MXPA00007898A - Recording of scrambled digital data - Google Patents

Abstract

A system for transmission and recording of digital data, comprising transmission means (6) adapted to prepare and transmit scrambled digital data together with at least one encrypted control word and a digital recording device (41) adapted to receive and record the scrambled digital data and encrypted control word on a digital support (43), the digital recording device (41) further including an access control means (42) adapted to decrypt the control word and thereafter descramble the digital data during playback. The present invention is particularly, but not exclusively, adapted to the transmission of scrambled audio data to be recorded on a mini disc reader (41).

Description

RECORDING OF DISTURBED DIGITAL DATA The present invention relates to a method and apparatus for transmitting and recording disturbed digital data, for example, transmitted audio and / or video data. The transmission of digital data that is disturbed or encoded cryptically is well known in the field of paid television systems, where disturbed audiovisual information is transmitted, for example, by satellite to several subscribers, each subscriber having a decoder or receiver / decoder capable of awakening the program transmitted for subsequent viewing. In a typical conditional access system for paid television, the disturbed digital data is transmitted together with a control word to awaken the digital data, the control word itself is cryptically encoded by a first key and transmitted in cryptically encoded form in a rights control message (ECM). The disturbed digital data and the cryptically encoded word are received by a decoder having an equivalent of the first key necessary to decode the control word encoded cryptically and thereafter to wake up the transmitted data. Usually, the control word changes every 10-15 seconds. A paying subscriber will receive a rights management message (EMM) monthly that includes the operating key needed to decode the control words encoded cryptically in a way that allows them to see the transmitted programs. With the advent of digital technology, the quality of the transmitted data has increased many times. A particular problem associated with digital quality data is its ease of reproduction. When an unsuspecting program passes via an analog link (for example the "Peritel" link) to be viewed and recorded by a standard cassette video recorder, the quality is no longer greater than that associated with a standard analogue analogue cassette recording. The risk that this recording is used as a master tape to make pirated copies is not greater than with the analogue camera bought in a standard store. By way of contrast, any digital data awakened through a direct digital link to a new generation digital recording device (for example, a DVHS recorder) will have the same quality as the originally transmitted program. In this way it can be reproduced any number of times and no degradation of the image or sound quality. There is therefore a considerable risk that the awaited data will be used as a master copy to make pirated copies, be it other digital copies or even simple copies of analog VHS. PCT / US97 / 07981, which represents the closest prior art document, describes a copyright control system, in which authorization messages are included with a transmission program. A receiver / decoder makes a decision to record the program or not based on this message, the program is usually recorded in clear on the video cassette. The system operates in parallel with a conventional conditional access system and in all modes the transmitted disturbed program was awakened in the decoder before being recorded. Document EP 0763936 describes another method of copyright control, again using an authorization message system in parallel with a conventional access control system. In order to allow a disturbed recording to be played after one month of subscription (and a subsequent change in the operating key), the system stores the EMM message of that month on the smart card of the decoder. This can lead to significant storage problems on the smart card. It is an object of the present invention to allow a secure system for data transmission and recording allowing authorized recording of transmitted digital data., at the same time minimizing the risk of pirated copies of these recordings made by unauthorized third parties and avoiding problems with known systems. According to the present invention there is provided a system for transmitting and recording digital data, comprising a transmission element adapted to prepare and transmit at least one control word encoded cryptically by a first key together with disturbed digital data by that word of control further characterized by comprising a digital recording device adapted to receive and record the disturbed digital data transmitted along with the control word encoded cryptically on a digital support, the digital recording device further including an access control unit adapted to decode the control word and then wake up the digital data during playback. In this way, the data in question will be recorded in disturbed form in which they were transmitted directly on the digital support medium, and can only be accessed after that along with the recording device and the associated access control unit, providing by this a safe system for recording at the same time that problems with known methods are avoided. The access control unit may be permanently integrated with the recording device. However, in some embodiments it can be considered that the access control unit is incorporated in a discrete module, for example as a smart card on a SIM card, insertable in the recording device to allow the decoding and awakening of the data recorded in the reproduction. Although the recording device may include the means necessary to receive the transmitted digital data, the system may also comprise a separate receiver / decoder adapted to receive the transmitted digital data and the cryptically encoded codeword and communicate this information to the recording device for his subsequent registration. In this mode, the receiver / decoder can be of the standard type as it is known from the digital television transmission field and adapted to receive audio and / or transmission video data (disturbed and clear) as well as data sent, for example, via a modem link to the receiver / decoder. The receiver / decoder can also be integrated with other devices such as a digital television, a DVHS recorder, and so on. Generally speaking, the system can operate in two possible modes of operation; a cyclic transmission mode and a demand transmission mode. In the case of a cyclic transmission mode, the transmission element is adapted to repetitively transmit the disturbed digital data and the code word encoded cryptically. In this mode, the control word for the data is preferably encoded cryptically by a first key associated with the identity of the data being transmitted. For example, in the case where the number of pieces of music are being transmitted in a repeat cycle, the control word or the words needed to wake up the data for each recording are cryptically encoded by a specific key to that particular piece of information. music. The number of control words needed may depend on the length of the piece of music. The equivalent to the key necessary to decode the control word can be communicated to access the control element in various ways, for example, simply by "clean" transmission over a telephone network or the like. However, preferably, the first key is cryptically encoded by a second key before communication to access the control unit. In such a mode, the system may further comprise a cryptic key encoding apparatus adapted to encode the first equivalent key by a second key prior to communication to the recording device, the access control unit having an equivalent of the second key. so as to allow the decoding of the first key and, after that, the decoding of the control word and the subsequent awakening of the transmitted data. The cryptic key encoding apparatus may be integrated with the transmission element and the associated circuit to disturb transmission, and so on. However, it can also be associated with a separate database and a server that contains a list of the keys associated with each access control element and recording device. In the case where the system comprises a receiver / decoder unit, the receiver / decoder unit can be adapted to request a first key from the cryptic key encoding apparatus, the cryptic key encoding apparatus thereafter transmits the first key crypically encoded to the receiver / decoder for subsequent communication with the recording device and the access control module. For example, the cryptic key encoding apparatus can respond to a request received from the receiver / decoder via a modem channel by returning information about this channel. Alternatively, the information may be communicated to a transmission element for subsequent communication, for example, in a broadcast transmission.

The above cyclic transmission modes have been discussed in particular in relation to systems in which the key used to cryptically code the control word is directly associated with the identity of the data, for example, the particular piece of music or the audiovisual program transmitted. In an alternative embodiment, the same first key is used to cryptically code the control word or words associated with a plurality of data sets. For example, all programs or songs transmitted during a particular time period, such as during a monthly subscription, may use the same first cryptic encoding key to cryptically code the control word data. Similarly, while the first key is normally sent in response to a request from a user, in one embodiment the first key is transmitted repetitively by the transmission element in a message encoded by a second key. Verification that the user or subscriber has sufficient rights to receive and record, for example, a monthly ration of data can be handled upstream in the transmission. Only those subscribers who have paid the necessary subscription will receive the key for that month, encrypted cryptically by their second personalized password and sent by the transmission element. In addition, in some embodiments, the access control module may also include a credit unit to control the number of recordings made by the recorder and / or the number of times a recording is played, for example, during the monthly ration of credit. In this case, a number of credits can be communicated, for example, together with the first key information to the recording device each month, each recording resulting in the reduction of a credit maintained by the recording device. The above modalities have been discussed in relation to a cyclic mode of transmission. In an alternative mode on demand, the transmission element responds to a request in real time to transmit the disturbed digital data and the control word encoded cryptically. Although it is more complicated to handle in terms of the received request, the on-demand mode may allow a simplification of the cryptic encoding process. In particular, in one embodiment, the control word is cryptically encoded directly by a first key associated with the identity of the access control unit, the access control unit possessing an equivalent of this key to enable the decoding of the word of control and the subsequent awakening of the data. The real-time request can be communicated to the transmission element by a receiver / decoder connected to the recording device. Alternatively, an application can be made by telephone, minitel, etcetera. The transmission element can be adapted to transmit data to the recorder via any number of communication channels, for example, via a fixed telecommunications network. However, the invention is particularly applicable to the broadcast transmission of mainly audiovisual data or multimedia digital data, notably audio data. The present invention can also be used in conjunction with various types of digital recording devices. In a preferred embodiment, the transmission element is adapted to transmit digital audio data. In such a mode, the recording device may conveniently comprise a minidisc recorder adapted to include access control means as described above. The present invention also extends to a recording device for use in a system as described above and a method of transmitting and recording disturbed data. The terms "disturbed" and "cryptically encoded" and "control word" and "keys" have been used in various parts of the text for the purposes of language clarity. Nevertheless, it will be understood that no fundamental distinction will be made between "disturbed data" and "cryptically encoded data" or between "a control word" and a "key". Similarly, the term "equivalent key" is used to refer to a key adapted to decode cryptically encoded data by a first mentioned key, or vice versa. Unless it is mandatory in view of the context or unless otherwise specified, no general distinction is made between keys associated with symmetric algorithms such as DES and those associated with public / private algorithms such as RSA. The term "receiver / decoder" or "decoder" used herein may connote a receiver to receive either encoded or uncoded signals, for example, television and / or radio signals, which may be broadcast or transmitted by some other medium. The term may also connote a decoder to decode the received signals. The embodiments of these receivers / decoders may include a decoder integrated with the receiver for decoding the received signals, for example, in a "top box", such as a decoder operating in combination with a physically separate receiver, or a decoder including additional functions, such as a network browser or that is integrated with other devices such as a video recorder or a television. Similarly, the term "digital recording device" can designate any convenient device adapted to record digital data, notably audio and / or video data, such as the DAT machine, a DVD recorder, a DVHS recorder, a mini recorder disk, etcetera. As used herein, the term "transmission element" includes any transmission system for transmitting or broadcasting, for example, primarily digital audio-visual or multimedia data. Although the present invention is particularly applicable to television or digital audio transmission systems, the invention can also be applied to a fixed telecommunications network for multimedia Internet applications, to a closed circuit television, and so on. In the case of a transmission audio or television system, the transmission route may include satellite, terrestrial, cable or other means. Other general and preferred features of the various aspects of the invention will be apparent from the description of the various exemplary embodiments. With respect to this, several embodiments of the present invention will now be described, by way of example only, with reference to the accompanying Figures, in which: Figure 1 shows an overview of an adaptive digital television system for its use in the present invention; Figure 2 shows the elements of the receiver / decoder of Figure 1; Figure 3 shows a first embodiment of the invention that includes a recording device for recording disturbed data transmitted; Figure 4 shows the recorded data associated with the embodiment of Figure 3; Figure 5 shows a second embodiment of the invention adapted to use the beginning of a series of previously paid signals; Figure 6 shows the recorded data associated with the embodiment of Figure 5; Figure 7 shows a third modality of the modality in which the data are supplied on demand; and Figure 8 shows the recorded data associated with the embodiment of Figure 7. In the embodiments of Figures 3 to 8, the present invention will be discussed in connection with the transmission of disturbed data broadcasts and their subsequent recording. A digital television system and a decoder for use in this context will now be described in relation to Figures 1 and 2. An overview of a digital television system 1 according to the present invention is shown in Figure 1. The invention includes a mostly conventional digital television system 2 which uses the known compression system MPEG-2 to transmit compressed digital signals. In more detail, the MPEG-2 compressor 3 in a transmission center receives a stream of digital signals (typically a stream of video signals). The compressor 3 is connected to a multiplexer and a disturber 4 via a link 5. The multiplexer 4 receives a plurality of additional input signals, assembles the transport current and transmits the compressed digital signals to the transmitter 6 of the transmission center via the link 7, which can of course take a wide variety of forms, including telecommunications links. The transmitter 6 transmits electromagnetic signals via the upper link 8 to a satellite transmitting transmitter 9, where they are processed electronically and transmitted via a downward notional link 10 to the terrestrial receiver 12, conventionally in the form of a proprietary satellite dish. rented by the end user. The signals received by the receiver 12 are transmitted to an integrated receiver / decoder 13 owned or rented by the end user, and connected to the television set of the end user 14. The receiver / decoder 13 decodes the MPEG-2 signal compressed into a television signal for the television set 14. Other transport channels for the transmission of data are of course possible, such as terrestrial transmission, cable transmission, combined satellite / cable links, telephone networks, etc. In a multi-channel system, the multiplexer 4 handles audio and video information received from several parallel sources and interacts with the transmitter 6 to transmit the information along a corresponding number of channels. In addition to audiovisual information, messages or applications or any other kind of digital data may be produced in some or all of these channels interlaced with the audio and digital video information transmitted. A conditional access system 15 is connected to the multiplexer 4 and the receiver / decoder 13, and is located partially in the transmission center and partially in the decoder. This allows the end user to have access to digital television broadcasts from one or more broadcast providers. A smart card, capable of deciphering messages related to commercial offers (that is, one or more television programs sold by the transmission provider), can be inserted into the receiver / decoder 13. Using the decoder 13 and the smart card, the user can buy commercial offers, either in subscription mode or a mode of payment to see. As mentioned earlier, the programs transmitted by the system are disturbed in the multiplexer 4, the conditions and the cryptic encoding keys applied to a given transmission are determined by the access control system 15. The transmission of disturbed data in this way is well known in the field of paid television systems. Typically, the disturbed data is transmitted together with a control word to wake up the data, the control word itself being cryptically encoded by a key operation call and transmitted in cryptically encoded form in an ECM (rights control message). The disturbed data and the cryptically encoded control word are received by the decoder 13 having access to an equivalent of the operating key stored in a smart card inserted in the decoder to decode the rights control message encoded cryptically and the word of control and after that awake the transmitted data. A paid subscriber will receive, for example, in a monthly rights management message transmission the operating key necessary to decode the control word encoded cryptically so as to allow it to see the transmission. An interactive system 16, also connected to the multiplexer 4 and the receiver / decoder 13 and again located partially in the transmission center and partially in the decoder, enables the end user to interact with several applications via a modem back channel 17. The Modem back channel can also be used for communications used in the conditional access system 15. An interactive system can be used, for example, to enable the viewer to immediately communicate with the transmission center to request authorization to view a particular event , copy an application, etc. With reference to Figure 2, the elements of the receiver / decoder 13 in the upper case adapted to be used in the present invention will now be described. The elements shown in this figure will be described in terms of functional blocks. The decoder 13 comprises a central processor 20 that includes associated memory elements and adapted to receive input data from a serial interface 21, a parallel interface 22, a modem 23 (connected to a rear modem channel 17 of the Figure 1), and switch contacts 24 on the front panel of the decoder. The decoder is further adapted to receive inputs of an infrared remote control 25 via a control unit 26, and also has two smart card readers 27, 28 adapted to read bank or subscription smart cards 29, 30, respectively. The subscriber smartcard reader 28 is connected to an inserted subscription card 30 and to a conditional access unit 29 to supply the necessary control word for a demultiplexer / wake-up device 30 to enable the cryptically encoded transmitted signal to be awakened. . The decoder also includes a conventional tuner 31 and demodulator 32 for receiving and demodulating the satellite transmission before being filtered and demultiplexed by the unit 30. The data processing within the decoder is generally handled by the central processor 20. The software architecture of the central processor may correspond to that used in a known decoder and will not be described here in detail. It can be based, for example, on a virtual machine that interacts via an interface layer with a lower-level operating system implemented in the hardware components of the decoder. In terms of the hardware architecture, the decoder will be equipped with a processor, memory elements, such as read-only memory, direct access memory, FLASH, etc., as in known decoders. In the case of audio and video signals, as will be described in more detail below, the MPEG packets containing these signals will be demultiplexed and filtered to pass audio and video data in real time in the form of a packet elementary stream ( PES) of audio and video data to dedicated audio and video processors or decoders 33, 34. The converted output of the audio processor 33 passes to the preamplifier 35 and thereafter via the audio output of the receiver / decoder. The converted output of the video processor 34 passes via a graphics processor 36 and a PAL / SECAM encoder 37 to the video output of the receiver / decoder. The graphics processor 36 additionally receives graphic data for its display (such as generated images, etc.) from the central processor 20 and combines this information with information received from the video processor 34 to generate a screen display that combines moving images with each other with superimposed text or other images. In the case of the received teletext and / or subtitle data, the conversion of the elementary stream data into real-time packets to generate the appropriate images can also be handled by dedicated processors. However, in most conventional systems, this is handled by the general processor 20. The system described above in relation to Figures 1 and 2 has been presented in relation to the transmission and reception of television data. As will now be described, the system is equally adaptable to the transmission, for example, of exclusively audio data, the decoder operating in this case as a digital radio receiver. In the examples of the various embodiments of the invention that will now be described, the decoder functions to a large extent as a simple channel for receiving and communicating data to a recording device. The data may also be communicated to the recording device via other networks, such as fixed telecommunication networks or the like. Although the following description concentrates on the recording of audio data, the same principles can easily be applied to audiovisual data or other digital multimedia data transmitted and received for example via the decoder. Similarly, although the mode will be discussed in particular in relation to a minidisk reader / writer device, the same principles can be applied to DVHS readers, CD ROM devices, and so on. The receiver / decoder can be integrated with these recording devices. Referring now to Figure 3, the decoder 13 is connected, via an IEEE 1394 busbar, 40, to a digital recording device 41, such as a minidisk reader, adapted to receive and record audio information received by the decoder. 13. The device 41 is further adapted to include an access control module 42, the operation of which will be described in detail later. This access control module 42 corresponds in many ways to the smart card and the conditional access module 29 normally used to wake up broadcast television broadcasts. Specifically, the cryptically encoded audio data recorded on a digital recording medium in the form of a minidisk 43 was awakened by the access control module 42 and passed to an audio processor 44 before the eventual output to a pair of headphones or to the loudspeaker 45. In view of the reduced data flow of audio data compared to a complete audiovisual television signal, the access control module 42 can be considered in the form of a single chip containing all the elements necessary to receive a disturbed signal and produce a clean signal, including the necessary key or cryptographic keys (see below) and associated wake-up circuits. This chip can be integrated into the recording device 41 or it can be integrated into a SIM card or the like insertable into a slot in the device.

In this mode, a particular title or piece of music (a song, a set of songs, etc.) available for recording is disturbed before transmission by a control word. In the same way as for a television broadcast, the disturbance is carried out using a control word that changes every 10-15 seconds or something like that. Each control word (and other data if desired) is encoded cryptically using a cryptic encoding key Kt associated with the identity of the music piece, for example the title of the song of interest, to form a rights control message characteristic The audio data and the associated rights control messages are cyclically sent by the transmitter 6. That is, these data are transmitted continuously (or at least at regular intervals) to a decoder field. In the case where a user decides to buy this title, for example, by selecting the title of a menu of available titles using the decoder remote control, the decoder 13 sends a message 51 to the access control server 15 and the encryption unit 50. The message includes information related to the title of the piece of music, the identity of the recording device 41 that will be used to record the data and the identity of the decoder of the client 13.

As described above, the rights control message containing the control word needs to be awakened. The audio information is cryptically encoded using a key associated with the title of the music piece. The encryption unit 50 possesses the equivalent of the key Kt needed to decode the rights control message as well as a key Ki associated with the identity of the minidisk reader and, more particularly, with the access control module 42 possessed by the equivalent cryptic decoding key. The key Kt (and other data, if desired) is encoded by the key Ki and the right management message 52 sent via the server 52 to the decoder 13. The communication of the identity of the decoder 13 to the server 15 is not needed in the cryptic encoding / decoding process but can be used in the eventual billing of the customer of his purchase of his piece of music. The rights management message and the data to be recorded (as copied by the decoder from the MPEG transmission stream) are sent via bus 1394 to the minidisk reader / writer 41. As will be appreciated, the message of rights management, the data to be recorded and the associated rights control message are sent in cryptically encoded or disturbed form on the busbar 40 and are not readable to any third party that does not possess the Kt, Ki keys. The data transmitted to the minidisk reader 41 is thereafter combined into 47 and recorded on the disk 43 in the manner shown in Figure 4. In particular, each recording comprises a header 60 that contains general information regarding the recording, a rights administrator message section 61 containing the rights administrator message, and one or more sections 62 containing the disturbed audio data segments each with the associated rights control message containing the necessary control word for Awaken the data. As mentioned above, in this mode, the piece of music to be recorded is transmitted continuously in a transmission cycle. In order to enable the decoder 13 to start copying the piece at any time as soon as it has been selected by the user, the minidisk device 41 can additionally be supplied with a buffer memory 46. The individual segments that make up the piece of music can be copied in any order (for example, starting at the middle of the piece) and thereafter rearranged in the correct order to be recorded on disk 43 in the correct order along with the rights administrator message as It is shown in Figure 4.

When the recording is played, the access control module will cryptically decode the rights administrator message, using its equivalent of the key Ki, and thereby obtaining the equivalent of the Kt key associated with the cryptic encoding of rights control messages . Each rights control message is cryptically decoded with the equivalent Kt key to obtain the control word needed to awaken the audio data segment. The algorithms used to generate the keys Kt, Ki and their equivalent may correspond to any known symmetric algorithm such as, for example, DES. Alternatively, in some cases public / private key pairs such as those known from the RSA algorithm can be used. As mentioned above, in view of the relatively low data rate associated with the audio information, all these operations, including the same awakening, can be carried out within a single chip. Alternatively, some or part of the process can be carried out separately. For example, the access control module can simply supply a decoded control word stream in association with disturbed audio data to a separate wake-up unit. The use of a control word adapted to change every 10-15 seconds is a well-known concept in the field of television transmissions. In the present case and given that the average length of a disturbed piece of music can be only 3-4 minutes, the structure can be simplified, for example, to have only one control word and rights control message for each piece of music given. It is also possible to imagine a situation in which the use of a rights management message is dispensable and the server 15 sends in clear the key Kt necessary to decode a given piece of music in response to a request from the decoder. For obvious reasons, the security of this system would be extremely low, since all the information necessary to decode a piece of music would be present in the transmission clean or as it was recorded on disc 43, and this mode would only stop the most basic level of fraud. As described, a rights administrator message is requested by an order from the decoder 13 to the server 15 and the unit 15 and returns via the same modem channel. As will be appreciated, other communication channels can be used. For example, the user may order a rights management message via telephone or minitel, and the rights administrator message may be generated and sent, for example, in the MPEG stream via the satellite link.

The modality of Figures 3 and 4 is based on the principle of associating a Kt key with a particular set of data or piece of music and the communication of this key for example in a specific rights administrator message generated in response to a request. Figures 5 and 6 show an alternative embodiment, again using the cyclic transmission of the audio data, but based on the principle of the subscription together with the use of several predetermined credits. In this embodiment, the connection between the decoder 13 and the server 15 and the unit 30 is not shown, since the MD control 41 receives (after connection to the decoder 13) a rights administrator message transmitted regularly containing the operating key Ke necessary to decode the rights control message of that month (ie the rights control messages associated with all the pieces transmitted during that month) together with a number of credits. If they are not used, the credits transmitted with rights administrator messages can be moved from one month to the next. In alternative modalities, the credits can be loaded into a decoder or reader via a modem, telephone or minitel connection, or even directly using a device based on an "electronic bag" chip such as a smart card to recharge credits. Similarly, although it is desirable for security reasons to have a monthly change key Ke, it may alternatively correspond to a predetermined fixed value known to all readers. In this mode, there is no need for a monthly rights management message. In the case of a changing monthly operating key Ke, the key Ke is cryptically encoded by the key Ki associated with a particular reader 41 to create a rights administrator message. After connection to the decoder 13, the rights administrator message for that month and associated with that reader 41 is recorded on the disc 43 together with the rights control messages related to the chosen piece of music and the data. See Figure 6, where the numeral 63 designates the rights management message recorded in that mode and 62 designates the data and associated rights control messages. Of course, the transmission of a rights administrator message assigned to a particular reader will depend on whether the user has taken the necessary steps to purchase the rights to copy data to record. This can be handled, for example, in a subscription system of the type described in relation to Figures 1 and 2, wherein the access control system 15 manages the list of subscribers or, more specifically, a list of decoders designed for receive certain programs transmitted. After reproducing the recording, the access control module 42 decodes rights administrator messages using its equivalent Ki key, or has the key Ke associated with the rights control message for recordings in that month and thereafter decodes the individual rights control messages to obtain the control word to wake up each segment. Since it is considered that many titles or pieces of music will be sent over a given month, and that a user may not have unlimited rights to record all titles, it may be necessary to use a credit system to monitor the number of recordings that can be made. do and / or the number of times each recording can be played. As noted above, this may take the form of a number of credits stored in the reader and diminished each time the reader records a piece of music comprising the disturbed data, the rights control messages and the rights administrator message in A disc. In addition, or alternatively, credits can be decreased each time a recording is played. In addition to a credit system, some means of verifying that the reader has the right to access a particular recording can be provided, since all the recordings of that month for that decoder will have the same rights administrator message header. Although the presence of a rights administrator message reader in the recording should normally mean that the reader has paid for that recording, fraud may be possible. For example, a user may be considered to record disturbed data, rights control messages, and rights management messages in a valid recording for which he paid and then "cut and paste" the rights administrator message header over other recordings for that month made without authorization and simply includes disturbed data and rights control messages. Since the exploitation key is constant during that month, the same rights management message header will work (at least for that reader) for all recordings during the methods the problem will be exacerbated in the case of a constant exploitation key that do not change. To overcome this potential problem, the device 41 can be adapted to record in the access control module 42 additional information with respect to each individual who records what he has purchased, for example, title data or the like. This data may also be contained in one or more rights control messages transmitted with the music piece. Using a programmable, electrically erasable, read-only memory of 4000 bytes, the access control module 42 can stack related information up to 1000 recordings, and comparing a title in the list with the title contained in a rights control message in the recording it is decided on the reproduction if a recording has been made validly. The price information for the music piece or program can also be included in the rights control message. Again, this information can be used by the access control module 42 to manage the number of recordings that can be made by a given user. Alternatively, or in addition, the credit system may operate in the reproduction of a recording. Although the embodiment of Figures 5 and 6 avoid the need to generate a rights administrator message in real time in response to a user request, the memory space requirements of the access control module 42 can be greatly increased if stored. detailed lists of recordings purchased in the reader. In an alternative embodiment, this information could be stored and managed within the decoder 13. If so, two sets of keys can be used; one to cryptically encode / decode the rights manager message transmissions from the transmitter 6 to the decoder 13, and one to cryptically recode rights management messages for the subsequent routing to and decoding by the recording device 41. Referring now to Figures 7 and 8, a simpler embodiment of the present invention will be described. In this embodiment, a user who wishes to copy and record a piece of music sends a request indicating the disc reader identifier, the title of the music piece and the identifier of the decoder to a server 15. This request can be made by example, via the modem of the decoder 23. Similarly, a request can be sent by giving a telephone 48 or minitel 49. Unlike the previous modes, the piece of music is not transmitted cyclically but, instead, only transmitted as response to an instruction from the server 15 to the transmitter 6. The transmitter disturbs the data before transmission with a changing control word and cryptically encodes the control word (and other data, if desired) with a key Ki associated with the identifier of reader or, more specifically, with access control module 42, to prepare a rights control message specific to the user. As above, the decoder identifier is only used for the purpose of billing the user. In this embodiment, the information to be recorded on disk 43 is considerably reduced, as shown in Figure 8, and simply comprises a header 60 and a series of rights control messages 64. After reading a recording, the access control module 42 uses its equivalent of the key Ki to decode each rights control message and obtain the control word needed to decode each data segment associated with the rights control message.

Claims (22)

1. A system for transmitting and recording digital data, comprising a transmission element adapted to prepare and transmit at least one control word cryptically encoded by a first key together with disturbed digital data by that control word characterized in that it further comprises a device digital recording adapted to receive and record the disturbed digital data transmitted along with the control word encoded cryptically on a digital support, the digital recording device further including an access control unit adapted to decode the control word and thereafter Awakening digital data during playback. A system as claimed in claim 1 in which the access control unit is incorporated into a discrete module insertable into the recording device to allow the decoding and awakening of the recorded data after reproduction. A system as claimed in claim 1 or 2 further comprising a separate receiver / decoder adapted to receive the transmitted digital data and the cryptically encoded codeword and to communicate this information to the recording device for subsequent recording. 4. A system as claimed in any preceding claim in which the transmission element is adapted to repetitively transmit the disturbed digital data and the code word encoded cryptically. A system as claimed in any preceding claim in which the control word for the data is encoded cryptically by a first key associated with the identity of the data being transmitted. 6. A system as claimed in claim 5 in which the first key is cryptically encoded by a second key prior to communication with the access control unit. 7. A system as claimed in the claim 5 or 6 further comprising a cryptic key encoding apparatus adapted to cryptically encode the first equivalent key by a second key prior to communication with the recording device, the access control unit having an equivalent of the second key in a manner which allows the decoding of the first key and, after that, the decoding of the control word and the subsequent awakening of the transmitted data. 8. A system as claimed in claim 7, further comprising a receiver / decoder unit adapted to request a first key from the key coding apparatus, the cryptic key encoding apparatus thereafter communicates the first key. encoded cryptically to the receiver / decoder for subsequent communication with the recording device and the access control module. 9. A system as claimed in any of the preceding claims, the access control module comprising a credit unit for controlling the number of recordings made by the recorder. A system as claimed in any of the preceding claims, the access control module comprising a credit unit for controlling the number of times a recording is played. A system as claimed in any one of the preceding claims in which the same first key is used to cryptically code the control word or words associated with a plurality of data sets. 1

2. A system as claimed in claim 9 in which the first key is transmitted repetitively by the transmission elements in a message cryptically encoded by a second key. 1

3. A system as claimed in claim 12, wherein the message sent by the transmission element containing The first encrypted key cryptically also contains the credit information destined for a credit unit within the access control module. A system as claimed in any one of claims 1 or 3 in which the transmission element responds to a request in real time to transmit the disturbed digital data and the control word encoded cryptically. A system as claimed in claim 14 in which the control word is cryptically encoded directly by a first key associated with the identity of the access control unit, the access control unit having an equivalent of this key to allow the decoding of the control word and the subsequent awakening of the data. 16. A system as claimed in any of the preceding claims in which the transmission element is adapted to transmit audio data. 17. A system as claimed in claim 16 in which the recording device comprises a minidisc recorder adapted to include access control means. 18. A recording device for use in the system as claimed in any of the preceding claims, adapted to record disturbed data and a cryptically associated encoded control word and comprising an access control element adapted to decode the word of recorded control and awake disturbed data recorded after playback. 19. A method of transmitting and recording digital data in which the transmitting element prepares and transmits digital data together with at least one control word, the transmitted disturbed data and the cryptically encoded control word are recorded by a recording device digital, the digital recording device comprises an access control element that acts to decode the control word and thereafter to awaken the digital data during playback. 20. A system for transmitting and recording digital data substantially as described herein. 21. A recording device substantially as described herein. 22. A method of transmitting and recording digital data substantially as described herein.