US20080022411A1 - Method for local conditional access for mobile equipments - Google Patents

Method for local conditional access for mobile equipments Download PDF

Info

Publication number
US20080022411A1
US20080022411A1 US11/431,535 US43153506A US2008022411A1 US 20080022411 A1 US20080022411 A1 US 20080022411A1 US 43153506 A US43153506 A US 43153506A US 2008022411 A1 US2008022411 A1 US 2008022411A1
Authority
US
United States
Prior art keywords
mobile
network
key
local
control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/431,535
Inventor
Betrand Wendling
Olivier Landier
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nagra France SAS
Original Assignee
Nagra France SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nagra France SAS filed Critical Nagra France SAS
Assigned to NAGRA FRANCE SAS reassignment NAGRA FRANCE SAS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LANDIER, OLIVIER, WENDLING, BETRAND
Priority to US11/979,958 priority Critical patent/US9077856B2/en
Publication of US20080022411A1 publication Critical patent/US20080022411A1/en
Assigned to NAGRA FRANCE SAS reassignment NAGRA FRANCE SAS CORRECTION OF INVENTORS NAME Assignors: LANDIER, OLIVIER, WENDLING, BERTRAND
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/09Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
    • H04H60/14Arrangements for conditional access to broadcast information or to broadcast-related services
    • H04H60/23Arrangements for conditional access to broadcast information or to broadcast-related services using cryptography, e.g. encryption, authentication, key distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25841Management of client data involving the geographical location of the client
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • H04N21/26609Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM] using retrofitting techniques, e.g. by re-encrypting the control words used for pre-encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/414Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
    • H04N21/41407Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance embedded in a portable device, e.g. video client on a mobile phone, PDA, laptop
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/422Input-only peripherals, i.e. input devices connected to specially adapted client devices, e.g. global positioning system [GPS]
    • H04N21/42202Input-only peripherals, i.e. input devices connected to specially adapted client devices, e.g. global positioning system [GPS] environmental sensors, e.g. for detecting temperature, luminosity, pressure, earthquakes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/44236Monitoring of piracy processes or activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/643Communication protocols
    • H04N21/64315DVB-H
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/35Arrangements for identifying or recognising characteristics with a direct linkage to broadcast information or to broadcast space-time, e.g. for identifying broadcast stations or for identifying users
    • H04H60/49Arrangements for identifying or recognising characteristics with a direct linkage to broadcast information or to broadcast space-time, e.g. for identifying broadcast stations or for identifying users for identifying locations
    • H04H60/50Arrangements for identifying or recognising characteristics with a direct linkage to broadcast information or to broadcast space-time, e.g. for identifying broadcast stations or for identifying users for identifying locations of broadcast or relay stations

Definitions

  • the invention concerns the domain of conditional access to a digital data stream broadcasted through a wireless channel and received by a plurality of mobile equipments, such as, for example, mobile telephones, PDAs (Personal Digital Assistants), portable digital television receivers or a portable computers.
  • mobile equipments such as, for example, mobile telephones, PDAs (Personal Digital Assistants), portable digital television receivers or a portable computers.
  • the broadcasted data is encrypted and can be received in plain text only by authorized equipment when the user has acquired the necessary rights.
  • rights stored in a security module associated to the mobile equipment, consist of a set of keys that allow the decryption of the control words contained in control messages ECM (Entitlement Control Message) broadcasted in the audio data/video stream.
  • ECM Entitlement Control Message
  • a security module is considered as a tamper-proof device containing different encryption/decryption keys, information serving to identify a user on a network and the data that defines the rights purchased by the user for reception of a broadcasted content.
  • the security module can take different forms such as a removable smart card inserted into a reader, an integrated circuit soldered onto a mother board or a card of the SIM type (Subscriber Identity Module) that is installed in the majority of mobile equipments.
  • SIM type Subscriber Identity Module
  • DVB technology has been designed to standardize digital television decoders (set top boxes) with the objective of reducing their costs at large scale. It standardizes the elements involved at the level of conditional access to the content broadcasted in MPEG-2 or MPEG-4 format for mobile television on the Internet. These elements consist of the encryption algorithm of the broadcasted content, the control messages ECM containing the decryption keys or control words, the management messages EMM containing the rights of the users and the interface between the decoder and the security module managing conditional access.
  • DVB-H mobile television the protection of the content is developed by the group DVB-CBMS (Digital Video Broadcasting-Convergence of Broadcast and Mobile Services).
  • Standardization does not extend neither to the content with added value of the ECM and EMM messages, nor to the protection method of the latter.
  • Each conditional access supplier uses its own data structure and its own protection means for a broadcasted content. Therefore, DVB technology offers numerous possibilities for the development of the security of the content.
  • control messages ECM In DVB technology, the discovery of one or several control words contained in the control messages ECM allows the decryption of the stream without having to acquire a subscription or pay for the pay-per-view broadcasted programs. This piracy causes damage that affects both the content supplier as well as the supplier of conditional access.
  • the document WO2004084555 describes an access method using a mobile telephone with information services broadcasted via a first communication channel to a receiver device. This method includes the following steps:
  • the reception of access control data via a second channel independent of the channel for broadcasting controlled access services certainly allows the improvement of the protection of this data against piracy, but not limiting the extent of the effects of a possible discovery of the decryption keys or of means for their production.
  • the aim of the present invention is to provide countermeasure means in the event of piracy independently of the type of mobile equipment and at a relatively low cost. These means act on the protection elements that are not related to the standardization and that are preferably adjustable by the conditional access provider.
  • Another aim is to limit the damaging effects of a possible piracy to a number as reduced as possible of mobile equipments.
  • the method stands out by the use of a cryptogram containing, for example, localization information of the mobile equipment.
  • the access to the data of the stream is thus only authorized to mobile equipments situated in a given geographic area.
  • the broadcasted stream consists of the content encrypted by control words and control messages.
  • the latter each contain control words resulting from the encryption of the original control words with a local key.
  • Each mobile equipment is first connected to a mobile network of the GSM (Global System for Mobile Communications) or UMTS (Universal Mobile Telecommunications System) type or another through which it is located by the management center.
  • the mobile equipment receives from this center a cryptogram containing a local identifier corresponding to that of the nearest network cell to its geographical position.
  • This cryptogram transmitted to the security module of the equipment allows the determination of one or more local keys that are defined as functions of the local identifier.
  • the mobile equipment gets this function and/or its parameters, via management messages EMM that it can receive, for example, from the management center when connected to the GSM or UMTS mobile network.
  • management messages EMM that it can receive, for example, from the management center when connected to the GSM or UMTS mobile network.
  • SMS short message SMS
  • post or telephone call for instance, would be an alternative for obtaining this function.
  • the cryptogram can be formed, for example, by carrying out a XOR function (OR exclusive) on the identifier of the cell, according to a simple embodiment. According to an embodiment with a higher security level, a cryptographic function using a random number combined with the identifier of the cell transmitted by the mobile network can be used.
  • a XOR function OR exclusive
  • a set of local keys can be determined from only one received cryptogram allowing the decryption of the controls words from different cells.
  • This cryptogram contains, for example, a chain of local keys corresponding to consecutive cells.
  • control messages ECM broadcasted in the stream specific to a given region because they contain control words that can only be decrypted by a local key that is determined from parameters specific to a mobile network of a given place.
  • the control words are extracted.
  • the local key determined thanks to the received cryptogram, allows determining the original control words for decrypting the content broadcasted on the condition to have the necessary rights in the security module.
  • FIG. 2 shows a block diagram of the encryption of the control word of a control message with a local key and the encryption of a control message with a transmission key.
  • FIG. 3 shows a schematized example of broadcasting areas of emitters of the broadcasting network and cells of the mobile network inside these broadcasting areas.
  • a stream of digital data forming a content (C) encrypted with control words (CW) is broadcasted with control messages ECM.
  • This digital data can also comprise audio/video data of television programs as well as data relating to applications that can be operated by a mobile equipment.
  • a server of a conditional access supplier (CA) is connected to a server of an operator (OP) managing a broadcasting network (NET 1 ) and a mobile network (NET 2 ).
  • the operator (OP) broadcasts on the broadcasting network (NET 1 ) the content (C) encrypted with the control words CW as well as the ECM messages containing a control word CW′ encrypted with a local key (KL 1 , KL 2 ).
  • This local key is specific to the geographic location of the emitter (E 1 , E 2 ) of the broadcasting network such as a district, a town or a region.
  • the access supplier (CA) broadcasts management messages EMM that define the access rights to the content according to the user's purchases as a subscription or a pre-payment of selected programs.
  • the mobile equipments EM 1 , EM 2 are connected respectively to the broadcasting network (NET 1 ) and to the mobile network (NET 2 ).
  • the broadcasting network (NET 1 ) provides the encrypted content while the mobile network (NET 2 ) provides the parameters necessary for the reception of the content (C).
  • the broadcasting network (NET 1 ) can be, for example, of the DVB-H type where the content is broadcasted through a radio channel by a local emitter (E 1 , E 2 ), the mobile network (NET 2 ) will be of the GSM or UMTS type for example, also allowing communications with the management center (CG) of the operator (OP), (see FIG. 1 ).
  • the emitters (E 1 , E 2 ) of the broadcasting network (NET 1 ) broadcast the digital data in a unidirectional way towards the mobile equipment (EM 1 , EM 2 ) while the data of the mobile network (NET 2 ) flows in a bidirectional way between the mobile equipment (EM 1 , EM 2 ) and the management center (CG).
  • the mobile equipments can move from one cell of the mobile network (NET 2 ) towards another maintaining the possibility of receiving the data broadcasted by either of the emitters of the broadcasting network (NET 1 ).
  • FIG. 3 shows this type of situation where cells (C 1 -C 10 -Cn) of the mobile network (NET 2 ) form meshes that extend over one or more broadcasting areas (Z 1 , Z 2 , Z 3 ) of the emitters (E 1 , E 2 , E 3 ) of the network (NET 1 ).
  • a mobile equipment When a mobile equipment is moved, for example, from the first broadcasting area (Z 1 ) towards the third broadcasting area (Z 3 ), it can receive a set of keys corresponding to the cells that it traverses, for example the keys of cells C 1 to C 7 of the illustrated example.
  • the mobile equipment receives a local key each time it enters into a cell during its displacement.
  • the mobile equipment can receive as many keys as the number of broadcasting areas covered by the cell.
  • the cell (C 4 ) extends over the three broadcasting areas (Z 1 , Z 2 , Z 3 ).
  • the mobile equipment can receive the three local keys allowing it to operate the data transmitted by each emitter (E 1 , E 2 , E 3 ).
  • Both the broadcasting and mobile networks can be of the same type as long as the bandwidth is sufficient for simultaneous transmission of a digital content and of bidirectional data exchanges.
  • a network of the type UMTS, EDGE (Enhanced Data Rates for Global Evolution) or another type can be provided.
  • the local ECM or more precisely the local control words CW′ are created by the management center (CG) of the mobile operator (OP) from the original control-words CW by encryption of this word with a local key (KL 1 , KL 2 ).
  • the broadcasted control messages ECM are encrypted with a transmission key (TK) supplied to the mobile equipment (EM 1 , EM 2 ) by means of management messages EMM delivered by the access supplier (CA) via the management center (CG).
  • TK transmission key
  • the local key (KL 1 , KL 2 ) is determined by the mobile equipment when it connects to the mobile network (NET 2 ) by means of localization data or more precisely an identifier of a cell (C 1 -ID, C 2 -ID) of this network transmitted by the management center (CG).
  • the local key can be determined in several ways:
  • SMS short message
  • the transmitted cryptogram can form the local key that can be used as it is, without intermediate calculation by the mobile equipment for decrypting the local control words.
  • this local key is necessary for the decryption of the control words CW′ contained in the local ECM broadcasted in the digital data stream in order to obtain the original control words CW effectively encrypting the broadcasted content.
  • the management center verifies the requests on the whole mobile network (NET 2 ) in order to detect if a same security module requests a cryptogram from several cells of the network. This situation occurs when a security module has been cloned, distributed and used in different places. In such a case, the cryptogram or the required key will be refused and the security module is considered as invalid at future connection attempts.
  • the verification is carried out on the basis of the identifier of the security module (ID 1 , ID 2 ) transmitted by the mobile equipment (EM 1 , EM 2 ) to the management center (CG) when the cryptogram is requested.
  • the exclusion of a cloned security module can also be carried out by means of management messages (EMM) that can be received only by one mobile equipment at a given place and recognized by the management center. Another mobile equipment in another cell with a same security module will thus not receive this message carrying the data access rights to the broadcasting network (NET 1 ).
  • EMM management messages
  • the mobile equipment is provided with a Global Positioning System of the GPS type (Global Positioning System) that determines the coordinates corresponding to its geographical position. This data is then used to determine the local key from the received cryptogram.
  • GPS Global Positioning System
  • the transmission key (TK) encrypting the control messages ECM can also depend on the broadcasting emitter.
  • This configuration thus provides two security levels to be overcome in order to access the content broadcasted in the stream.
  • the mobile equipment When the mobile equipment is connected to the mobile network, it receives a management message EMM containing the local transmission key (TKL) or elements suited for determining said key (parameters, calculation functions).
  • the message EMM is transmitted in general only if the local transmission key (TKL) is not available in the security module of the mobile equipment or after a key change. In fact, the validity of the latter, for example, can be limited to a certain period for a given emitter.
  • the mobile equipment After having obtained this key (TKL) allowing the decryption of the control messages ECM, the mobile equipment determines the local key(s) (KL 1 , KL 2 ) necessary for the decryption of the control words CW′ contained in the ECM messages. These local keys (KL 1 , KL 2 ) are determined according to the processes described above.
  • the localization data such as the network cell identifiers or the position coordinates of the mobile equipments can be used in order to prevent access to certain content broadcasted to mobile equipments located in a given region.
  • the ECM broadcasted and associated to a predetermined content contain a control word encrypted with a key which cannot be obtained from certain cell identifiers because, for example, the calculation function of the key does not have the adequate parameters. In other words, this restriction allows certain places to be blocked out from the reception of the broadcasted contents.
  • a network key or a node can be specific to a broadcasted channel.
  • the local identifier provided from the node key or the node key itself cannot be transmitted by the management center, which prohibits the reception of this channel near the node in question.
  • the local broadcasting operator(s) decrypt the stream with the original control word CW for re-encrypting it with local control-words (CW′ 1 , CW′ 2 ).
  • the local emitters (E 1 , E 2 ) each broadcast then a stream encrypted with local control words (CW′ 1 , CW′ 2 ) and local ECM messages containing these control words (CW′ 1 , CW′ 2 ) specific to each emitter (E 1 , E 2 ).
  • the mobile equipment of a user is connected to the mobile network in order to receive a management message EMM containing at least one local transmission key (TKL) allowing the decryption of the local ECM messages in order to extract the control words (CW′ 1 , CW′ 2 ).
  • TKL local transmission key
  • the management message EMM can be received either automatically after the establishment of a connection recognized by the mobile network (NET 2 ) or on request by means of a short message SMS, for example.
  • the mobile equipment could also be possible for the mobile equipment to receive a set of local transmission keys (TKL) in the EMM message when it connects to a cell of the mobile network (NET 2 ).
  • TTKL local transmission keys
  • This set allows decrypting the ECM messages sent from nearby emitters when the mobile equipment moves from one broadcasting area to another without requesting an EMM message from each cell.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Ecology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Remote Sensing (AREA)
  • Emergency Management (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Environmental Sciences (AREA)
  • Environmental & Geological Engineering (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Graphics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method is disclosed for conditional access to a digital data stream encrypted with at least one first control word and broadcasted via an emitter of a broadcasting network to at least one mobile equipment. The latter also is connected via a mobile communication network to a management center. The stream contains control messages encrypted with a transmission key and includes a second control word obtained by the encryption of the first control word with a local key. The method includes reception by the mobile equipment of at least one cryptogram via the mobile network, determination of at least one local key from the received cryptogram, and reception of a control message via the broadcasting network, decryption of the message and obtaining the second control word. The method further includes decryption of the second control word with the local key and obtaining the first control word and decryption of the data of the stream with the first control word

Description

    TECHNICAL FIELD
  • The invention concerns the domain of conditional access to a digital data stream broadcasted through a wireless channel and received by a plurality of mobile equipments, such as, for example, mobile telephones, PDAs (Personal Digital Assistants), portable digital television receivers or a portable computers.
  • The broadcasted data is encrypted and can be received in plain text only by authorized equipment when the user has acquired the necessary rights. These rights, stored in a security module associated to the mobile equipment, consist of a set of keys that allow the decryption of the control words contained in control messages ECM (Entitlement Control Message) broadcasted in the audio data/video stream.
  • A security module is considered as a tamper-proof device containing different encryption/decryption keys, information serving to identify a user on a network and the data that defines the rights purchased by the user for reception of a broadcasted content. The security module can take different forms such as a removable smart card inserted into a reader, an integrated circuit soldered onto a mother board or a card of the SIM type (Subscriber Identity Module) that is installed in the majority of mobile equipments.
    • PRIOR ART
  • At present, a mobile equipment configured for the reception of digital television programs is based on standard technologies such as OMA (Open Mobile Alliance), DVB-H (Digital Video Broadcast, Handheld), or DMB (Digital Multimedia Broadcasting) that is in certain ways a broadband extension of (Digital Audio Broadcasting).
  • OMA technology implements a complete unique solution for a given market such as that of mobile telephones where each equipment and the content suppliers support the OMA technology.
  • DVB technology has been designed to standardize digital television decoders (set top boxes) with the objective of reducing their costs at large scale. It standardizes the elements involved at the level of conditional access to the content broadcasted in MPEG-2 or MPEG-4 format for mobile television on the Internet. These elements consist of the encryption algorithm of the broadcasted content, the control messages ECM containing the decryption keys or control words, the management messages EMM containing the rights of the users and the interface between the decoder and the security module managing conditional access.
  • In the particular case of DVB-H mobile television, the protection of the content is developed by the group DVB-CBMS (Digital Video Broadcasting-Convergence of Broadcast and Mobile Services).
  • Standardization does not extend neither to the content with added value of the ECM and EMM messages, nor to the protection method of the latter. Each conditional access supplier uses its own data structure and its own protection means for a broadcasted content. Therefore, DVB technology offers numerous possibilities for the development of the security of the content.
  • The drawback of a too advanced standardization as that of OMA technology lies in the fact that additional protection measures are restricted especially when the conditional access system has been pirated by third parties.
  • In DVB technology, the discovery of one or several control words contained in the control messages ECM allows the decryption of the stream without having to acquire a subscription or pay for the pay-per-view broadcasted programs. This piracy causes damage that affects both the content supplier as well as the supplier of conditional access.
  • The document WO2004084555 describes an access method using a mobile telephone with information services broadcasted via a first communication channel to a receiver device. This method includes the following steps:
      • storage in the mobile telephone of access control data allowing access to information received by the receiver device via the first channel,
      • establishment of a communication between the receiver device and the mobile telephone via a second wireless low range local channel of the Bluetooth or WiFi (Wireless Fidelity) type according to the standards IEEE 802.11,
      • transmission of the access control data stored in the mobile telephone to the receiver device via the second channel in order to authorize access to information services broadcasted via the first channel.
  • The reception of access control data via a second channel independent of the channel for broadcasting controlled access services certainly allows the improvement of the protection of this data against piracy, but not limiting the extent of the effects of a possible discovery of the decryption keys or of means for their production.
    • SUMMARY OF THE INVENTION
  • The aim of the present invention is to provide countermeasure means in the event of piracy independently of the type of mobile equipment and at a relatively low cost. These means act on the protection elements that are not related to the standardization and that are preferably adjustable by the conditional access provider.
  • Another aim is to limit the damaging effects of a possible piracy to a number as reduced as possible of mobile equipments.
  • These aims are achieved by a method for conditional access to a digital data stream encrypted with at least one first control word and broadcasted via an emitter of a broadcasting network to at least one mobile equipment, the latter also being connected via a mobile communication network to a management center, said stream containing the control messages encrypted with a transmission key and comprising a second control word obtained by means of the encryption of the first control word with a local key, said method comprises the following steps:
      • Reception by the mobile equipment of at least one cryptogram via the mobile network,
      • Determination of at least one local key from the received cryptogram,
      • Reception of a control message via the broadcasting network, decryption of said message and obtaining the second control word,
      • Decryption of the second control word with the local key and obtaining the first control word,
      • Decryption of the data of the stream with the first control word.
  • The method stands out by the use of a cryptogram containing, for example, localization information of the mobile equipment. The access to the data of the stream is thus only authorized to mobile equipments situated in a given geographic area.
  • The discovery of a control word encrypting the data of the stream will thus have consequences limited to mobile equipment functioning in a district or in a town without extending to all the equipment in the country, for example.
  • According to a first embodiment, the broadcasted stream consists of the content encrypted by control words and control messages. The latter each contain control words resulting from the encryption of the original control words with a local key. Each mobile equipment is first connected to a mobile network of the GSM (Global System for Mobile Communications) or UMTS (Universal Mobile Telecommunications System) type or another through which it is located by the management center. The mobile equipment receives from this center a cryptogram containing a local identifier corresponding to that of the nearest network cell to its geographical position. This cryptogram transmitted to the security module of the equipment allows the determination of one or more local keys that are defined as functions of the local identifier.
  • Several keys can be generated from a cryptogram thus allowing the decryption of the control words broadcasted by nearby emitters when the equipment moves from one district to another, for example.
  • The mobile equipment gets this function and/or its parameters, via management messages EMM that it can receive, for example, from the management center when connected to the GSM or UMTS mobile network. A particular request by short message SMS, post or telephone call, for instance, would be an alternative for obtaining this function.
  • The cryptogram can be formed, for example, by carrying out a XOR function (OR exclusive) on the identifier of the cell, according to a simple embodiment. According to an embodiment with a higher security level, a cryptographic function using a random number combined with the identifier of the cell transmitted by the mobile network can be used.
  • According to one embodiment that allows the mobile equipment to move from one cell to another, two solutions are possible:
  • a) several cryptograms corresponding to surrounding cells can be transmitted to the mobile equipment when it connects to the first cell. The security module can also determine the local keys necessary for the decryption of the controls words from the following cells.
  • b) a set of local keys can be determined from only one received cryptogram allowing the decryption of the controls words from different cells. This cryptogram contains, for example, a chain of local keys corresponding to consecutive cells.
  • The control messages ECM broadcasted in the stream specific to a given region because they contain control words that can only be decrypted by a local key that is determined from parameters specific to a mobile network of a given place.
  • After decryption of the ECM messages with the transmission key, the control words are extracted. The local key, determined thanks to the received cryptogram, allows determining the original control words for decrypting the content broadcasted on the condition to have the necessary rights in the security module.
  • These rights are obtained from management messages EMM broadcasted through a conditional access system CAS whose server is connected to that of the operator of the GSM or UMTS mobile network or the management center.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The invention will be better understood thanks to the following detailed description that refers to the annexed figures given as non-limitative examples.
  • FIG. 1 shows a block diagram of an example of configuration with two emitters placed in different locations and that can be got by local mobile equipment.
  • FIG. 2 shows a block diagram of the encryption of the control word of a control message with a local key and the encryption of a control message with a transmission key.
  • FIG. 3 shows a schematized example of broadcasting areas of emitters of the broadcasting network and cells of the mobile network inside these broadcasting areas.
    • DETAILED DESCRIPTION OF THE INVENTION
  • A stream of digital data forming a content (C) encrypted with control words (CW) is broadcasted with control messages ECM. This digital data can also comprise audio/video data of television programs as well as data relating to applications that can be operated by a mobile equipment.
  • A server of a conditional access supplier (CA) is connected to a server of an operator (OP) managing a broadcasting network (NET1) and a mobile network (NET2). The operator (OP) broadcasts on the broadcasting network (NET1) the content (C) encrypted with the control words CW as well as the ECM messages containing a control word CW′ encrypted with a local key (KL1, KL2). This local key is specific to the geographic location of the emitter (E1, E2) of the broadcasting network such as a district, a town or a region. Moreover, the access supplier (CA) broadcasts management messages EMM that define the access rights to the content according to the user's purchases as a subscription or a pre-payment of selected programs.
  • The mobile equipments EM1, EM2 are connected respectively to the broadcasting network (NET1) and to the mobile network (NET2). The broadcasting network (NET1) provides the encrypted content while the mobile network (NET2) provides the parameters necessary for the reception of the content (C). The broadcasting network (NET1) can be, for example, of the DVB-H type where the content is broadcasted through a radio channel by a local emitter (E1, E2), the mobile network (NET2) will be of the GSM or UMTS type for example, also allowing communications with the management center (CG) of the operator (OP), (see FIG. 1).
  • The emitters (E1, E2) of the broadcasting network (NET1) broadcast the digital data in a unidirectional way towards the mobile equipment (EM1, EM2) while the data of the mobile network (NET2) flows in a bidirectional way between the mobile equipment (EM1, EM2) and the management center (CG).
  • The mobile equipments (EM1, EM2) can move from one cell of the mobile network (NET2) towards another maintaining the possibility of receiving the data broadcasted by either of the emitters of the broadcasting network (NET1).
  • FIG. 3 shows this type of situation where cells (C1-C10-Cn) of the mobile network (NET2) form meshes that extend over one or more broadcasting areas (Z1, Z2, Z3) of the emitters (E1, E2, E3) of the network (NET1). When a mobile equipment is moved, for example, from the first broadcasting area (Z1) towards the third broadcasting area (Z3), it can receive a set of keys corresponding to the cells that it traverses, for example the keys of cells C1 to C7 of the illustrated example. These local keys allow the mobile equipment decrypting the control words of ECM messages in the areas (Z1) and (Z3) covered by emitters (E1) and (E3). According to one alternative, the mobile equipment receives a local key each time it enters into a cell during its displacement. When the cell crosses two or several broadcasting areas, such as for example the cells C2 to C6, the mobile equipment can receive as many keys as the number of broadcasting areas covered by the cell.
  • In the example of FIG. 3, the cell (C4) extends over the three broadcasting areas (Z1, Z2, Z3). In this case, the mobile equipment can receive the three local keys allowing it to operate the data transmitted by each emitter (E1, E2, E3).
  • Both the broadcasting and mobile networks (NET1, NET2) can be of the same type as long as the bandwidth is sufficient for simultaneous transmission of a digital content and of bidirectional data exchanges. For example, a network of the type UMTS, EDGE (Enhanced Data Rates for Global Evolution) or another type can be provided.
  • The local ECM or more precisely the local control words CW′ are created by the management center (CG) of the mobile operator (OP) from the original control-words CW by encryption of this word with a local key (KL1, KL2). The new control word CW′=KL1(CW) or KL2(CW) obtained in this way is inserted into the ECM messages broadcasted by the emitter (E1, E2) of the broadcasting network (NET1) to mobile equipments (EM1, EM2) connected to the mobile network (NET2). These equipments are situated in a cell of the mobile network (NET2) where they can receive the cryptogram necessary for obtaining the local key (KL1, KL2). (See FIG. 2, embodiment (1))
  • It should be noted that the broadcasted control messages ECM are encrypted with a transmission key (TK) supplied to the mobile equipment (EM1, EM2) by means of management messages EMM delivered by the access supplier (CA) via the management center (CG).
  • According to a first embodiment, the local key (KL1, KL2) is determined by the mobile equipment when it connects to the mobile network (NET2) by means of localization data or more precisely an identifier of a cell (C1-ID, C2-ID) of this network transmitted by the management center (CG). The local key can be determined in several ways:
  • calculation carried out by means of an operation or a relatively simple mathematical function such as for example XOR (OR exclusive) or from a random number transmitted by the management center.
  • combination with a key specific to the mobile network or to a node of the latter provided either when the mobile equipment connects to the management center, or in response to a particular request by a short message SMS, for example.
  • the transmitted cryptogram can form the local key that can be used as it is, without intermediate calculation by the mobile equipment for decrypting the local control words.
  • To summarize, this local key is necessary for the decryption of the control words CW′ contained in the local ECM broadcasted in the digital data stream in order to obtain the original control words CW effectively encrypting the broadcasted content.
  • Beyond the distribution of cryptograms to locally recognized mobile equipments, the management center (CG) verifies the requests on the whole mobile network (NET2) in order to detect if a same security module requests a cryptogram from several cells of the network. This situation occurs when a security module has been cloned, distributed and used in different places. In such a case, the cryptogram or the required key will be refused and the security module is considered as invalid at future connection attempts. The verification is carried out on the basis of the identifier of the security module (ID1, ID2) transmitted by the mobile equipment (EM1, EM2) to the management center (CG) when the cryptogram is requested. The exclusion of a cloned security module can also be carried out by means of management messages (EMM) that can be received only by one mobile equipment at a given place and recognized by the management center. Another mobile equipment in another cell with a same security module will thus not receive this message carrying the data access rights to the broadcasting network (NET1).
  • According to one alternative the mobile equipment is provided with a Global Positioning System of the GPS type (Global Positioning System) that determines the coordinates corresponding to its geographical position. This data is then used to determine the local key from the received cryptogram.
  • According to a second embodiment, the transmission key (TK) encrypting the control messages ECM can also depend on the broadcasting emitter. This configuration thus provides two security levels to be overcome in order to access the content broadcasted in the stream. When the mobile equipment is connected to the mobile network, it receives a management message EMM containing the local transmission key (TKL) or elements suited for determining said key (parameters, calculation functions). The message EMM is transmitted in general only if the local transmission key (TKL) is not available in the security module of the mobile equipment or after a key change. In fact, the validity of the latter, for example, can be limited to a certain period for a given emitter.
  • After having obtained this key (TKL) allowing the decryption of the control messages ECM, the mobile equipment determines the local key(s) (KL1, KL2) necessary for the decryption of the control words CW′ contained in the ECM messages. These local keys (KL1, KL2) are determined according to the processes described above.
  • The localization data such as the network cell identifiers or the position coordinates of the mobile equipments can be used in order to prevent access to certain content broadcasted to mobile equipments located in a given region. In fact, the ECM broadcasted and associated to a predetermined content contain a control word encrypted with a key which cannot be obtained from certain cell identifiers because, for example, the calculation function of the key does not have the adequate parameters. In other words, this restriction allows certain places to be blocked out from the reception of the broadcasted contents.
  • According to one configuration, a network key or a node can be specific to a broadcasted channel. When a mobile equipment is situated in a given place, the local identifier provided from the node key or the node key itself cannot be transmitted by the management center, which prohibits the reception of this channel near the node in question.
  • According to another configuration, (see FIG. 2, embodiment (2)) the local broadcasting operator(s) decrypt the stream with the original control word CW for re-encrypting it with local control-words (CW′1, CW′2). The local emitters (E1, E2) each broadcast then a stream encrypted with local control words (CW′1, CW′2) and local ECM messages containing these control words (CW′1, CW′2) specific to each emitter (E1, E2). The mobile equipment of a user is connected to the mobile network in order to receive a management message EMM containing at least one local transmission key (TKL) allowing the decryption of the local ECM messages in order to extract the control words (CW′1, CW′2).
  • The management message EMM can be received either automatically after the establishment of a connection recognized by the mobile network (NET2) or on request by means of a short message SMS, for example.
  • Of course, it could also be possible for the mobile equipment to receive a set of local transmission keys (TKL) in the EMM message when it connects to a cell of the mobile network (NET2). This set allows decrypting the ECM messages sent from nearby emitters when the mobile equipment moves from one broadcasting area to another without requesting an EMM message from each cell.

Claims (12)

1. Method for conditional access to a digital data stream encrypted with at least one first control word and broadcasted via an emitter of a broadcasting network to at least one mobile equipment, the latter also being connected via a mobile communication network to a management center, said stream containing control messages encrypted with a transmission key and comprising a second control word obtained by the encryption of the first control word with a local key, said method comprising:
reception by the mobile equipment of at least one cryptogram via the mobile network,
determination of at least one local key from the received cryptogram,
reception of a control message via the broadcasting network, decryption of said message and obtaining the second control word,
decryption of the second control word with the local key and obtaining the first control word, and
decryption of the data of the stream with the first control word.
2. Method according to claim 1, wherein the local key is specific to the geographic location where is placed the emitter of the broadcasting network got by the mobile equipment and in that the cryptogram includes an identifier of a cell of the mobile network to which said equipment is connected.
3. Method according to claim 2, wherein the cryptogram is transmitted by the management center, via the mobile network, when the mobile equipment connects to said network.
4. Method according to claim 1, wherein the local key is obtained from the cryptogram and the geographical coordinates related to the position of the mobile equipment.
5. Method according to claim 4, wherein the position of the mobile equipment is determined by a global positioning device associated to said equipment.
6. Method according to claim 1, wherein the local key is determined by way of a mathematical function carried out on the cryptogram received from the management center, said function being obtained by way of management messages delivered by a conditional access supplier via said management center.
7. Method according to claim 2, wherein the local key is determined by means of a combination of the identifier of a cell of the mobile network with a node key of said network to which the mobile equipment is connected.
8. Method according to claim 1, wherein the local key is made up of the cryptogram received by the mobile equipment.
9. Method according to claim 1, wherein the transmission key encrypting the control messages is specific to the emitter of the broadcasting network.
10. Method according to claim 9, including a supplementary step of reception of a management message followed by a step of extraction of the transmission key or elements suited for determining said key.
11. Method according to claim 1, where each emitter of the broadcasting network broadcasts a digital data stream encrypted with control words specific to said emitter and control messages encrypted with a local transmission key containing said control words wherein the mobile equipment receives a management message, via the mobile network, containing at least one local transmission key, deciphers the control messages with the received local transmission key, extracts the control words and decrypts the digital data of the stream.
12. Method according to claim 1, wherein the emitters of the broadcasting network broadcast the digital data in a unidirectional way towards the mobile equipments while the data of the mobile network flows in a bidirectional way between the mobile equipment and the management center.
US11/431,535 2005-05-13 2006-05-11 Method for local conditional access for mobile equipments Abandoned US20080022411A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/979,958 US9077856B2 (en) 2005-05-13 2007-11-13 Method for local conditional access for mobile equipments

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP05291046A EP1722564A1 (en) 2005-05-13 2005-05-13 Local conditional access method for mobile receivers
EPEP05291046.0 2005-05-13

Related Child Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/062265 Continuation-In-Part WO2006122908A1 (en) 2005-05-13 2006-05-12 Local conditional access method for mobile equipment

Publications (1)

Publication Number Publication Date
US20080022411A1 true US20080022411A1 (en) 2008-01-24

Family

ID=35094488

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/431,535 Abandoned US20080022411A1 (en) 2005-05-13 2006-05-11 Method for local conditional access for mobile equipments
US11/979,958 Expired - Fee Related US9077856B2 (en) 2005-05-13 2007-11-13 Method for local conditional access for mobile equipments

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/979,958 Expired - Fee Related US9077856B2 (en) 2005-05-13 2007-11-13 Method for local conditional access for mobile equipments

Country Status (7)

Country Link
US (2) US20080022411A1 (en)
EP (2) EP1722564A1 (en)
CN (1) CN101199205B (en)
BR (1) BRPI0612433A2 (en)
CA (1) CA2608650C (en)
TW (1) TW200718198A (en)
WO (1) WO2006122908A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080066176A1 (en) * 2006-09-08 2008-03-13 Memory Experts International Inc. Personal digital rights management with user mobility
US20080219436A1 (en) * 2007-03-05 2008-09-11 General Instrument Corporation Method and apparatus for providing a digital rights management engine
US20090288151A1 (en) * 2008-05-19 2009-11-19 General Instrument Corporation Conditional Access System Switcher
US20090325576A1 (en) * 2006-08-02 2009-12-31 Nagravision S.A. Method of local conditional access for mobile equipment
US20100299758A1 (en) * 2007-11-09 2010-11-25 Electronics And Telecommunications Research Institute Method and data sharing system in peer to peer environment
US20100332819A1 (en) * 2009-06-26 2010-12-30 France Telecom Digital content access control
US20110077026A1 (en) * 2009-09-25 2011-03-31 International Business Machines Corporation Location Restricted Content Delivery Over a Network
US10728756B2 (en) * 2016-09-23 2020-07-28 Qualcomm Incorporated Access stratum security for efficient packet processing

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101193308A (en) * 2006-11-22 2008-06-04 上海贝尔阿尔卡特股份有限公司 Method and device for playing video/audio signals in communication network
CN101198011B (en) * 2006-12-07 2010-09-29 中兴通讯股份有限公司 Method for transmitting condition receiving information in mobile multimedia broadcasting network
CN101127596B (en) * 2007-09-20 2012-04-11 中兴通讯股份有限公司 A method and system for program stream secret key encryption in broadcast mobile TV service
CN101505402B (en) * 2009-03-06 2012-04-18 四川长虹电器股份有限公司 Authentication method for uni-directional network digital television conditional receiving system terminal deciphering module
EP2348725A1 (en) * 2010-01-26 2011-07-27 Irdeto Access B.V. Computational efficiently obtaining a control word in a receiver using transformations
EP2405650A1 (en) * 2010-07-09 2012-01-11 Nagravision S.A. A method for secure transfer of messages
CN102355598B (en) * 2011-10-08 2014-02-19 北京视博数字电视科技有限公司 Operating system drive layer-based scrambling method and device
US9332286B2 (en) * 2011-10-28 2016-05-03 Irdeto B.V. Constructing a transport stream
CN105446926B (en) * 2014-09-09 2020-09-22 纳瑞塔有限责任公司 USB interface for performing transport I/O

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030005435A1 (en) * 2001-06-29 2003-01-02 Rickard Nelger Conditional access system
US20030108202A1 (en) * 2001-12-12 2003-06-12 Clapper Edward O. Location dependent encryption and/or decryption
US20030181160A1 (en) * 2002-03-21 2003-09-25 Hirsch Andrew J. Authentication and provisioning system for subscriber broadcasts
US20050013439A1 (en) * 2001-11-21 2005-01-20 Jean-Francois Collet Method for controlling access to specific services from a broadcaster
US20050100162A1 (en) * 2003-11-11 2005-05-12 Jukka Alve System and method for using DRM to control conditional access to DVB content

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9032097B2 (en) * 2001-04-26 2015-05-12 Nokia Corporation Data communication with remote network node
US7228439B2 (en) * 2002-04-19 2007-06-05 Nagravision S.A. Management method of rights of a content encrypted and stored in a personal digital recorder
GB0324696D0 (en) * 2003-10-23 2003-11-26 Koninkl Philips Electronics Nv Accessing content at a geographical location
KR100735280B1 (en) * 2005-06-16 2007-07-03 삼성전자주식회사 Digital multimedia broadcastingdmb system and conditional access method for restricting of dmb watching in regional
EP1885095A1 (en) * 2006-08-02 2008-02-06 Nagravision S.A. Local conditional access method for mobile receivers

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030005435A1 (en) * 2001-06-29 2003-01-02 Rickard Nelger Conditional access system
US20050013439A1 (en) * 2001-11-21 2005-01-20 Jean-Francois Collet Method for controlling access to specific services from a broadcaster
US20030108202A1 (en) * 2001-12-12 2003-06-12 Clapper Edward O. Location dependent encryption and/or decryption
US20030181160A1 (en) * 2002-03-21 2003-09-25 Hirsch Andrew J. Authentication and provisioning system for subscriber broadcasts
US20050100162A1 (en) * 2003-11-11 2005-05-12 Jukka Alve System and method for using DRM to control conditional access to DVB content
US20050100167A1 (en) * 2003-11-11 2005-05-12 Jukka Alve System and method for using DRM to control conditional access to broadband digital content

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8737990B2 (en) * 2006-08-02 2014-05-27 Nagravision S.A. Method of local conditional access for mobile equipment
US20090325576A1 (en) * 2006-08-02 2009-12-31 Nagravision S.A. Method of local conditional access for mobile equipment
US20080066176A1 (en) * 2006-09-08 2008-03-13 Memory Experts International Inc. Personal digital rights management with user mobility
US20080219436A1 (en) * 2007-03-05 2008-09-11 General Instrument Corporation Method and apparatus for providing a digital rights management engine
US20100299758A1 (en) * 2007-11-09 2010-11-25 Electronics And Telecommunications Research Institute Method and data sharing system in peer to peer environment
US20090288151A1 (en) * 2008-05-19 2009-11-19 General Instrument Corporation Conditional Access System Switcher
US8813254B2 (en) * 2008-05-19 2014-08-19 Motorola Mobility Llc Conditional access system switcher
US20100332819A1 (en) * 2009-06-26 2010-12-30 France Telecom Digital content access control
US8966239B2 (en) * 2009-06-26 2015-02-24 Orange Digital content access control having improved transmission bandwidth
US20150163204A1 (en) * 2009-06-26 2015-06-11 Orange Digital content access control
US20110077026A1 (en) * 2009-09-25 2011-03-31 International Business Machines Corporation Location Restricted Content Delivery Over a Network
US20120195427A1 (en) * 2009-09-25 2012-08-02 International Business Machines Corporation Location Restricted Content Deliver over a Network
US8744488B2 (en) * 2009-09-25 2014-06-03 International Business Machines Corporation Location restricted content delivery over a network
US8744486B2 (en) * 2009-09-25 2014-06-03 International Business Machines Corporation Location restricted content delivery over a network
US10728756B2 (en) * 2016-09-23 2020-07-28 Qualcomm Incorporated Access stratum security for efficient packet processing
US11528603B2 (en) 2016-09-23 2022-12-13 Qualcomm Incorporated Access stratum security for efficient packet processing

Also Published As

Publication number Publication date
WO2006122908A1 (en) 2006-11-23
CN101199205B (en) 2010-11-03
US20080144822A1 (en) 2008-06-19
US9077856B2 (en) 2015-07-07
TW200718198A (en) 2007-05-01
CN101199205A (en) 2008-06-11
EP1722564A1 (en) 2006-11-15
EP1880547A1 (en) 2008-01-23
CA2608650A1 (en) 2006-11-23
CA2608650C (en) 2014-04-22
BRPI0612433A2 (en) 2012-07-17
EP1880547B1 (en) 2012-08-08

Similar Documents

Publication Publication Date Title
CA2608650C (en) Local conditional access method for mobile equipment
US8737990B2 (en) Method of local conditional access for mobile equipment
US8135825B2 (en) Method for loading and managing an application on mobile equipment
EP2351318B1 (en) Method and apparatus for billing and security architecture for venue-cast services
US7698568B2 (en) System and method for using DRM to control conditional access to broadband digital content
CN101141246B (en) Service key obtaining method and subscription management server
GB2453924A (en) Encrypted Mobile TV broadcast with encrypted content key while key encryption key is delivered over phone network
KR20040066901A (en) Method and system for conditional access
WO2005045554A2 (en) System and method for using drm to control conditional access to broadband digital content
KR20060105862A (en) Method protecting contents supported broadcast service between service provider and several terminals
US20100106648A1 (en) Method and apparatus for acquiring encryption key to provide pay channel
KR100966413B1 (en) Method for controlling access to specific services from a broadcaster
KR100695082B1 (en) Conditional Access System and Method Using Position Information of Mobile Communication Terminal and Mobile Communication Terminal therefor
EP3308481B1 (en) Receiver apparatus and method for controlling the access to contents broadcasted via satellite
US20220385987A1 (en) Multimedia content secure access
Wright Security considerations for broadcast systems
Yang et al. Authentication scheme and simplified CAS in mobile multimedia broadcast
KR20110107008A (en) Apparatus and method for supporting smartcard profile in mobile broadcating system

Legal Events

Date Code Title Description
AS Assignment

Owner name: NAGRA FRANCE SAS, FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WENDLING, BETRAND;LANDIER, OLIVIER;REEL/FRAME:017886/0614

Effective date: 20060404

AS Assignment

Owner name: NAGRA FRANCE SAS,FRANCE

Free format text: CORRECTION OF INVENTORS NAME;ASSIGNORS:WENDLING, BERTRAND;LANDIER, OLIVIER;REEL/FRAME:024279/0460

Effective date: 20100414

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION