MXPA99008550A - Broadcast and reception system, and receiver/decoder and remote controller therefor - Google Patents

Broadcast and reception system, and receiver/decoder and remote controller therefor

Info

Publication number
MXPA99008550A
MXPA99008550A MXPA/A/1999/008550A MX9908550A MXPA99008550A MX PA99008550 A MXPA99008550 A MX PA99008550A MX 9908550 A MX9908550 A MX 9908550A MX PA99008550 A MXPA99008550 A MX PA99008550A
Authority
MX
Mexico
Prior art keywords
decoder
receiver
card
remote controller
user
Prior art date
Application number
MXPA/A/1999/008550A
Other languages
Spanish (es)
Inventor
Bayassi Mulham
Bastein Jeanpaul
Declerk Christophe
Original Assignee
Bastien Jeanpaul
Bayassi Mulham
Canal+ Societe Anonyme
Declerck Christophe
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bastien Jeanpaul, Bayassi Mulham, Canal+ Societe Anonyme, Declerck Christophe filed Critical Bastien Jeanpaul
Publication of MXPA99008550A publication Critical patent/MXPA99008550A/en

Links

Abstract

A receiver/decoder for use in a digital satellite radio or television system includes a decoder and means to accommodate a credit or bank card carrying a microprocessor, and means to interact with said microprocessor when the credit or bank card is inserted into an operative position in said receiver/decoder in order to enable data carried by said credit or bank card to be read and data to be input to the microprocessor carried by said credit or bank card. A PIN number may be transmitted to the receiver/decoder in a secure fashion by means of a remote controller, which is also described. Applications of the invention include Pay-Per-View television, teleshopping and telebanking.

Description

SYSTEM OF TRANSMISSION AND RECEPTION, AND RECEIVER / DECODER AND REMOTE CONTROLLER FOR THE SAME The present invention relates to a transmission and reception system, in particular (but not exclusively) to a wholesale interactive digital satellite television system. It also relates to a receiver / decoder and a remote controller for it. More particularly, the present invention is related in a main aspect, with the so-called radio and / or pay television system, where a user / viewer selects a program / movie / game to be seen by which a payment is made , referred to as a Pay-Per-Event event (PPV) or, in the case of the data to be downloaded, a so-called Pay-Per-File event (PPF, for its acronym in English). With these known PPV or PPF systems, the user / viewer is initially required to interact with the system, with the objective not only of selecting a product to be delivered, but also, in some cases, of making the payment for that delivery. . The term "product" is used here to denote any program, movie or other event or data that is to be transmitted, either to the end user's television set or to the personal computer associated with the system.
The invention also relates to a television sales system or a telebanking system in which a credit or bank card is used, in conjunction with the transmission information to effect a transaction, for example, the purchase of an item or announced service. The present invention provides the apparatus that includes a receiver / decoder for use in the reception of a radio or television program or a data file, the apparatus including means for interacting with a user's credit card or bank, for reading the information who carries the card. This configuration can facilitate payment by products, with minimal interaction by the user. The bank or credit card can carry the data on the magnetic tape (or other "passive" data carrier). However, more preferably, the credit or banking card incorporates a microprocessor (or other "active" information storage device) and the apparatus is configured to interact with the microprocessor, and is preferably configured to provide information to the microprocessor. This may allow a higher level of security to be maintained, and may facilitate the transfer of information. The preferred device additionally includes means for transmitting a debit instruction to a remote center, which is based on the information carried by the card, for charging the user's bank or credit account. In a preferred configuration, the apparatus is preferably configured to receive authorization information from the remote center, and to control the decoding and / or de-modulation of the program or file in dependence on the authorization information. This can facilitate the provision of PPV or PPF services. In a preferred configuration, the apparatus further includes means for interacting with a smart card containing the subscriber information, the decoding or the de-modulation being controlled in dependence on the subscriber information. The smart card may also contain the information of the decryption key and the information that relates to the channels to which the user has subscribed. Preferably, the apparatus is configured to store receipt credit information representing the credits available for purchasing products in the memory means of the smart card, and preferably includes means for modifying the receiving credit information to reduce the available credits for a certain amount, in response to receiving a program or file. In this way, a user can store credits - to buy products (PPV programs or PPF files) on the smart card. In a preferred configuration, the apparatus is configured to send debit instructions, preferably at the request of the user, to the remote center, and to modify the credit information information stored on the smart card, preferably upon receipt of the authorization information, to increase the number of credits stored in the smart card depending on the payment by means of the bank or credit card. In this way, a user can buy credits using a bank or credit card, which will be stored on the smart card for later use. More preferably, the apparatus is configured to effect the purchase of sufficient reception credits to allow a plurality of products to be purchased for each transaction, in which the debit instruction is sent to the remote center; this can reduce the number of transactions that are required with the remote center, and can improve security by reducing the number of occasions in which the details of the bank or credit card need to be transmitted. In a particularly suitable configuration for television purchases, the apparatus includes means for processing data, representative of the bank or credit card of the user, together with the data received representative of a given item or service, and for transmitting a request for order to a remote center for processing. With this system, you can simplify the order and payment for the advertised products. Preferably, means are provided for inputting a user request to purchase a product or service that was displayed visually; This can simplify the purchase to the extent of only requiring a user to confirm their desire to purchase a specified item. The apparatus may additionally include means for receiving a Personal Identification Number (PIN), preferably associated with the credit or bank card, which is preferably transmitted from a remote controller in a secure manner, to authorize a transaction The apparatus preferably takes the form of an upper box (STB), which is preferably a self-contained unit containing both the decoder and the card reading circuitry. The device can, however, be integrated into a television, VCR, or computer device. The invention is more preferably applied to receiving programs and files transmitted by satellite, and in particular digital satellite programs, since these provide the useful capacity for data transmission, although of course, it is also applicable to cable use. and terrestrial. A feature that is particularly preferred is that the apparatus includes additional interaction means, to interact with an (additional) user's card to read the information carried by the card, the means being separated from the means to interact with a credit card or bank of the user. By effectively providing two card readers, the utility of the device can be increased. This important aspect is provided, independently. Therefore, in accordance with a related aspect of the present invention, an apparatus is provided that includes a receiver / decoder for use in the reception of a television or radio program or a data file, the apparatus including means for interacting with a credit card or bank of the user to read the information that carries the card, and, separated from those means, means to interact additional, to interact with a card of the user to read the information that carries the card. Preferably, the means for further interaction are configured to interact with a card incorporating a microprocessor, and the card is the so-called "smart card". More preferably, the apparatus is configured to provide information to the microprocessor. In accordance with a further aspect of the present invention, a receiver / decoder for use in a digital satellite television system includes a decoder and means for accommodating a credit or banking card carrying a microprocessor, and means for interacting with the microprocessor. when a credit or bank card is inserted in an operative position in the receiver / decoder, with the aim of allowing the data that the credit or bank card bears to be read and the data that is going to be introduced to the microprocessor carrying the credit card or bank. In accordance with a preferred feature of this additional aspect of the present invention, the receiver / decoder also includes means for accommodating a smart card, whereby the insertion of the smart card by the end user within the receiver / decoder enables the smart card to interact in the receiver / decoder, whereby a product selected by the end user can be sent to that receiver / decoder and from there to a television set or personal computer to which the receiver / decoder is adapted to connect. In accordance with another aspect of the present invention, there is provided a digital satellite radio or television system having a plurality of end user endings, each of which includes a receiver / decoder as defined in any of the two paragraphs. previous The invention further provides the use of a credit card or bank card reader in conjunction with the apparatus for receiving or decoding the radio or television signals, preferably satellite television signals, to provide information that allows a satellite to be loaded. credit or bank account of the user upon request for a program, file, article or service that was offered. In one aspect of the method, the invention provides a method for visually displaying a program or making available a file for downloading, compressing, in a receiver / decoder in which information concerning the program or file is received, reading information from a card bank or credit, determine if a user is authorized to receive the program or file, and, if authorized, visually display the program or make the file available and issue a debit instruction to load the user's credit or bank account . In the preferred embodiment, in fact, the charge from the user's credit or bank account is usually made before visually displaying the program or making the file available. In a further aspect of the method, the invention provides a method for providing an order for an item or service comprising, in a receiver / decoder in which the information concerning the item or service is received, reading the information of a bank card or credit, generate a request for an order that contains the information that identifies the item or service and the information representative of the credit card or credit card information, and transmit the order information to a remote center for processing. The method of preference additionally comprises, in the remote center, processing the order information and determining whether to authorize the transaction based on the credit or bank card information. In connection with the apparatus as mentioned above, preferably the apparatus further comprises a remote controller for transmitting a Personal Identification Number (PIN) of the user to the receiver / decoder. More preferably, the remote controller includes security means to make transmission secure. Now these characteristics will be discussed in more detail. In the aspect of the invention that is now described, the present invention also relates to a remote controller for an item of equipment and more particularly to a remote controller that is manually held, which is used to control television sets, receivers / decoders for satellite television systems, and other equipment like that. The controllers operate on the basis of transmitting a signal from the manually held controller to the item of equipment, being a way to do this by means of an infrared beam. As discussed above, with the aim of enabling a user to make purchase and bank transactions through the medium of a television system, it would be necessary for the user to enter the so-called Personal Identification Number (PIN), with the objective of executing the financial transaction. Of course, a user's PIN number must be kept confidential to that particular user, so that third parties can not withdraw funds from that user's bank account in an unauthorized manner. With the known remote controllers, the information that is transmitted from the combined handset to the television set can be intercepted; this presents a problem if confidential data must be transmitted. The present invention helps alleviate this problem, while keeping the nature of operations as simple as possible for the user to perform. This aspect of the present invention is of particular interest in providing a manually held remote controller, which can be used with a television system through which banking operations and other financial transactions can be performed. In accordance with this aspect of the present invention, a remote controller for an item of equipment has means by which a Personal Identification Number of the user can be transmitted to the item of equipment, the controller incorporating security means to make the transmission secure. In a closely related aspect, the invention provides a remote controller for an item of equipment, comprising means defining a body for the controller, means for transmitting a User's Personal Identification Number to that item of equipment and security means. to make the transmission secure. Preferably, the transmission means comprise means for generating an infrared beam; this provides convenient transmission means, which may be less exposed to interception than other transmission media. The security means preferably comprise means for encoding the PIN number; this can inhibit the detection of the PIN number if the transmission is intercepted. The means for encoding may comprise means for combining the PIN number with a random number (or a pseudo-random number); this can make unauthorized decryption more difficult. Means may be provided to allow the user to enter the random number; the provision of the user input can make the introduction of the random number less prone to interception. Advantageously, the input means comprise at least one key for the introduction of the random number and an additional key, the controller being configured so that only the PIN number is transmitted by means of the transmission means in the depression of 1 key. additional. This configuration can be simple to operate, but reliable, compact and secure. In a useful manner, the means for setting a key comprises means for storing the random number in the controller; this facilitates the encoding of a subsequent entry PIN number. The security means may comprise means for generating a number characteristic of the individual controller, for transmission by means of the transmission means to the article of equipment. This configuration can offer greater security, and can also serve to avoid the use of unauthorized remote controllers. Similarly, to increase security, the means for encoding may include means for generating a number feature of the individual remote controller and means for combining the characteristic number with the random number and the PIN number. In a preferred configuration, the means for encoding comprise means for receiving a random number from the item of equipment and means for combining that random number with the user's PIN number for transmission by means of the transmission means to that article. This can make encryption more secure, by providing a random number only when it is needed for coding. The preferred controller also comprises means for transmitting controller commands to the equipment, and preferably has input means selectively operable, depending on an input status of the remote controller, either to enter the PIN number or to enter a controller command for the equipment, preferably adjusting the input status in accordance with the additional input means. The input means may comprise a numerical input key and the controller command may comprise a program or channel selection command. The additional input means may "comprise a function key." The invention also provides a combination comprising a remote controller as claimed in one of the preceding claims and the article of the equipment., the item of equipment having means to receive a user's PIN number. In that combination, the item of the equipment may comprise means for generating a random number and means for outputting the random number towards a visual display unit.; this facilitates the entry of a random number at the time of encoding. The item of equipment may comprise means for generating a random number and means for transmitting the random number to the remote controller; this can avoid the need for manual entry of the random number. A further aspect of the invention provides a digital television system, comprising an item of television equipment, the article having means for receiving a user's PIN number, and a remote controller as defined above. An additional, closely related aspect provides a digital television system, comprising an article of the television equipment, the article having means for receiving a PIN number, and a remote controller, the remote controller comprising means for defining a body for the controller, means for transmitting a user's PIN number to the item of equipment and security means to make the transmission secure. The item of television equipment may be a television set or a receiver / decoder that is to be attached to a television set. The invention also extends to a method for introducing a PIN number into a television system employing a remote controller, as defined above. Preferred features of the present invention will now be described, purely by way of example with reference to the accompanying drawings, in which: Figure 1 shows the architecture of a system Generators digital television conformity-to the preferred embodiment of the present invention; Figure 2 shows the architecture of a conditional access system of the digital television system; Figure 3 shows the structure of an Accreditation Management Message that is used in the conditional access system; Figure 4 is a schematic hardware diagram of a Subscriber Authorization System (SAS), in accordance with a preferred embodiment of the present invention; Figure 5 is a schematic diagram of the SAS architecture; Figure 6 shows the architecture of an interactive system of the digital television system of Figure 1; Figure 7 is a schematic diagram of a remote controller that is used in the digital television system; Figure 8 is a schematic perspective view of a receiver / decoder in accordance with the present invention; Figure 9 is a schematic representation of the protocols that are used in the user's credit / bank card payments; Figure 10 is a view similar to that of Figure 7, but showing in shadow the internal components of the controller key; Figure 11 is a schematic diagram showing the internal components of the receiver / decoder key; Figure 12 is a schematic representation of a first coding configuration in accordance with the present invention; - Figure 13 is a view similar to that of Figure 12 of a second coding configuration; Figure 14 is a view similar to that of Figure 12 of a third coding configuration; and Figure 15 is a view similar to that of Figure 12 of a fifth coding configuration. In Figure 1 there is shown an overview of a digital television transmission and reception system 1000 according to the present invention. The invention includes a mostly conventional digital television system 2000, which uses the known MPEG-2 compression system to transmit compressed digital signals. In more detail, the 2002 MPEG-2 compressor in a transmission center receives a stream of digital signals (typically a stream of video signals). The compressor 2002 to a multiplexer and scrambler 2004 is connected by linkage 2006. The multiplexer 2004 receives a plurality of more input signals, assembles one or more transport streams and transmits compressed digital signals to a transmitter 2008 via transmission center the link 2010, which of course can take a wide variety of forms, including telecom links. The transmitter 2008 transmits electromagnetic signals via the ascending 2012 link, to a 2014 satellite transmitter-receiver, where these are electronically processed and transmitted via the speculative descending 2016 link to the land receiver 2018, conventionally in the form of a proprietary dish or rented by the end user. The signals received by the receiver 2018 are transmitted to an integrated receiver or decoder 2020 owned or rented by the end user, and connected to the television set 2022 of the end user. The receiver / decoder 2020 decodes the MPEG-2 signal to a television signal for the television set 2022. A conditional access system 3000 is connected to the multiplexer 2004 and the receiver / decoder 2020, and is located partially in the transmission center, and partially in the decoder. This allows the end user to access the digital television transmissions from one or more transmission providers. A smart card can be inserted, capable of deciphering messages related to commercial offers (that is, one or many television programs sold by the transmission provider), within the receiver / decoder 2020. Using the decoder 2020 and the smart card, the end user can buy events in either a subscription mode or a pay-per-event mode. An interactive system 4000, also connected to the multiplexer 2004 and the receiver / decoder 2020, and again partially located in the transmission center and partially in the decoder, allows the end user to interact with different applications via a modulated return-modulated channel 4002. .
Conditional Access System The 3000 conditional access system will now be described in more detail. With reference to Figure 2, in the overview the conditional access system 3000 includes a Subscriber Authorization System (SAS) 3002. The SAS 3002 is connected to one or more Subscriber Management Systems (SMS) 3004, an SMS for each transmission provider, through a respective 3006 TCP-IP link (although other types of links can alternatively be used). Alternatively, an SMS can be shared between two transmission providers, or a provider can use two SMSs, and so on. The first coding units in the form of coding units 3008, which use "mother" smart cards 3010, are connected to the SAS via link 3012. The second coding units again in the form of coding units 3014, which use cards 3016 intelligent "mother" are connected to the multiplexer 2004 through the link 3018. The receiver / decoder 2020 receives a smart daughter card 3020. This is directly connected to SAS 3002 via the Communication Servers 3022 via the modulated-demodulated back channel 4002. The SAS sends, among other things, subscription rights to the daughter smart card on the request.
Smart cards contain the secrets of one or more commercial operators. The "mother" smart card encodes different types of messages, and "daughters" smart cards decode the messages, if they have the rights to do so. The first and second encryption units 3008 and 3014 comprise a lot, an electronic VME card (the VME being an ICL property operating system) with the software stored in an EEPROM, up to 20 electronic cards and a smart card 3010 and 3016 respectively , for each electronic card, one (card 3016) to code the ECMs and another (card 3010) to code the EMMs. The operation of the conditional access system 3000 of the digital television system will now be described in more detail, with reference to the different components of the television system 2000 and the conditional access system 3000.
Multiplexer and Encoder With reference to Figures 1 and 2, in the transmission center, the digital video signal is first compressed (or the bit rate is reduced), using the 2002 MPEG-2 compressor. This compressed signal is then transmitted to the multiplexer and encoder 2004 via the link 2006 in order to be multiplexed with other data, such as other compressed data. The encoder generates a controller word that is used in the coding process and that is included in the MPEG-2 stream in the multiplexer 2004. The controller word is generated internally and allows the integrated end-user decoder / decoder 2020 to decode the program. The access criteria that indicate how the program is marketed are also added to the MPEG-2 stream. The program can be marketed in any of a number of "subscription" modes and / or one of a number of "Pay Per View" (PPV) modes or events. In the subscription mode, the end user subscribes to one or more commercial offers, or "bouquets", thus obtaining the rights to see all the channels within those bouquets. In the preferred mode, up to 90 commercial offers of a bunch of channels can be selected. In Pay Per View mode, the end user is given the ability to buy events as he wishes. This can be achieved either by pre-contracting the event in advance ("prior hiring mode"), or by buying the event as soon as it is transmitted ("impulse mode"). In the preferred mode, all users are subscribers, whether they see in subscription or PPV mode or not, but of course PPV viewers do not necessarily need to be subscribers. Both the controller word and the access criteria are used to build an Accreditation Driver Message (ECM); this is a message that is sent in relation to a coded program; the message contains a controller word (which allows the decoding of the program) and the access criteria of the transmission program. The access criteria and the controller word are transmitted to the second keypad unit 3014 via link 3018. In this unit, an ECM is generated, keyed and transmitted to the multiplexer and encoder 2004. Each transmission of services by a transmission provider in a data stream comprises a number of different components; for example, a television program includes a video component, an audio component, a subtitle component, and so on. Each of these components of a service is individually coded and encrypted for subsequent transmission to the 2014 transceiver. With respect to each coded component of the service, a separate ECM is required.
Program Transmission The multiplexer 2004 receives electrical signals comprising EMMs coded from the SAS 3002, ECMs coded from the second co-unit 3014, and compressed programs from the 2002 compressor. The 2004 multiplexer encodes the programs and transmits coded programs, coded EMMs and coded ECMs, such as electrical signals to a transmitter 2008 of the transmission center, via link 2010. The transmitter 2008 transmits electromagnetic signals to the 2014 transceiver via the 2012 link upward.
Receipt of Procrrams The 2014 satellite transmitter-receiver receives and processes the electromagnetic signals transmitted by the transmitter 2008, and transmits the signals to the ground receiver 2018, conventionally in the form of a plate owned or rented by the end user, via the link 2016 descending. The signals received by the receiver 2018 are transmitted to the integrated receiver or decoder 2020 owned or rented by the end user, and are connected to the television set 2022 of the end user. The receiver / decoder 2020 demultiplexes the signals to obtain the programs encoded with the coded EMMs and the coded ECMs. If the program is not encoded, that is, no ECM has been transmitted with the MPEG-2 current, the receiver / decoder 2020 decompresses the data and transforms the signal to a video signal for transmission to the television set 2022. If the program is encoded, the receiver / decoder 2020 extracts the corresponding ECM from the MPEG-2 stream, and passes the ECM to the "daughter" smart card 3020 of the end user. This is inserted into a slot inside a housing in the receiver / decoder 2020. The smart daughter card 3020 controls whether the end user has the right to decrypt the ECM and access the program. If not, a negative state is passed to the receiver / decoder 2020 to indicate that the program can not be decoded. If the end user has the rights, the ECM is decrypted and the controller word is extracted. Then the decoder 2020 can decode the program using this controller word. The MPEG-2 stream is decompressed and translated into a video signal for progressive transmission to television set 2022.
Subscriber Management System (SMS) A Subscriber Management System (SMS) 3004 includes a 3024 database that manages, among others, all the files of the end user, commercial offers (such as rates and promotions), subscriptions, details of PPV, and data regarding the consumption and authorization of the end user. The SMS may be physically away from the SAS.
Each SMS 3004 transmits messages to SAS 3002 via the respective link 3006, which implies modifications to, or creations of, Accreditation Management Messages (EMMs) to be transmitted to the end users. The SMS 3004 also transmits messages to SAS 3002, which does not imply any modification or creation of EMMs, but only implies a change in an end-user status (related to the authorization granted to the end user when ordering products, or with the quantity with which the final user will be charged). As described below, SAS 3002 sends messages (typically requesting information such as callback information, or billing information) to SMS 3004, so that it will be evident that the communication between the two is in both directions.
Accreditation Management Messages (EMMs) The EMM is a message dedicated to an individual end user (subscriber), or a group of end users, only (in contrast to an ECM, which is dedicated to only a coded program, or a set of coded programs if they are part of the same commercial offer Each group can contain a given number of end users This organization as a group is directed to the optimization of the bandwidth; that is, access to a group can allow a greater number of end users to be reached. Different specific types of EMM are used in putting the present invention into practice. Individual EMMs are dedicated to individual subscribers, and are typically used in the provision of Pay Per View services; these contain the group identifier and the position of the subscriber in that group. The so-called "Group" subscription EMMs are dedicated to groups of, say, 256 individual users, and are typically used in the administration of some subscription services. This EMM has a group identifier and a group bitmap of subscribers. Audience EMMs are dedicated to whole audiences, and can be used by a particular operator to provide certain free services, for example. An "audience" is the totality of subscribers that have smart cards that carry the same Operator Identifier (OPI). Finally, a "unique" EMM addresses the unique identifier of the smart card. The structure of a typical EMM will now be described with reference to Figure 3. Basically, the EMM, which is implemented as a series of digital data bits, comprises a header 3060, the appropriate EMM 3062, and a signature 3064. The header 3060 in turn comprises a type identifier 3066, to identify whether the type is individual, group, audience, or some other type, an identifier 3068 in length that gives the length of the EMM, an optional address 3070 for the EMM, an identifier 3072 of operator and a key identifier 3074. The appropriate EMM 3062 of course varies greatly, in accordance with its type. Finally, signature 3064, which is typically 8 bytes long, provides a number of checks against corruption of the remaining data in the EMM.
Subscriber Authorization System (SAS) The messages generated by SMS 3004 are passed via link 3006 to the Subscriber Authorization System (SAS) 3002, which in turn generates messages recognizing the reception of messages generated by SMS 3004, and passes these acknowledgments to SMS 3004. As shown in Figure 4, at the hardware level the SAS comprises in the known manner a mainframe 3050 computer (in the preferred embodiment a DEC machine) connected to one or more keyboards 3052 for data entry and commands, one or more Visual Deployment Units (VDUs) 3054 for visual display of output information, and 3056 data storage elements. Some redundancy in the hardware can be provided. At the software level the SAS operates, in the preferred embodiment, in a standard open VMS operation system, a software collection whose architecture will now be described in general view, with reference to Figure 5; it will be understood that the software can be implemented alternatively in the hardware. In general, the SAS comprises an area 3100 of Subscription chain to give rights for the subscription mode, and to renew the rights automatically every month, a 3200 area of Pay Per View chain to give rights for PPV events, and a 3300 EMM Injector to pass the EMMs created by the Subscription and PPV chain areas to the multiplexer and encoder 2004, and consequently to feed the MPEG stream with EMMs. If other rights, such as Payment Per File (PPF) rights are to be granted in the case of downloading computer software to a user's Personal Computer, other similar areas are also provided. One function of the SAS 3002 is to manage access rights to television programs, available as commercial offers in subscription mode, or sold as PPV events, in accordance with different marketing modes (pre-contract mode, impulse mode) . SAS 3002, in accordance with those rights and with the information received from SMS 3004, generates EMMs for the subscriber. The Subscription Chain area 3100 comprises a Command Interface (Cl) 3102, a Subscriber Technical Management server 3104 (STM), a Message Generator (MG) 3106, and Unit 3008 coding. The PPV Chain area 3200 comprises an Authorization Server (AS) 3202, a relationship database 3204 for storing relevant details of the end users, a support list database 3205, Servers. 3206 Database for the database, a Centralized Order Server (OCS, for its acronym in English) 3207, a Server for Program Transmitter (SPB, for its acronym in English) 3208, a Message Generator (MG) , for its acronym in English) 3210 whose function is basically the same as that of the area of Subscription Chain and consequently is not described in any detail, and Unit 3008 Coding. The 3300 EMM injector comprises a plurality of Message Emitters (MEs) 3302, 3304, 3306 and 3308, and Software Multiplexers (SMUXs) 3310 and 3312. In the preferred embodiment, there are two MEs, 3302 and 3304 for Message Generator 3106, with the other two MEs 3306 and 3308 for Message Generator 3210. The MEs 3302 and 3306 are connected to the SMUX 3310, while the MEs 3304 and 3308 are connected to the SMUX 3312.
Interactive System An interactive system 4000, also connected to the multiplexer 2004 and the receiver / decoder 2020 and which is located again partially in the transmission center and partially in the decoder, allows the end user to interact with different applications by means of a channel 4002 modulated return-demodulated. Figure 6 shows the general architecture of the interactive television system 4000 of the digital television system 1000 of the present invention. The interactive system 4000 comprises an overview of four main elements: an originating tool 4004 in the transmission center (or some other place) to allow a transmission provider to create, develop, debug and test the applications; an application and data server 4006, in the transmission center, connected to the originating tool 4004, to enable a transmission provider to prepare, authenticate, and format applications and data for transmission to the multiplexer and demodulator 2004 for insertion into the stream MPEG-2 transport (typically the private section thereof) to be transmitted to the end user; a virtual machine that includes a runtime machine (RTE) 4008, which is an executable code installed in the receiver / decoder 2020 own or rented by the end user, to allow the end user to receive, authenticate, decompress, and load applications within working memory 2024 of receiver / decoder 2020 for execution. Machine 4008 also runs resident, general-purpose applications. The machine 4008 is independent of the hardware and operating system; and a modulated-demodulated back channel 4002 between the receiver / decoder 2020 and the application and data server 4006, to enable signals that tell the server 4006 to insert data and applications into the MPEG-2 transport stream upon request -of the end user. The interactive television system operates using "applications" that control the functions of the receiver / decoder and different devices contained therein. The applications are represented on the machine 4008 as "resource files". A "module" is a set of files and resource data. Different modules may be required to form an application. A "memory volume" of the receiver / decoder is a storage space for the modules. An "interface" is used to download the modules. The modules within the receiver / decoder 2020 can be downloaded from the MPEG-2 transport stream. For the purposes of this specification, an application is a piece of computer code for controlling the high-level functions of, preferably, the receiver / decoder 2020. For example, when the end user places the focus on a 2026 remote controller (as shown in more detail in Figure 7) on a button object that is seen on the screen of television set 2022 and presses a validation key, the writing associated with the button is executed. An interactive application proposes menus and executes commands at the request of the end user and provides data related to the purpose of the application. The applications can be either resident applications, that is, stored in the RAM (or FLASH or other non-volatile memory) of the receiver / decoder 2020, or transmitted and downloaded into the RAM or FLASH of the receiver / decoder 2020. The examples of the applications are: - • An Initialization Application. The receiver / decoder 2020 is equipped with a resident initialization application which is an adaptive collection of modules (this term being defined in more detail later herein), which allows the receiver / decoder 2020 to be immediately operative in the MPEG environment. 2. The application provides core characteristics that can be modified by the transmission provider if required. It also provides an interface between resident applications and downloaded applications. • An Ignition Application. The application of ignition allows any application, whether downloaded or resident, to run on the receiver / decoder 2020. This application acts as a loading operation on the arrival of a service, in order to start the application. The ignition is discharged into the RAM and, therefore, can be easily updated. This can be configured in such a way that the interactive applications available on each channel can be selected and executed, either immediately after downloading or after preloading. In the case of pre-loading, the application is loaded into the 2024 memory, and activated by power-on when required.
• A Program Guide. The Program Guide is an interactive application that gives complete information about programming. For example, it can give information about, say, the one-week television programs provided by each channel of a digital television bouquet. By pressing the key on the remote controller 2026, the end user accesses an added screen, above the event that is displayed on the television set 2022 screen. This added screen is a navigator that gives information about the current and future events of each channel of the digital TV corsage. By pressing another key on the remote controller 2026, the end user accesses an application that - visually displays a list of information about the events during a week. The end user can also search and select events with simple and custom criteria. The end user can also directly access a selected channel. • One Pay Per View application. The pay-per-view application is an interactive service available on each Pay Per View channel of the digital TV bouquet, in conjunction with the 3000 conditional access system. The end user can access the application using a TV guide or channel navigator. Additionally, the application automatically starts as soon as the Pay Per View event is detected on the Pay Per View channel. Then the end user is able to buy the event in progress either through his smart daughter 3020 card or via communication server 3022 (using the modem, a telephone and DTMF, MINITEL or similar codes). The application can be either resident in the ROM of the receiver / decoder 2020 or downloadable within the RAM of the receiver / decoder 2020. • A PC Download application. Upon request, an end user can download computer software using the PC download application. • A Magazine Browser application. The magazine browser application comprises a cyclic video transmission of images with navigation of the end user via buttons on the screen. • A questionnaire application. The questionnaire application is preferably synchronized with a transmission questionnaire program. As an example, multiple selection questions are displayed on the 2022 television screen visually, and the user can select a response using the remote 2026 controller. The questionnaire application can inform the user if the answer is correct or not, and can keep score of the user. • An application of Shopping by Television. In one example of the television shopping application, goods for sale are transmitted to the receiver / decoder 2020, and displayed visually on television 2022. Using the remote controller, the user can select a particular item to buy it. The order of the article is sent via the modulated-demodulated return channel 4002 to the application and data server 4006, or to a separate sales system, whose telephone has been downloaded to the receiver / decoder, possibly with an order to charge the account to a credit card that has been inserted in one of the 4036 card readers of the receiver / decoder 2020. • A Telebanca application. In one example of the telebanking application, the user inserts a bank card into one of the receiver cards 4036 of the receiver / decoder 2020. The receiver / decoder 2020 marks the user's bank, using a telephone number stored on the card bank or stored in the receiver / decoder, and then the application provides a number of facilities that can be selected using the remote 2026 controller, for example, to download an account statement via the telephone line, transfer funds between accounts, request a checkbook, etc. • An Internet Browser application. In an example of the Internet browser application, the user instructions are entered, such as a request to view a web page having a particular URL, using the remote controller 2026, and these are sent through the modulated-demodulated return channel 4002 to the application and data server 4006. The appropriate web page is then included in the transmissions from the transmission center, received by the receiver / decoder 2020 via the ascending 2012 link, the 2014 transceiver and the descending 2016 link, and visually displayed on the 2022 television. Applications are stored in the memory locations in the receiver / decoder 2020 and are represented as resource files. Resource files include the graphic object description unit files, variable block unit files, instruction sequence files, application files, and data files. The graphic object description unit files describe the screens, the man-machine interface of the application. The variable block drive files describe the data structures that the application handles. The instruction sequence files describe the processing operations of the applications. The application files provide the entry points for the applications. Applications made in this way can cause data files, such as icon library files, image files, character font files, color table files, and ASCII text files. An interactive application can also obtain data online by making entries and / or outputs. The machine 4008 only loads into its memory those resource files that it needs at a given moment. These resource files are read from the graphic object description unit files, instruction files, and application files; the variable block unit files are stored in the memory after a procedure call to load the modules and remain locked there until a specific call is made to a procedure to download the modules.Ease of Credit Card for the Top Box With reference to Figure 8, each end user of the system described with reference to the preceding figures is provided with a top box 2019 including a receiver / decoder 2020 by which the user it can interact with the digital television system and by means of which the products selected by the end user can be transmitted to the television set 2022 or the user's personal computer to download them on it. The upper case 2019 houses, among other items, the decoder 2020 and the modem 2021, the decoder 2020 including a memory 4022. Slots 2023 and 2025 are provided in the front of the upper case 2019 into which a card can be inserted. smart 3020 and / or a 3017 credit / bank card, respectively. The slots 2023 and 2025 have reading means 3019 and 3021 associated therewith respectively. It has already been described, with reference to Figure 2, the manner in which a "daughter" smart card, which is specific to a particular user, interacts with the system. With this embodiment of the present invention, the end user has the option to pay for a selected product by means of a credit / bank card, preferably of the type incorporating a 3017a microprocessor (a so-called "smart card"), typically in the PPV and PPF modes of system operation. This use of a credit / bank card is made possible by means of providing the top box 2019 with the slot 2015 and associated means within the receiver / decoder to enable the microprocessor 3017a to interact with the system as a whole. The receiver / decoder in this mode includes a conventional card reader device, which is under general controller by the same processor which monitors the decoding controller and controls the interaction with the smart card. In this way, the debit instructions can be easily linked to the "charge" of the smart card with additional credits. This interaction includes the fact that the credit / bank card is interrogated in order to establish its authenticity, expiration date and if the credit limit associated with its holder has been exceeded and then load the account with which the card is related (through from your microprocessor if it is a smart card and the relevant banking network) for the amount that was charged for the selected product. In the case of a "false" magnetic card, a similar procedure is adopted. Figure 9 schematically illustrates the protocol that is used to enable the credit / banking card 3017 to interact with the system, the purpose of the protocols being to provide financial security. This protocol is based on the protocol currently used in the MINITEL system, which operates in France. The protocol operates in relation to three different areas, the end user or subscriber completion area is usually indicated in A, the area of the system provider, is usually indicated in B and the bank area is usually indicated in C. In Figure 4, it is intended that areas A, B and C indicate the operational division of the system, rather than some physical characteristic. As indicated above with respect to Figure 8, the user has a credit card 3017, which includes a microprocessor 3025, in the form of an integrated circuit chip. This may also be the private key 3015 which has a security function similar to that already described in relation to the user's 3020 smart card, to be used when verifying the authenticity of the card. In connection with its interaction with the credit card 3017, the end user receiver / decoder 2020 is functionally provided with the means to process the data representative of the transaction itself (shown in 3029) and means for processing the data which are related to authentication and integrity (shown in 3031). Area A also includes a public key. Area B that is under the controller of the system provider, includes SMS 3004 and communication server 3022 which are described below with respect to Figures 1 and 2. Servers 3022 also include a server 3023 encoder that incorporates a private key. Area C includes a private banking network 3032, typical banking members of those shown at 3033, 3034 and 3035. The 3032 network incorporates a 3036 telepayment administrator, which incorporates a key 3037"mother" Now we will describe the sequence of events that is included in a single financial transaction, using the credit card 3017, with reference to Figure 9 in which the arrows indicate the different steps involved in the execution of the payment and the release / injection of the Relevant EMM that will receive the receiver / decoder 2020 of the end user. The insertion of the "smart card" credit card 3017 within the receiver / decoder 2020 causes the following to occur, as described hereinafter; it should be noted that all steps typically occur in real time, unless otherwise stated below: a) Initial information is collected from card 3017 by receiver / decoder 2020. This information includes the card number, information about the validity date of the card, the language of the country, the monetary unit and so on. This information is loaded into the RAM of the receiver / decoder. b) Once it is loaded, a verification of the information is made. If the information is correct, the procedure continues; otherwise, the transaction is aborted. c) The user's PIN number is entered using the remote 2026 controller, in a manner described below. d) The card verifies the PIN number. If the number is correct, the procedure continues. If it is incorrect, the card provides, say, two or three more attempts. If the number is still incorrect in these additional attempts, then the transaction is aborted. e) If the PIN number is correct, the card opens certain additional memory areas, and the information of these areas is downloaded to the RAM of the receiver / decoder. This information can be the transactions that were made with the card, and its monetary value. f) A verification is made as to whether the transactions would take the user over the relevant credit limit. g) If it is positive (ie, not over the relevant limit), then the card is passed certain information about the current transaction, such as the price, day, bank details, and so on. h) With this information, the card calculates a first numerical certificate that validates the transaction. The digital certificate is generated by the card microprocessor by means of a protocol that uses the price of the transaction, the day, card number, expiration date of the card, product reference and similar information to generate the certificate, which it is typically 30 or 40 bytes in length. i) The details of the transaction are written on the credit / bank card. j) The card is closed; this is important, since it is not desirable to keep the card open for any additional steps. k) The connection to the communication servers 3022 of the SAS 3002 is established by means of the channel 4002 modulated return-demodulated. 1) In order for the receiver / decoder to verify the SAS, a random number (or ALEA) is generated by the receiver / decoder and sent to the communication servers 3022. m) The random number is coded using a coding algorithm by the 3023 encoder server and sent back to the receiver / decoder. n) The receiver / decoder decrypts the random number to verify that it is correct. o) Provided that the SAS has been verified, the SAS (and in particular the Centralized Order Server 3207 (see Figure 5)) verifies with the SMS 3004 to confirm that the particular subscriber is not on any blacklist, p) makes an optical check against a database that is maintained, perhaps, in the transmission center, as to whether the product that was requested is available. q) Provided that no problems have been identified, the details of the transaction and the first certificate are transmitted via the communication servers 3022 to the 3036 telepayment administrator in the bank's private 3032 network. r) The credit status of the end user is verified and assuming that it is satisfactory, the telepayment manager 3036 issues a numerical certificate to the communication servers 3022, which are calculated in the same manner as with the first certificate. This second certificate is the authorization of the telepayment administrator of the purchase. It should be noted that the second certificate may not always be required, for example if the value of the transaction is under some threshold, and in these circumstances no connection with the telepayment administrator is necessary. s) The reception by the operator of the second certificate (typically as an electrical signal), is a guarantee for the operator of the payment by the bank, and therefore the SAS sends the appropriate EMM to the receiver / decoder 2020 to authorize the purchase ( if the purchase is from a program event, etc.). t) The reception by the receiver / decoder 2020 of the EMM makes it easier for the end user to see the selected PPV product in its television set 2022 or to download a selected PPF product to the personal computer of the end user. u) Not in real time, the SAS sends a signal to SMS 3004 informing it of the transaction. v) Not in real time, the SMS sends the information of the transaction to the relevant bank 3033, 3034 or 3035, to notify that the payment has been accepted. The bank takes the necessary action. The details of how the PPV or the PPF can be implemented using a credit or bank card have been previously provided. In addition to this, the same bank or credit card reader can be used to authorize other transactions, for example the purchase of goods or services in association with the TV Sales application and to enable the end user to view and modify the Details of your bank account in association with the Telebanca application.
Remote Controller With particular reference to Figures 7 and 10, an infrared controller 2026 comprises a cover 2030 on the top surface of which there are a number of buttons, most notably controller keys 2031, a key 2032 of Silence and a numeric 2034 keyboard with numbered buttons from "0" to "9". The cover houses the means 2035 for generating and transmitting an infrared beam (in the preferred embodiment, an infrared ray device operating in accordance with the Phillips RC5 standard), a memory 2036 comprising both the EEPROM (and / or the FLASH memory), such as RAM, and controller means 2037 including encoding means 2038. Memory 2036, which is relatively small, is used to store (in the EEPROM) different passwords and other identifiers (as will be described shortly), and (in RAM) variables that are used during the different calculations. The controller means is mostly conventional, and comprises, at the hardware level, a single-chip microprocessor such as that which is available with Phillips for the remote controllers, and, at the software level, the software resident in the memory. 2036 and capable of the functions that will be described shortly (such as the addition and module functions). In general, the manually held remote controller as described herein, is first capable of transmitting a user's PIN number to the television system, typically by means of a decoder, and secondly the remote controller is also provided with means to encode the number that is being transmitted, in particular by calculating a sequence of random numbers. The coding is particularly important in the context of using a credit or bank card with the receiver / decoder. As regards the provision of security for the PIN number that was transmitted, there are a number of ways in which this can be done. In particular, different protocols can be adopted and many different ways of actually carrying out the coding can be used. Reference is now made to the description of the system with reference to Figure 2 and in particular that part of the system that includes the so-called mother and daughter smart cards. Reference is also made to the schematic diagram of the internal components of the receiver / decoder shown in Figure 11. The particular characteristics of the manually held infrared ray controller of relevance in the present context, -relate to the access of the smart card 3020 daughter and bank / credit card 3017 by the receiver / decoder 2020. The receiver / decoder 2020 is under the controller of the co-controller means 2100 which is located in the decoder and is implemented in a combination of hardware and software based on the microprocessor. The controller means include means 2102 for generating random numbers and means 2104 for outputting the random number, - *? Na television screen, r typically in the television set 2022. The decoder also includes, in a preferred embodiment, means 2106 for receiving infrared rays (in the preferred embodiment an infrared ray device operating in accordance with the Phillips RC5 standard) for communication with the infrared ray controller. However, in another embodiment, the decoder includes means for both receiving and transmitting infrared rays, if transmition to the sonder is desired. c -; ^ mentioned above, the receiver / decoder includes the memory 2024, which, as in the case of the remote controller, comprises the EEPROM / FLASH and also the RAM. The use of memory is analogous to that described above in relation to the remote controller ~. Figures 12 to 15 illustrate a number of coding protocols that can be roasted. With reference to Figure 1 2, in the first coding protocol, the decoder 2020 under the control of the control means 2100 that are located in the decoder, transmits an electromagnetic signal to a television screen which in turn visually displays a four-digit sequence a1, a2 , a3, a4 from 0000 to 9999, showing this step at 500 in Figure 12. This four-digit number can be either a four-digit number generated completely randomly, which is varied each time the end user gets access to the system, or it can be a previously determined number of previously determined random numbers. An associated message which asks the user _ to enter the random number within the controller 2026 is visually displayed. In step 501 the visual display of this number and the associated message is indicated. Then, the user sees the random number a1, a2, a3, a4 on the TV screen 2022 in step 502 and enters that number into the remote controller 2026, at the same time pressing the Silence key 2032, in step 503 In the preferred embodiment, the entry is by means of the numeric keypad 2034. Alternatively, the input can be by any suitable input means as well as by means of voice activation. Again acting on a message from the television screen, the user then enters his own PIN, using the numeric keypad 2034, inside the 2026 controller. The PIN number is also a four-digit number c1, c2, c3, c4 and is the PIN number that also applies to the daughter 3020 smart card and / or the bank or credit 3017 card. Steps 503 and 504 are performed while the user presses the 2032 soft key. The next step includes controller 2026 which effectively combines the four-digit numbers a1, a2, a3, a4 and c1, c2, c3, c4, to produce the coded four-digit number t1, t2 / t3, t4. Now we will describe the way in which the digits t1, t2, t3 and t4 are calculated. Each digit is calculated in the same way, but now only the digit t is referenced. It is calculated from the digits a-¡and c ^, in accordance with the expression: t1 = (a? + C?) Mod 10 where "mod 10" means that the base module 10 was taken (ax + CL ); in other words, the least significant digit is taken from the result of the addition. As indicated above, similar calculations are made with respect to t2, t3 and t4. The digits c1, c2, c3 and c4 are calculated in order to safeguard their interception as a result of the remote controller transmitting the PIN number of the user to the decoder 2020. In Figure 12 the step described in 505 is indicated. The coded number t1, t2, t3, t4 is then transmitted from the remote controller to the decoder, this being shown in step 506 of Figure 12. After reception of the coded four-digit number, the decoder in effect extracts the number c1 , c2, c3, c4 Original four-digit PIN. This is done by calculating each of the digits c1, c2, c3, c4 from t1, t2, t3 and t4, showing this step at 507 in Figure 12. The calculation is performed, with reference to the digit c1 , as follows: c1 = (t? - a? + 10) mod 10 A corresponding formula applies to the other digits. In the case of the daughter 3020 smart card, the next step is for the receiver / decoder to compare the PIN number extracted with the one already stored in the decoder and representative of the daughter 3020 smart card. In fact, each of the digits c1, c2, c3, c4 is compared per turn with the corresponding digits stored in the decoder. In Figure 12, this step is shown in 508. The final steps shown in 509 and 510 in the Figure 12, include obtaining access to the system if the two four-digit numbers coincide (step 509) and the denial of access if they do not match (step 510). In the case of the bank or credit 3017 card that has its own microprocessor (the so-called "smart card"), a different procedure is followed. In step 508, the PIN number that was extracted to the smart card is passed to verify as to whether the PIN number is valid. If it is (step 509), authorization is obtained for the relevant transaction and a relevant (first) certificate is issued, as described above. If it is not (step 510), the authorization is denied. The manner in which steps 503 to 506 are executed will now be described in more detail, with respect to the following table in which a? / A2, a3, a4, c-¡, c2, c3 and c4 are the codes decimals, each of which is between "0" and "9". If the user releases the soft key button 2032 during the following steps shown in the table, the sequence splitting is stopped. Therefore it is necessary to start the whole operation again. It is noted that the Mute test code is transmitted after the user releases the Silence key.
With reference to Figure 13, a second coding protocol is illustrated herein which is basically the same as that already described with reference to Figure 12. However, in the protocol of Figure 13 a step is added of additional security. This is shown at 511 and includes an additional random number which is stored in the memory of both the remote controller and the control means 2100 of the receiver / decoder 2020. This number will in fact typically be stored only on the first use of the controller. This random number d1, d2, d3, d4 is combined with the first random number a1, a2, a3, a4 and the PIN number c1, c2, c3, c4, to produce the coded number t1, t2, t3, t4. This additional step 511 provides thereby improved security when purchased with the protocol of Figure 12. Figure 14 illustrates a third coding protocol, which is substantially the same as that of Figure 12, but with an additional step 512.
In this protocol, the memory 2036 of the remote controller has previously stored in it a four-digit number e1, e2, e3, e4, which is characteristic of the identity of that particular remote controller 2026. In step 505, this additional identity number is combined with the random number a1, a2, a3, a4 and the PIN number c1, c2, c3, c4 of the user, to produce the coded number t] _, t2, t3, t4. The control means 2100 of the receiver / decoder 2020 has means by which the identity number of the specific remote controller e1, e2, e3, e4 can be compared with that of the receiver / decoder in the system so that, if it does not match, means that the controller is not the correct one for the particular receiver / decoder, which in turn means that the daughter 3020 smart card and / or bank or credit card 3017 (as the case may be) can not be accessed by the receiver / decoder 2020. Although Figure 14 illustrates the addition of step 512 to the steps shown in Figure 12, it could also provide an additional step to the protocol shown in Figure 12, thereby further increasing the security that is is providing. In this way, the coding protocols illustrated in Figures 12, 13 and 14 provide successively increasing degrees of security. A fourth coding protocol is now described, which combines the additional random number feature and the additional identity number feature described above. A particular advantage of the combination is that it allows more than one remote controller (each with a different additional random number) to be used with the same receiver / decoder, as long as a different additional identity number is available for each controller. Now we describe the way in which the two characteristics are combined, with reference to the button sequence of the remote controller shown in the following table.
It is first noted that compatibility with the first coding protocol (which was described with reference to Figure 12) is provided, so that the remote controller can, if desired, communicate with a receiver / decoder, which is only capable of operate in accordance with the first coding protocol (by adjusting from dL to d4 to zero). Compatibility is provided by automatically transmitting the Silence code immediately that has been transmitted tx, and so on. In this way, a decoder that operates in accordance with the first coding protocol, will receive all the necessary codes for it to work successfully. After the transmission of the Silence command for the second time, the controller transmits the additional identity number ex, etc., before eventually transmitting a final Silence code when the Silence key is released by the user. In the fourth coding protocol, the additional random number d1 # etcetera is combined with the first random number a-¡, etc. and the PIN number c1, etc., as follows (with reference, by way of example, at ?): l = ^ al + cl + dl ^ mod 10 The additional random number is removed by the receiver / decoder in the following way (with reference, by way of example, to cx): c? = (fc? "(a? + d? ^ + 10) mod 10 Still with reference to the previous table, the description about how the additional random number and the additional identity number are generated and stored originally is now provided. The receiver / decoder generates the random number in the same way as the first random number (a1, etc.) However, the additional random number (ex, etc.) is generated only once, it is subsequently stored in flash memory 4024 using the remote controller The additional identity number (e- ^ etc.) is generated by the receiver / decoder as an additional random number, and is again stored in the memory 4024 flash for future use. The first time the remote contractor is used (and at any initial time after a battery change has erased the 2036 memory), adjust dx, etcetera and ex, etc. to zero. The control means 2100 of the receiver / decoder compares the value of the? etc. with zero and the result of the comparison is positive. Therefore, the control means generate a message for the visual display on the TV screen that asks the user to enter the values, always with the Silent key pressed, according to the following table.
The keys 2031 of "Pilote" and "Progr" are chosen because they do not have a relevant function for the current fiscal year. However, you can choose any other suitable keys. It will be noted from the table that the user is asked to enter the values of dx, etc. and t and so on, as output from the control means and read from the television screen. When you press the Progr key a second time, the 2036 memory of the remote controller stores these two sets of values (that is, the additional password and the additional identity humerus). For the second and subsequent times that the remote controller is used, the stored, non-zero, additional password and additional identity number are output by the remote controller. The control means of the receiver / decoder compares the additional identity number - with zero and arrives at a negative result. Given the negative result, the control means proceed to evaluate cx, etc., given the values of ax, etcetera, t-¡, etc. and dl r etcetera. As long as the values of cx, etc. are incorrect, the control means then authorizes the PIN number, and the additional processing proceeds as described above. Otherwise, authentication is rejected. It can be understood that the fourth coding protocol provides several advantages. First, it is more secure, by virtue of the use of the additional password (which is changed only relatively infrequently) and by virtue of the use of the additional identity number. Second, you may face the use of many controllers for a receiver / decoder; the procedure for storing the additional password and the additional identity number on the remote controller can be applied to more than one remote controller. Third, the remote controller can communicate effectively with receivers / decoders that can only operate in accordance with the first protocol, by virtue of the use of common codes. As indicated, one of the objectives is to try to make life as simple as possible for the user, by reducing the number of actions that the user has to perform in order to make a financial transaction, using the remote controller 2026. Figure 15 illustrates an additional coding protocol (fifth), which simplifies the actions that the user needs to take. In this protocol, the receiver / decoder 2020 first generates the random number a, a2, a.3 i ^ - ^ in step 500. However, unlike the protocol of Figures 12 to 14, the decoder 2020 then transmits the random number a1, a2, a3, a4 by means of infrared rays to the controller 2026, where it is stored in the memory 2036 of the controller. This is instead of visually displaying the random number ax, a2, a3, a4 on the television screen. The remaining steps of the protocol are the same as steps 504 to 510 in Figure 14.
With this configuration, the user only has to enter a four-digit number, namely the PIN number c1, c2, c3, c4 of the user, instead of having to enter two four-digit numbers as in the protocol of the Figure 14. However, some security is lost because the decoder transmits the random number by infrared rays. This transmission could be intercepted plausibly. A number of different ways may be employed to encode the four-digit number to be transmitted from the remote controller 2026 to the decoder 2020. However, the module function is seen as being sufficiently secure for the present purposes. It will be understood that the present invention has been described above purely by way of example,. and any modifications of the detail may be made within the scope of the invention. Each feature described in the description may be provided, and (where appropriate) the claims and drawings independently or in any appropriate combination. In the preferred embodiments mentioned above, certain features of the present invention have been implemented, using computer software. However, it will of course be clear to the experienced person that any of these features can be implemented, using the hardware. Additionally, it will be readily understood that the functions performed by the hardware, computer software, and the like, are performed on or using electrical or similar signals. The cross reference is made to our pending requests, all of them having the same filing date, and titled Signal Generation and Transmission (Lawyer Reference Number PC / ASB / 19707), Smart Card for use with a Key Transmit Signal Receiver, and Receiver System (Lawyer Reference Number PC / ASB / 19708), Transmission and Reception and Conditional Access System for the same (Lawyer Reference Number PC / ASB / 19710), Downloading a Computer File from a Transmitter through a Receiver / Decoder to a Computer (Lawyer Reference Number PC / ASB / 19711), Transmission and Reception of Programs of Television and Other Data (Lawyer Reference Number PC / ASB / 19712), Downloading Data (Lawyer Reference Number PC / ASB / 19713), Computer Memory Organization (Lawyer Reference Number PC / ASB / 19714), Development of Television or Radio Control System (Lawyer Reference Number PC / ASB / 19715), Extracting Data Sections from a Transmitted Data Stream (Lawyer Reference Number PC / ASB / 19716), Control System e Access, (Lawyer Reference Number PC / ASB / 19717), Data Processing System (Lawyer Reference Number PC / ASB / 19718), and Transmission and Reception System, and Receiver / Decoder and Remote Controller for it ( Lawyer Reference Number PC / ASB / 19720). The descriptions of these documents are incorporated herein by reference. The list of applications includes the present application.

Claims (42)

1. The apparatus including a receiver / decoder for use in the reception of a television or radio program or a data file, the apparatus including means for interacting with a user's credit card or bank to read the credit or banking information which carries the card, and, separated from these means, additional means of interaction to interact with a user's card, to read the information that the card carries.
2. The apparatus in accordance with the claim 1, characterized in that it is configured to interact with a credit card or bank that incorporates a microprocessor.
3. The apparatus in accordance with the claim 2, characterized in that it is configured to provide information to the microprocessor. The apparatus according to any of the preceding claims, characterized in that it also includes means for transmitting a debit instruction to a remote center, based on the information carried by the credit or bank card. The apparatus according to any of the preceding claims, characterized in that it also includes means for receiving the information from a remote center. 6. The apparatus according to claim 5, characterized in that it is configured to control the decoding or de-modulation of the program or file in dependence on the authorization information. The apparatus according to any of the preceding claims, characterized in that it also includes means for storing reception credit information representing the credits available for the purchase of products in the memory means of the user's card. The apparatus according to claim 4, characterized in that it is configured to send the debit instructions to the remote center and to modify the reception credit information stored in the user's card, by increasing the number of stored credits. on the user's card, in response to payment by means of a bank or credit card. 9. The apparatus in accordance with the claim 8, characterized in that it is configured to make sufficient credit purchases to allow a plurality of products to be purchased for each transaction, in which a debit instruction is sent to the remote center. The apparatus according to any of the preceding claims, characterized in that it also includes means for processing the representative data of the bank or credit card of the user, together with the data received representative of an item or service offered, and for transmitting a order request to a remote center for processing. The apparatus according to claim 10, characterized in that it includes means for inputting a request from the user to purchase a offered article. 12. The apparatus according to any of the preceding claims, characterized in that it also includes means for receiving a PIN number. The apparatus according to any of the preceding claims in the form of a top case. The apparatus according to any of the preceding claims, adapted for receiving programs or files transmitted by satellite, preferably digital satellite programs or files. 15. A receiver / decoder for use in a digital satellite television system that includes a decoder, means for accommodating a credit or bank card carrying a microprocessor, means for interacting with the microprocessor when the credit or bank card is inserted in the operative position in the receiver / decoder with the objective of enabling the data that the credit or bank card bears to be read and the data that is going to be introduced in the microprocessor that carries the credit or bank card and means to accommodate a smart card whereby the insertion of the smart card by the end user into the receiver / decoder, enables the smart card to interact with the media in the receiver / decoder, whereby a product selected by the end user can be sent to the receiver / decoder and from there to a television set or personal computer to which the product is adapted. receiver / decoder to connect. 16. A digital satellite radio or television system having a plurality of end user endings, each of which includes a receiver / decoder in accordance with claim 15. 17. A method for providing an order for an item or service comprising, in a receiver / decoder in which the information referring to the article is received, reading the information from a bank or credit card, generating a request for an order containing the information identifying the article or service and information representative of the the bank or credit card information, verify the remote center and subsequently transmit the order information to the remote center for processing. A method according to claim 17, wherein the step to verify the remote center comprises the steps of passing a random number to the remote center, receiving the random number in a coded form from the remote center, and deciphering the random number coded to verify the remote center. 19. A method according to claim 17 or 18, characterized in that it also comprises, in the remote center, processing the order information and determining whether the transaction is authorized on the basis of the bank card or credit card information. The apparatus according to any of claims 1 to 14, characterized in that it further comprises a remote controller for transmitting a Personal Identification Number (PIN) to the receiver / decoder. The apparatus according to claim 20, wherein the remote controller includes security means to make the transmission secure. 22. A remote controller for an item of equipment that has means by which the User's Personal Identification Number (PIN) can be transmitted to the article of the equipment, the controller incorporating security means to make the transmission secure. 23. A remote controller for an item of equipment, comprising: means defining a body for the controller; means for transmitting a Personal Identification Number (PIN) to the item of equipment; and security means to make the transmission secure. 2
4. A remote controller according to any of claims 22 to 23, characterized in that the transmission means thereon comprise means for generating an infrared beam. 2
5. A remote controller according to any of claims 22 to 24, characterized in that the security means therein comprises means for encoding the PIN number. 2
6. A remote controller according to claim 25, characterized in that the coding means thereon comprises means for combining the PIN number with a random number. 2
7. A remote controller according to claim 26, characterized in that it further comprises "god to enable the user to enter the random number" 2
8. A remote controller according to claim 27, characterized in that the means of entry into the same, comprise at least one key for entering the random number and one additional key, the controller being configured so that the PIN number is only transmitted by means of the transmission means when the additional key is pressed. according to any of claims 25 to 28, characterized in that the coding means thereon comprise means for storing the random number in the controller 30. A remote controller according to any of claims 22 to 29, characterized in that the means of security therein, comprise means for generating a characteristic number or of the individual controller, for the transmission by means of the transmission means to the article of the equipment. A remote controller according to any of claims 25 to 29, characterized in that the coding means thereon comprises means for generating a characteristic number of the individual remote controller and means for combining the characteristic number with the random number and the PIN number 32. A remote controller according to any of claims 25 to 31, characterized in that the means of encoding therein comprises means for receiving a random number from the item of equipment and means for combining that random number with the PIN number. of the user for the transmission by means of the transmission means to the article. 33. A combination comprising a remote controller according to any of claims 22 to 32 and the article of the equipment, the article of the equipment having means for receiving a user's PIN number. 34. A combination according to claim 33, characterized in that the article of equipment therein comprises means for generating a random number and means for outputting the random number to a visual display unit. 35. A combination according to claim 33 or 34, characterized in that the article of equipment therein comprises means for generating a random number and means for transmitting the random number to the remote controller. 36. A combination according to any of claims 33 to 35, wherein the article of the equipment comprises the apparatus according to any of claims 1 to 14. 37. A digital television system, comprising an article of the equipment of television, the article having means for receiving a user's PIN number, and a remote controller according to any of claims 22 to 32. 38. A digital television system, comprising: an item of television equipment, the item having means for receiving a PIN number; and a remote controller, the remote controller comprising: means defining a body for the controller; means for transmitting a PIN number to the equipment item; and security means to make the transmission secure. 3
9. A method for introducing a PIN number into a television system comprising the use of a remote controller according to any of claims 22 to 32, for transmitting the PIN number to a television. 40. A receiver / decoder substantially as described hereinabove with reference to, and as shown in the accompanying drawings. 41. A digital satellite television system substantially as described hereinabove with reference to, and as shown in the accompanying drawings. 42. A remote controller substantially as described hereinabove with reference to, and as shown in Figures 7, 10 and 11 to 15 of the accompanying drawings.
MXPA/A/1999/008550A 1997-03-21 1999-09-17 Broadcast and reception system, and receiver/decoder and remote controller therefor MXPA99008550A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP97400650.4 1997-03-21

Publications (1)

Publication Number Publication Date
MXPA99008550A true MXPA99008550A (en) 2000-08-01

Family

ID=

Similar Documents

Publication Publication Date Title
AU744977B2 (en) Broadcast and reception system, and receiver/decoder and remote controller therefor
EP0974229B8 (en) Broadcast and reception system, and conditional access system therefor
CA2318989C (en) Interactive gaming system
WO1998043425A1 (en) Smartcard for use with a receiver of encrypted broadcast signals, and receiver
RU2316136C2 (en) Paid television system with advance payment
JP2004201275A (en) Transaction system
AU770198B2 (en) Broadcast and reception system, and receiver/decoder and remote controller therefor
MXPA99008550A (en) Broadcast and reception system, and receiver/decoder and remote controller therefor
US8874488B2 (en) Process for carrying out a transaction between a payment module and a security module
CZ331999A3 (en) Transmitting and receiving system, receiver/decoder and remote control unit
AU1553002A (en) Broadcast and reception system, and receiver therefor
AU6711401A (en) Smartcard for use with a receiver of encrypted broadcast signals, and receiver
MXPA00007678A (en) Interactive gaming system