal moves from cell to cell, it must select the optimal time to switch its connection from one cell to the next. If the mobile terminal received the broadcast in real time, handoff to the next cell may cause some flaw in the reception of the broadcast transmission. Choosing the best time for the switch will require at least very careful judgment. On the other hand, using the disclosed time slice technique, the mobile terminal can intermittently use its receiver to find other cells. Then, due to the extended time between segment transmissions, a larger time window is available for determining the optimal cell transmission time.

In order to perform the described technique, a mobile terminal may be provided with a memory device having software executable to perform the disclosed operation. In order to make the disclosed technique successful, the mobile terminal must be provided with suitable timing to turn its receiver off and on during segment reception. An initial decision to turn on the receiver can be made from a number of sources, typically based on the device user's request for a particular piece of content. The device may then be turned off after receiving the first segment. Once off, the next decision is to turn the receiver back on and it can be accomplished in a number of ways. For example, the segment transmission gap could be a wide range of preset systems as part of the protocol employed. In other words, all transmission segments can be generated at predetermined intervals. Alternatively, the mobile terminal can turn on when the current segment has just finished its rendering phase and waits for the next segment, eg when the current segment rendering is 95% complete. Alternatively, each segment may contain data indicating when the next segment is broadcast. Identifying the broadcast time of the next segment through the data of the previous segment is particularly beneficial because it allows for variable segment size and allows determination of the timing of the next segment without rendering the current segment.

Many features and advantages of the invention will be apparent from the description, and therefore, it is intended that the appended claims cover all such features and advantages of the invention that fall within the true spirit and scope of the invention.

In addition, as many variations and modifications may occur to those skilled in the art, the present invention is not intended to be limited to the precise instructions and operations shown and described herein. Accordingly, all suitable modifications and equivalents at will are intended to fall within the scope of the claims.

Other and further aspects of the present invention will become apparent with reference to the accompanying drawings in the following description.

1 is a block diagram illustrating delivery of DVB encrypted content.

2 is a block diagram illustrating an exemplary embodiment of the present invention that discloses a DRM system for DVB using a mobile terminal.

3 is a block diagram illustrating an exemplary embodiment of the present invention that initiates operation of a mobile terminal and a DVB set top box and communication therebetween.

Claims (1)

A system for controlling conditional access to broadband digital content using DDRM.

Images