MXPA01000606A - A conditional access system for broadcast digital television - Google Patents

Abstract

A method for managing access to scrambled broadcast or transmitted events received from a variety of service providers (including broadcast television networks, cable television networks (50, 52), digital satellite systems). Each service provider employs the same public key for descrambling the access information message thereby permitting a user to access events from various service providers without changing the smart card (42a, 42b). The method may also be expanded to manage access to a scrambled package of broadcast events.

Description

A SYSTEM OF CONDITIONAL ACCESS FOR DIGITAL DIGITAL TELEVISION Field of the Invention This invention relates to a system that can be used to provide access to multiple diffusers by a single electronic device of the customer, such as a top box or a digital television. Each device can receive digital streams transmitted or transmitted from a variety of transmission sources.

Background of the Invention Current NTSC televisions receive transmission services from a variety of service providers (see Figure 1). Most television receivers 12 can receive information or unencrypted programs directly from broadcast networks 22, satellite 26 and cable 24. Traditionally, cable networks 24 that provide encrypted or encrypted programs usually require a independent 16a separate device (e.g., a top box) for decoding or decrypting the program. Similarly, digital satellite systems usually provide encrypted or encrypted programs that also require the use of a upper case 16b separated. These top boxes can use a removable smart card 18a, 18b, which contains the necessary decryption algorithms and keys. Typically, a separate top box is required for each service provider. In the near future, broadcast digital television services can comprise from 5 to 20 local channels, each of which can transmit up to 10 simultaneous programs, some of which are pay-per-event programs. A user might want a mix of services from different service providers. For example, a user might want to buy all the Indiana University basketball games from local channel 4 and buy all the Notre Dame football games from channel 13 and buy all the Indianapolis Colts games from channel 8. If Each of these services will be coded in a unique way, the user would have the burden of buying multiple conditional access smart cards and of exchanging the cards as the user's channel arises.

SUMMARY OF THE INVENTION The present invention consists, in part, in the recognition of the problem that was described and, in part, in providing a solution to the problem. Only one is provided conditional access system that can be used with a plurality of service providers without changing the security modules. This global conditional access system employs the concept of automatically loading a user's account as a program is purchased, in contrast to recording all purchases and transmitting the record to service providers for billing. To achieve the desired flexibility, the system uses a global public key used by service providers; This is the public key for all smart cards. The corresponding private key is loaded inside the smart card. It is well included in the teachings of this application that more than one pair of public / private keys can be used to minimize the impact if security is breached. An event or program as described herein, comprises one of the following: (1) audio / visual data such as a movie, a weekly "television" program or a documentary; (2) textual data such as an electronic magazine, newspaper, or weather news; (3) computer software; (4) binary data such as images or (5) HTML data (for example, web pages). Service providers include any broadcast events from the provider, for example, traditional broadcast television networks, cable networks, digital satellite networks, providers of electronic event lists, such as electronic program guide providers, and in certain cases, internet service providers. This system can be based on public key technology. A public key (number) is available to all service providers. This is the public key for each smart card. Each smart card has stored in it a secret private key that can decrypt messages encrypted using the public key. The service provider sends an accreditation message in the transmission stream that was encrypted using the public key that contains the name of the service provider, the name, time, and cost of the program and the key to decrypt the keys that were used to code the program. This message is decrypted by the smart card, and the appropriate information is stored on the smart card for each event that is purchased. The smart card has a certain amount of credit for purchases that the bank has enabled. As long as the limit is not exceeded, the viewer can buy programs. At some appropriate pre-programmed time, the smart card impels a phone call to the CA center. Using another set of public and private keys, the CA center, in cooperation with a bank, receives the information from Smart card billing and provides additional credit. The bank sends the information and accredits the appropriate service provider. In general, the present invention defines a method for providing conditional access to a restricted broadcast or broadcast event. First, the encrypted access information that is associated with the broadcast event is received. Afterwards, the access information is decrypted (or decoded) and the cost of the broadcast event is verified to determine if it is less than a previously stored cash reserve. Then, the coded broadcast event of the service provider is received and decoded. In accordance with one aspect of the present invention, the method for accessing a restricted broadcast or transmitted event from one of a plurality of service providers comprises receiving a plurality of messages from the access information associated with the event. transmitted. Each of the messages of the access information is encoded using a different public key and comprises the data corresponding to the cost of the transmitted event. Then, decrypt or decode one of the messages of the access information using the previously stored private key, which is associated with the service provider and verify that the cost of the transmitted event is less than a stored cash reserve previously. Finally, receive the coded transmitted event from one of the service providers and decode the transmitted event using the decode key. In accordance with another aspect of the present invention, the method for obtaining access to a restricted transmitted event packet comprises receiving the digitally signed access information associated with the event packet by means of a direct channel and comprising the data that corresponds to the cost of the event package. The signing of the access information is verified using a public key; The cost of the package is checked to make sure it is less than a previously stored cash reserve. When any of the encoded broadcast events belonging to the service provider package is received, its access information is decrypted to obtain the decoding key. According to yet another aspect of the present invention, the method for achieving access to a restricted transmitted event comprises transferring, from a bank, a cash reservation to a smart card; receive, from a service provider, an encrypted event key and the cost of the event; pass the event key and buy the information for the smart card, which is coupled to the digital video device. Afterwards, the cost of the event to determine if it is less than the cash reserve that was stored and the cost is subtracted. The encrypted event is decrypted and the coded event is received and then passed to the smart card, where it is decoded using the decrypted event key. Finally, the decoded event is transferred to the digital video device. These and other aspects of the invention will be explained with reference to a preferred embodiment of the invention, which is shown in the accompanying drawings.

Brief Description of the Drawings Figure 1 is a block diagram illustrating the configuration of a prior art for interconnecting consumer electronic devices to a variety of service providers. Figure 2 is a block diagram illustrating an architecture for interconnecting a digital television set common to a plurality of terrestrial diffusers; and Figure 3 is a block diagram of an exemplary implementation of a system for obtaining access to a device, in accordance with the invention.

Detailed Description of the Drawings The present invention provides a conditional access system, which can be used to obtain services from a plurality of sources. The conditional access system, when implemented within a digital television (DTV), or superior box or similar, allows a user to receive coded events from more than one service provider, without exchanging conditional access modules or smart cards . Alternatively, the functionality of the smart card can be embedded within the DTV. This conditional access system can act as a toll bridge for accessing services, allowing a mechanism for the manufacturer or the DTV to collect fees based on the use of its DTV. Similarly, this invention can be implemented within an upper box (STB, for its acronym in English); for simplicity, the following description of the invention will be directed to an implementation that uses a digital television and a smart card that is coupled to it. In Figure 2, the system 30 describes the general architecture for accessing a digital television (DTV) 40a, 40b. For simplicity, the following description will be limited to a single DTV 40a. The numbers of similar elements define the same functional element. The Smart Card is inserted (SC, for its 42a within or coupled with, a smart card reader (not shown) of the DTV 40a; the busbar 45 interconnects the DTV 40a and the SC 42a, allowing the transfer of data between them. These smart cards include, for example, ISO 7816 cards that comply with Part A of the National Renewable Safety Standard (NRSS), or PCMCIA cards that comply with Part B of the NRSS. This inventive concept is not limited to smart cards by themselves, but can be used with conditional access modules. Conceptually, when this smart card is coupled to a smart card reader, it can be considered that the functionality of the smart card is a part of the functionality of digital television, thus removing the "borders" that the body creates. of the physical card of the smart card. The DTV 40a may receive the services of a plurality of service providers (SPs), such as SPs 50 and 52 of a broadcast television, a cable television (not shown), and a broadcast system. satellite (not shown). This invention finds benefit in terrestrial diffusion. The certified authority (CA) 75 does not connect directly with any of the service providers or the DTN 40a, Instead, it issues digital certificates and public and private key pairs, which are used as explained below. It is within the scope of this invention that the role of the certified authority 75 can be performed by service providers, in collaboration with the manufacturer of the DTV 40a. The billing center 70 is used to manage user accounts; Updated information is provided as users make arrangements to purchase additional services and as these services are consumed or used. This Conditional Access (CA) system, which was designed for DTV's broadcast technology, is a system based on transportation. This means that the CA information for a particular broadcaster is transmitted only on its own RF channel. Each diffuser is responsible for its own information and therefore, there is no need for the previously established code of conduits to coordinate and / or synchronize the information between different broadcasters. In addition, the CA system is based on the E-cash card charge. A user pre-loads their card with a certain amount of cash (from debit or credit accounts), and then uses the card to buy event packages, pay for monthly subscriptions, or buy specific programs in the PPV mode. A package of events can include, for example, all franchise games of your favorite professional sports or Sunday night movies in one or more virtual channels. The broadcast channel is used only to deliver the services and information for access to these services. All remaining transactions are made using a return channel (ie, a modem and a telephone connection). The dissemination of dirigible messages is not necessary. The broadcast services are protected using a common encryption algorithm. The keys used in this process and the purchase information of the event are encrypted with a global public key, and sent to the user through the MPEG-2 stream. For event packages, certificate packets are sent to the user, from the CA 60a server, through the return channel. As described below in more detail, the certificates are usually signed to ensure the integrity of the certificate. That is, to ensure that the appropriate and unmodified certificate was received from the issuer. Access to services is obtained through a renewable security module, that is, a smart card. Symmetric key cryptography includes the use of the same algorithm and key, both for encryption and for decryption. The foundation of public-key cryptography is the use of two related keys, one public and one a private one The private key is a secret key and it is unrealizable in a computational way to deduce the private key from the public key, which is publicly available. Anyone with a public key can encrypt a message, but only the person or device that has the associated private key and previously determined can decrypt it. Similarly, a message can be encrypted by a private key and anyone with access to the public key can decrypt that message. You can refer to encryption messages that use a private key as a "signature", because anyone with the public key can verify that the party with the private key sent the message. You can think of this as being analog to verify a signature in a document. A message signed digitally is a message that is sent in clear (that is, not encrypted), which has a signature attached to it. The united signature is produced by means of encrypting either the message itself or a compendium of the message; A digest of the message is obtained by calculating the message key. (Key calculation involves submitting the message to a one-way key calculation algorithm, such as an MD5 developed by Ron Rivest or the SHA-1 developed by the National Institute of Standards and Technology (NIST). in English) and the Agency National Security (NSA, for its acronym in English), before encrypting the message). In this way, the receiver of the signed message can verify the integrity (ie the source or origin) of the message. (In comparison, a certificate of public key or digital certificate, is a message that contains a public key that is sent in clear, that has a signature adhered to it.) The verification of the signature includes the verification of the signature by decryption. As defined above, the five essential components of the CA system are the broadcaster, the vendor of the CA, the billing center (for example, a bank), the end user, and the Certified Authority. Figure 2 illustrates the architecture of the general system, and identifies these five components with their communication links and data flows. The end user communicates with the vendor of the CA to download the certificates through a point-to-point link such as a telephone line. The telephone line is used for automatic transactions and for voice connection, when necessary. For automatic transactions, an enabling protocol is the Point-to-Point Protocol (PPP). Security is implemented in the application layer using private protocols. Communication between the CA vendor and the broadcaster can be established through the Local Area Network (LAN). by its acronym in English) or the Wide Area Network (WAN, for its acronym in English). As before, security is embedded at the application level using privately defined protocols that are executed over existing Internet work protocols. The equipment of the diffusion installation that is needed to protect the diffused currents, can be a shelf product available with the vendors of the CA. The broadcasters are responsible for sending: (1) the services, and (2) the accreditation messages. These accreditation messages include access information messages (AIMs), which are described in more detail below, (or, alternatively, accreditation control messages and accreditation management messages) allow the user to buy those services. The communication between a broadcaster and the user therefore follows the point-to-multiple point model of the broadcast technology. The broadcast AIMs do not contain unique addresses for each user or subscriber, which are typically with satellite or cable systems. If the DTV 40a does not have a back channel connection that is needed to communicate with the CA server, then the charging cash for the card requires the user to gain access to a DTV unit with support of back channel, or that goes to a particular location (bank, ATM, regional office of the seller), to load the card. The operators of the CA act as the bank of the owner or user of the card, while the billing center acts as the merchant's bank. The card association could be the intermediary between the operators of the CA and the banks of the diffusers, which provides a transaction establishment service, now the fixed amount of the "cash" that was loaded inside the smart card can be used or the conditioned access module to pay for the services offered by a broadcaster. Regardless of the cash transfer mechanism used, the user requests a transfer of a specific amount of money for the CA card from a credit or debit account. After proper verification of the identity of the subject and validation of user resources, the transaction is authorized, and the nominal amount of money is stored in the CA card. Once the money is stored inside the card, a user can buy any number of services offered by the broadcasters. Each purchase reduces the amount of money available on the card through the price of the service. The services offered by the broadcasters can be classified into two categories; PPV events and packages. An event is a television program with a notch assigned in a program guide and a package is simply a collection of events. Examples of packages are: (1) all NBA games in a given season, (2) nightly movies on Sundays in one or more virtual channels, (3) subscription to a particular virtual channel, such as HBO . All events have one or more of their encoded audiovisual streams, through the use of a common symmetric key algorithm. Accreditation packages, which contain purchase information and decryption keys, must be encrypted with a common public key algorithm. After the purchase of an event, a record should be stored on the smart card, which can later be transferred to the CA vendor. Once the stored purchase information is sent to the CA database, a CA vendor can pay the distributors for the services they provided. In addition, each smart card has a non-volatile memory to maintain the following information. A 32-bit field represents the serial number of the card. A BCD field of 128 bits for the user's card number (credit or debit). A field of 10 bytes for the telephone number of the server. A 10-byte field for an alternative CA server phone number. A 40-bit BCD field to store the amount of money available to the user. A field for a signature on the last E-cash certificate. An 8-bit field to store a threshold value to inform the user that the available E-cash is less than a previously determined threshold or to initiate an automatic return call to the CA server to add money. A 40-bit BCD field for the amount of money that is downloaded to the card without the inclusion of the user when e-cash is less than the threshold. The user determines the amount and sends it to the CA server during an activation of the card. If the value is zero, the automatic E-cash download will not be allowed. Two fields of 768 bits to store the private key to decrypt the AIMs and to store the public key to verify the signature on the certificates. A 21-byte field to store the DES key, to decode the broadcast services. Two 96-byte fields to store the key to replace the current private key and for the key to replace the current verification key. An 8-byte field is also provided to store the symmetric DES key for secure communication with the CA server. It is within the scope of this invention that an encoding coding algorithm be an encode other than DES. The card must store the information for the PPV events and the packages that the user bought. If the Card memory is full, the user will not be allowed to buy additional events. The exchange of data between the card and the host is based on a well-defined common interface, that is, the National Renewable Security Standard (NRSS), EIA-679 Part A or Part B. Since the telephone line is a physical link Widely available, the protocol that is selected between the CA server and the host, is the Point-to-Point (PPP) protocol, RFC 1548, which is adopted as Standard 51 with the security that is provided within the PPP datagrams . The technological innovation described here does not exclude the use of alternative protocols other than the PPP on the return channel. PPP is a protocol that is based on ISO HDLC standards, as adopted by ITU-T for X.25 systems. This was developed through the IETF to transport datagrams from multiple protocols over point-to-point links. The frame format is a 16-bit protocol field (defined in RFC 1700, "Assigned Numbers"), followed by a variable duration information field and then followed by a fill field containing optional bytes that are add to adjust the duration of the frame (if required by the receiving protocol). To exchange the data between the card or the CA server, a new protocol is defined, which has a value of the OxOOFF protocol field. The value of the fill field is always zero for this new protocol. The new protocol provides a reliable transmission that uses recognition (ACK) and negative recognition (NACK) messages, which are inserted into the first byte of the information field, using the two messages an 8-bit uimsbf format. An ACK can be followed by information (acknowledgment in tow) that is sent as a response.

If the receiving end detects a corrupted message, it responds with a NACK, and requests retransmission by the sender. Using the above protocol, the smart card initiates a call back to the CA server, under any of the following conditions: 1. The card was inserted into the DTV for the first time. 2. The user has entered a request for an advanced package purchase, using a menu that was displayed visually. 3. The memory of the smart card is full. 4. The local time is within the interval [lam-6am] and there are new records to send.

. The card received a notification for a new private key or verification key. 6. The money from the smart card is less than the threshold that was specified and the E-cash download is enabled. 7. The user has entered a request for money, using a menu that was displayed visually. 8. The user has entered a request to cancel a package purchase. Depending on the condition, the card sends an initial warning message to inform the CA server about the user and the purpose of the call. When the user inserts the card into the DTV for the first time, the specific information for the card is sent to the CA server for registration. This information is encrypted with Kcallback (C call back) Card ^. CA server: alert message (with alert_type [alert_type]) = 0x01) Card "" "CA server: ACK message Card - ^ - CA server: Card information message Card - ^ - CA server: ACK message An advanced purchase can be made using a menu that is visually displayed. In response to the request of the user, the CA server sends a certificate of the package that is saved on the card. For example, Card - ^ CA server: Alert message (with alert_type = 0x02) Card- - CA server: ACK message | Certified message from the signed package Card - ^ CA server: ACK message The format of the Package Certificate contains the following fields. An 8-bit field that indicates a packet certificate message. Two values are possible, one for the renewable package subscription and one for the non-renewable package subscription. A 32-bit field that identifies the registration authority that assigns the values to the provider_index field (index_provider). A 16-bit field that identifies the content provider. This unique number is registered with the registration authority that is identified by the format_identifier (identifier_format). A 16-bit field that identifies the transport flow in which the event is being carried. A 16-bit field that indicates the identifier of the packet. An 8-bit field for the title field. A field of variable duration for the title of the package used by ASCII with Latin-1 extensions. A 40-bit field which indicates the price of the package in the BCD format. A 24-bit field that indicates the expiration date of the package.

PPV event purchase records are stored temporarily on the card until the event is broadcast. These are sent to the CA server without the inclusion of the user and when either: (i) the memory of the card can not store more records, or (ii) the local time is in the interval [lam-6am] and there are new records to be sent. All records are encrypted with Kcallback. (i) The memory of the smart card is full. Card ^ CA server: Alert message (with alert_type = 0x03) Card - CA server: Message from ACK Card ^. CA server: A variable number of PPV event purchase records Card "^ CA server: ACK message (ii) The local time is within the [lam-6am] interval and there are new records to be sent. : Alert message (with alert_type = 0x04) Card ^ CA server: ACK message Card ^. CA server: A variable number of PPV event purchase records Card "^ CA server: ACK message When the private key or verification key needs to be replaced, a notification is sent to the cards using the broadcast channel. It is then required that each user initiates a call back to receive the new password. Card CA server: Warning message (with alert_type = 0x05) Card - ^ - CA server: Message from ACK | Password replacement message Card- ^ CA server: ACK message Money is added to the card when: 1. the smart card money is less than a specified threshold or 2. the user enters a request for money, using a menu which was displayed visually or 3. the card is taken to a distant location (if there is no local telephone connection). In all cases, the entity that provides the money verifies the credit or debit card information, generates an E-cash Certificate (ECC) and sends it to the card. The format of the ECC message is an 8-bit field for the message type and the 40-bit field, to maintain the BCD value of the quantity to be added to the smart card. 1) The automatic E-cash download is enabled: Card ^. CA server: Warning message (with alert_type = 0x06) Card- - CA server: Message from ACK Card ^. CA server: Signature in E-cash Card - ^ - CA server: ACK | E-cash certificate message signed Card- • CA server: Message from ACK 2) The E-cash Certificate contains the predefined, fixed amount of the E-cash. The automatic E-cash download is disabled. The user proceeds as follows: Card ^. CA server: Warning message (with alert_type = 0x07) Card-4- CA server: Message from ACK Card ^. CA server: Signing in E-cash | E-cash amount message Card - ^ - CA server: Message from ACK | E-cash certificate message signed Card- ^ CA server: ACK message The user can cancel a purchase by using a menu that is displayed 'visually on the screen. The action taken by the card depends on the type of purchase: (i) Package purchase: A call is initiated to the CA server.

Card ^. CA server: Warning message (with alert_type = 0x08) Card - ^ - CA Server: ACK Message Card ^ CA Server: Packet Purchase Record Canceled Card ^ CA Server: Message from ACK | E-cash certificate message signed Card- ^ CA server: ACK message (ii) PPV event purchase: If the deadline for canceling the event has not been reached, the record that was selected is completely deleted. The AIMs behave as private data in the field of adaptation of the Transport Flow packets that carry the video data. These AIMs could also be carried in the Transport Flow with different PIDs, using the tools and functions available for the ECM transmission in the MPEG-2. The adaptation_field_control bits (adaptation_control_field) must be "10" (adaptation field only, without payload) or "11" (adaptation field followed by payload). The maximum cycle time for AIM messages with the same AIM_id (AIM_ identification), should be 500 ms. The syntax of the bit stream for the Access Information Message contains the following fields. A unique 8-bit identifier of this access information message. The AIM_id field is the second byte in the private data section of the adaptation field. The first Byte is distributed to identify the public key that is used in AIM protection (if multiple public keys are used in a given DMA). An 8-bit field that specifies the number of bytes in the AIM that immediately follows the AIM_length (AIM_duration) field. A 32-bit field that identifies the enrollment authority that assigns the values to the provider_index field. A 16-bit field that identifies the content provider. This unique number is registered with the registration authority that is identified by the format_identifier. A 24-bit field that identifies a particular television program or event. Assigned by the content provider, identified by the provider_index, uniquely identifies all those programs that are registered in the database of the content provider. A 16-bit field that identifies the Transport Flow in which the event is carried. A 16-bit field that uniquely identifies the particular service in which the event is being transmitted. A 14-bit field that uniquely identifies a particular event within a given service of this Transport Flow. While the program_event_id (identity_event_program) is a value that identifies an event for a content provider, the event_id (event_identification) is the index of the program guide of an event. A diffuser that acts simultaneously as a content provider might want have the two numbers equal, but this may not be valid otherwise. A 32-bit field that indicates the start time of the event. A 20-bit field that indicates the duration of the event, measured in seconds. A 10-byte field to store the first 10 characters of the English title for the event that describes this message. If the actual title has less than 10 characters, then the title segment must be filled in with ESC characters, before including it in this field. A 5-byte BCD field that indicates the cost of the event. The most significant bit corresponds to the first packet, while the least significant bit corresponds to packet number 16. If the event belongs to the k-th packet, then the k-th bit of this field must be set to one. You can set more than one bit in one, to show an event that belongs to multiple packets. A 64-bit field for the DES key (or a 168-bit field for the TDES key), necessary to decode the video and audio signals for the event under consideration. A 40-bit field indicating that the user needs to obtain a new private key or verification key by calling the CA server. If the flag is set to 1, the key needs to be replaced until the deadline indicated. An 8-bit field to identify the total duration (in bytes) of the decrypting list of the AIM that follows.

In one embodiment of the present invention, accreditation management messages (ECMs) may be used in place of the AIMs. The ECM format is defined privately, in accordance with MPEG-2 and ATSC specifications. A particular format that may be used comprises an 8-bit table identification field, 3 indicator bits, a 12-bit section length field, an 8-bit protocol version field, a 5-digit version number field. bits, two section number fields, a public key field, a transport flow identification field, major and minor channel number fields, 2 event identification fields, a flow PID and decryptor duration fields, an encryption verification field, a padding byte field, and a 32-bit CRC field. System security is based on the standard and public key and symmetric key algorithms that are widely accepted. The algorithms that are selected are RSA for the encryption of the public key and TDES and / or DES for the encoding of the symmetric key. There is a global public / private RSA key pair, Kpub / Kpri, for the complete system. The public key is shared by all the broadcasters and the corresponding private key is placed on the smart cards that are based on the NRSS-A tamper-proof, distributed by the CA suppliers. This Public key is used to protect the AIMs that are generated at the end of the header. The AIMs, which are encrypted under the public key, carry the control words (C s, for its acronym in English), which are symmetric DES keys, KDES, which are used in the coding of audio / video content in the ECB mode. After decrypting the AIMs with their private key, the card obtains the DES keys and decodes the audio7video streams. At the end of the header: Coding: EKDEs (A / V stream), Encryption: EKpUb (AIM). On the card: Decryption: DKpn (EKpUb (AIM)), Decoding: D DKDES (EKDES (A / V stream)). The security of the system can be improved in a number of ways. A feasible approach is to use the multiple public keys at the end of the header to encrypt the AIMs. This use of the multiple keys finds benefit in the areas of the overlay market, for example, the user can receive terrestrial digital broadcasts from more than one larger market. Another example would be if the receiving population in a given DMA were divided into different subsets and each subset was assigned a different private key, an attack on a private key would not compromise the system. For example, encryption at the end of the header could include four keys, EKpUbi (AIM), EKpUb2 (AIM), EKpUb3 (AIM), EKpub4 (AIM). The decryption in the card would then be based on one of the following four keys, Card type 1: DKprii (EKpUbi (AIM)), Card type 2: DKpri2 (EKpub2 (AIM)), Card type 3: DKpri2 (EKpUb2 (AIM) ), and Card type 4: DKpri4 (EKpub4 (AIM)). The public key used in the encryption of the AIM is identified using the identifier in the first byte of the adaptation field. This field indicates the public key that is used to encrypt the AIM. If the value is i, the active public key is Kpubi. The E-cash certificates carry the amount of money that will be added to the card. Package Certificates include the price of the package that was offered to the customer. Because both certificates carry sensitive data, there needs to be a signature mechanism to ensure the integrity of these messages. Therefore, all certificates are sent by means of a channel with a feedback path, for example, a subsequent channel using a MODEM. Although the Package Certificates are normally sent from the CA server, there may be different sources (for example, ATMs or other special terminals) to download the E-cash to the card. If each source signs with a unique private key, the DTV needs to maintain multiple public keys. The present CA system employs a authentication scheme that is based on ID, to allow verification of the signature using only a public key. As mentioned above, to participate in coding, encryption and signature protocols, broadcasters, CA servers and smart cards will need to store certain keys. Figure 3 summarizes the storage and use of all types of keys. The Kpub is stored at the diffuser site, and is used to encrypt the DES keys that are generated locally to encode the A / V streams. The card has the corresponding Kpri to recover the DES keys. The Ksig is used to sign the package and the E-cash certificates. The signed certificates are verified with the Kver that is stored on the card. In the scheme that is based on the ID that is described in Section 8.2, the Ksig is unique to each certificate provider (CA vendors, ATMs, etc.), but the Kver is common to all certificate providers. The Kcallback is shared between the card and the CA server, and is used to encrypt the sensitive information that is exchanged. The information that is sent from the card to the CA server is the payment card number, the E-cash fixed and event purchase records. When necessary, the Kpri and the Kver are replaced by the server AC. The Kcallback can be unique for each card. Its replacement is possible only by sending a new card to the user. Although the invention has been described in detail with respect to numerous embodiments thereof, it will be apparent that after reading and understanding the foregoing, numerous alterations will occur to the embodiment described to those skilled in the art, and it is intended that these alterations are included within the scope of the appended claims. For example, this invention can be used successfully with both digital terrestrial broadcast signals and transmitted digital satellite signals.

Claims (6)

1. A method for obtaining access to a restricted transmitted event, the method comprising: (a) receiving encrypted access information that is associated with the transmitted event, the access information comprising the data corresponding to the cost of the transmitted event; (b) decrypt the access information in a conditional access module; (c) verify, in the conditional access module, that the cost of the transmitted event is less than a reserve of cash that was previously stored; (d) receiving the event transmitted from the service provider, the transmitted event being encoded; and (e) decoding the event transmitted in the conditional access module. The method of Claim 1, wherein the access information further comprises an event decoding key and the purchase information, the purchase information comprising the channel identification data, event identity data, stamp data. of date and time, and billing information. 3. The method of Claim 2, characterized in that it also comprises the step of transferring the data associated with the transmitted event that was purchased from the service provider, to update the information of a user's account. The method of Claim 3, wherein the conditional access module comprises a smart card, and the encrypted access information is encrypted using a public key and decrypted using a corresponding private key that is stored in the smart card. 5. The method of Claim 4, wherein all the broadcasters share the public key. The method of Claim 5, wherein the smart card comprises a card body with a plurality of terminals that are configured on a surface of the card body, in accordance with one of the ISO 7816 and PCMCIA card standards. .