MXPA99011218A

MXPA99011218A - Global conditional access system for broadcast services

Info

Publication number: MXPA99011218A
Application number: MXPA/A/1999/011218A
Authority: MX
Inventors: Eskicioglu Ahmet
Original assignee: Eskicioglu Ahmet Mursit; Thomson Consumer Electronics Inc
Priority date: 1997-06-06
Filing date: 1999-12-03
Publication date: 2000-06-01

Abstract

A method for managing access to a scrambled event, selected from an electronic program guide, of a service provider (including broadcast television networks, cable television networks, digital satellite systems, and internet service providers). Access to the event is only achieved if the descrambling key is obtained from a digitally signed message associated with the event in the electronic program guide. Authentication of the electronic program guide provider involves decrypting the digital signature using a public key of the guide provider.

Description

GLOBAL CONDITIONAL ACCESS SYSTEM FOR TRANSMISSION SERVICES Field of the Invention This invention relates to a system for providing conditional access (i.e., administration access) to an electronic consumer device, such as a top box or a digital television, which is capable of receiving digital streams transmitted from a variety of sources, such as broadcast television networks, cable television networks, digital satellite systems, Internet service providers, and electronic event list sources.

Background of the Invention Currently, as illustrated in Figure 1, a user can receive services from a variety of service providers, such as broadcast television networks 22, cable television networks 24, digital satellite systems 26, and providers 28 of Internet services. The system 10 of Figure 1 defines the present configuration to receive services from those service providers. Most of the television receivers 12 are capable of receiving information or uncoded programs, directly from the transmission and wired networks. Cable networks that provide coded or coded programs usually require a separate autonomous device 16a, 16b (e.g., a top box) to decode or decrypt the program. Similarly, digital satellite systems usually provide coded or coded programs, which also require the use of a separate top box. These top boxes can use a removable smart card 18a, 18b that contains the necessary algorithms and decryption keys. Typically, a separate top box is required for each service provider. Connections to the Internet or the global network (Web) are usually handled by means of a personal computer 14, or similar, and a modem 20. Traditionally, access to the Internet is handled using a specially designed software package, which is charge to the computer; This software enables the user to connect to an Internet service provider that acts as the gatekeeper to the Web. The user typically pays a monthly fee to the service provider, to have access to the Internet, on a limited or unlimited basis. As one would expect, there are numerous service providers, each of which requires specialized software for access. U.S. Patent Application US 5,592,551 teaches the transmission of event lists (or "program guides") European Patent Application Number EP-AO 719 045 teaches a cryptology key system in which the The user provides the key necessary to decrypt the transmission station, In particular, the transmission station 11 transmits a Kbd public key or a pair of public keys that use the tracking lines during the period of blank interval of review of an image. analog television (column 8, lines 50-_ • "_). The user sends a message comprising his secret key Ksu coded by means of the public key Kbd received (column 9, lines 14-25). The secret key Ksu of the user is obtained by using the corresponding Kvd private key (column 9, lines 26-30). The required program is encrypted using the user's secret key Ksu, and then transmitted to the user via the communication device 15 and communication line 17, where it is decrypted using the Ksu (column 9, lines 31- 44).

Compendium of the Invention The manufacturers of these digital televisions and superior boxes may wish that the service provider compensates them for each connection to the services arising from the box. In this way, the flexibility of the open architecture of the televisions' hardware and the superior boxes, in combination with a competitive market for those devices, has the need to provide a system to administer the access, in such a way that the manufacturer is compensated for any use of its hardware to have access to any selected service provider. This invention resides, in part, in the recognition of the problem described and, in part, in providing a solution to the problem. An event or program, as described herein, comprises one of the following: (1) audio / visual data such as a movie, a weekly "television" feature or a documentary; (2) textual data such as an electronic magazine, newspaper; or news about the weather, - (3) computer software; (4) binary data such as images or (5) HTLM data (for example, Web pages). These service providers include any provider that broadcasts events, for example, traditional broadcast television networks, cable networks, digital satellite networks, providers of electronic event lists, such as suppliers of electronic program guides, and in certain cases Internet service providers. Generally, the present invention defines a method for providing conditional access to an event transmitted from a service provider. That is, this method comprises receiving an electronic list of events, such as an electronic program guide, from a list provider, where the list has a digitally signed message corresponding to each event on the list or guide, the message digitally Signed comprises a message coded using a second public key, and a digital signature created using a first private key. The method also includes selecting an event from the list; receive the digitally signed message corresponding to the selected event; authenticate the supplier lists; decrypt the message using a second private key to obtain an event key; receive the selected event that is encoded using the event key, - and decode the selected event using the event key - to provide a decoded event. In accordance with an aspect of the present invention, the steps of decrypting the message, receiving the selected event, and decoding the selected event, are performed on a removable smart card, coupled to the device, wherein the second private key is stored in the Smart card. In accordance with another aspect of the present invention, the message comprises information of the event that can be decrypted using the second private key. The event information is also stored in the smart card which has a card body with a plurality of terminals, configured on a surface of the card body, in accordance with the ISO 7816 standard or the PCMCIA card standards.

In accordance with yet another aspect of the present invention, a system is described for managing conditional access between a service provider and a device having a smart card coupled thereto, the device performing the steps of: receiving an electronic program guide having a digitally signed message corresponding to each event in the guide, wherein each digitally signed message comprises a message coded using a public smart card key and a digital signature created using a private key from the guide provider; select an event - from the guide, - receive the digitally signed message corresponding to the selected event; authenticate the guide provider by deciphering the digital signature; pass the message to a smart card; decipher the message to obtain event information and a symmetric key; store the event information on the smart card and update the account information; receive the selected event_ that is encoded using the symmetric key; and decoding the selected event using the symmetric key to generate a decoded event. In accordance with yet another aspect of the present invention, a system for managing access between a service provider and a device having a smart card coupled thereto is described, the device performing the steps of: receiving an electronic program guide that has a digital certificate and a separate message corresponding to each event in the guide, each of the digital certificates being coded using a first private key of the guide, the separate messages being coded using a public key of smart card , and each of the separate messages containing an associated signature created using a second private key of the guide; select an event from the guide; receive the digital certificate, the message and the associated digital signature corresponding to the selected event; authenticate the guide provider; pass the message to a smart card; decrypt the message using a private smart card key, to obtain event information and a symmetric key; store the event information on the smart card and update the account information based on * _ the information of the event; receive the selected event, where the selected event is encoded using the symmetric key; and decoding the selected event using the symmetric key to generate a decoded event. These and other aspects of the invention will be explained with reference to a preferred embodiment of the invention, which is shown in the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram illustrating a configuration of the prior art for interconnecting consumer electronic devices with a variety of service providers. Figure 2 is a block diagram illustrating an architecture for interfacing a common top box with a variety of service providers. Figure 3 is a block diagram of an exemplary implementation of a system for managing access to a device according to the invention. Figure 4 is a "block diagram of another exemplary implementation of the system of Figure 3.

Detailed Description of the Drawings The present invention provides a conditional access system that can be used to obtain services from one of a plurality of sources. When the conditional access system is implemented inside a top box, it allows the top box to authenticate the service provider, before a transmitted event is purchased, and uses a smart card to decrypt the keyed event received from the provider of services.

Alternatively, the functionality of the smart card can be incorporated into the upper box. This system of conditional access can act as a toll bridge for access to services, allowing by the same a mechanism for the manufacturer of the upper box to collect quotas based on the use of its upper box. Similarly, this invention can be implemented inside a digital television; for simplicity, the following description of the invention will be directed towards an implementation using a top box and a smart card. In Figure 2, the system 30 illustrates the general architecture for managing access to a top box (STB) 40. The Smart Card (SC) 42 is inserted into, or coupled to a reader (not shown) of cards intelligent of the STB 40; an internal collector bar 45 interconnects the STB 40 and the SC 42, allowing the transfer of data between them. These smart cards include ISO 7816 cards that comply with Part A of the National Renewable Security Standard (NRSS) or PCMCIA cards that comply with Part B of the NRSS. Conceptually, when that smart card is coupled to a smart card reader, it can be considered that the functionality of the smart card is a part of the functionality of the upper box, thus removing the "limits" created by the physical body of the card. the smart card The STB 40 can "receive services from a plurality of service providers (SPs), such as a transmission television SP 50, a cable television SP 52, a satellite system SP 54, an Internet SP 56, and an SP 58 of electronic event guides.The certified authority (CA) 75 is not directly connected to any of the service providers, nor to the STB 40, but it issues digital certificates and pairs of public and private keys that are used as it is explained later, a public key of the upper box is provided to the manufacturers of the devices, and stored therein before the product is shipped to the consumer.It is within the scope of this invention that the role of the authority 75 certified by the service providers, in collaboration with the manufacturer of the STB 40. The billing system 70 is used to manage the user's accounts, the updated information is provided iona as the user arranges to purchase additional services, and as these services are consumed or used. The overall architecture of the system 30 lends itself to achieve the goal of providing a vehicle for the premium box manufacturer to meet a quota based on the consumer's use of the each to access an event. An adaptation of the general architecture would be to use a common conditional access system and billing that covers all manufacturers and service providers. A problem with this adaptation is that it could be difficult to obtain a consensus between the different service providers and the manufacturer of the superior boxes. Another problem is that all the events would be coded using the public key of the STB 40, and decrypted in the SC 42 using a stored private key of the STB 40; in this way, if the private key were to be compromised, the security of the entire system would be collapsed. The conditional access system of the present invention, which overcomes the above problems, will be described in relation to the system 300 as shown in Figure 3. This conditional access system is based on the authentication of the service provider that communicates with the STB 400 before buying an event transmitted from the service provider. In one embodiment of this conditional access system, a combination of both an asymmetric key system (i.e., public key system) and a symmetric key system is used. However, this invention is not limited to that embodiment that requires symmetric keys as described below. The cryptography of symmetric keys, involves the use of the same algorithm and key both to code and to decipher. The foundation of public key cryptography is the use of two related keys, one public and one private. The private key is a secret key and it is comparatively impracticable to deduct the private key from the public key that is publicly available. Anyone with a public key can encrypt a message, but only the person or device that has the associated private key and previously determined can decrypt this. Similarly, a message can be coded by means of a private key, and anyone with access to the public key can decrypt that message. You can refer to the encryption messages that use a private key as a "signature", because anyone with the public key can verify that the message was sent by the party with the private key. It can be thought that this is analogous to the verification of a signature in a document. A digitally signed message is a message sent in the clear (that is, not coded) that has a signature attached to it. The attached signature is produced by means of coded either the message itself or a compendium of the message; A digest of the message is obtained by calculating the key of the message. (The key calculation involves submitting the message to a one-way key calculation algorithm, such as MD5 developed by Ron Rivest or SHA-1 developed by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) before coded the message). In this way the receiver of the signed message can verify the source or origin of the message. (In comparison, a certificate ^ of public key or digital certificate is a message, which contains a public key of the sending device, sent in the clear, which has a signature attached to it). The unilateral authentication of a service provider connected to the upper box is achieved by passing those digitally signed messages between the service provider and the upper box, and verifying the signature. The verification of the signature involves checking the signature by deciphering it. In particular, these messages contain at least information associated with the service provider that passes the message, or the event selected from the service provider, and may contain the public key of the service provider. The service provider stores these digitally signed messages, which may have signatures created by the independent certified authority. In the following description of the present conditional access system the following nomenclature will be used.

KSCpub public key of the SC KSCpri private key of the SC KCApub Public key of the CA used to check the signatures KCApri Private key of the CA that is used to create signatures KSPevent The key of event of a service provider The conditional access system 300 of Figure 3 includes the STB 400 having the SC 420 coupled to a reader (not shown) of cards; the STB 400 communicates are the billing center 700, a plurality of service providers (for simplicity, only one service provider is shown, the SP 600) and the EPG 580. As described above, the functionality of the SC 420 it can be integrated into the STB 400, and the STB 400 can be a digital television. The EPG 580 can be a separate service provider where you can access the electronic program guides that contain the event lists of a plurality of service providers. Alternatively, the EPG 580 can represent only a list of events from a single service provider. The EPG 580 has a unique digitally signed and coded message associated with each event. This message is encrypted via the KSCpub, and signed using the KCApri, the private key that assigned the CA 750 to the EPG 580. The coded message can include information corresponding to the selected event and an event key , the KSPevent. After the STB 400 is activated, the SC 420 is coupled to a card reader of the STB 400 (not shown), and in response to a user selecting a desired event from the EPG 580, the EPG 580 unloads- the corresponding digitally signed message within the STB 400. The EPG 580 must be authenticated to ensure that the digitally signed message was received from the desired provider. This authentication involves decrypting the digital signature on the STB 400 using the KCApub. The KCApub is the public key that assigned the CA 750 to the EPG 580, and is stored in the STB 400. If the EPG 580 is not authenticated, the STB 400 provides an error indication to the user. The authentication of the EPG 580 requires that there be a previously existing agreement between the source of the electronic guide provider and the manufacturer of the STB 400. This is because without that agreement the CA 750 would not provide the KCApri to the source of the guide electronic programs. After the STB 400 authenticates the EPG 580, the message pinned to the SC 420 is passed for decryption. The SC 420 decrypts the message using the KSCpri, which is stored in it, to obtain the data corresponding to the selected event and the event key. This data may include data related to the identity of the channel, the stamp of date and time, the identity of the event, and the amount of the payment. This data is stored in a memory device inside the SC 420, and is used to update the information about the user's account. The updated account information can be passed to the billing center 700 using signed messages. ~ The event key is retained inside the SC 420, thereby reducing the possibility of observing the key. The event key is used to decode, on the SC 420, the selected event received from the service provider; the SC 420 provides a decoded program to the STB 400. Alternatively, the event key can be passed back to the STB 400, and used to decode or decrypt the event selected in the STB 400. If the functionality of the smart card is incorporated in the upper box, the message entered in code would be deciphered inside the STB 400, and the event information would be stored inside the upper box. Similarly, the event key would remain in the upper case and would be used to decode the selected event within the STB 400. The system 300 ', as illustrated in Figure 4, shows an alternative exemplary embodiment of the present invention., where a certification hierarchy can be used to prevent the certified authority from "signing" each message sent by the service provider. The certified 750 'authority generates a digital certificate for the public key of the service provider. Then, in turn, the service provider would generate digitally signed messages, using the corresponding private key of the service provider. That is, in response to a user selecting a desired EPG 580 'event, the EPG 580' downloads a digital certificate and a digitally signed message into the STB 400 '. The digital certificate is encrypted using the KCApri, and contains the public key of the service provider, the KSPpub. The public key of the SC 420 ', the KSCpub, encrypts the digitally signed message, and is signed using the private key, the KSPpri, of the service provider. The coded message can include information or data that corresponds to the selected event and an event key, the KSPevent. In the same way as for the EPG 580 in the modality in Figure 3, the EPG 580 'must be authenticated. This authentication involves decrypting the digital certificate in the STB 400 'using the KCApub, which is stored therein, to obtain the KSPpub, and deciphering the digitally signed message in the STB 400' using the KSPpub. In another embodiment of the present invention, each unique digitally signed message corresponding to an event listed in the electronic program guide, would have a message placed in associated key. This coded message would not only contain information related to the event, that is, the event key would not be included. In this mode, public key cryptography can be used to encrypt the transmitted event. The electronic program guide on the STB 400 would still have to be authenticated, as described above. However, the decrypted message only contains information corresponding to the selected event. This information is stored and used by the SC 420 to determine the private key to decrypt the event. In this mode that uses cryptography of the public key, the transport of the key is not needed. The present invention has been described in terms of exemplary embodiments in which a single smart card cooperates with a single top box, to manage access to a single service provider. However, it is within the scope of this invention to provide a conditional access system that can be extended to allow the smart card to "roam" through (i.e., provide conditional access between) multiple service providers and multiple case manufacturers. superiors The robustness of the defined system can be increased by encrypting portions of the event with different keys included in the transmitted current. Each of these different keys (which are used to decipher a portion of the event) can be protected using the symmetric key received from the electronic source of the program. Although the invention has been described in detail with respect to numerous embodiments thereof, it will be apparent that after reading and understanding the foregoing, numerous alterations to the described embodiment will occur to those skilled in the art, and are intended to be included. those alterations within the scope of the appended claims.

Claims

1. A method for managing access to an event of a service provider, the method comprising: _ (a) receiving on a device an electronic list of events from a provider "" of lists, the list having a digitally signed message corresponding to each event in said list, each of the digitally signed messages comprises a message coded using a second public key and a digital signature created using a first private key; (b) select an event from the list; (c) receive on the device the digitally signed message corresponding to the selected event; (d) authenticating the list provider, using a first public key, in response to the digital signature; (e) decoding the message using a second private key to obtain an event key; (f) receive from the service provider the selected event, the selected event being encoded using the event key; and (g) decoding the selected event using the event key to provide a decoded event. The method of Claim 1, wherein the steps of decrypting the message, "receiving the selected event, V decoding the selected event, are performed on a smart card coupled to the device, the second private and public keys being associated with the smart card, and the second private key being stored in said smart card 3. The method of claim 2, wherein the message further comprises information of the event, the information of the event being decrypted using the second private key. of Claim 3, characterized in that it also comprises the step of storing the event information, wherein the step of storing the event information is performed on the removable smart card 5. The method of Claim 4, wherein the smart card it has a card body having a plurality of terminals configured on the surface of said card body, of conforming with one of the ISO 7816 and PCMCIA card standards. 6. The method of Claim 5, wherein the step of authenticating comprises decrypting the digital signature in the device, to verify the origin of the message. The method of Claim 6, wherein the first public key is stored in the device. The method of Claim 4, wherein the event information comprises channel identification data, event identity data, date and time stamp data, and billing information. 9. The method of Claim 3, characterized in that it also comprises the step of storing the event information, wherein the step of storing the event information is performed on the device. The method of Claim 1, wherein the digital signature, the first public key and the first private key are issued by an independent certified authority, and are associated with the list provider. The method of Claim 10, wherein said device is a digital television. 1

2. The method of Claim 10, wherein the device is a top case. The method of Claim 4, wherein the event information is used inside the device to update the user's account information. 14. The method of Claim 13, wherein the event information is downloaded to an independent billing center to update the information of a user's account. 15. A method for managing access between a device having a smart card coupled thereto and a service provider, the device performing the steps of: (a) receiving an electronic program guide from a guide provider, the guide bearing a digitally signed message corresponding to each event in said guide, each of the digitally signed messages comprises a message coded using a public key of the smart card, and a digital signature created using a private key of said guide provider; (b) select an event from the guide; (c) receive the digitally signed message corresponding to the selected event; (d) authenticating the guide provider by deciphering the digital signature using a public key of the guide provider, the public key of guides being stored in the device; (e) passing the message to a smart card coupled to the device; (f) decoding the message using a private key of the smart card to obtain event information and a symmetric key, the private key of the smart card being stored inside the smart card; (g) store the event information on the smart card, and update the account information based on said event information, - (h) receive from the service provider the selected event, the selected eventor being encoded using the symmetric key; and (i) decoding, on the smart card, the selected event using the symmetric key to generate a decoded event. 16. The method of Claim 15, wherein the device is a top case. 17. The method of Claim 15, wherein the device is a digital television. 18. A method for -administering access between a device that has a smart card coupled to it and a service provider, the device performing the steps of: (a) receiving an electronic program guide, the guide bearing a digital certificate and a separate message corresponding to each event in said guide, each of the digital certificates being coded using a first private key of the guide, the separate message being coded using a public key of the smart card, and the message separate having an associated digital signature, created using a second private key of said guide; (b) select an event from said guide; (c) receive the digital certificate, the message and the digital signature corresponding to the selected event; '(d) authenticate the guide provider by deciphering the digital certificate using a first public key of the guide to obtain a second public key from the directory, and decipher the digital signature using the second public key of the guide, the first public key of the guide being stored in the device; ~ (e) pass the message to said smart card; (f) decoding the message using a private key of the smart card to obtain event information and a symmetric key, the private key of the smart card being stored inside the smart card; (g) store the event information on the smart card, and update the account information based on said event information, - (h) receive from the service provider the selected event, the selected event being coded using the key symmetric and (i) decoding, on the smart card, the selected event using the symmetric key to generate a decoded event. 19. The method of Claim 18, wherein the device is a top case. 20. The method of Claim 18, wherein the device is a digital television.