US20080301437A1 - Method of Controlling Access to a Scrambled Content - Google Patents

Method of Controlling Access to a Scrambled Content Download PDF

Info

Publication number
US20080301437A1
US20080301437A1 US12/094,786 US9478606A US2008301437A1 US 20080301437 A1 US20080301437 A1 US 20080301437A1 US 9478606 A US9478606 A US 9478606A US 2008301437 A1 US2008301437 A1 US 2008301437A1
Authority
US
United States
Prior art keywords
terminal
access
content
data
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/094,786
Other languages
English (en)
Inventor
Anthony Chevallier
Stephane Lanfranchi
Erwann Magis
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
VACCESS
Viaccess SAS
Original Assignee
VACCESS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from FR0553852A external-priority patent/FR2894756B1/fr
Application filed by VACCESS filed Critical VACCESS
Assigned to VIACCESS reassignment VIACCESS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHEVALLIER, ANTHONY, LANFRANCHI, STEPHANE, MAGIS, ERWANN
Publication of US20080301437A1 publication Critical patent/US20080301437A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/414Specialised client platforms, e.g. receiver in car or embedded in a mobile appliance
    • H04N21/4147PVR [Personal Video Recorder]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/436Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4402Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving reformatting operations of video signals for household redistribution, storage or real-time display
    • H04N21/440281Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving reformatting operations of video signals for household redistribution, storage or real-time display by altering the temporal resolution, e.g. by frame skipping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/472End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
    • H04N21/47202End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/633Control signals issued by server directed to the network components or client
    • H04N21/6332Control signals issued by server directed to the network components or client directed to client
    • H04N21/6334Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/165Centralised control of user terminal ; Registering at central
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17309Transmission or handling of upstream communications
    • H04N7/17318Direct or substantially direct transmission and handling of requests

Definitions

  • the invention relates to the domain of distribution of contents and more specifically relates to a method for access control to a scrambled content supplied by an operator to a reception terminal with which an access management unit is associated, the reception terminal being provided with at least one access control module, said method comprising the following steps:
  • the invention also relates to an access control system including an emission device comprising a scrambled content server, an access management unit associated with said device, a reception terminal provided with at least one access control module to the scrambled content supplied by said server and with which an access condition is associated comprising a plurality of information necessary for descrambling said content.
  • the invention also relates to a computer program comprising a first processing module stored in the terminal cooperating with a second processing module stored in the access management unit, said program being designed to implement an access control method conforming with the invention.
  • the invention is also applicable when the scrambled digital content is distributed to a set of installed reception terminals comprising a master terminal and a plurality of slave terminals dependent on said master terminal, the master terminal acting as an access management unit.
  • One form of fraudulently using the digital content consists of using the same security processor, typically a valid smart card, by several terminals so as to process several ECM channels.
  • a single subscriber is known to the operator for several effective users of the same card.
  • This form of fraud enables decoders concerned to access a number of different programs equal to the number of rights actually present in the shared card, up to the number of ECMs that the card can process during the control word renewal period.
  • This fraudulent use of the subscriber card by several decoders is done without any control by the operator who cannot prevent it or event limit it.
  • the purpose of the invention is to overcome these disadvantages.
  • the invention aims to distribute access control operations between the input side of the system and the output side, in other words between firstly equipment installed at the operator for which operations are directly under the control of the operator, and secondly the reception terminal that conventionally performs checks on subscriber rights using the access control module. This distribution can limit or even eliminate the autonomy of the terminal from the operator during access control processing.
  • Another purpose of the invention is to take account of configurations in which the reception terminal has low processing power. This may be the case when mobile terminals are used as reception terminals (mobile telephone, PDA, portable computer, etc.) with limited autonomy in terms of energy and processing power.
  • Another purpose of the invention is to provide operators with a simple solution for controlled assignment of interdependent access rights or access rights common to different terminals belonging to the same subscriber.
  • the invention is applicable in conventional cases in which the terminal is provided with the physical access control module, typically a smart card, but it is advantageously applicable when the access control module is not a physical module, but is rather a software module preferably stored in a secure manner in a memory of the terminal.
  • the access control module is not a physical module, but is rather a software module preferably stored in a secure manner in a memory of the terminal.
  • the invention recommends an access control method to a scrambled content supplied by an operator to a reception terminal with which an access management unit is associated, said terminal being provided with at least one access control module.
  • This method includes the following steps:
  • this method also includes the following steps:
  • d processing said information by the access management unit to enable or prevent use of the content by the reception terminal depending on the result of said processing.
  • processing of the information received by the access management unit includes a first step consisting of checking if this information is compatible with access data stored in the terminal, and a second step consists of transmitting at least one control parameter to the terminal to enable or prevent use of the content as a function of the result of the first step.
  • the access control module verifies if the received access condition is satisfied using access data previously stored in said reception terminal.
  • the terminal sends part or all of the information about the access condition to the access management unit, only if the access condition received is not satisfied.
  • the terminal systematically sends said information, independently of the result of the check done by the access control module.
  • This second variant is particularly advantageous when access control is managed essentially at the operator in order to improve security of the content protection system without increasing the number of security mechanisms in the terminal, or even reducing them.
  • the first step in processing information received by the access management unit and the check on the access condition by the reception terminal are done independently of each other, systematically or occasionally, at a time phasing defined by the operator.
  • the operator is thus capable of making a fine modulation of the spatial and time distribution of the access control between the operator and the reception terminal.
  • the time phasing defined by the operator cannot be predicted at the reception terminal.
  • the access condition is transmitted to the terminal in an ECM message comprising at least one access criterion CA, a cryptogram CW* Kecm of an encrypted control word CW encrypted by a key K ecm .
  • the access data stored in the terminal include access rights to the content and at least one decryption key.
  • Step c) in the method then consists of sending at least the cryptogram CW* Kecm from the terminal to the access management unit, if the access control module does not have the key Kecm to decrypt said cryptogram CW* Kecm .
  • the parameter then sent by the access management unit to the terminal is a control word CW decrypted with the key K ecm and recrypted by a key K ter specifically known to the terminal.
  • the method is used to control the right to reuse a content.
  • the parameter sent by the access management unit to the terminal is an ECM R message that will be stored in the terminal with the content, and includes access criteria that will be used to check reading back of said content.
  • the method can also be used to control access to content protected by a DRM license.
  • the information sent by the terminal to the access management unit is the DRM license.
  • the system according to the invention is characterised in that the reception terminal is connected to said access management unit through a point-to-point link through which said access control module systematically or occasionally returns at least one item of the information about said access condition to said access management unit, so as to enable the access management unit to process said information to enable or prevent use of the content by the reception terminal, depending on the result of the processing done by the access management unit.
  • the access management unit in this system includes means of checking if the information received from the access control module is compatible with access data stored in the terminal, and means of generating and transmitting at least one control parameter to the terminal to enable or prevent use of the content as a function of the result of said verification.
  • the invention also relates to a reception terminal for a scrambled content distributed by a content distribution device associated with an access management unit.
  • This terminal includes at least one access control module communicating through a point-to-point link with said access control management unit.
  • the invention also relates to a computer program designed to implement an access control method controlling access to a scrambled content supplied by an operator, with which an access management unit is associated, at a reception terminal comprising an access control module.
  • This program includes a first module stored in the terminal comprising instructions to systematically or occasionally forward at least one item of information of said access condition from the terminal to the access management unit through a point-to-point link, said first module cooperating with said second module stored in the access control management unit comprising instructions to process said information and instructions to enable or prevent use of the content by the reception terminal, depending on the result of said processing.
  • the method according to the invention is also applicable in an access control system comprising an emission device comprising a content server, a master terminal, a slave terminal dependent on said master terminal, said content server comprising means of distributing a scrambled digital content with which an access condition is associated with said terminals, comprising a plurality of information necessary for descrambling of said content.
  • This system is characterised by the fact that the slave terminal can be connected to the master terminal through a point-to-point link through which said slave terminal returns at least one item of information extracted from the received access condition to said terminal, so as to enable said master terminal to process said information to enable or disable use of the content by the slave terminal.
  • the master terminal includes:
  • the master terminal may be integrated into the emission device or into a collective reception antenna.
  • the master terminal includes software capable of processing information transmitted by the slave terminal to enable or prevent use of the content by this slave terminal.
  • the method includes the following preliminary steps:
  • the invention enables the operator to control the association between a master terminal and slave terminals, by controlling assignment of the session key K S to a master terminal and to the associated slave terminals.
  • the operator can thus use the master terminal to control access to a content by the slave terminal.
  • the master terminal does not have a smart card, but simply performs a gateway function between installed slave terminals and the access management unit associated with the operator. In this case, the master terminal systematically calls on the access management unit associated with the operator to process an access request from a slave terminal.
  • the master terminal is provided with a smart card but only uses it occasionally.
  • the master terminal calls upon the management unit to process an access request from a slave terminal.
  • the master terminal does not do the processing using said smart card, all it does is to act as a gateway between the installed slave terminals and the access management unit associated with the operator.
  • the access condition is transmitted in an ECM message comprising at least one access criterion CA and a cryptogram CW* Kecm of a control word CW used to encrypt the content.
  • the slave terminal On reception of the access condition, the slave terminal returns at least the cryptogram CW* Kecm to the master terminal, and typically the access criterion CA.
  • the master terminal After verifying the rights of the slave terminal, if the slave terminal is authorised to use the content, the master terminal transmits the control word CW decrypted using the key K ecm and recrypted using the session key K s , to the slave terminal.
  • the parameter transmitted by the master terminal to the slave terminal is an ECM R message that will be saved with the content and includes access criteria that will be used for controlling reuse of said content.
  • the information returned by the slave terminal to the master terminal is the DRM license.
  • the method according to the invention is used by a computer program comprising a first module stored in the slave terminal comprising instructions to extract the access condition from the received datastream and to return at least one item of information about said access condition to the master terminal through a point-to-point link set-up with the master terminal, said first module cooperating with a second module stored in the master terminal containing instructions to process said information and instructions to enable or prevent use of the content by said slave terminal, depending on the result of said processing.
  • FIG. 1 shows a general scheme of an access control system according to the invention
  • FIG. 2 schematically shows a first example of the system in FIG. 1 ;
  • FIG. 3 is a block diagram illustrating a particular application of the method according to the invention.
  • FIGS. 4 to 6 represent a time diagram illustrating the time phasing of the method according to the invention
  • FIG. 7 is a flowchart illustrating the steps of one embodiment of the method according to the invention.
  • FIG. 8 schematically illustrates a invention in which the access control is managed by a master terminal with which several slave terminals are associated.
  • FIG. 9 schematically illustrates a control procedure for authorization of a slave terminal to use the digital content.
  • the method may be used in any connected network with a sufficiently high speed return channel such as a DSL (Digital Subscriber Line) wired network, or a wireless network of the Wi-Fi or Wi-Max (or ASFI—Wireless Internet Access), or a 3G mobile type.
  • a DSL Digital Subscriber Line
  • Wi-Fi Wireless Fidelity
  • Wi-Max Wireless Fidelity
  • 3G mobile type a 3G mobile type
  • FIG. 1 illustrates a general diagram of a content distribution system in which the method according to the invention could be used.
  • This system includes an emission device 2 associated with an access management unit 4 and a reception terminal 6 .
  • the emission device 2 includes a content server 8 distributing scrambled contents to the terminal 6 through a transport network 7 such as a wired network or a radio broadcasting network; or through a DSL line, and the terminal 6 includes an access control module 10 that may be a smart card or preferably a software module performing control functions.
  • the terminal 6 is connected to the access management unit 4 through a two directional point-to-point link 12 .
  • the reception terminal 6 is a digital decoder installed at the subscriber and the link between the operator and subscribers is made through a DSL line, through an intermediate equipment 14 comprising a DSLAM (Digital Subscriber Line Access Multiplexer) 15 communicating with an access management unit 4 (UGA).
  • DSLAM Digital Subscriber Line Access Multiplexer
  • UGA access management unit 4
  • the access management unit 4 may be installed at a trusted third party with the role of controlling the rights of subscribers under the supervision of the operator without going outside the framework of the invention.
  • the emission device 2 includes an ECM-G (for Entitlement Control Message Generator) module 16 that will calculate and broadcast operation messages ECM, a SAS module 18 (Subscriber Authorization System), designed to calculate and broadcast EMM (Entitlement Management Message) messages necessary for several purposes including to send rights and keys to subscribers and a MUX multiplexor 20 that will form a package of contents starting from programs and/or services supplied by the operator.
  • ECM-G Entitlement Control Message Generator
  • SAS module 18 Subscriber Authorization System
  • EMM Entitlement Management Message
  • the terminal 6 may be composed of a multimedia content decoder/descrambler, known in the prior art as a Set Top Box (STB). It is provided with a security processor 10 specially designed to process access control to contents and management of rights and cryptographic secrets (keys).
  • a security processor is the smart card connected to the terminal.
  • Another example of the security processor 10 may also be made by a dedicated software function integrated into the terminal.
  • the contents supplied represent multimedia programs broadcast in scrambled form by a control word CW.
  • the terminal 6 is provided with a key K Diff common to terminals addressed by the operator, a key K Ter specific to this terminal and a right D Oper . These keys and this right were previously loaded in the security processor, typically by an EMM message. Furthermore, if the subscriber performs an illegal action, the security processor contains a fraudulently acquired right D Fraud .
  • the access management unit 4 already has the key K Oper , the key K Ter of each terminal and knows what rights D Oper are possessed by each terminal.
  • the access condition is transmitted to the terminal (arrow 22 ) in an ECM message generated by the ECM-G 16 of the emission device 2 .
  • This ECM message includes an access criterion CA oper and the cryptogram CW* Kecm of the control word CW encrypted by a key K ecm that is either the key K Oper known only to the operator, or the key K Diff known to all the operator's terminals.
  • the terminal has at least one right D Oper satisfying the access criterion CA Oper and the key K ecm used to obtain the control word CW by decryption of the cryptogram CW* Kecm which is the case in this example if the key Kecm is the key K Diff .
  • the terminal 6 On reception of programs, the terminal 6 returns (arrow 24 ) the received ECM to the access management unit 4 .
  • the key K ecm is the key K Oper that is not transmitted to the terminal 6 .
  • the terminal systematically returns the ECM to the access management unit 4 .
  • the terminal occasionally sends the ECM to the access management unit 4 after the module 10 has made a prior check of the access criterion.
  • the terminal returns the ECM if, for example, the subscriber does not have the right D oper that would make it possible to verify the access criterion or if the terminal does not have the decryption key K ecm of the cryptogram CW* Kecm .
  • the terminal accesses the program as in prior art.
  • the access management unit 4 When the access management unit 4 receives the ECM from the terminal 6 , it verifies if the terminal 6 has the rights necessary to access the received programs.
  • the access management unit has a database in which descriptions of rights that the operator sent to the subscriber terminal have been stored.
  • the access management unit thus checks the access criterion against rights that the subscriber has officially. This mode disables any check on the access criterion against illegal rights that the subscriber could have fraudulently loaded into its terminal.
  • the access management unit does a remote read of the content of the security processor of the terminal and checks the access criterion against the rights actually present in the terminal. This mode eliminates the need for the access management unit to support a database of rights of all subscribers and also makes it possible to check the content of security processors by checking the checksum or another similar method.
  • the access management unit When the check made by the access management unit on the rights of the terminal is successful, the access management unit returns a control parameter to the terminal to enable access to the content.
  • the access management unit 4 decrypts the cryptogram CW* Kecm using the key Kecm, recrypts the control word CW with the key K ter known specifically to the terminal and returns the cryptogram CW* Kter of the control word thus recrypted to the terminal (arrow 26 ).
  • the key K Ter is determined as a function of the identification of the terminal made by the access management unit while setting up the point-to-point link 12 using any authentication method according to the state of the art and external to the method.
  • the terminal sends ( 24 ) the cryptogram CW* Kecm extracted from the ECM to the access management unit only.
  • the access management unit 4 considers that the access criterion is implicitly always satisfied and only does the decryption/recryption of the control word CW.
  • the operator continues to control descrambling by the terminal through use of the specific key K Ter .
  • the check on the access criterion by the access control module 10 of the reception terminal 6 and the processing of the ECM by the access management unit 4 are done independently of each other at a time phasing defined by the operator.
  • the terminal 6 is typically provided with:
  • the access management unit 4 typically has:
  • Phases A, B and C illustrate the effect of the time phasing of the check on the access condition by the terminal on access to the program.
  • the ECM is sent to the access management unit 4 by the terminal 6 either because the terminal does not check the ECM, or because it has found a right satisfying the access condition but the control word is encrypted by the key K Oper that it does not have.
  • the program can be accessed during this period because the access management unit 4 observes that the access condition is satisfied. It sends the cryptogram CW* KTer of the control word encrypted with the key of the terminal, to the terminal.
  • the ECM is returned to the access management unit 4 either because the terminal 6 does not control the ECM, or because it has found an illegal right satisfying the access condition whereas it does not have the key K Oper .
  • Access to the program is prohibited during this period because the access management unit 4 observes that the access condition cannot be satisfied by the official rights of the terminal 6 . It does not send a cryptogram of the control word CW.
  • the ECM is not sent to the access management unit 4 because the terminal has the key K Diff used to decrypt the cryptogram CW* Kecm . If the terminal is in a time phasing in which it must control the access criterion (C 1 ), there is no access to the program because the access criterion CA Autre cannot be satisfied by a right available in the terminal. If the terminal does not control the access criterion (C 2 ), due to the time phasing, then the program can only be accessed by decryption of the control word. Obviously, this latter case C 2 must be avoided when the method is used, for example by forcing the control of the access criterion independently from the time phasing provided that the cryptogram CW* Kecm can be decrypted by the terminal.
  • Phases D and E illustrate the effect of time phasing of the check on the access condition by the access management unit 4 on access to the program.
  • the program is accessed either because the access management unit 4 does not check the access condition and by default considers it to be satisfied, or because this access management unit 4 checks the access condition and finds it satisfied.
  • the program is accessed because the access management unit 4 does not verify the access condition and by default considers it to be satisfied, whereas the terminal 6 uses an illegal right.
  • Phases K to P illustrate the effect of the time phasing of the check on the condition for joint access to the program by the terminal and by the access management unit, on access to the program.
  • access to the program is authorised because the access condition is shown to be satisfied by terminal 6 and/or by the access management unit 4 and possibly estimated satisfied by default by only one of these two modules.
  • At L access to the program is enabled because the access condition is observed to be satisfied by default by the terminal 6 and by the access management unit 4 . These two decisions are conforming with the access condition/official right combination.
  • access to the program is authorised because the access condition is actually observed to be satisfied by the terminal 6 and is observed to be satisfied by default by the access management unit 4 . In this case, the access management unit 4 does not detect that the terminal 6 is using an illegal right.
  • the access management unit 4 detects that the terminal 6 has an illegal right if the terminal 6 specifies to it that it has a valid right.
  • Access to the program is authorised because the access condition is considered to be satisfied by default by the terminal 6 and by the access management unit 4 .
  • the ECM is not sent to the access management unit 4 because the terminal has the key K Diff used to estimate the control word CW. Control by the access management unit is ineffective.
  • This phase is similar to the phase C described above and it must benefit from the same particular implementation to prevent access to the program when the terminal is not in control.
  • steps represented in the left part correspond to processing done by the terminal 6
  • steps shown in the right part correspond to processing done by the access management unit 4 .
  • the terminal 6 acquires the digital datastreams containing the video, audio and other components of the program and the ECM messages.
  • step 30 For each received ECM message (step 30 ), the terminal verifies if it is in a period in which it is required to control the access condition (step 32 ).
  • the test carried out in step 32 materializes the time phasing of the method at the terminal 6 . If the terminal is to do this check (arrow 34 ), the access condition contained in the ECM is compared with rights present in the terminal (step 36 ).
  • step 38 If no right satisfies the access condition (arrow 38 ), the processing done on the ECM is terminated, there is no access to the program and the terminal 6 waits for the next ECM message (step 30 ). If the access condition is satisfied by a right present in the terminal (arrow 40 ), the terminal 6 verifies (step 42 ) if it has the key Kecm that enables it to decrypt the control word CW. This step materializes activation of the method by the operator.
  • the terminal 6 If the terminal 6 has the key Kecm (arrow 44 ), it decrypts the control word CW (step 46 ) and can access the program by descrambling (step 48 ).
  • step 46 it decrypts (step 46 ) the control word CW if the verification is positive.
  • the terminal 6 then processes the access control.
  • the terminal 6 In the second case, the terminal 6 must systematically make use of the access management unit 4 . In this case, there can be no access to the program without the access management unit 4 checking the access condition.
  • the access management unit checks (step 60 ) if it is within a period in which it must check the access condition of the ECM.
  • the step 60 materializes the time phasing of the method at the access management unit 4 .
  • the access management unit 4 compares (step 64 ) this access condition with the rights of the terminal 6 .
  • the access management unit 4 makes this comparison starting from its own database of subscriber terminal rights without explicitly sending a query to the terminal 6 . Only legal rights are considered in this processing to agree to or to refuse access to programs. As a variant, it may also perform this comparison by making a remote query to the security processor of the terminal. In this case, the presence of illegal rights may be detected, for example by checksums on observed rights in this processor.
  • the access management unit 4 decrypts the control word CW of the ECM (step 70 ), encrypts the control word CW (step 72 ) obtained with a key Kter dedicated to the terminal 6 and sends (step 74 ) the cryptogram obtained to the terminal 6 .
  • This terminal decrypts (step 76 ) the control word CW with its dedicated key and descrambles ( 48 ) the program.
  • the access management unit 4 If the access management unit 4 considers that the access condition is not satisfied (arrow 78 ), in accordance with the rights of the terminal 6 , it will not provide the terminal 6 with the control word CW necessary to descramble the program.
  • the access management unit 4 in which the terminal 6 has specified, through the ECM and during step 52 , that it has a right satisfying the access condition, the access management unit 4 then correlates (step 84 ) this information with its own conclusion and it can detect (arrow 86 ) that the terminal 6 is attempting to illegally access the content and trigger (step 88 ) an appropriate processing for such an attempted fraud.
  • the method according to the invention can also be used in a context of reusing a content previously obtained using the method, for example for reading or redistribution of a stored content.
  • the parameter sent by the access management unit 4 to the terminal 6 is an ECM R message to be stored in the terminal with the content and comprising access criteria designed to check reuse of said content, for example reading or redistribution.
  • the ECM R message will be processed according to the method, depending on its composition, by calling the access management unit 4 , or according to prior art by the single terminal.
  • the method can also be applied to reinforce the access control in a DRM system.
  • the proposed method is applied by building up the license in a manner specific to the upstream system, such that the reception system cannot use this license without using the upstream system, the upstream system then being able to verify the right of the reception system to access the content considered, then if necessary recreating the license in a manner specific to this reception system.
  • FIG. 8 diagrammatically illustrates a distribution architecture of contents and/or services designated in the following as ⁇ contents >>, in which an operator 100 provides a scrambled content to a set of terminals ( 102 , 104 , 106 , 108 ) in a single entity, such as a single family household, containing several terminals to enable a subscriber to display different contents on several audiovisual receivers, as a function of different rights assigned to this subscriber by the operator.
  • the master terminal 102 and the slave terminals are provided with demodulation devices (DVB-S, DVB-C, DVB-T demodulator, IP modem, etc.) adapted to the distribution networks to which they are connected. Furthermore in this example, the master terminal 102 is provided with a security processor such as a smart card 109 and the slave terminals ( 104 , 106 , 108 ) do not have a smart card but they can access contents of the operator by connecting to the master terminal 102 through which they can obtain access to said contents.
  • demodulation devices DVD-S, DVB-C, DVB-T demodulator, IP modem, etc.
  • the master terminal 102 is provided with a security processor such as a smart card 109 and the slave terminals ( 104 , 106 , 108 ) do not have a smart card but they can access contents of the operator by connecting to the master terminal 102 through which they can obtain access to said contents.
  • the subscriber can use the master terminal 102 to access the contents in a conventional manner.
  • the master terminal 102 and the slave terminal 104 receive a scrambled content directly (arrows 105 ) from the operator 100 , the slave terminal 106 receives (arrow 107 ) a content through the master terminal 102 , the slave terminal 108 receives (arrow 110 ) a content stored in a local memory 111 of the master terminal 102 or in a local memory of the slave terminal 106 (arrow 112 ).
  • a slave terminal ( 104 , 106 , 108 ) may be provided with a smart card so that access control to contents is done partially by the slave terminal and partially by the master terminal, with time phasing controlled by the operator as described above.
  • FIG. 8 The architecture described in FIG. 8 is also applicable to other entities such as a home gateway or a collective antenna, without going outside the framework of the invention.
  • slave terminals 104 , 106 and 108 each have a point-to-point link (arrow 115 ) with the master terminal 102 , and return information extracted from the access condition associated with the content to said master terminal 102 through this point-to-point link, to enable a master terminal 102 to manage the access control to this content.
  • This architecture may also be extended to a cascade type organization of the terminals.
  • a slave terminal may be the master terminal of other slave terminals that are connected to it.
  • This extension capacity provides the means of building up particular functional topologies of terminals.
  • the limitation of such an architecture extension originates from response times induced by multiple cascades of terminals.
  • the slave terminals are equipped with a secure electronic chip with which they decrypt the cryptogram of the control word supplied by the master terminal.
  • the solution is equally well applicable to contents broadcast directly and to contents stored in advance by the master terminal 102 or by another slave terminal 106 .
  • the operator can define slave terminals authorised to be managed by the master terminal from his upstream system, thus introducing a domain concept. Thus, an unauthorised slave terminal will not be able to decrypt contents output from the master terminal.
  • the operator controls slave terminals authorised to operate with a master terminal by controlling distribution of the session key, as will be described later.
  • the operator can also limit the number of slave terminals that can call on a single master terminal by creating an explicit list containing identifiers of authorised or prohibited terminals.
  • control of a slave terminal depends on its authorization to use a point-to-point link set up with the master terminal. The operator can then choose the number of authorised terminals in the list.
  • Elimination of a slave terminal from the list of authorised terminals is also controlled by the operator typically by excluding this terminal from the list of slave terminals to which a new session key is sent.
  • Access by the master terminal to contents for use, recording or reading or these contents, is controlled in accordance with the method in FIG. 1 described above, using its smart card if the terminal has one and/or the operator's access management unit 4 .
  • the master terminal 102 returns at least one item of the information about said access condition to the access management unit 4 through the point-to-point link 12 .
  • This access management unit processes said information to allow or prevent use of the content by the master terminal 102 . This processing of the contents by the master terminal is not modified because slave terminals can request it elsewhere.
  • the master terminal 102 has an addition function by which it can be called upon by slave terminals 104 , 106 , 108 to check their access to contents. It can also be provided with the capability of transmitting contents that it receives (terminal 106 ) or contents that it has stored (terminal 108 ) to slave terminals. This operation is controlled by the operator by programming datastreams/services in the master terminal 102 that can be redirected to one (or all) slave terminals 104 , 106 or 108 .
  • a slave terminal receives contents/services directly (terminal 104 ) from the upstream source, for example through a satellite link, through (terminal 106 ) the master terminal, or after they have been stored (terminal 108 ) on another master or slave terminal.
  • the slave terminal 104 , 106 or 108 On reception of the content and the associated access condition (ECM), the slave terminal 104 , 106 or 108 is connected to the master terminal 102 through the communication channel 115 , and it transmits the ECM message to the master terminal 102 for processing. Since data sent to the master terminal 102 by the slave terminal 104 , 106 and 108 are encrypted, the communication channel 115 does not have to be
  • the master terminal 102 then submits the ECM to the smart card 109 that decrypts the control word CW if access conditions are satisfied, and locally re-encrypts it with a session key K S .
  • the master terminal 102 sends the control word CW thus locally re-encrypted to the slave terminal 104 , 106 or 108 .
  • the slave terminal 104 , 106 or 108 On reception of the control word CW thus re-encrypted, the slave terminal 104 , 106 or 108 submits the cryptogram of the CW to the secure electronic chip that decrypts it with the session key K S and applies the decrypted control word CW to the descrambler.
  • the operator can check if a slave terminal 104 , 106 or 108 is associated with the master terminal 102 by controlling the presence of the session key K S in this slave terminal.
  • a slave terminal with the right session key K S is capable of obtaining the control word CW and therefore decrypting the contents redistributed by the master terminal 102 or received directly.
  • the function of the secure electronic chip may be performed by a security processor such as a smart card or a software module without going outside the framework of the invention.
  • the method according to the invention is also applicable when the slave terminal 106 records the content in a local memory 120 instead of using it directly (typically for display). In this case, if the access conditions are satisfied, the master terminal 102 provides the slave terminal 106 with ECM messages to be saved with the datastream.
  • the slave terminal 106 or 108 calls upon the master terminal 102 to process the access conditions, in the same way as for a content processed on reception.
  • the session key designed to encrypt the control word CW that the master terminal 102 sends to the slave terminal 104 , 106 or 108 is known to the master terminal 102 and the slave terminals 104 , 106 and 108 in a single group of installed equipment.
  • This session key is loaded into terminals 102 , 104 , 106 , 108 when the installed equipment is being set up, during a step to initialize these terminals.
  • the operator loads this session key into the smart card of the master terminal 102 using a management message (EMM).
  • EMM management message
  • the operator also sends it to the slave terminal 104 , 106 or 108 , for example using an EMM message, to be stored in the secure electronic chip.
  • EMM management message
  • FIG. 9 diagrammatically illustrates a procedure for checking the authorization of a slave terminal to use the digital content.
  • an address @i is assigned to each installed terminal.
  • the terminals 102 and 104 with addresses @ 0 and @ 1 , respectively, have the same session key K 1 loaded by the operator while the terminal 106 with address @ 2 has another session key K 2 .
  • the slave terminal 104 may cooperate with the master terminal 102 , because it can decrypt the cryptogram CW* K1 with the key K 1 to obtain the control word CW.
  • the slave terminal 106 that has the session key K 2 cannot decrypt the cryptogram CW* K1 that will be sent to it by the master terminal 102 using the session key K 1 .
  • the method according to the invention can be used by a single master terminal to process one or several ECMs.
  • a terminal can call upon the access management unit 4 ( FIG. 1 ) to process the ECM channel that it will use to access a content. It can also call upon this access management unit 4 to simultaneously process several contents, which results in a corresponding number of ECM channels to be processed.
  • Simultaneous access to several contents by a single master terminal 102 may be normal. This is the case in which a program is composed of several components, for example such as one access condition for an image and the original soundtrack, another access condition for a different language, yet another for subtitles for persons hard of hearing. This is also the case when the terminal is a gateway terminal in other words equipment acting as an entry point into a single entity (for example a single household) and federating accesses of several terminals to distributed contents.
  • simultaneous access to several contents by a single master terminal 102 can be used to divert an official access and increase the number of unauthorized accesses to contents.
  • One possible means of detecting this fraudulent use consists of observing the number and type of requests made to the access management unit 4 by a single master terminal 102 during a given period, and depending on the context, diagnosing whether or not this terminal is being used fraudulently.
  • observation of the request type can be used to determine if the master terminal 102 submits a single ECM channel or several ECM channels to processing, and if several channels are processed, to determine whether the ECM channels are correlated (in other words are related to the same program) or are independent (in other words are related to different programs). The same is true for the observation that the master terminal repeats requests for access to a content for which it does not normally have access rights.
  • the number of requests thus stored is compared with a threshold beyond which the access management unit 4 diagnoses that it is a pirating attempt and it takes measures accordingly, such as stopping the transmission of data enabling access to the contents, to this terminal.
  • Acceptance of requests taking account of request types, determination of the observation period, adjustment of the threshold can all be varied depending on the permissivity or severity to be assigned to this check.
  • the master terminal can also use the same procedure to check that the slave terminal is being used normally.
  • a terminal as soon as a terminal cannot process an ECM to extract control words from it, it sends this ECM to the management unit 4 or to the master terminal 102 to obtain these control words so that it can decrypt the content.
  • this transfer/processing of an ECM is done occasionally or during each crypto-period.
  • the global duration of the ECM transfer/processing by the management unit 4 or by the master terminal 102 , seen from the reception terminal, must be less than the duration of one crypto-period, so that the terminal can have control words in time to descramble the content.
  • This condition on the global transfer/processing duration enables correct operation of the entire system during the ⁇ simple>> access to a content, in other words at normal speed with a crypto-period of the order of about 10 seconds as is usually done.
  • functions such as reading content stored in the terminal (PVR) or in the network (nPVR) or services such as VOD (Video On Demand) may allow the user the possibility of receiving a content at higher speeds than normal, either forwards or backwards ( ⁇ trick modes>>).
  • the apparent frequency of ECMs in the content increases and the apparent crypto-period duration reduces.
  • the result is that the time interval between two ECM submissions by the reception terminal to the management unit or to the master terminal reduces. Beyond a certain access speed to the content, the duration between two ECM submissions may be shorter than the global ECM transfer/processing duration. The system diverges and no longer functions.
  • the operator can reduce the length of the crypto-period to accelerate the renewal of control words and thus increase the difficulty of a brute force attack on cryptograms of control words or on the scrambled content, so as to strengthen protection of the content.
  • the duration between two ECM submissions becomes shorter than the global ECM transfer/processing duration.
  • the system diverges and no longer functions.
  • One way of overcoming this problem of divergence and malfunction of the system in particular usage cases is to reduce the frequency at which the reception terminal submits ECMs to the management unit 4 or to the master terminal 102 , while keeping part of the access control by the management unit 4 or the master terminal 102 .
  • This uses the method characteristic according to which the reception terminal occasionally sends ECMs to the management unit or to the master terminal.
  • the principle of this solution consists of breaking down the duration of the content into time segments, during each of which the reception terminal can process ECMs without calling upon the management unit or the master terminal.
  • the reception terminal when changing from one segment to another, the reception terminal must call upon the management unit or the master terminal to have information, typically the key necessary for decryption of control words or access certificates satisfying the content access criterion, enabling it to process ECMs during this new segment.
  • the terminal should call upon the management unit or the master terminal to obtain the decryption key of the control words for the next time segment, which means that it always satisfies the access condition, either by having the necessary access certificates, or by not checking this condition.
  • the method when the content is supplied to the reception terminal 6 by an operator with which an access management unit 4 is associated, the method includes a conditioning phase of the content by the operator and a usage phase of said content by the reception terminal.
  • the content conditioning phase includes the following steps:
  • each control word CW i,j is encrypted by the key K j ,
  • the content is then transmitted scrambled to the terminal during each time segment S j during each crypto-period CP i , with an ECM message comprising at least the cryptogram of the control word CW i,j encrypted with the current key K j , the data D j related to the current key K j , the data D j ⁇ 1 related to the previous key K j ⁇ 1 , and the data D j+1 related to the next key K j+1 .
  • the ⁇ current segment>> is the segment S j currently being received by the terminal; the associated key K j is called the ⁇ current key >>. It is understood that during forward access to the content, the terminal receives successive segments in the order . . . S j , S j+1 , S j+2 . . . , the segment S j+1 being the ⁇ next segment>> after segment S j in the content and using the ⁇ next key >> K j+1 , while in backward access to the content, the terminal receives successive segments in the order . . . S j , S j ⁇ 1 , S j ⁇ 2 . . . , segment S j ⁇ 1 being the ⁇ previous segment>> before segment S j in the content and using the ⁇ previous key>> K j ⁇ 1 .
  • the usage phase of the content uses three doublets, and the terminal was previously configured to store these doublets.
  • These doublets (K c , D c ), (K p , D p ), (K s , D s ) are composed of a current key KC and data D c related to this key, a previous key K p and related data D p , and a next key K s and related data D s respectively.
  • the usage phase includes the following steps on reception of each ECM message:
  • the terminal analyses the data D j contained in the ECM message and evaluates the correspondence with data available to it in the doublets.
  • the terminal decrypts the control words CW i,j with the key KC associated with this data D c in the corresponding doublet. In this case, the terminal does not request the management unit to do any complementary processing of the ECM.
  • the terminal decrypts the control words CW i,j with the key K p associated with the data D p in the corresponding doublet. This occurs by reading a content backwards when going onto the previous segment. Similarly, if the data D j contained in the ECM message corresponds to the data D s , the terminal decrypts control words CW i,j using the key K s . This occurs in forward reading of a content when going onto the next segment.
  • the terminal sends the received ECM message to the access management unit ( 4 ) that determines the current key K j from the data D j , the previous key K j ⁇ 1 from the data D j ⁇ 1 and the next key K j+1 from the data D j+1 , and sends these keys and their related data to the terminal that stores their corresponding values as new values of the keys K c , K p and K s and data D c , D p et D s related to these keys.
  • the combination of steps f), g) and h) is used to compensate for an excessive global transfer/processing time compared with the crypto-period, while maintaining control over access to the content by the management unit.
  • the presence of the current key K c in the terminal enables the terminal to decrypt control words without calling upon the management unit.
  • this key is only valid during the duration of the current segment (step f, use of the current key).
  • the terminal must use another decryption key.
  • the terminal already has this new key (step g, use of the previous key or the next key) so as to be able to descramble the content without any discontinuity.
  • the terminal must call upon the management unit to process the ECM so that it can update its system of keys (step h). On reception of the ECM following this update, it will then recentre itself on its new current key (return to step f).
  • step h On reception of the ECM following this update, it will then recentre itself on its new current key (return to step f).
  • step f On reception of the ECM following this update, it will then recentre itself on its new current key (return to step f).
  • descrambling continues even if duration of the supply of keys by the management unit is longer than the crypto-period, and the management unit maintains control over access to the content because the terminal must call upon it during each of the segments.
  • the terminal must satisfy the access condition, either by having access certificates or by not knowing this condition, because otherwise it would call upon the management unit for each ECM that would cause divergence of the system as mentioned above.
  • the management unit receives an ECM to determine the keys of the terminal, it can verify that the terminal actually has access certificates that satisfy the access criteria and not illegal certificates, as in the basic method.
  • the terminal returns the said received ECM message to the access management unit 4 through a point-to-point link.
  • the current key K j , the previous key K j ⁇ 1 and the next key K j+1 that the terminal must have in its doublets depending on the solution, are determined from data related to these keys present in the ECM.
  • the data related to the keys transmitted in the ECM include at least the cryptograms corresponding to said keys K j , K j ⁇ 1 and K j+1 that can be decrypted by a management key known exclusively to the management unit 4 .
  • data related to keys transmitted in the ECM include at least the identifiers S j , S j ⁇ 1 and S j+1 of the corresponding segments.
  • the keys K j , K j ⁇ 1 and K j+1 are determined by the management unit 4 starting from these segment identifiers.
  • the access management unit 4 determines the new keys K j , K j ⁇ 1 and K j+1 by searching in a database predefined from segment identifiers.
  • the access management unit 4 determines the new keys K j , K j ⁇ 1 and K j+1 by diversification of a root key from segment identifiers.
  • the terminal evaluates the correspondence between the received related data D j and the data D c , D p and D s available to it in its doublets.
  • this correspondence is based on segment identifiers being the same.
  • searching for correspondence consists of comparing key cryptograms.
  • data related to the keys are segment identifiers with successive numeric values . . . X ⁇ 2 , X ⁇ 1, X, X+1, X+2 . . .
  • data related to the keys are cryptograms of these keys and the management unit has a prior list of these cryptograms, in the same sequential order as the segments. When the cryptogram of key K j is located in this list, the cryptogram that precedes it is the cryptogram for key K j ⁇ 1 and the cryptogram that follows it is the cryptogram for key K j+1 .
  • the data D j ⁇ 1 related to the previous key K j ⁇ 1 is not used in ECM messages and the doublet (K p , D p ) corresponding to the previous segment may be deleted, without going outside the scope of the invention.
  • the doublet, (K p , D p ) corresponding to the previous segment may be replaced by several doublets associated with the previous n p successive segments and the doublet (K s , D s ) corresponding to the next segment may be replaced by several doublets associated with the next n s successive segments, without going outside the framework of the invention.
  • This extension of doublets means that the solution can be applicable even during access to the content at a speed such that the global transfer/processing time of the ECM might become greater than the apparent duration of one or several successive segments.
  • the number of previous doublets n p or next doublets n s then depends on the maximum required access speed to the content.
  • the solution described above may also be used when the scrambled content is distributed to a set of installed reception terminals comprising a master terminal ( 102 ) and at least one slave terminal ( 104 , 106 , 108 ) dependent on said master terminal ( 102 ).
  • the reception terminal is replaced by the slave terminal, and as seen from the slave terminal, the management unit is replaced by the master terminal.
  • processing of the ECM sent by the slave terminal to the master terminal to obtain new values of the (K c , D c ) (K p , D p) (K s , D s ) doublets is done by the master terminal itself that is provided with means similar to the means used in a management unit, for example such as a root key diversification function, a decryption function using a management key, a cryptograms database, depending on the implementation.
  • the master terminal ( 102 ) determines new values of the (K c , D c ), (K p , D p ), (K s , D s ) doublets to be sent to the slave terminal by sending the ECM message that it receives to a management unit ( 4 ) or to a master terminal on which it depends and towards which it behaves like a slave terminal, for processing.
  • the preferred solution described above consists of associating a different key with a segment, the access condition always being satisfied or not known by the terminal.
  • This solution can obviously also be applied to the case in which a different access condition is associated with each segment, the decryption key being unchanged and available in the terminal.
  • the data Dj are related to rights and the management unit supplies the rights necessary to access the current, next and previous segments to the terminal, instead of keys.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Technology Law (AREA)
  • Human Computer Interaction (AREA)
  • Storage Device Security (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Mobile Radio Communication Systems (AREA)
US12/094,786 2005-12-13 2006-08-18 Method of Controlling Access to a Scrambled Content Abandoned US20080301437A1 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
FR0553852A FR2894756B1 (fr) 2005-12-13 2005-12-13 Procede de controle d'acces a un contenu embrouille
FR05/53852 2005-12-13
FR0651130A FR2894757B1 (fr) 2005-12-13 2006-03-31 Procede de controle d'acces a un contenu embrouille
FR06/51130 2006-03-31
PCT/EP2006/065459 WO2007068507A2 (fr) 2005-12-13 2006-08-18 Procede de controle d'acces a un contenu embrouille

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2006/065459 A-371-Of-International WO2007068507A2 (fr) 2005-12-13 2006-08-18 Procede de controle d'acces a un contenu embrouille

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/235,872 Division US8488794B2 (en) 2005-12-13 2011-09-19 Method for access control to a scrambled content

Publications (1)

Publication Number Publication Date
US20080301437A1 true US20080301437A1 (en) 2008-12-04

Family

ID=37714643

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/094,786 Abandoned US20080301437A1 (en) 2005-12-13 2006-08-18 Method of Controlling Access to a Scrambled Content
US13/235,872 Active US8488794B2 (en) 2005-12-13 2011-09-19 Method for access control to a scrambled content

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/235,872 Active US8488794B2 (en) 2005-12-13 2011-09-19 Method for access control to a scrambled content

Country Status (10)

Country Link
US (2) US20080301437A1 (zh)
EP (1) EP1961223B1 (zh)
KR (1) KR101334763B1 (zh)
CN (1) CN102761784B (zh)
DK (1) DK1961223T3 (zh)
ES (1) ES2417141T3 (zh)
FR (1) FR2894757B1 (zh)
PL (1) PL1961223T3 (zh)
TW (1) TWI456997B (zh)
WO (1) WO2007068507A2 (zh)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090136039A1 (en) * 2007-11-22 2009-05-28 Samsung Electronics Co., Ltd. System and method of restricting recording of contents using device key of content playback device
WO2010149161A1 (en) * 2009-06-24 2010-12-29 Smartwi International A/S Access control system
US20100332819A1 (en) * 2009-06-26 2010-12-30 France Telecom Digital content access control
US20110161544A1 (en) * 2009-12-29 2011-06-30 Juniper Networks, Inc. Low latency serial memory interface
WO2011138333A1 (fr) 2010-05-04 2011-11-10 Viaccess Procedes de dechiffrement, de transmission et de reception de mots de controle, support d'enregistrement et serveur de mots de controle pour la mise en oeuvre de ces procedes
CN102750219A (zh) * 2011-04-22 2012-10-24 清华大学 基于cpu硬件性能监控计数器的cpi精确测量方法
US20120328099A1 (en) * 2011-06-22 2012-12-27 Nagrastar Llc Anti-splitter violation conditional key change
US20130031576A1 (en) * 2009-11-25 2013-01-31 Serela Card sharing countermeasures
EP2587827A1 (en) * 2011-10-31 2013-05-01 Nagravision S.A. Method and hybrid multimedia unit for descrambling a digital broadcast transport stream
US20130121485A1 (en) * 2010-07-23 2013-05-16 Mathieu Boivin Method for detecting an illicit use of a security processor
US20140147826A1 (en) * 2003-10-23 2014-05-29 Michael Anthony Soldavini System of publication and distribution of instructional materials and method therefor
US20140310779A1 (en) * 2013-04-10 2014-10-16 Spotify Ab Systems and methods for efficient and secure temporary anonymous access to media content
US20150007323A1 (en) * 2011-03-28 2015-01-01 Sony Corporation Information processing apparatus and method, and program
US9392319B2 (en) 2013-03-15 2016-07-12 Nagrastar Llc Secure device profiling countermeasures
US20160277367A1 (en) * 2015-03-20 2016-09-22 Nagravision S.A. Method and device to protect a decrypted media content before transmission to a consumption device
US20170093916A1 (en) * 2015-09-28 2017-03-30 BlueTalon, Inc. Policy enforcement system
US10250723B2 (en) 2017-04-13 2019-04-02 BlueTalon, Inc. Protocol-level identity mapping
US10291602B1 (en) 2017-04-12 2019-05-14 BlueTalon, Inc. Yarn rest API protection
US10367824B2 (en) 2016-03-04 2019-07-30 BlueTalon, Inc. Policy management, enforcement, and audit for data security
US10491635B2 (en) 2017-06-30 2019-11-26 BlueTalon, Inc. Access policies based on HDFS extended attributes
US20200213401A1 (en) * 2017-08-11 2020-07-02 Orange Management of communication between a terminal and a network server
US10803190B2 (en) 2017-02-10 2020-10-13 BlueTalon, Inc. Authentication based on client access limitation
US10972506B2 (en) 2015-12-10 2021-04-06 Microsoft Technology Licensing, Llc Policy enforcement for compute nodes
US11005889B1 (en) 2018-02-02 2021-05-11 Microsoft Technology Licensing, Llc Consensus-based policy management
US11146563B1 (en) 2018-01-31 2021-10-12 Microsoft Technology Licensing, Llc Policy enforcement for search engines
US11157641B2 (en) 2016-07-01 2021-10-26 Microsoft Technology Licensing, Llc Short-circuit data access
US11790099B1 (en) 2018-02-09 2023-10-17 Microsoft Technology Licensing, Llc Policy enforcement for dataset access in distributed computing environment

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2129116A1 (fr) 2008-05-29 2009-12-02 Nagravision S.A. Unité et méthode de traitement sécurisé de données audio/vidéo à accès contrôlé
WO2010037940A1 (fr) * 2008-10-02 2010-04-08 France Telecom Procede pour verifier l'acces a un contenu, terminal, module d'acces et dispositif fournisseur de guide electronique de services associes
US8782417B2 (en) 2009-12-17 2014-07-15 Nagravision S.A. Method and processing unit for secure processing of access controlled audio/video data
EP2337347A1 (en) * 2009-12-17 2011-06-22 Nagravision S.A. Method and processing unit for secure processing of access controlled audio/video data
EP2802152B1 (en) 2013-05-07 2017-07-05 Nagravision S.A. Method for secure processing a stream of encrypted digital audio / video data
FR3038415B1 (fr) 2015-07-01 2017-08-11 Viaccess Sa Procede de fourniture d’un contenu multimedia protege

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020092016A1 (en) * 2000-11-08 2002-07-11 Gero Offer Method for monitoring access to a restricted-access system, and a restricted-access system
US6532539B1 (en) * 1997-10-14 2003-03-11 Thomson Licensing S.A. Process for controlling access to a domestic network and device implementing the process
US20040088175A1 (en) * 2002-11-01 2004-05-06 Thomas Messerges Digital-rights management
US20040257470A1 (en) * 2003-01-20 2004-12-23 Philippe Leyendecker System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal
US20050071866A1 (en) * 2003-01-30 2005-03-31 Ali Louzir System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal
US6898285B1 (en) * 2000-06-02 2005-05-24 General Instrument Corporation System to deliver encrypted access control information to support interoperability between digital information processing/control equipment
US6904522B1 (en) * 1998-07-15 2005-06-07 Canal+ Technologies Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
US20060198519A9 (en) * 2002-11-05 2006-09-07 Candelore Brant L Digital rights management of a digital device
US20070150960A1 (en) * 2003-12-23 2007-06-28 Gilles Dubroeucq Method and system for conditional access applied to protection of content
US20070286422A1 (en) * 2006-05-26 2007-12-13 Syphermedia International Method and apparatus for supporting broadcast efficiency and security enhancements

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100436610B1 (ko) 1995-10-31 2004-09-23 코닌클리케 필립스 일렉트로닉스 엔.브이. 시간이동된조건부액세스
JP3449142B2 (ja) * 1996-12-06 2003-09-22 松下電器産業株式会社 画像縮小装置およびその制御方法
US20020114465A1 (en) 2000-01-05 2002-08-22 Shen-Orr D. Chaim Digital content delivery system and method
US7333610B2 (en) * 2000-08-11 2008-02-19 Nds Ltd System and method for pre-encryption of transmitted content
EP1182874A1 (en) * 2000-08-24 2002-02-27 Canal+ Technologies Société Anonyme Digital content protection system
TWI256263B (en) * 2001-11-21 2006-06-01 Nagravision Sa Method for controlling access to specific services from a broadcaster
US20030108202A1 (en) * 2001-12-12 2003-06-12 Clapper Edward O. Location dependent encryption and/or decryption
US20030200548A1 (en) * 2001-12-27 2003-10-23 Paul Baran Method and apparatus for viewer control of digital TV program start time
US7486793B2 (en) * 2002-02-15 2009-02-03 Nagracard S.A. Invoicing management method of a service transmitted per time unit
US7317797B2 (en) * 2002-06-07 2008-01-08 General Instrument Corporation Seamless switching between multiple pre-encrypted video files
JP3737798B2 (ja) * 2002-11-25 2006-01-25 株式会社東芝 送信装置、受信装置及び受信方法
US20050081051A1 (en) * 2003-10-09 2005-04-14 International Business Machines Corporation Mitigating self-propagating e-mail viruses
US7568111B2 (en) * 2003-11-11 2009-07-28 Nokia Corporation System and method for using DRM to control conditional access to DVB content
US7577844B2 (en) * 2004-03-17 2009-08-18 Microsoft Corporation Systems and methods for encoding randomly distributed features in an object

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6532539B1 (en) * 1997-10-14 2003-03-11 Thomson Licensing S.A. Process for controlling access to a domestic network and device implementing the process
US6904522B1 (en) * 1998-07-15 2005-06-07 Canal+ Technologies Method and apparatus for secure communication of information between a plurality of digital audiovisual devices
US6898285B1 (en) * 2000-06-02 2005-05-24 General Instrument Corporation System to deliver encrypted access control information to support interoperability between digital information processing/control equipment
US20020092016A1 (en) * 2000-11-08 2002-07-11 Gero Offer Method for monitoring access to a restricted-access system, and a restricted-access system
US20040088175A1 (en) * 2002-11-01 2004-05-06 Thomas Messerges Digital-rights management
US20060198519A9 (en) * 2002-11-05 2006-09-07 Candelore Brant L Digital rights management of a digital device
US20040257470A1 (en) * 2003-01-20 2004-12-23 Philippe Leyendecker System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal
US20050071866A1 (en) * 2003-01-30 2005-03-31 Ali Louzir System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal
US20070150960A1 (en) * 2003-12-23 2007-06-28 Gilles Dubroeucq Method and system for conditional access applied to protection of content
US20070286422A1 (en) * 2006-05-26 2007-12-13 Syphermedia International Method and apparatus for supporting broadcast efficiency and security enhancements

Cited By (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9665876B2 (en) * 2003-10-23 2017-05-30 Monvini Limited System of publication and distribution of instructional materials and method therefor
US20140147826A1 (en) * 2003-10-23 2014-05-29 Michael Anthony Soldavini System of publication and distribution of instructional materials and method therefor
US8526619B2 (en) * 2007-11-22 2013-09-03 Samsung Electronics Co., Ltd. System and method of restricting recording of contents using device key of content playback device
US20090136039A1 (en) * 2007-11-22 2009-05-28 Samsung Electronics Co., Ltd. System and method of restricting recording of contents using device key of content playback device
WO2010149161A1 (en) * 2009-06-24 2010-12-29 Smartwi International A/S Access control system
US20100332819A1 (en) * 2009-06-26 2010-12-30 France Telecom Digital content access control
US20150163204A1 (en) * 2009-06-26 2015-06-11 Orange Digital content access control
US8966239B2 (en) * 2009-06-26 2015-02-24 Orange Digital content access control having improved transmission bandwidth
US8949881B2 (en) * 2009-11-25 2015-02-03 Olivier Koemmerling Card sharing countermeasures
US20130031576A1 (en) * 2009-11-25 2013-01-31 Serela Card sharing countermeasures
US8452908B2 (en) * 2009-12-29 2013-05-28 Juniper Networks, Inc. Low latency serial memory interface
US20110161544A1 (en) * 2009-12-29 2011-06-30 Juniper Networks, Inc. Low latency serial memory interface
US8804965B2 (en) * 2010-05-04 2014-08-12 Viaccess Methods for decrypting, transmitting and receiving control words, recording medium and control word server to implement these methods
WO2011138333A1 (fr) 2010-05-04 2011-11-10 Viaccess Procedes de dechiffrement, de transmission et de reception de mots de controle, support d'enregistrement et serveur de mots de controle pour la mise en oeuvre de ces procedes
FR2959905A1 (fr) * 2010-05-04 2011-11-11 Viaccess Sa Procede de dechiffrement,de transmission et de reception de mots de controle, support d'enregistrement et serveur de mots de controle pour la mise en oeuvre de ces procedes
TWI477133B (zh) * 2010-05-04 2015-03-11 Viaccess Sa 控制字符之解密方法、傳送方法及接收方法以及用於這些方法之伺服器
US20130046969A1 (en) * 2010-05-04 2013-02-21 Viaccess Methods for decrypting, transmitting and receiving control words, recording medium and control word server to implement these methods
US20130121485A1 (en) * 2010-07-23 2013-05-16 Mathieu Boivin Method for detecting an illicit use of a security processor
US8885816B2 (en) * 2010-07-23 2014-11-11 Viaccess Method for detecting an illicit use of a security processor
US9514302B2 (en) * 2011-03-28 2016-12-06 Sony Corporation Information processing apparatus and method, and program
US20150007323A1 (en) * 2011-03-28 2015-01-01 Sony Corporation Information processing apparatus and method, and program
CN102750219A (zh) * 2011-04-22 2012-10-24 清华大学 基于cpu硬件性能监控计数器的cpi精确测量方法
US20120328099A1 (en) * 2011-06-22 2012-12-27 Nagrastar Llc Anti-splitter violation conditional key change
US9503785B2 (en) * 2011-06-22 2016-11-22 Nagrastar, Llc Anti-splitter violation conditional key change
US10091537B2 (en) 2011-10-31 2018-10-02 Nagravision S.A. Method and multimedia unit for processing a digital broadcast transport stream
CN103975604A (zh) * 2011-10-31 2014-08-06 纳格拉影像股份有限公司 用于处理数字广播传输流的方法和多媒体单元
WO2013064325A1 (en) * 2011-10-31 2013-05-10 Nagravision S.A. Method and multimedia unit for processing a digital broadcast transport stream
EP2587827A1 (en) * 2011-10-31 2013-05-01 Nagravision S.A. Method and hybrid multimedia unit for descrambling a digital broadcast transport stream
US9392319B2 (en) 2013-03-15 2016-07-12 Nagrastar Llc Secure device profiling countermeasures
US10992682B2 (en) * 2013-04-10 2021-04-27 Spotify Ab Systems and methods for efficient and secure temporary anonymous access to media content
US9787687B2 (en) * 2013-04-10 2017-10-10 Spotify Ab Systems and methods for efficient and secure temporary anonymous access to media content
US20210288967A1 (en) * 2013-04-10 2021-09-16 Spotify Ab Systems and methods for efficient and secure temporary anonymous access to media content
US20140310779A1 (en) * 2013-04-10 2014-10-16 Spotify Ab Systems and methods for efficient and secure temporary anonymous access to media content
US11658979B2 (en) * 2013-04-10 2023-05-23 Spotify Ab Systems and methods for efficient and secure temporary anonymous access to media content
US10313354B2 (en) 2013-04-10 2019-06-04 Spotify Ab Systems and methods for efficient and secure temporary anonymous access to media content
US20160277367A1 (en) * 2015-03-20 2016-09-22 Nagravision S.A. Method and device to protect a decrypted media content before transmission to a consumption device
US10075419B2 (en) * 2015-03-20 2018-09-11 Nagravision S.A. Method and device to protect a decrypted media content before transmission to a consumption device
US9866592B2 (en) * 2015-09-28 2018-01-09 BlueTalon, Inc. Policy enforcement system
US10277633B2 (en) 2015-09-28 2019-04-30 BlueTalon, Inc. Policy enforcement system
US20170093916A1 (en) * 2015-09-28 2017-03-30 BlueTalon, Inc. Policy enforcement system
US10965714B2 (en) 2015-09-28 2021-03-30 Microsoft Technology Licensing, Llc Policy enforcement system
US10972506B2 (en) 2015-12-10 2021-04-06 Microsoft Technology Licensing, Llc Policy enforcement for compute nodes
US10367824B2 (en) 2016-03-04 2019-07-30 BlueTalon, Inc. Policy management, enforcement, and audit for data security
US11157641B2 (en) 2016-07-01 2021-10-26 Microsoft Technology Licensing, Llc Short-circuit data access
US10803190B2 (en) 2017-02-10 2020-10-13 BlueTalon, Inc. Authentication based on client access limitation
US10291602B1 (en) 2017-04-12 2019-05-14 BlueTalon, Inc. Yarn rest API protection
US10250723B2 (en) 2017-04-13 2019-04-02 BlueTalon, Inc. Protocol-level identity mapping
US10491635B2 (en) 2017-06-30 2019-11-26 BlueTalon, Inc. Access policies based on HDFS extended attributes
US20200213401A1 (en) * 2017-08-11 2020-07-02 Orange Management of communication between a terminal and a network server
US11778036B2 (en) * 2017-08-11 2023-10-03 Orange Management of communication between a terminal and a network server
US11146563B1 (en) 2018-01-31 2021-10-12 Microsoft Technology Licensing, Llc Policy enforcement for search engines
US11005889B1 (en) 2018-02-02 2021-05-11 Microsoft Technology Licensing, Llc Consensus-based policy management
US11790099B1 (en) 2018-02-09 2023-10-17 Microsoft Technology Licensing, Llc Policy enforcement for dataset access in distributed computing environment

Also Published As

Publication number Publication date
FR2894757B1 (fr) 2008-05-09
FR2894757A1 (fr) 2007-06-15
WO2007068507A3 (fr) 2007-10-11
KR20080075875A (ko) 2008-08-19
EP1961223A2 (fr) 2008-08-27
TW200806034A (en) 2008-01-16
US20120008781A1 (en) 2012-01-12
DK1961223T3 (da) 2013-06-24
CN102761784B (zh) 2015-02-25
CN102761784A (zh) 2012-10-31
TWI456997B (zh) 2014-10-11
KR101334763B1 (ko) 2013-11-29
ES2417141T3 (es) 2013-08-06
WO2007068507A2 (fr) 2007-06-21
EP1961223B1 (fr) 2013-03-27
US8488794B2 (en) 2013-07-16
PL1961223T3 (pl) 2013-08-30

Similar Documents

Publication Publication Date Title
US8488794B2 (en) Method for access control to a scrambled content
KR100966970B1 (ko) 컨텐츠 방송용 보안 시스템에서 규정 비준수 키, 어플라이언스 또는 모듈의 폐기 리스트 갱신 방법
US9479825B2 (en) Terminal based on conditional access technology
US7480385B2 (en) Hierarchical encryption key system for securing digital media
US8831219B2 (en) Method of transmitting an additional piece of data to a reception terminal
KR100898437B1 (ko) 통신 네트워크에서 대칭 키를 관리하는 방법, 통신 디바이스 및 통신 네트워크에서 데이터를 처리하기 위한 디바이스
US7647641B2 (en) Method and system for conditional access applied to protection of content
US7660986B1 (en) Secure control of security mode
TWI452888B (zh) 記錄的多媒體內容之保護方法
EP2724546B1 (en) Receiver software protection
KR20060087459A (ko) 클라이언트 도메인 내에서의 디지털 콘텐츠의 이용을관리하기 위한 방법 및 이 방법을 실행하는 디바이스
KR100936458B1 (ko) 제1 도메인용으로 암호화한 데이터를 제2 도메인에 속한네트워크에서 처리하기 위한 디바이스 및 그 데이터를전송하는 방법
US7616763B2 (en) Validity verification method for a local digital network key
JP4521392B2 (ja) デコーダ及びスマートカードに関連した有料テレビジョンシステム、そのようなシステムにおける権利失効方法、及びそのようなデコーダに送信されたメッセージ
US20080086647A1 (en) Method and system for allowing customer or third party testing of secure programmable code
Kim Secure communication in digital TV broadcasting
CN101331767B (zh) 加扰内容的存取的控制方法
EP1222819B1 (en) System and method of verifying authorization for communicating protected content
KR101000787B1 (ko) 수신제한 소프트웨어 관리 시스템 및 그 관리 방법
JP2001128137A (ja) ストリームデータ送受信システムおよびその方法
KR102286784B1 (ko) Uhd 방송 콘텐츠 보안 시스템

Legal Events

Date Code Title Description
AS Assignment

Owner name: VIACCESS, FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:CHEVALLIER, ANTHONY;LANFRANCHI, STEPHANE;MAGIS, ERWANN;REEL/FRAME:020990/0683

Effective date: 20080401

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION