MXPA99008539A - Broadcast and reception system, and conditional access system therefor - Google Patents

Abstract

A digital satellite television system has a plurality of set-top-boxes associated with a plurality of endusers'television receivers, a modem and a decoder housed in each STB, a Subscriber Authorization System (SAS) incorporating or having associated therewith a plurality of communication servers, means included in the SAS for generating Electronic Managements Messages (EMM), a back channel interconnecting each of the STBs individually with the SAS, means included in the SAS and each STB so that the necessary information required to inject a relevant EMM into the system is supplied directly to the relevant communication server included in or associated with the SAS to authorise the release of the said EMM and/or means to connect the modem to the back channel and means whereby an EMM is transmissible to the decoder directly from a relevant communication server included in or associated with the SAS. Further important features are also disclosed.

Description

TRANSMISSION AND RECEPTION SYSTEM. AND CONDITIONAL ACCESS SYSTEM FOR THE SAME The present invention relates to a transmission and reception system, in particular to a wholesale interactive digital satellite television system, and to a conditional access system for the same. In particular, but not exclusively, the invention relates to a wholesale market transmission system that has some or all of the following preferred features: - It is an information transmission system, preferably a radio transmission system and / or television • It is a satellite system (although it could be applicable to cable or terrestrial transmission) • It is a digital system, preferably using MPEG, more preferably the MPEG-2 compression system for data transmission / signals • Provides the possibility of interactivity. More particularly, the present invention relates to the so-called pay television (or radio), where a user / viewer selects a program / file / game to view it, for which a payment has to be made, referencing to it as payment-by-event (PPV, for its acronym in English) or in the case of data to be downloaded, a called payment-for-arc ivo (PPF, for its acronym in English). With these known PPV and PPF systems, the user / viewer requires spending a significant amount of time in order to perform the necessary actions to actually gain access to the product being selected. For example, in a known system the sequence of steps that must be performed are as follows: -I) The user calls the so-called Subscriber Administrator System (SMS), which, in this known system, it includes a number of human operators that answer the call of the subscriber and to whom the subscriber communicates the necessary information in relation to the selected product and in relation to the financial status of the subscriber to a so-called Subscriber Authorization System (SAS). English) which has included in it or associated with it, a plurality of communication servers. ii) Then, the operator in the SMS has to verify the financial status of the user before authorizing the connection from the communication servers to the television set, so that the product can be sent and the user sees it. In another known system, the human operator is replaced by an automatic voice server, so that when the user calls the SMS, he / she listens to a voice-activated recording to which the user communicates the same information as in I) above. This second configuration reduces the inherent delay in the first configuration that was described, which can be more easily overloaded when there are large numbers of users who wish to order a product at the same time. However, even with this second configuration, the user is involved in the introduction of significant information in the form of long serial numbers, whose operation provides a large field for errors, as well as being time consuming. The third known configuration includes that the user makes use of existing systems based on existing networks, such as MINITEL in France and PRESTEL in the United Kingdom, systems that replace the voice activated server referred to above in connection with the second configuration. The MINITEL and PRESTEL systems themselves, incorporate a modem at the end of the consumer. In all these known configurations, the user is involved in the expenditure of significant time and effort to enter all the necessary information to enable the system to authorize in effect the transmission of the product that was selected to the set of user's television. In the case of a satellite television system, there is an additional delay involved so that the user actually receives the product he selected. In the PPV and PPF systems, the key element to control the user's access to the products are the so-called Accreditation Management Messages (EMM), which must be injected into the system with the objective to give the user access to the product. More particularly, EMMs are the mechanism by which the coded data representative of a product is deciphered for a particular individual user. In known satellite television systems, the EMMs are transmitted to the user's television via the satellite link at regular intervals in the MPEG-2 data stream. In this way, in the case of an EMM of the particular user, there may be a significant delay or perhaps several minutes before the next EMM transmission of the user arrives at the user's television set. This transmission delay is in addition to the delay referred to above, which is inherent in the user who has to manually enter certain data into the system. The cumulative effect of these two delays is that it can typically take five minutes for - A user can get access to the selected product. The present invention is interested in overcoming this problem. In a first aspect, the present invention provides a conditional access system comprising: means for generating a plurality of messages (preferably conditional access); and means for receiving the messages, the receiving means being adapted to communicate with the generating means by means of the communication server directly connected to the generating means. Preferably, message is a message entitled for the transmission (eg by transmission) to the receiving means, the generating means being adapted to generate accreditation messages in response to the data received from the receiving means. The generating means can be configured to transmit a message as a packet of digital data to the receiving means, either by means of the communication server or by means of the satellite transceiver. The receiving means may be connectable to the communication server by means of a modem and a telephone link. In a related aspect, the present invention provides a conditional access system to provide conditional access to subscribers, comprising: a subscriber management system; a subscriber authorization system coupled to the subscriber management system; and a communications server; the server being directly connected to the subscriber authorization system. The system may additionally comprise a receiver / decoder for the subscriber, the receiver / decoder being connectable to the communication server, and therefore to the subscriber authorization system, by means of a modem and telephone link. In a second aspect, the present invention provides a transmission and reception system that includes a conditional access system, as described above. In a third aspect, the present invention provides a transmission and reception system comprising: means for generating a plurality of accreditation messages that are related to transmission programs; means for receiving messages from the generating means; Y means for connecting the receiving means with the generating means for receiving the messages, the connecting means being able to effect a dedicated connection between the receiving means and the generating means. The dedicated connection would typically be a wire reinforced connection and / or a modulated-demodulated connection, with the possibility of connection being made by means of a cellular telephone system. In other words, the dedicated connection can form a communication channel (point to point). This is in contrast to the transmission of information through the air or the environment. The connection means would typically be a modem in the receiving means. Therefore, in a closely related aspect, the present invention provides a transmission and reception system comprising: means for generating a plurality of accreditation messages that relate to the transmission program; means for receiving the messages from the generating means by means of a modem; and means for connecting the modem to the generating means and the receiving means. The above features can provide the advantage of providing the user with the necessary vision authorization (via the EMM) more quickly than has been possible so far, in part because, because the SAS typically using a smaller amount of computer code than SMS, the SAS can operate more efficiently (and in real time), partly because the SAS can itself directly generate the requisite EMM, and partly because it you can pass the EMM to the user or the subscriber by means of a dedicated link (typically modulated-demodulated). Preferably, the generating means are connected to the modem by means of a communication server, which is preferably included in or associated with the generating means. The receiving means may be further adapted to receive the accreditation messages by means of a satellite transceiver. The receiving means may be a receiver / decoder comprising means for receiving a compressed MPEG-type signal, means for decoding the received signal to provide a television signal and means for supplying the television signal to a television. Preferably, the receiving means are adapted to communicate with the generating means by means of a modem and the connection means. The receiving means may comprise means for reading a smart card insertable therein by the user, the smart card having stored in it, the data to initiate the transmission of a message automatically from the media of reception to the generating means, after the insertion of the smart card by the end user. In addition, the system may additionally comprise a voice link to enable the end user of the transmission and reception system to communicate with the generating means. It will be understood from the foregoing that the present invention provides two configurations by which the time it takes for the end user to gain access to the desired product is reduced. Preferably, the two configurations are used to achieve maximum time savings, but any of the configurations can be used individually. In accordance with a further aspect of the present invention, there is provided a transmission and reception system, comprising, at the end of the transmission: a transmission system including means for transmitting a call back request; and at the receiving end: a receiver that includes means for calling back to the transmission system, in response to the request for the call back. By providing that the transmission system may request the receiver to call you back, the possibility is provided that the transmission get the information from the receiver about the state of the receiver. Preferably, the means for calling back to the transmission system include a modem connectable to the telephone system. By using a modulated-modulated return channel, a simple way of enforcing the invention can be provided. Preferably also, means are configured to call back to the transmission system so that they transfer to the transmission system the information in relation to the receiver. This information can include the number of pass passwords remaining, the number of sessions previously contracted, and so on. Preferably, the transmission system includes means for storing the information, so that it can be processed later, as desired. Preferably, the transmission means are configured to transmit a callback request, which includes a command that the callback must be made at a given time, and means are configured to call back to respond to that command. By configuring that the return call is later than the actual request, greater flexibility can be imparted to the system. You can configure the transmission media to transmit as the call back requests one or more Accreditation Messages for transmission. Preferably, the transmission system includes means for generating a verification message (such as a random number) and passing this to the receiver, the receiver includes means for encoding the verification message and passing this to the transmission system, and the transmission additionally includes means for decrypting the verification message that was received from the receiver and comparing this with the original verification message. In this way, you can verify if the receiver is genuine. Any of the above characteristics can be combined in any appropriate combination. These can also be provided, as appropriate, in aspects of the method. The preferred features of the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which: - Figure 1 shows the overall architecture of a digital television system in accordance with the preferred embodiment of the present invention. Figure 2 shows the architecture of a conditional access system of the digital television system. Figure 3 shows the structure of an Accreditation Management Message that is used in the system of conditional access. Figure 4 is a schematic hardware diagram of a Subscriber Authorization System (SAS) in accordance with a preferred embodiment of the present invention. Figure 5 is a schematic diagram of the SAS architecture. Figure 6 is a schematic diagram of a Subscriber Technical Administration server, which is part of the SAS. Figure 7 is a flow diagram of the procedure for automatic subscription renewal - as implemented by the SAS. Figure 8 is a schematic diagram of a group subscription bitmap that is used in the automatic renewal procedure. Figure 9 shows the structure of an EMM that is used in the automatic renewal procedure. Figure 10 shows in detail the structure of the EMM. Figure 11 is a schematic diagram of a centralized order server when used to receive commands directly through the communication servers. Figure 12 illustrates diagrammatically a part of Figure 2, showing one embodiment of the present invention. Figure 13 is a schematic diagram of the centralized order server when used to receive commands from the subscriber authorization system to request a call back. Figure 14 is a schematic diagram of the communication servers. Figure 15 shows the manner in which the speed of the EMM emission cycle is varied, in accordance with the timing of a Pay Per View event. Figure 16 is a schematic diagram of a Message Emitter that is used to issue EMMs. Figure 17 is a schematic diagram showing how to store EMMs inside the Message Emitter. Figure 18 is a schematic diagram of a smart card. Figure 19 is a schematic diagram of a configuration of zones in the memory of the smart card. Figure 20 is a schematic diagram of a pay-per-event event description. In Figure 1 there is shown an overview of a digital television transmission and reception system 1000 according to the present invention. The invention includes a 2000 mostly conventional digital television system, which uses the known MPEG-2 compression system to transmit compressed digital signals. In more detail, the 2002 MPEG-2 compressor in a transmission center receives a stream of digital signals (typically a stream of video signals). The compressor 2002 is connected to a multiplexer and encoder 2004 via the link 2006. The multiplexer 2004 receives a plurality of more input signals, assembles one or more transport streams and transmits the compressed digital signals to a transmitter 2008 of the transmission center by link 2010, which of course can take a wide variety of forms, including telecom links. The transmitter 2008 transmits electromagnetic signals by means of the 2012 uplink, to a 2014 satellite transmitter-receiver, where these are processed electronically and transmitted via the 2016 speculative downlink to the land receiver 2018, conventionally in the form of a own dish or rented by the end user. The signals received by the receiver 2018 are transmitted to an integrated receiver or decoder 2020 owned or rented by the end user, and connected to the television set 2022 of the end user. The receiver / decoder 2020 decodes the MPEG-2 signal to a television signal for the television set 2022. A conditional access system 3000 is connected to the multiplexer 2004 and the receiver / decoder 2020, and locates partially in the transmission center, and partially in the decoder. This allows the end user to access the digital television transmissions from one or more transmission providers. A smart card can be inserted, capable of deciphering messages related to commercial offers (that is, one or many television programs sold by the transmission provider), within the receiver / decoder 2020. Using the decoder 2020 and the smart card, the end user can buy events in either a subscription mode or a pay-per-event mode. An interactive system 4000, also connected to the multiplexer 2004 and the receiver / decoder 2020, and again partially located in the transmission center and partially in the decoder, allows the end user to interact with different applications by means of a modulated return channel 4002. -desmodulated. The conditional access system 3000 will now be described in more detail. With reference to Figure 2, in the overview the conditional access system 3000 includes a Subscriber Authorization System (SAS) 3002. The SAS-3002 is connected to one or more Subscriber Management Systems (SMS) 3004, a SMS for each transmission provider, through a respective TCP-IP 3006 link (although alternatively other types of links can be used). Alternatively, an SMS can be shared between two transmission providers, or a provider can use two SMSs, and so on. The first coding units in the form of key-setting units 3008, using "mother" intelligent 3010 cards, are connected to the SAS via link 3012. The second coding units again in the form of 3014 key-setting units , using "mother" smart cards 3016, are connected to the multiplexer 2004 via link 3018. The receiver / decoder 2020 receives a "daughter" smart card 3020. This is connected directly to the SAS 3002 via the Communications Servers 3022 via the modulated-demodulated return channel 4002. The SAS sends, among other things, subscription rights to the daughter smart card on the request. Smart cards contain the secrets of one or more commercial operators. The "mother" smart card encodes different types of messages, and "daughters" smart cards decode the messages, if they have the rights to do so. The first and second code units 3008 and 3014 comprise a grid, an electronic VME card with software stored in an EEPROM, up to 20 cards electronic cards and a smart card 3010 and 3016, respectively, for each electronic card, one (card 3016) to code the ECMs and one (card 3010) to code the EMMs. The operation of the conditional access system 3000 of the digital television system will now be described in more detail, with reference to the different components of the television system 2000 and the conditional access system 3000.

Multiplexer and Encoder With reference to Figures 1 and 2, in the transmission center, the digital video signal is first compressed (or the bit rate is reduced), using the 2002 MPEG-2 compressor. This compressed signal is then transmitted to the multiplexer and encoder 2004 via link 2006 in order to be multiplexed with other data, such as other compressed data. The encoder generates a control word which is used in the coding process and which is included in the MPEG-2 stream in the multiplexer 2004. The control word is generated internally and allows the integrated end-user decoder / decoder 2020 to decode the program. The access criteria that indicate how the program is marketed are also added to the MPEG-2 stream. He The program can be marketed in any of a number of "subscription" modes and / or one of a number of "Pay Per View" (PPV) modes or events. In the subscription mode, the end user subscribes to one or more commercial offers, or "bouquets", thus obtaining the rights to see all the channels within those bouquets. In the preferred mode, up to 90 commercial offers of a bunch of channels can be selected. In Pay Per View mode, the end user is given the ability to buy events as he wishes. This can be achieved either by pre-contracting the event in advance ("pre-contracting mode"), or by buying the event as soon as it is transmitted ("impulse mode"). In the preferred mode, all users are subscribers, whether they see subscription or PPV mode or not, but of course PPV viewers do not necessarily need to be subscribers. Both the control word and the access criteria are used to build an Accreditation Control Message (ECM); this is a message that is sent in relation to a coded program; the message contains a control word (which allows the decoding of the program) and the access criteria of the transmission program. The access criteria and the control word are transmitted to the second unit 3014 for start-up. key by means of link 3018. In this unit, an ECM is generated, encrypted and transmitted to the multiplexer and encoder 2004. Each transmission of services by a provider of transmissions in a data stream comprises a number of different components; for example, a television program includes a video component, an audio component, a subtitle component, and so on. Each of these components of a service is individually coded and encrypted for subsequent transmission to the 2014 transceiver. With respect to each coded component of the service, a separate ECM is required.

Program Transmission The multiplexer 2004 receives electrical signals comprising EMMs coded from the SAS 3002, ECMs coded from the second co-unit 3014, and compressed programs from the 2002 compressor. The 2004 multiplexer encodes the programs and transmits coded programs, coded EMMs and coded ECMs, such as electrical signals to a transmitter 2008 of the transmission center, by means of the 2010 link. The transmitter 2008 transmits the electromagnetic signals to the transmitter-receiver 2014 by means of the upward link 2012.

- Receiving Programs The 2014 satellite transmitter-receiver receives and processes the electromagnetic signals transmitted by the transmitter 2008, and transmits the signals to the ground receiver 2018, conventionally in the form of a plate owned or rented by the end user, by means of of the descending 2016 link. The signals received by the receiver 2018 are transmitted to the integrated receiver or decoder 2020 owned or rented by the end user, and are connected to the television set 2022 of the end user. The receiver / decoder 2020 demultiplexes the signals to obtain the programs encoded with the coded EMMs and the coded ECMs. If the program is not encoded, that is, no ECM has been transmitted with the MPEG-2 current, the receiver / decoder 2020 decompresses the data and transforms the signal to a video signal for transmission to the television set 2022. If the program is encoded, the receiver / decoder 2020 extracts the corresponding ECM from the MPEG-2 stream, and passes the ECM to the "daughter" smart card 3020 of the end user. This is inserted into a slot inside a housing in the receiver / decoder 2020. The smart daughter card 3020 controls whether the end user has the right to decrypt the ECM and access the Program. If not, a negative state is passed to the receiver / decoder 2020 to indicate that the program can not be decoded. If the end user has the rights, the ECM is decrypted and the control word is extracted. Then the decoder 2020 can decode the program using this control word. The MPEG-2 stream is decompressed and translated into a video signal for progressive transmission to television set 2022.

Subscriber Management System (SMS) A Subscriber Management System (SMS) 3004 includes a 3024 database that manages, among others, all the files of the end user, commercial offers (such as rates and promotions), subscriptions, details of PPV, and data regarding the consumption and authorization of the end user. The SMS may be physically away from the SAS. Each SMS 3004 transmits messages to SAS 3002 through the respective link 3006, which implies modifications to, or creations of, Accreditation Management Messages (EMMs) to be transmitted to the end users. SMS 3004 also transmits messages to SAS 3002, which does not imply any modification or creation of EMMs, but only implies a change in a user's state final (related to the authorization granted to the final user when ordering products, or with the amount with which the end user will be charged). As described below, SAS 3002 sends messages (typically requesting information such as callback information, or billing information) to SMS 3004, so that it will be evident that the communication between the two is in both directions.

Accreditation Management Messages (EMMs) The EMM is a message dedicated to an individual end user (subscriber), or a group of end users, only (in contrast to an ECM, which is dedicated to only a coded program, or a set of coded programs if they are part of the same commercial offer Each group may contain a given number of end users This organization as a group is directed towards the optimization of bandwidth, that is, access to a group may allow To achieve a greater number of end users Different specific types of EMM are used in putting the present invention into practice Individual EMMs are dedicated to individual subscribers, and are typically used in the provision of Pay Per View services, they contain the identifier group and the position of the subscriber in that group.The so-called "Group" subscription EMMs are dedicated to groups of, say, 256 individual users, and are typically used in the administration of some subscription services. This EMM has a group identifier and a group bitmap of subscribers. Audience EMMs are dedicated to whole audiences, and can be used by a particular operator to provide certain free services, for example. An "audience" is the totality of subscribers that have smart cards that carry the same Operator Identifier (OPI). Finally, a "unique" EMM addresses the unique identifier of the smart card. The structure of a typical EMM will now be described with reference to Figure 3. Basically, the EMM, which is implemented as a series of digital data bits, comprises a header 3060, the appropriate EMM 3062, and a signature 3064. The header 3060 in turn comprises a type identifier 3066, to identify whether the type is individual, group, audience, or some other type, an identifier 3068 in length that gives the length of the EMM, an optional address 3070 for the EMM, an identifier Operator 3072 and a key identifier 3074. The appropriate EMM 3062 of course varies greatly, in accordance with its type. Finally, signature 3064, which is typically 8 bytes long, provides a number of checks against corruption of the remaining data in the EMM.

Subscriber Authorization System (SAS) Messages generated by SMS 3004 are passed through link 3006 to the Subscriber Authorization System (SAS) 3002, which in turn generates messages recognizing the reception of messages generated by SMS 3004, and passes these acknowledgments to SMS 3004. As shown in Figure 4, at the hardware level the SAS understands the way a main frame 3050 computer (in the preferred embodiment a DEC machine) connected to one or more keyboards 3052 for data entry and commands, one or more Visual Display Units (VDUs) 3054 for the visual display of the output information, and 3056 data storage elements. Some redundancy in the hardware can be provided. At the software level, the SAS operates, in the preferred embodiment, in a standard open VMS operation system, a software collection whose architecture will now be described in general view, with reference to Figure 5; it will be understood that the software can be implemented alternatively in the hardware. In general, the SAS comprises an area 3100 of Subscription chain to give rights for the subscription mode, and to renew the rights automatically every month, a 3200 area of Pay Per View chain to give - rights for PPV events, and an 3300 EMM Injector to pass the EMMs created by the Subscription and PPV chain areas to the multiplexer and encoder 2004, and consequently to feed the MPEG stream with EMMs. If other rights are granted, such as Pay Per File (PPF) rights in the case of downloading computer software to a user's Personal Computer, other similar areas are also provided. One function of the SAS 3002 is to manage access rights to television programs, available as commercial offers in subscription mode, or sold as PPV events, in accordance with different marketing modes (pre-contract mode, impulse mode) . SAS 3002, in accordance with those rights and with the information received from SMS 3004, generates EMMs for the subscriber. The 3100 area of the Subscription Chain comprises one Command Interface (Cl) 3102, a server 3104 of Subscriber Technical Management (STM), a Message Generator (MG) 3106, and Coding Unit 3008. The PPV Chain area 3200 comprises an Authorization Server (AS) 3202, a relationship database 3204 for storing relevant details of the end users, a support list database 3205, Servers 3206 Database for the database, a Centralized Order Server (OCS, for its acronym in English) 3207, a Server for Transmitter Program (SPB, for its acronym in English) 3208, a Message Generator ( MG, for its acronym in English) 3210 whose function is basically the same as that of the area of Subscription Chain and consequently is no longer described in any detail, and Unit 3008 Coding. The 3300 EMM injector comprises a plurality of Message Emitters (MEs) 3302, 3304, 3306 and 3308, and Software Multiplexers (SMUXs) 3310 and 3312. In the preferred embodiment, there are two MEs, 3302 and 3304 for Message Generator 3106, with the other two MEs 3306 and 3308 for Message Generator 3210. The MEs 3302 and 3306 are connected to the SMUX 3310, while the MEs 3304 and 3308 are connected to the SMUX 3312. Now each of the three main components of the SAS (the Subscription Chain area, the service area) will be considered in more detail. PPV chain and the EMM Injector).

Subscription Chain area Considering first the Subscription Chain area 3100, the Command Interface 3102 is mainly for dispatching messages from SMS 3004 to the 3104 STM server, as well as to the OCS 3206, and from the OCS to the SMS. The Interface of Command I take as input from the SMS any direct commands or batch files that contain commands. It performs parsing in the messages that come from the STM server, and is capable of issuing exact messages when an error occurs in a message (parameter out of range, missing parameter, and so on). It tracks the commands that enter in text form in a tracking file 3110, and also in binary form in a repeat file 3112, in order to be able to repeat a series of commands. Traces can be disabled and the size of the files can be limited. A detailed discussion of the STM server 3104 is now provided with particular reference to Figure 6. The STM server is effectively the main machine of the Subscription Chain area, and is intended to administer free rights, the creation of new ones. Subscribers and the renewal of existing subscribers. As shown in the figure, the commands are passed to the Message Generator 3106, however in a different format from that in which the commands are passed to the STM server. For each command, the STM server is configured to send an acknowledgment message to the Cl, only when the relevant command has been successfully processed and sent to the MG. The STM server includes a subscriber database 3120, in which all the parameters are stored relevant to the subscribers (smart card number, commercial offers, status, group and position in the group, and so on). The database performs semantic verifications of the commands sent by Cl 3102 against the contents of the database, and updates the database when the commands are valid. The STM server also manages a 3122 buffer of First-in-First-Out (FIFO) between the STM server and the MG, as well as a FIFO 3124 backup disk. The purpose of the FIFOs is to average the flow of commands from the Cl, if the MG is not able to respond for a time for any reason. They can also ensure that in the case of a fault of the STM server or the MG, no command will be lost, since the STM server is configured to flush (that is, match the MG.) its FIFOs when they are restarted. The FIFOs are implemented as files. The STM server includes in its core a 3126 automatic renewal server that automatically generates renewals, and, if required by the operators, free rights. In this context, one can think of the generation of renewals as including the generation of rights for the first time, although it will be understood that the generation of new rights starts in the SMS. As will be evident, the two can be treated by almost the same commands and EMMs. Have the STM separated from the SAS, and the server Automatic renewal within the SAS, instead of (in known systems) in the SMS 3004, is a particularly important feature, since this can significantly reduce the number of commands that need to be passed from the SMS to the SAS (keeping in mind that the SMS) and the SAS can be in different locations and operated by different operators). In fact, the two main commands that are required of the SMS are merely commands that a new subscription must be started, and that an existing subscription must be stopped (for example, in the case of non-payment). By minimizing the exchange of commands between the SMS and the SAS, the possibility of failure of the transfer of commands on link 3006 between the two is reduced; In addition, generally the design of the SMS does not need to take into account the characteristics of the conditional access system 3000. The automatic renewal proceeds in the manner indicated in the flow diagram of Figure 7. In order to reduce the bandwidth, and given that a very high percentage of all renewals are standard, the renewal proceeds in groups of subscribers; in the preferred modalities there are 256 individual subscribers per group. The flow chart begins with step 3130 starting, and proceeds to step 3132, where a monthly activation of the renewal function is performed (although of course it will be noted that other frequencies are also possible). With a frequency - monthly, rights are given to the end user for the current month and all of the following month, at which point they expire if they are not renewed. In step 3134 the subscriber's database 3120 is accessed with respect to each group and each individual within that group, to determine if the rights for the particular individual will be renewed. As shown in Figure 8, in step 3136, a group subscription bitmap is established, in accordance with the content of the subscriber database. The bitmap comprises a group identifier (in this case Group 1 - "Gl") 3138, and 256 zones 3140 of individual subscriber. The individual bits in the bitmap are set to l or zero, according to whether the particular subscriber is going to renew their rights or not. The figure shows a typical set of binary data. In step 3142, the appropriate commands, including the group subscription bitmap, are passed to Message Generator 3106. In step 3143 the Message Generator sets a disuse date, to indicate to the smart card the date beyond which the particular subscription EMM is not valid; Typically this date is set as the end of the next month. In step 3144 the Message Generator generates from the appropriate group subscription EMMs commands, and it asks the Coding Unit 3008 to code the EMMs, the encoded EMMs being then passed to the EMM Injector 3300, which, in step 3146, injects the EMMs into the MPEG-2 data stream. Step 3148 indicates that the procedure described above is repeated for each and every group. The process is finally brought to an end in step 3150 of unemployment. The flow chart described above with reference to Figure 7 is in fact related specifically to the renewal of subscriptions. The STM also administers the free audience rights and the new subscribers in a similar way. In the case of free audience rights, available for specific television programs or groups of those programs, these are made available through the STM that issues a command to the Message Generator to generate appropriate audience EMMs. (for an entire hearing), consequently with a date of disuse a number of days (or weeks) given. The MG calculates the precise disuse date based on the STM command. In the case of new subscribers, these are treated in two stages. First, the purchase of the smart card in the receiver / decoder 2020 (if desired by the operator) gives the subscriber free rights for a given period (typically a few days). This is achieved by generating a bitmap for the subscriber, which includes the relevant disuse date. Then the subscriber passes his finished paperwork to the operator that manages the subscriber (in the SMS). Once the paperwork has been processed, the SMS provides the SAS with a start command for that particular subscriber. Upon receipt by the SAS of the start command, the STM instructs the MG to assign a unique address to the new subscriber (with a particular group number and position within the group), and to generate a special subscription EMM, called " commercial offer "(as opposed to the more usual" group "subscription EMM used for renewals), to provide the particular subscriber with rights until the end of the following month. From this point the subscriber renewal can automatically occur as described above. Through this two-stage process it is possible to grant rights to new subscribers, until the SMS issues a stop command. It should be noted that the commercial offer subscription EMM is used for new subscribers and for the reactivation of existing subscribers. The group subscription EMM is used for renewal and suspension purposes. With reference to Figure 9, an appropriate typical subscription EMM (ie, ignoring the header and signature) generated by the above procedure, comprises the following main portions, typically a map 3152 of subscriber bits (or group of subscribers) of 256 bits, 128 bits of keys 3154 of management coding for EMM coding, 64 bits of each utilization coding key 3156 to enable the smart 3020 card to decrypt a word of control, to provide access to transmission programs, and 16 bits of date 3158 of disuse to indicate the date beyond which the smart card will ignore the EMM. In fact, in the preferred embodiment, three utilization keys are provided, one set for the present month, one set for the next month, and one for resumption purposes in the case of system failure. In more detail, the appropriate group subscription EMM has all the above components, except the management encoding keys 3154. The appropriate commercial offer subscription EMM (which is for an individual subscriber) includes, instead of the 3152 map of the full subscriber group bits, the group ID followed by the position in the group, and then the administration coding keys 3154, and three utilization keys 3156, followed by the 3158 date of relevant disuse. The Message Generator 3106 serves to transform the commands issued by the STM server 3104 into the EMMs, to pass them to the Message Transmitter 3302. With reference to Figure 5, first, the MG produces the appropriate EMMs and passes them to the Coding Unit 3008 for coding with respect to the administration and utilization keys. The CU terminates signature 3064 in the EMM (see Figure 3) and passes the EMM back to the MG, where the 3060 header is added. The EMMs that are passed to the Message Emitter are thus complete EMMs. The Message Generator also determines the start and stop time of the transmission, and the emission speed of the EMMs, and passes these as appropriate addresses along with the EMMs to the Message Emitter. The MG only generates a given EMM once; This is the ME that performs its cyclic transmission. Again with reference to Figure 5, the Message Generator includes its own EMM database 3160 that stores during the lifetime of the relevant EMM. This is deleted once its duration has expired. The database is used to ensure consistency between the MG and the ME, so that, for example, when an end user is suspended, the ME will not continue to send renewals. In this respect, the MG calculates the relevant operations and sends them to the ME. Upon generation of an EMM, the MG assigns a unique identifier to the EMM. When the MG passes the EMM to the ME, it also passes the EMM ID. This allows the identification of a particular EMM in both the MG and the ME. Also with respect to the Chain area of Subscription, the Message Generator includes two FIFOs 3162 and 3164, one for each of the Issuers 3302 and 3304 of relevant Messages in the EMM Injector 3300, to store the encoded EMMs. Since the Subscription Chain area and the EMM Injector can be separated by a significant distance, the use of FIFOs can allow full continuity in EMM transmission even if links 3166 and 3168 between the two fail. Similar FIFOs are provided in the Pay Per View chain area. A particular feature of the Generator of Messages in particular, and the conditional access system in general, has to do with the way in which it reduces the length of the appropriate EMM 3062, by mixing the length of the parameter and the identifier to save space. This is now described with reference to Figure 10, which illustrates an exemplary EMM (in fact a PPM EMM, which is the simplest EMM). The reduction in length occurs in the Pid (Package identifier or "Parameter") 3170. This comprises two portions, the actual ID 3172, and the length parameter for the 3174 packet (necessary so that the start of the next packet can be identified). All Pid is expressed in just one byte of information, with 4 bits reserved for the ID, and four for the length. Because 4 bits are not enough to define the length in true binary form, a different correspondence between the bits is used and the actual length, this correspondence being represented in a look-up table, stored in the storage area 3178 in the Message Generator (see Figure 5). The correspondence is typically as follows: - 0000 = 0 0001 = 1 0010 2 0011 = 3 0100 = 4 0101 = 5 0110 = 6 0111 = 7 1000 = 8 1001 - 9 1010 = 10 1011 = 11 1100 = 12 1101 = 16 1110 = 24 1111 _ 32 It will be seen that the length parameter is not directly proportional to the actual length of the packet; the relationship is in part more quadratic rather than linear. This allows a greater range of package length Payment Chain Area Per Event With respect to the 3200 area of the Pay Per View Chain, with reference to Figure 5, in more detail, the Authorization Server 3202 has as its client the Centralized Order Server 3207, which requests information about each subscriber that connects to the Communications Servers 3022 to buy a PPV product. If the subscriber is known from AS 3202, a set of transactions takes place. If the subscriber is authorized for the order, the AS creates an invoice and sends it to the OCS. Otherwise, it tells the OCS that the order is not authorized. It is only at the end of this set of transactions that the AS updates the 3204 database of end users by means of the database servers (DBAS) 3206, if at least one transaction was authorized; this optimizes the number of database accesses. The compliance criteria with which the AS authorizes the purchase are stored in the database, accessed through the DBAS processes. In one modality, the database is the same as the database accessed through the STM. Depending on the profile of the consumer, it can be denied the authorization (PPV_Forbidden, Casino_Forbidden ...). This kind of criteria is updated through STM 3104, in favor of SMS 3004. Other parameters are verified, such as the limits allowed to buy (either by credit card, automatic payment, or number of authorized password purchases by day) . In the case of payment with a credit card, the card number is verified against a local backup list, stored in database 3205 of the local backup list. When all the verifications are successful, the AS: - 1. Generates an invoice and sends it to the OCS, which ends this invoice and stores it in a file, this file being sent later to the SMS for processing (actual billing of the client); and 2. Update the database, mainly to establish new purchase limits. It should be noted that the AS has a reduced amount of information regarding the subscriber, compared to the one that the SMS has. For example, the AS does not contain the name or address of the subscriber. On the other hand, the AS does contain the subscriber's smart card number, the consumer category of the subscriber (so that different offers can be made to different subscribers), and different flags that establish if, for example, the subscriber can buy on credit, or if he is suspended or if his smart card has been stolen. The use of a reduced amount of information can help reduce the amount of time it takes to authorize a particular subscriber request. The main purpose of the DBASs 3206 is to increase the functioning of the database seen from the AS, by means of putting the accesses in parallel (so that really does not make much sense to define a configuration with only one DBAS). An AS parameter determines how many DBASs should be connected. A given DBAS can be connected to only one AS. ? OCS 2307 deals mainly with PPV commands. This operates in many ways. First, it operates to process the process commands issued by the SMS, such as regeneration (for example, if the SMS already stored the invoice, the OCS does not generate any invoice), update the portfolio on the smart 3020 card, and cancel / session update. The different steps in the procedure are: - 1. Identify the relevant subscriber (using AS 3202); 2. If it is valid, generate the appropriate commands to the Message Generator, in order to send an EMM appropriate. The commands can be: Product Commands, Portfolio Update, Deletion of the session. Note that these operations do not involve the creation of billing information, since billing is already known by SMS. These operations are assimilated to buy "free products". Secondly, the OCS deals with the commands that are received from the subscribers, through the Communications Servers 3022. These can be received either by means of a modem connected to the receiver / decoder 2020-, or by voice activation by means of the telephone 4001, or by key activation by means of a MINITEL, PRESTEL or similar system where it is located. available. Third, the OCS deals with the callback requests that the SMS issues. The last two modes of operation will now be discussed in more detail. In the second type of mode described above it was established that the OCS deals with the commands that are received directly from the end user (subscriber), through the Communication Servers 3022. These include product orders (such as for a particular PPV event), a subscription modification requested by the subscriber, and a reset of a parent code (a parent code being a code by which parents can restrict the right of access to certain programs or program classes). The way in which these commands are dealt with will now be described in more detail, with reference to Figure 11. 1. Identify, through the AS, the caller making a call through CS 3022, which order a particular product; 2. Verify the validity of the caller's request, again using the AS (where the order is placed using the receiver / decoder 2020, this is achieved by verifying the details of the smart 3020 card); 3. Find out the price of the purchase; 4. Verify that the price does not exceed the credit limit of the caller, etcetera; 5. Receive - a partial invoice from the AS; 6. Fill in additional fields on the invoice to form a complete invoice; 7. Add the finished invoice to a billing information storage file 3212 for further processing; and 8. Send the corresponding command (s) to the PPV Message Generator 3210 to generate the relevant EMM (s). The EMM (s) is sent either on line 4002 of the modem, if the consumer placed the order of the product using the receiver / decoder 2020 (further details on this are described later), or otherwise it is transmitted. The only exception to this is when there is some failure of the modem connection (in the case where the consumer places the order using the receiver / decoder); in this event the EMM is transmitted through the air. A subscription modification that a subscriber requires includes: 1. Identifying the caller (using the AS); 2. Send the information to the Command Interconnection (Cl, for its acronym in English); Cl in turn sends this information to the SMS; and 3. Through the CI, the OCS then receives a response from the SMS (in terms of the cost of the modification, if the modification is possible). If the modification was requested using the receiver / decoder, the OCS generates a confirmation to the SMS. Otherwise, for example, in the case of the telephone or the Minitel, the subscriber is asked for confirmation and this response is sent to the SMS through the OCS and the Cl. The restoration of a maternal code includes: 1. Identify the caller (using the AS); Y 2. send a command to the MG to generate an appropriate EMM that carries an appropriate reset password.

In the event that the maternal code is restored, the command to reset the code is not allowed to originate from the receiver / decoder, for security reasons. Only the SMS, the telephone and the MINITEL or similar, can originate that command. Therefore, in this particular case, only the EMM (s) are transmitted to the air, never over the telephone line. From the previous examples of the different modes of operation of the OCS, it will be understood that the user can have direct access to the SAS, and in particular to the OCS and the AS, because the Communication Servers are connected directly to the SAS, and in particular to the OCS. This important feature is interested in reducing the time for the user to communicate his command to the SAS. This feature is further illustrated with reference to Figure 12, from which it can be seen that the Superior Box of the end user, and in particular its receiver / decoder 2020, has the ability to communicate directly with the Communications Servers 3022, associated with SAS 3002. Instead of the connection from the end user to the Communications Servers 3022 of SAS 3002 through SMS 3004, the connection is direct to SAS 3002. In fact, as mentioned directly, Two direct connections are provided.

The first direct connection is through a voice link using a 4001 telephone and the appropriate telephone line (and / or by MINITEL or similar connection where available), where end users have to enter a series of voice commands or code numbers, but saves time compared to communication via SMS 3004. The second Direct connection is from the receiver / decoder 2020 and the input of data by the end user is automatically achieved, which inserts its own secondary smart card 3020, thus freeing the user of the work from having to enter the relevant data, which, In turn, it reduces the time it takes and the probability of errors when making that entry. An additional important feature that emerges from the above discussion is related to reducing the time it takes for the resulting EMM to be transmitted to the end user, with the aim of initiating the look by the end user of the product that was selected. Broadly speaking, and with reference to Figure 12, the feature is again achieved by providing the end user receiver / decoder 2020 with the ability to communicate directly with the Communications Servers 3022, associated with the SAS 3002. As described above, the receiver / decoder 2020 integrated directly with the Communications Servers 3022 through the modulated-demodulated backup channel 4002, so that the SAS 3002 processes the commands from the decoder 2020, the generated messages (including the EMMs) and then send them from return directly to the decoder 2020 through the backup channel 4002. A protocol is used in the communication between the CS 3022 and the receiver / decoder 2020 (as will be described later), so that the CS receives the acknowledgment of receipt of the relevant EMM, adding with the same certainty to the procedure. Thus, for example, in the case of a prior contracting mode, the SAS 3002 receives the messages from the end user through the smart card 'and the decoder 2020 through its modem and through the telephone line 4002, requesting access to a specific event / product, and a suitable EMM returns via the telephone line 4002 and the modem to the decoder 2020, the modem and the decoder preferably located together in a Superior Box (STB). This is achieved, therefore, without having to transmit the EMM in the 2002 MPEG-2 data stream through the multiplexer and the demodulator 2004, the uplink 2012, satellite 2014, and the data link 2016, to allow the user end see the event / product. This can save considerably in terms of time and bandwidth. HE provides the implicit certainty that as soon as the subscriber has paid for their purchase, the EMM will arrive at the receiver / decoder 2020. In the third type of operation mode of the OCS 3207 described above, the OCS deals with requests and calls from return issued by the SAS. This is illustrated with reference to Figure 13. The typical callback requests are for the purpose of ensuring that the receiver / decoder 2020 calls back to the SAS via the modulated-demodulated backup channel 4002 with the information required by the SAS of the receiver / decoder. As instructed in the Command Interconnection 3102, the Message Generator 3106 of the subscription chain generates and sends a call EMM back to the receiver / decoder 2020. The Encryption Unit 3008 encodes this EMM for security reasons. The EMM can contain the time / date in which the receiver / decoder should be lifted and a call made back by itself, without having requested it explicitly; The EMM can also typically contain the telephone numbers that the terminal should dial, the number of additional attempts after unsuccessful calls, and the delay between the two calls. When the EMM is received, or at the specified time-date, the receiver / decoder connects to the Communications Servers 3022. The OCS 3207 first identifies the caller, using the AS 3202, and verifies certain details, such as the smart card operator and subscriber details. Next, the OCS asks the 3020 smart card to send a different coded information (such as the relevant session numbers, when the session was observed, how many times the user is allowed to see the session again, how it was seen the session, the number of passwords remaining, the number of sessions previously contracted, etc.). The Message Generator 3210 of the PPV chain decrypts this information, again using the Encryption Unit 3008. The OCS adds this information to a storage file 3214 of callback information for further processing and passing it to the SMS 3004. The encryption is encrypted. Information for security reasons. The entire procedure is repeated until there is more to read on the smart card. A particular characteristic that is preferred of the installation of the return call, is that before reading the smart card (just after the identification of the caller using the AS 3202, as described above), the SAS 3002 makes a Verification that the receiver / decoder is really a genuine version instead of a pirated version or an operator simulation.

This verification is done as follows. The SAS generates a random number, which receives the receiver / decoder, encoded, and then returns it to the SAS. The SAS deciphers this number. If the decryption is successful and the original random number is retrieved, it is concluded that the receiver / decoder is genuine, and the procedure continues. Otherwise, the procedure is discontinued. Other functions that may occur during the return call are the deletion of the obsolete sessions on the smart card, or the filling of the portfolio (the latter being described later under the section entitled "Smart Card"). Also in regard to the 3200 area of the Pay Per View Chain, a description of the Communications Servers 3022 is now made. At the hardware level, these comprise in the preferred embodiment, a parallel processing machine DEC Four. At the software design level, with reference to Figure 14, in many respects the Communication Servers are conventional. A particular divergence of the conventional designs arises from the fact that the Servers must serve both the receivers / decoders 2020, and the voice communication with the conventional 4001 telephones, as well as possibly the MINITEL or similar systems. It will be noticed when passing, that in Figure 14 are shown two Centralized Order Servers 3207 (such as "OCS1" and "0CS2"). Naturally, any desired number can be provided. The Communication Servers include two main servers ("CSl" and "CS2"), as well as a number of front servers ("Front 1" and "Front 2"); although two front servers are shown in the Figure, typically 10 or 12 will be provided per main server. In fact, although two main servers CSl and CS2 and two front servers, Frontal 1 and Frontal 2, have been shown, any number can be used. Usually some redundancy is desirable. CSl and CS2 are coupled to OCS1 and OCS2 via high-level 3230 TCP / IP links, while CSl and CS2 are coupled to Frontal 1 and Frontal 2 via additional 3232 TCP / IP links. As illustrated, the CSl and the CS2 understand the servers for "SENDR" (transmission), "RECVR" (reception), "p? t .1 (MINITEL, PRESTEL, or similar)," VOX "(voice communication), and" TRM "(communication with the receiver / decoder.) These are coupled to the" BUS "for signal communication to Frontal servers CSl and CS2 communicate directly with the receiver / decoder 2020 through their modulated-demodulated return channels, using the common public network protocol X25. The relatively low level protocol between the Communications Servers 3022 and the receivers / decoders 3020 is based, in a preferred embodiment, on the standard international CCITT protocol V42, which provides reliability by having error detection and data retransmission facilities, and uses a summing routine of verification to verify the integrity of the retransmission. An escape mechanism is also provided in order to avoid the transmission of rejected characters. On the other hand, the voice telephone communication is made through the Frontal Communications Servers, each capable of lifting, say, 30 simultaneous voice connections from the 3234 connection to the local telephone network through the standard telephone ISDN lines high speed "T2" (The). The three particular functions of the software portion of the Communications Servers (which could of course be fully implemented alternatively in the hardware) will first convert the relatively low level protocol information that was received from the receiver / decoder, into the relatively high level protocol information that goes out to the OCS, will secondly attenuate or control the number of simultaneous connections that are being made, and thirdly it will provide different simultaneous channels without any mixing. In this last respect, Communications Servers play the role of a multiplexer form, with the interactions in a particular channel being defined by a given session ID (identifier), which is in fact used throughout the entire communication chain. Finally, with regard to area 3200 of the Pay-Per-Order Chain, and with reference again to Figure 5, the Program Transmission Server (SPB) 3208 is coupled to one or more 3250 Program Transmitters (which would typically be located remotely from the SAS), to receive the information of the program. The SPB filters for the additional use of the information that corresponds with the PPV events (sessions). A particularly important feature is that the SPB passes the event information of the filtered program to the MG, which in turn sends a directive (control command) to the ME to change the speed of the cyclic issuance of the EMMs in given circumstances; this is done through the ME that finds all the EMMs with the relevant session identifier and that changes the speed of the cycle that is assigned to those EMMs. You can think of this feature as a dynamic allocation of bandwidth for specific EMMs. The cyclic EMM emission is discussed in more detail in the section below that relates to the EMM Injector. Now the circumstances in which the speed of the cycle is changed, with reference to Figure 15, which shows how the cycle speed 3252 rises for a moment (say 10 minutes) before a particular PPV program event, until the end of the event from a speed of slow cycle of, say, once every 30 minutes, up to a fast cycle speed of, say, once every 30 seconds to 1 minute, in order to meet the user's extra anticipated demand for PPV events at those moments. In this way, bandwidth can be assigned dynamically, in accordance with the user's anticipated demand. This can help reduce the total bandwidth requirement. You can also vary the cycle speed of other EMMs. For example, the cycle speed of subscription EMMs may be varied by the Multiplexer and Scrambler 2004 that sends the appropriate bit rate policy.

EMM Injector With respect to the? MM 3300 Injector, details of the Message Emitters 3302 to 3308, which are part of the EMM Injector and act as output means for the Message Generator, are now described, with reference to the Figure 16. Its function is to take the EMMs and pass them in a cyclical way (in the manner of a carousel), through the links 3314 and 3316 respectively to the Software Multiplexers 3310 and 3312 and from there to the hardware multiplexers and demodulators 2004. In contrast, the software multiplexers and the demodulators 2004 generate a global bit rate directive to control the total speed of the software. EMMs cycle; to do this, the MEs take into account different parameters, such as the cycle time, the size of the EMM, and so on. In the Figure, EMM_X and EMM_Y are the group EMMs for the X and Y operators, while EMM_Z are other EMMS, either for the operator X or the operator Y. An additional description is provided for an instance of the Message Emitters; it will be appreciated that the remaining MEs operate in a similar manner. The ME operates under the control of MG directives, most notably the start and time of suspension of the transmission and the speed of the issue, as well as the session number if the EMM is a PPV EMM. In relation to the speed of the emission, in the preferred modality the relevant directive can take one of five values from Very fast to Very slow. The numerical values are not specified in the directive, but rather the ME maps the directive to a current numerical value, which is supplied by the relevant part of the SAS. In the preferred embodiment, the 5 transmission speeds are as follows: 1. Very fast - every 30 seconds 2. Fast every minute 3. Average every 15 minutes 4. Slow every 30 minutes 5. Very slow every 30 minutes The ME has databases 3320 and 3322 first and second. The first database is for those EMMs that have not yet achieved their dissemination date; these are stored in a series of chronological files in the database. The second database is for EMMs for immediate transmission. In the case of a system crash, the ME is configured so that it has the ability to reread the relevant stored file and perform the correct transmission. All the files stored in the databases are updated by request of the MG, when the MG wants to maintain the consistency between the incoming directives and the EMMs that were already sent to the ME. The EMMs that are actually broadcast in the Random Access Memory 3324 are also stored. A combination of the FIFOs 3162 and 3164 in the Message Generator and the 3320 and 3322 databases in the Message Emitter means that both can operate in stand-alone mode if link 3166 is temporarily broken between them; the ME can still spread the EMMs. The Software Multiplexers (SMUX) 3310 and 3312 provide an interconnection between the MEs and the hardware multiplexers 2004. In the preferred modality, each one receives EMMs from two of the MEs, although in general there is no restriction on the number of MEs that can be connected with an SMUX. The SMUXs concentrate the EMMs and then pass them in accordance with the EMM type to the appropriate hardware multiplexer. This is necessary because the hardware multiplexers take the different types of EMMs and place them in different places in the MPEG-2 stream. The SMUX also sends the global bit rate directives from the hardware multiplexers to the MEs. A particularly important feature of the ME is that it emits the EMMs in random order. The reason for this is as follows. The Message Emitter does not have the ability to detect or control what it outputs to the multiplexer. Therefore, it is possible that it can transmit two EMMs that will be • received and decoded by the receiver / decoder 2020, back to back. In such circumstances, additionally, it is possible that if the EMMs are insufficiently separated, the receiver / decoder and the smart card will not be able to detect or decode the second of the EMMs appropriately. Cyclically issuing EMMs in random order can solve this problem. The manner in which randomization is achieved is now described, with reference to Figure 17; in the preferred modality, the logic of the necessary software in the ADA computer language is implemented. A part in particular important of the randomization, is the correct storage of EMMs in databases 3320 and 3322 (which are used for backup purposes) and in RAM 3324. For a particular cycle speed and operator, the EMMs are stored in a two-dimensional configuration, through the range 3330 (which goes from, say A to Z) and the number of the 3332 range (which goes from 0 to N). A third dimension is added by the cycle speed 3334, so that there are as many two-dimensional configurations as there are cycle speeds. In the preferred embodiment, there are 256 rows and typically 200 or 300 EMMs in each row; There are 5 cycle speeds. A final dimension is added to the configuration through the presence of different operators; There are as many three-dimensional configurations as there are operators. The storage of the data in this manner may allow recovery in case the MG wishes to delete a particular EMM. The storage of the EMMs is carried out in accordance with the "random check" algorithm (which is otherwise known as the "one-way random check function"). This operates in a module approach, so that the successive rows are filled before a higher number is used in the row, and the number of EMMs in each row remains approximately constant. The example is considered as being of 256 rows. When the MG sends an EMM with the identifier (ID) 1 to the ME, the range "1" to this EMM, and it takes the first number 3332 in the range 3330. The range "2" is assigned to the EMM with the ID 2, and so on, up to the rank 256. Again the rank is assigned "1"to the EMM with ID 257 (based on the module function), and take the second number in the first row, and so on. The recovery of a specific EMM, for example when the MG requests the deletion of a specific EMM, is carried out by means of the inverse of the above. The randomization algorithm is applied to the ID of the EMM to obtain the row, after which the number in the row is found. The current randomization occurs when the EMMs, on a cyclic basis, of the RAM 3324 using the scrambling means 3340, which are implemented in the hardware and / or software of the Message Emitter. The recovery is random, and is based again on the random check algorithm. First, a random number (in the previous example initially in the range of 1 to 256) is chosen to produce the particular range of interest. Second, a random number is chosen to produce the particular number in the row. The furthest random number is selected in accordance with the total number of EMMs in a given row. Once a given EMM has been selected and broadcast, it moves to a second identical storage area in RAM 3324, again using the random check function.

Therefore, the first area decreases in size as EMMs are diffused, to the extent that, once a full range has been used, this is suppressed. Once the first storage area is completely empty, it is replaced by the second storage area, before a new transmission period of the EMM, and vice versa. In the previous mode, after two or three cycles of the EMMs, statistically insignificant are the probabilities of transmitting back to back any of the two EMMs intended for the same end user. At regular intervals, while the EMMs are being stored, the computer 3050 calculates the number of bytes in storage and from this, calculates the bit rate of the transmission, given the global bit rate directive from the multiplexer and the software multiplexer. Reference was previously made to backup databases 3320 and 3322. These are in fact, in the preferred mode, sequential file repositories, which hold a backup version of what is in RAM 3324. In the case of the Message Issuer failure and the subsequent reboot, or more generally, when the ME is restarting for any reason, a link is made between the RAM and the databases, on which the EMMs to RAM. In this way, the risk of losing the EMMs in case of failure can be removed. Storage of the PPV EMMs similar to that described above occurs in relation to the subscription EMMs, with the range typically corresponding to a given operator and the number in the range corresponding to the session number. Figure 18 schematically shows a secondary, or "subscriber", smart card 3020, and comprises an 8-bit microprocessor 110, such as a Motorola 6805 microprocessor, having an input / output busbar coupled to a configuration contact standard 120, which are connected when in use, to a corresponding configuration of contacts in the card reader of the receiver / decoder 2020, the card reader being of conventional design. Microprocessor 110 with busbar connections to ROM 130, RAM 140 and EEPROM 150 is also preferably provided with masks. The smart card complies with the standard protocols of ISO 7816-1, 7816-2 and 7816-3, which determine certain physical parameters of the smart card, the positions of the contacts on the chip and certain communications between the external system (and particularly the receiver / decoder 2020) and the smart card respectively, and which, therefore, will not be further described here.

One function of the microprocessor 110 is to handle the memory in the smart card, as will now be described. The EEPROM 150 contains certain dynamically created operator zones 154, 155, 156 and dynamically created data zones, which will now be described with reference to Figure 19. With reference to Figure 19, the EEPROM 150 comprises a zone 151 of 8 bytes of "card identifier" (or manufacturer) permanent, which contains a permanent subscriber smart card identifier, established by the manufacturer of the smart card 3020. When the smart card is reset, the microprocessor 110 outputs a signal to the receiver / decoder 2020, the signal that it comprises an identifier of the conditional access system using the smart card and the data that is generated from the data stored in the smart card, including the card identifier. This signal is stored by the receiver / decoder 2020, which subsequently uses the signal that was stored to verify whether the smart card is compatible with the conditional access system using the receiver / decoder 2020. The EEPROM 150 also contains an area 152 of the "random number generator" permanent, which contains a program to generate pseudo-random numbers. These are used random numbers to diversify the transaction output signals that are generated by the 3020 smart card and sent back to the transmitter. Below the zone 152 of the random number generator, a permanent "management" zone 153 of 144 bytes is provided. The permanent management zone 153 is a specific operator zone that uses the program in ROM 130 in the dynamic creation (and removal) of zones 154, 155, 156 ... as described below. The permanent management zone 153 contains the data that relates to the rights of the smart card to create or remove the zones. The program to create and remove the zones in a dynamic way is responsive to the EMMs of creation (or removal) of specific zone, which are transmitted through SAS 3002 and which are received by the receiver / decoder 2020 and are passed to the subscriber smart card 3020. In order to create the EMMs, the operator requires specific keys that are dedicated to the administration area. This prevents an operator from deleting areas that are related to another operator. Below the administration area 153, there is a series of zones 154, 155, 156 of "operator identifier" for operators 1, 2 ... N, respectively. Normally, at least one identifier area will be preloaded operator in the EEPROM of the subscriber's smart card 3020, so that the end user can decrypt the transmission of programs through that operator. However, additional areas of the operator identifier may be created subsequently dynamically, using the management zone 153 in response to a transaction output signal generated by the end user (subscriber) by his smart card 3020, as will be described subsequently. . Each zone of the operator 154, 155, 156 contains the identifier of the group to which the smart card 3020 belongs, and the position of the smart card within the group. This data allows the smart card (along with the other smart cards in its group) to be responsive to a subscription EMM of the transmission "group" that has the address of that group (but not the position of the smart card in the group). group), as well as an "individual" EMM (or subscription of commercial offers) that is directed only to that smart card within the group. There may be smart cards of 256 members from each of these groups and therefore, this feature significantly reduces the bandwidth that is required to broadcast the EMMs. With the aim of reducing additionally the bandwidth required to spread the EMMs of subscription of "group", the group data is continuously updated in each zone 154, 155, 156 of the operator and all similar zones in the EEPROM of the smart card 3020 and of the other secondary smart cards, to facilitate that a smart card In particular, change your position in each group to fill any gap that may be formed, for example, by the deletion of a group member. The gaps are filled by SAS 3002, as in the STM 3104 server there is a list of these gaps. In this way, fragmentation is reduced and the membership of each group is maintained at or near the maximum of 256 members. Each operator area 154, 155, 156 is associated with one or more "operator data objects" which are stored in the EEPROM 150. As shown in Figure 19, a series of objects 157-165 of "operator data" "dynamically created is located below the areas of the operator's identifier. Each of these objects is labeled with: a) an "identifier" 1, 2, 3 ... N corresponding to its operator 1, 2, 3, ... N associated, as shown in its section on the right side in Figure 19; b) an "identifier" that indicates the type of object; and c) a "data" area that is reserved for the data, as shown in the right-hand section of each relevant operator object in Figure 19. It should be understood that each operator is associated with a similar set of data objects, so that the following description of the data types in the data objects of operator 1 is also applicable to the data objects of all other operators. It will also be noted that the data objects are located in the contiguous physical regions of the EEPROM, and that their order does not matter. Deleting a data object creates a "hole" 166 on the smart card, that is, the number of bytes that the data objects had previously occupied is not immediately occupied. The number of bytes, or "gap" that is "freed" in this way, is labeled with: a) an "identifier" 0; and b) an "identifier" that indicates that • the bytes are free to receive an object. The next data object that is created fills the gap, as identified by the identifier 0. In this way, the limited memory capacity (4 kilobytes) of the EEPROM 150 is used. Returning now to the set of associated data objects with each operator, the examples of the data objects are now described. The data object 157 contains an EMM key that is used to decrypt the key EMMs that were received by the receiver / decoder 2020. This EMM key is stored from permanently in the data object 157. This data object 157 can be created prior to the distribution of the smart card 3020, and / or can be created dynamically when a new operator zone is created (as described above) . The data object 159 contains the ECM keys, which are sent by the associated operator (in this case operator 1), to facilitate the end user deciphering the particular "bouquet" of programs to which it has subscribed. New ECM keys are typically sent each month, along with a EMM group subscription (renewal), which renews the total right of the end user to see the transmission from (in this case) the operator 1. The use of the separate EMM and ECM keys allows the viewing rights to be purchased in different ways (in this mode by subscription and individually (Pay Per View)) and also increases the security . The mode of Pay Per View (PPV) will be described in a subsequent way. Because ECM keys are sent periodically, it is essential to prevent a user from using old ECM keys, for example by turning off the receiver / decoder or resetting a clock to avoid expiration of an old ECM key , so that a timer can be bypassed in the receiver / decoder 2020. Accordingly, the operator area 154 comprises an area, (which typically has a size of 2 bytes), which contains a date of disuse of the ECM keys. The smart card 3020 is configured to compare this date with the current date, which is contained in the ECMs that were received and to avoid deciphering if the current date is after the date of disuse. The disuse date is transmitted through the EMMs, as described above. The data object 161 contains a 64-bit subscription bit map, which is an exact representation of the transmission operator programs to which the subscriber has subscribed. Each bit represents a program and is set to "1" if -subscribed and "0" if it is not. The data object 163 contains a number of passwords that can be used by the consumer in the PPV mode, to purchase the viewing rights to one. imminent transmission, for example in response to a free trailer or other propaganda. The data object 163 also contains a limit value, which can be adjusted in, for example, a negative value to allow credit to the consumer. Password passwords can be purchased, for example on credit and through the modulated-demodulated backup channel 4002, or through the use of a voice server in combination with a credit card, for example. You can load a particular event as a passcode or a number of passwords.

The data object 165 contains a description of a PPV event, as shown with reference to table 167 of Figure 20. The event description 167 of PPV contains a "session identifier" 168, which identifies the viewing session (corresponding to the program and the time and date of dissemination), a "session mode" 169 that indicates how the right of vision is being purchased (for example, in the previous hiring mode), a "session index" 170 and a "session view" 171. With respect to receiving a program in the PPV mode, the receiver / decoder 2020 determines whether the program is one that was sold in the PPV mode. If so, the decoder 2020 verifies, using the items stored in the description 167 of the PPV event, whether the session identifier for the program is stored therein. If the identifier of the session is stored in it, the control word is extracted from the ECM. If the identifier of the session is not stored therein, the receiver / decoder 2020 visually displays a message, by means of a specific application, to the end user indicating that he has the right to see the session at a cost of, for say, 25 passwords, as read from the ECM or to connect to the 3022 communication servers to buy the event. Using the - passwords, if the end user answers "yes" (by means of the remote controller 2026 (see Figure 2)), the decoder 2020 sends the ECM to the smart card, the smart card decreases the portfolio of the credit card 3020 by 25 passwords, write the session identifier 168, the session mode 169, the session index 170 and the session view 171 in the description of the PPV event 167 and extract and decrypt the control word from the ECM . In the "pre-contracting" mode, an EMM will be passed to the smart card 3020 so that the smart card will write the session identifier 168, the session mode 169, the session index 170, and the session view 171 in the description 167 of the PPV event, using the EMM. The session index 170 can be adjusted to differentiate one transmission from another. This feature allows authorization for a subset of broadcasts, for example, 3 times of 5 broadcasts. As soon as an ECM is passed with a session index different from the current session index 170 stored in the 167 description of the PPV event to the smart card, the number of the session view 171. is decreased by one. session reaches zero, the smart card will refuse to decrypt an ECM with a session index different from the current session index.

The initial value of the session view depends only on the manner in which the transmission provider wishes to define the event to which it relates; the session view for a respective event can take any value. The microprocessor 110 in the smart card implements a count and a comparison program to detect when the limit for the number of views of a particular program has been reached. All session identifiers can be extracted 168, session mode 169, session index 170, and session view 171 in description 167 of the PPV event from the smart card using the "callback" procedure, as previously described. Each receiver / decoder 2020 contains an identifier, which can either uniquely identify the receiver / decoder, or identify its manufacturer or can classify it in any other way in order to allow it to work only with a particular individual smart card, a class particular of smart cards made by the same or a corresponding manufacturer or any other kind of smart cards, that are intended to be used with that kind of receiver / decoder exclusively. In this way, receivers are protected / 2020 decoders that have been supplied through a consumer transmission provider, against the use of unauthorized secondary 3020 smart cards. Additionally or alternatively to this first "link establishment" between the smart card and the receiver, the EEPROM of the smart card 3020 could contain a field or bitmap that describes the categories of the receivers / decoders 2020 with which it can function. These could be specified either during the manufacture of the smart card 30-20 or by a specific EMM. The bit map that is stored in the smart card 3020 typically comprises a list of up to 80 receivers / decoders, each identified with a corresponding receiver / decoder identifier, with which the smart card can be used. Associated with each receiver / decoder is a level "1" or "0" which indicates whether the smart card can be used with the receiver / decoder or not, respectively. A program in the memory 2024 of the receiver / decoder searches for the identifier of the receiver / decoder in the bitmap stored in the smart card. If the identifier is found, and the value associated with the identifier is "1", then the smart card is "enabled"; if not, then the smart card will not work with that receiver / decoder.

In addition, if, typically due to an agreement between the operators, it is desired to authorize the use of other smart cards in a particular receiver / decoder, specific EMMs will be sent to those smart cards to change their bitmap through the 2014 transceiver. Each transmission provider can differentiate its subscribers in accordance with certain previously determined criteria. For example, a number of subscribers can be classified as "VIPs". In accordance with the above, each transmission provider can divide its subscribers into a plurality of subsets, each subset comprising any number of subscribers. The subset to which a particular subscriber belongs in SMS 3004. In turn, SAS 3002 transmits an EMM to the subscriber, which writes the information (typically of 1 byte length) in relation to the subset to which the subscriber belongs within the data area of the relevant operator, to say 154, of the EEPROM of the smart card. In turn, as the events are broadcast by the broadcast provider, an EMC, typically 256 bits, is transmitted to the event and indicates which of the subsets of subscribers the event can see. If, in accordance with the information stored in the operator's area, the subscriber does not have the right to see the event, as determined by the ECM, the view of the event is denied.

This facility can be used, for example, to turn off all the smart cards of a given operator in a particular geographical region during the transmission of a particular program, in particular a program that relates to a sporting event that is taking place in that region. geographical. In this way, football clubs and other sports bodies can sell broadcast rights outside their locality, while preventing local supporters from watching the meeting on television. In this way, local supporters are encouraged to buy tickets and go to the meeting. It is considered that each of the features associated with zones 151 to 172 is a separate invention independent of the dynamic creation of the zones. It will be understood that the present invention has been described above purely by way of example, and any modifications of the detail may be made within the scope of the invention. Each feature described in the description may be provided, and (where appropriate) the claims and drawings independently or in any appropriate combination. In the preferred embodiments mentioned above, certain features of the present invention have been implemented, using the computer software.

- However, it will of course be clear to the experienced person that any of these features can be implemented, using the hardware. Additionally, it will be readily understood that the functions performed by the hardware, computer software, and the like, are performed on or using electrical or similar signals. The cross reference is made to our pending requests, all of them having the same filing date, and titled Signal Generation and Transmission (Lawyer Reference Number PC / ASB / 19707), Smart Card for use with a Transmission Signal Receiver. Key, and Receiving System (Lawyer Reference Number PC / ASB / 19708), Transmission and Reception and Conditional Access System for it (Lawyer Reference Number PC / ASB / 19710), Downloading a Computer File from a Transmitter through a Receiver / Decoder to a Computer (Lawyer Reference Number PC / ASB / 19711), Transmission and Reception of Television Programs and Other Data (Lawyer Reference Number PC / ASB / 19712), Downloading Data (Lawyer Reference Number PC / ASB / 19713), Computer Memory Organization (Lawyer Reference Number PC / ASB / 19714), Development of Television or Radio Control System (Attorney Reference) Number PC / ASB / 19715), Extracting Sections of Data from a Transmitted Data Stream (Lawyer Reference Number PC / ASB / 19716), Access Control System (Lawyer Reference Number PC / ASB / 19717), Data Processing System (Lawyer Reference Number PC / ASB / 19718), and Transmission and Reception System, and Receiver / Decoder and Remote Controller for the same (Lawyer Reference Number PC / ASB / 19720). The descriptions of these documents are incorporated herein by reference. The list of applications includes the present application.

Claims (29)

1. A conditional access system comprising: means for generating a plurality of messages; means to receive the messages; and a communications server directly connected to the generating means, the generating means being adapted to communicate with the reception means by means of the communications server: wherein the generating means are adapted to generate messages in response to the data that is generated. they communicated to the generating means from the receiving means, by means of the communications server.

2. A conditional access system according to claim 1, wherein the messages generated by the generating means are accreditation messages.

3. A conditional access system according to claim 1 or 2, characterized in that it additionally comprises a satellite transceiver, the generating means being configured to transmit a message as a packet of digital data to the receiving means, either by means of the communication server or by means of the satellite transceiver.

4. A conditional access system according to any of the preceding claims, wherein the receiving means are connectable to the communication server by means of a modem and telephone link.

5. A conditional access system according to any of the preceding claims, wherein the messages are generated by the generating means, in response to a command from the receiving means.

6. A transmission and reception system that includes a conditional access system according to any of the preceding claims. A transmission and reception system according to claim 6, wherein the communication server is capable of making a dedicated connection between the receiving means and the generating means. 8. A transmission and reception system according to claim 6, characterized in that it further comprises - a modem, the generating means being connected to the modem by means of the communication server. 9. A transmission and reception system according to any of claims 6 to 8, wherein the receiving means comprise means for reading a smart card insertable thereto by an end user, the smart card having stored in it the data to automatically initiate the transmission of a message from the reception means to the generating means, after the insertion of the smart card by the end user. A transmission and reception system according to any of claims 6 to 9, characterized in that it further comprises a voice link to enable the end user of the transmission and reception system to communicate with the generating means. A transmitting and receiving system according to any of claims 6 to 10, wherein the receiving means comprises a receiver / decoder comprising means for receiving a compressed MPEG type signal, means for decoding the received signal to provide a television signal and means to supply the television signal to a television. 12. A conditional access system to provide conditional access to subscribers, comprising: a subscriber management system; a subscriber authorization system coupled to the subscriber management system; and a communication server, the server being directly connected to the subscriber's authorization system, that is, not through the subscriber's management system; where the subscriber authorization system is adapted to generate messages in response to the data received - through the communications server. 13. A conditional access system according to claim 12, characterized in that it additionally comprises a receiver / decoder for the subscriber, the receiver / decoder being connectable to the communication server and, therefore, to the authorization system of the subscriber, by means of a modem and telephone link. 14. A conditional access system according to claim 13, characterized in that it additionally comprises a satellite transceiver, the subscriber authorization system being configured to transmit a message as a digital data packet to the receiver / decoder either by means of the communication server or by means of the satellite transceiver. 15. A conditional access system according to claim 13 or 14, wherein the receiver / decoder is connectable to the communication server by means of a modem or telephone link. 16. A conditional access system according to any of claims 13 to 15, wherein the messages are generated by the subscriber authorization system, in response to a command from the receiver / decoder. 1

7. A conditional access system of compliance with any of claims 12 to 16, wherein the messages generated by the subscriber authorization system are accreditation messages. 1

8. A conditional access system comprising: a communication server connectable to the subscriber's receiver / decoder; a subscriber management system for storing the subscription information; and a subscriber authorization system for generating messages in response to commands received through the communication server, and comprising: a centralized order server connected to the communication server to receive commands from the receiver / decoder and information from the subscriber's management system; an authorization server connected to the centralized order server to identify and validate a subscriber, in response to an authorization request from the centralized order server; and a message generator connected to the centralized order server, to generate accreditation messages in response to a command received from the centralized order server; the centralized order server being adapted to issue the command to the message generator, in response to data received from at least one of the authorization servers and the subscriber administration system, and to transmit the accreditation messages to the receiver / decoder via the communication server. 1

9. A transmission and reception system, comprising, at the transmission end: a transmission system that includes means for transmitting a callback request; and at the receiving end: a receiver that includes means for calling back the transmission system, in response to the call back request; wherein the transmission system is configured to validate the receiver by means of the call request 'back. 20. A transmission and reception system according to claim 19, wherein the transmission system comprises means for generating a verification message and passing this to the receiver, the receiver includes means for encoding the verification message and passing this to the system of transmission, and the transmission system further includes means for deciphering the verification message that was received from the receiver and comparing this with the original verification message. 21. A system in accordance with the claim 19 or 20, wherein the transmission means are configured to transmit a call back request, which includes a command that the return call can be made at a given time, and the means for calling back to the Transmission are configured to respond to that command. 22. A transmission and reception system, comprising, at the transmission end: a transmission system that includes means for transmitting a callback request; and at the receiving end: a receiver that includes means for calling back to the transmission system, in response to the callback request; wherein the callback request includes a command that the callback can be made at a given time, and the means for calling back to the transmission system are configured to respond to that command. 23. A system according to any of claims 19 to 22, wherein the means for calling back to the transmission system includes a modem connectable to the telephone system. 24. A system according to any of claims 19 to 23, wherein the means for calling back to the transmission system is configured to transfer the information to the transmission system. concerning the receiver. 25. A system according to claim 24, wherein the transmission system includes means for storing the information. 26. A system according to any of claims 19 to 25, wherein the transmission means are configured to transmit as the callback request, at least one accreditation message. 27. A system according to any of claims 19 to 26, wherein the callback request includes a command to attempt the callback a given number of times and which specifies the time between attempts of the call back. 28. A system according to any of claims 19 to 27, wherein the callback request includes a command that specifies at least one telephone number to be dialed by the receiving means after answering the callback request. . 29. A conditional access system or a transmission and reception system as substantially described herein with reference to, and as illustrated in the accompanying drawings, and especially Figures 12, 13 or 14 thereof.