WO2001004727A1 - Generalized certificate processing for deployment module based copy protection systems - Google Patents
Generalized certificate processing for deployment module based copy protection systems Download PDFInfo
- Publication number
- WO2001004727A1 WO2001004727A1 PCT/EP2000/006371 EP0006371W WO0104727A1 WO 2001004727 A1 WO2001004727 A1 WO 2001004727A1 EP 0006371 W EP0006371 W EP 0006371W WO 0104727 A1 WO0104727 A1 WO 0104727A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- deployment module
- certificate
- appliance
- consumer appliance
- transmission point
- Prior art date
Links
- 238000012545 processing Methods 0.000 title claims abstract description 15
- 230000005540 biological transmission Effects 0.000 claims abstract description 58
- 238000000034 method Methods 0.000 claims abstract description 13
- 238000010200 validation analysis Methods 0.000 claims abstract description 4
- 230000001413 cellular effect Effects 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 4
- 101001091379 Homo sapiens Kallikrein-5 Proteins 0.000 description 2
- 102100034868 Kallikrein-5 Human genes 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8355—Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
Definitions
- This invention relates to a communication system and, more particularly, to certificate processing relating to a copy protection system for information transmitted between a deployment module, such as a point of deployment (POD) module, and a consumer appliance, such as a set-top box.
- a deployment module such as a point of deployment (POD) module
- POD point of deployment
- Digital transmission is used to receive and conduct numerous services and transactions, for example, to receive video, audio and data streams from a (cable television) service provider, such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per- View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services, hereinafter collectively known as "content”.
- a service provider such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per- View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services, hereinafter collectively known as "content”.
- some authority has the means of identifying pirate or illegal appliances, and when queried during an authentication process will evaluate the certificate and give instructions as to whether the appliance will be allowed to view copy protected content, or even, perhaps, be isolated from other authenticated appliances.
- This card is part of a conditional access system, with another part residing at the transmission point of the content.
- a transmission point of the content is also called a head-end.
- Content is scrambled at the transmission point, and then de-scrambled at the POD and then passed on to the consumer appliance itself.
- the conditional access system ensures that the consumer appliance only receives content for which the consumer has previously paid. It is at the interface between the POD and its associated consumer appliance that a copy protection system must be used, otherwise even paid-for content can be copied for illegal distribution.
- This copy protection system also uses a scrambling/de-scrambling scheme between the POD and the consumer appliance.
- a certificate embedded in the consumer appliance must be authenticated. If this certificate either cannot be authenticated or does not pass an authentication process, the conditional access system in the POD will be instructed not to de-scramble any content, even paid-for content.
- the transmission point can receive the certificate from a given consumer appliance for authentication and then provide instructions to the POD.
- any suitable digital certificate can be used, with the transmission point detecting the type of certificate and then performing the indicated computation.
- the POD in the case of a one-way transmission system where data can only be transmitted from the transmission point to the POD, the POD must play a greater role in the authentication process. Since the POD has fewer resources than the transmission point, heretofore it could only accommodate one certificate scheme.
- the POD requests the certificate from the associated consumer appliance, and obtains a consumer appliance authentication number from the received certificate. Combining this number with a certificate authentication code, which is embedded in its conditional access system, the POD causes a version of this information to be displayed on the display associated with the consumer appliance.
- the consumer then telephones an operator at the transmission point and relates the information displayed on the display appliance.
- the operator enters the information into the transmission point's computer system, and the information is used to authenticate the information supplied from the certificate.
- the transmission point sends a message to the consumer appliance's POD with authentication instructions.
- the POD validates the certificate, and, if both the authentication and validation processes yield a positive result, the copy protection scheme is initialized. If there is not a positive result, the copy protection scheme is not initialized and the POD conditional access system will not de-scramble paid-for content. Accordingly, known practices are limited such that in one-way transmission systems the POD is only able to validate one type of certificate. Thus, there is a clear and present need for an effective means to provide copy protection of content in one-way transmission systems that provides greater flexibility with regard to processing certificates, while minimizing additional cost and complexity.
- a certificate authentication code is transmitted to a deployment module on demand from a transmission point.
- This allows the deployment module to accommodate multiple types of certificates.
- the deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number.
- the transmission point selects an appropriate certificate authentication code and sends it to the deployment module.
- the authentication code includes, for example, a software program that takes a certificate as input and validates it. This transmission is protected by the existing conditional access system.
- the deployment module displays the authentication information on a display associated with the consumer appliance, which includes the type of certificate and information relating to the type of the deployment module. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
- the transmission point When the transmission point receives the above-mentioned authentication information, it decides on the authentication code that must be downloaded to the corresponding deployment module so that the deployment module can carry on the process of validating the particular certificate on the consumer appliance.
- the transmission of the authentication code is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized.
- FIG. 1 illustrates an exemplary system in accordance with the principles of the present invention
- FIG. 2 illustrates the authentication component of the exemplary system in
- FIG. 1 is an exemplary system according to the principles of the present invention in which generalized certificate processing for deployment module based copy protection systems is implemented. It will be recognized that FIG. 1 is simplified for explanation purposes and that the full system environment for the invention will comprise, for example, a cable, fiber or satellite service provider network or provisions for network reliability through redundancy, all of which need not be shown here.
- the system illustratively includes a consumer appliance 10, such as a set-top box, and a deployment module 12, such as a point of deployment (POD) module, a transmission point 14, such as a cable service provider, which communicate with each other through communication mediums 16 and 18 respectively.
- the communication mediums are, for example, wireless communications, electromagnetic card interfaces, optical communications, coax cables, telephone lines and the like.
- Deployment module 12 includes a processor 20 that has a conditional access module 22, a copy protection module 24 and a certificate authentication module 26. Deployment module 12 communicates with consumer appliance 10 via communication medium 18. Although deployment module 12 is described as a POD module, this arrangement is merely for convenience and it is to be understood that deployment modules are not limited to POD modules, per se. As used herein, the term “deployment module” refers to any type of (1) point of deployment module, (2) wireless, cellular or radio data interface appliance, (3) smartcard (4) personal computer, and (5) internet interface appliance, which facilitates the transfer of data, access remote services or engage in transactions and in which privacy and/or security is desired.
- Consumer appliance 10 includes a processor 22 that has a copy protection module 30. Alternatively, the copy protection module may be a separate unit coupled to processor 22. Consumer appliance 10 communicates with transmission point 14 via communication medium 16 .
- the display 32 associated with consumer appliance 10 is any displaying means such as a television, computer monitor, laptop computer, personal organizer (such as a PalmpilotTM) and the like. Communication also occurs between display 32 and the transmission point 14, for example, when a user views what's on the display and relays the information to an operator at the transmission point via a telephone call.
- consumer appliance 10 is not limited to any particular type device and its description as a set-top box is merely for convenience.
- the term “consumer appliance” refers to any type of (1) so-called “set-top box”, (2) wireless, cellular or radio data interface appliance, (3) personal computer, and (4) internet interface appliance, which: enables reception of data, allows access to remote services and facilitates remote transactions.
- Transmission point 14 includes a -processor 34 that has a conditional access module 36.
- the transmission point is any transmission facility such as a cable television service provider, Internet service/content provider, satellite service provider, television broadcast provider and the like.
- the processor can be any of a number of commercially available processors, for example that may include dedicated digital signal processors (DSPs), a central processing unit (CPU) and memory chips.
- DSPs digital signal processors
- CPU central processing unit
- FIG. 1 The embodiment shown in FIG. 1 is particularly useful for generalized certificate processing of POD-based copy protection systems, wherein a POD module and a set-top box are used in a service provider communications network, such as a cable television network.
- a conditional access system includes both conditional access modules 36 and 22, while a copy protection system includes both copy protection modules 30 and 24.
- Figure 2 shows an exemplary deployment module's authentication module for use in the embodiment of FIG.
- This authentication module includes a central processing unit (CPU) 20, a random access memory (RAM) 22, a non-volatile RAM 24, and an interconnecting bus 26.
- the non- volatile RAM contains the instructions for most of the authentication process as well as the serial number for the embedded conditional access system.
- the module's CPU executes these instructions.
- the authentication module obtains the consumer appliance's certificate, placing it in the module's RAM.
- the consumer appliance's serial number is extracted from the certificate along with the certificate type and sent along with the serial number for the local conditional access system and the type of the deployment module's CPU to the display controlled by the consumer appliance.
- the deployment module's authentication module 26 verifies a certificate obtained from consumer appliance 10.
- the deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number.
- the transmission point selects an appropriate authentication code and sends it to the deployment module.
- the authentication information is sent to the transmission point in any conventional manner, for example, the deployment module displays the authentication information on a display associated with the consumer appliance. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
- the transmission point If the transmission point has positively authenticated the consumer appliance, it transmits a piece of authentication program code (e.g. a software program), along with other conventional authentication information, to the deployment module where the code is used by the POD to validate the certificate.. This transmission is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized. Specifically, content or data scrambled by conditional access module 36 in transmission point 14 is transmitted to consumer appliance 10 and from there to the deployment module 12. Within the deployment module it is de-scrambled by the deployment module conditional access module 22. Thereafter it is scrambled again by the deployment module's copy protection module 24. The scrambled data is transmitted back to the consumer appliance 10 where its copy protection module 30 de-scrambles it.
- a piece of authentication program code e.g. a software program
- the deployment module is able to operate with multiple types of certificates.
- processors may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software.
- the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared.
- processor or “controller” should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, read-only memory (ROM) for storing software, random access memory (RAM), and non-volatile storage. Other hardware, conventional and/or custom, may also be included.
- DSP digital signal processor
- ROM read-only memory
- RAM random access memory
- non-volatile storage Other hardware, conventional and/or custom, may also be included.
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
Method and system for generalized digital certificate processing in a one-way transmission systems related to the copy protection of content transmitted between a deployment module, such as a POD module, and a consumer appliance, such as a set-top box, are disclosed by an arrangement in which a certificate authentication program code is transmitted to a deployment module on demand from a transmission point. This allows the deployment module to accommodate multiple types of certificates. In particular, the deployment module requests a digital certificate from the associated consumer appliance to retrieve a consumer appliance authentication number. Using the certificate along with information relating to the type of deployment module used, the transmission point selects an appropriate certificate authentication code and sends it to the deployment module. This authentication information is then used to complete the copy protection validation process.
Description
Generalized certificate processing for deployment module based copy protection systems
FIELD OF THE INVENTION
This invention relates to a communication system and, more particularly, to certificate processing relating to a copy protection system for information transmitted between a deployment module, such as a point of deployment (POD) module, and a consumer appliance, such as a set-top box.
BACKGROUND OF THE INVENTION
Digital transmission is used to receive and conduct numerous services and transactions, for example, to receive video, audio and data streams from a (cable television) service provider, such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per- View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services, hereinafter collectively known as "content".
Consequently, the digital transmission of content has generated the need for the copy protection of content. Recent proposed schemes for protecting digital content require appliances that receive digital content to possess digital certificates, so that these appliances may be authenticated.
Typically, some authority has the means of identifying pirate or illegal appliances, and when queried during an authentication process will evaluate the certificate and give instructions as to whether the appliance will be allowed to view copy protected content, or even, perhaps, be isolated from other authenticated appliances.
Recently, consumer appliances have become available for receiving digital content that have a separate security function embedded in a removable PC card also known a Point of Deployment (POD) Module (For additional details on POD modules, see SOCIETY OF CABLE TELECOMMUNICATIONS ENGINEERS, INC. (SCTE) Document: SCTE DVS 131 Rev. 7, entitled "Draft Point-of-Deployment (POD) Module
Interface Proposal" dated December 3, 1998, (hereinafter known as "DVS131r7"). This card is part of a conditional access system, with another part residing at the transmission point of the content. A transmission point of the content is also called a head-end.
Content is scrambled at the transmission point, and then de-scrambled at the POD and then passed on to the consumer appliance itself. The conditional access system ensures that the consumer appliance only receives content for which the consumer has previously paid. It is at the interface between the POD and its associated consumer appliance that a copy protection system must be used, otherwise even paid-for content can be copied for illegal distribution. This copy protection system also uses a scrambling/de-scrambling scheme between the POD and the consumer appliance.
In order for the copy protection scheme to be initialized, a certificate embedded in the consumer appliance must be authenticated. If this certificate either cannot be authenticated or does not pass an authentication process, the conditional access system in the POD will be instructed not to de-scramble any content, even paid-for content.
In the case of a two-way transmission system where data can be transmitted and received between a content transmission point and a POD, the transmission point can receive the certificate from a given consumer appliance for authentication and then provide instructions to the POD. In this case, any suitable digital certificate can be used, with the transmission point detecting the type of certificate and then performing the indicated computation.
However, in the case of a one-way transmission system where data can only be transmitted from the transmission point to the POD, the POD must play a greater role in the authentication process. Since the POD has fewer resources than the transmission point, heretofore it could only accommodate one certificate scheme.
In one-way transmission systems, the POD requests the certificate from the associated consumer appliance, and obtains a consumer appliance authentication number from the received certificate. Combining this number with a certificate authentication code, which is embedded in its conditional access system, the POD causes a version of this information to be displayed on the display associated with the consumer appliance.
The consumer then telephones an operator at the transmission point and relates the information displayed on the display appliance. The operator enters the information into the transmission point's computer system, and the information is used to authenticate the information supplied from the certificate.
Sometime later the transmission point sends a message to the consumer appliance's POD with authentication instructions. The POD then validates the certificate, and, if both the authentication and validation processes yield a positive result, the copy
protection scheme is initialized. If there is not a positive result, the copy protection scheme is not initialized and the POD conditional access system will not de-scramble paid-for content. Accordingly, known practices are limited such that in one-way transmission systems the POD is only able to validate one type of certificate. Thus, there is a clear and present need for an effective means to provide copy protection of content in one-way transmission systems that provides greater flexibility with regard to processing certificates, while minimizing additional cost and complexity.
SUMMARY OF THE INVENTION It is an object of the present invention to generalize deployment module processing in one-way transmission systems to accommodate multiple certificate schemes with only a modest amount of cost and extra processing.
The problems associated with certificate processing in one-way transmission systems related to copy protection of content transmitted between a deployment module, such as a POD module, and a consumer appliance, such as a set-top box, are reduced or overcome by an arrangement in accordance with the principles of the present invention in which a certificate authentication code is transmitted to a deployment module on demand from a transmission point. This allows the deployment module to accommodate multiple types of certificates. Specifically, the deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number. Using the certificate along with information relating to the type of deployment module used, the transmission point selects an appropriate certificate authentication code and sends it to the deployment module. The authentication code includes, for example, a software program that takes a certificate as input and validates it. This transmission is protected by the existing conditional access system.
In one illustrative embodiment, the deployment module displays the authentication information on a display associated with the consumer appliance, which includes the type of certificate and information relating to the type of the deployment module. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
When the transmission point receives the above-mentioned authentication information, it decides on the authentication code that must be downloaded to the corresponding deployment module so that the deployment module can carry on the process of validating the particular
certificate on the consumer appliance. The transmission of the authentication code is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized.
BRIEF DESCRIPTION OF THE DRAWING
The invention will be more readily understood after reading the following detailed description taken in conjunction with the accompanying drawing, in which:
FIG. 1 illustrates an exemplary system in accordance with the principles of the present invention; and FIG. 2 illustrates the authentication component of the exemplary system in
FIG.l.
DETAILED DESCRIPTION
FIG. 1 is an exemplary system according to the principles of the present invention in which generalized certificate processing for deployment module based copy protection systems is implemented. It will be recognized that FIG. 1 is simplified for explanation purposes and that the full system environment for the invention will comprise, for example, a cable, fiber or satellite service provider network or provisions for network reliability through redundancy, all of which need not be shown here. The system illustratively includes a consumer appliance 10, such as a set-top box, and a deployment module 12, such as a point of deployment (POD) module, a transmission point 14, such as a cable service provider, which communicate with each other through communication mediums 16 and 18 respectively. The communication mediums are, for example, wireless communications, electromagnetic card interfaces, optical communications, coax cables, telephone lines and the like.
Deployment module 12 includes a processor 20 that has a conditional access module 22, a copy protection module 24 and a certificate authentication module 26. Deployment module 12 communicates with consumer appliance 10 via communication medium 18. Although deployment module 12 is described as a POD module, this arrangement is merely for convenience and it is to be understood that deployment modules are not limited to POD modules, per se. As used herein, the term "deployment module" refers to any type of (1) point of deployment module, (2) wireless, cellular or radio data interface appliance, (3) smartcard (4) personal computer, and (5) internet interface appliance,
which facilitates the transfer of data, access remote services or engage in transactions and in which privacy and/or security is desired.
Consumer appliance 10 includes a processor 22 that has a copy protection module 30. Alternatively, the copy protection module may be a separate unit coupled to processor 22. Consumer appliance 10 communicates with transmission point 14 via communication medium 16 . The display 32 associated with consumer appliance 10 is any displaying means such as a television, computer monitor, laptop computer, personal organizer (such as a Palmpilot™) and the like. Communication also occurs between display 32 and the transmission point 14, for example, when a user views what's on the display and relays the information to an operator at the transmission point via a telephone call.
As with the deployment module 12, consumer appliance 10 is not limited to any particular type device and its description as a set-top box is merely for convenience. As used herein, the term "consumer appliance" refers to any type of (1) so-called "set-top box", (2) wireless, cellular or radio data interface appliance, (3) personal computer, and (4) internet interface appliance, which: enables reception of data, allows access to remote services and facilitates remote transactions.
Transmission point 14 includes a -processor 34 that has a conditional access module 36.The transmission point is any transmission facility such as a cable television service provider, Internet service/content provider, satellite service provider, television broadcast provider and the like.
The majority of logic, control, supervisory, translation functions required for the operation of deployment module 12, consumer appliance 10 and transmission point 14 is performed by their respective processors, each of which also includes programs to allow generalized certificate processing. The processor can be any of a number of commercially available processors, for example that may include dedicated digital signal processors (DSPs), a central processing unit (CPU) and memory chips.
The embodiment shown in FIG. 1 is particularly useful for generalized certificate processing of POD-based copy protection systems, wherein a POD module and a set-top box are used in a service provider communications network, such as a cable television network. In this embodiment, a conditional access system includes both conditional access modules 36 and 22, while a copy protection system includes both copy protection modules 30 and 24. However, it is to be understood that other conditional access systems and copy protection systems are equally applicable to the devices described above.
Figure 2 shows an exemplary deployment module's authentication module for use in the embodiment of FIG. This authentication module includes a central processing unit (CPU) 20, a random access memory (RAM) 22, a non-volatile RAM 24, and an interconnecting bus 26. The non- volatile RAM contains the instructions for most of the authentication process as well as the serial number for the embedded conditional access system. The module's CPU executes these instructions.
During the authentication process, the authentication module obtains the consumer appliance's certificate, placing it in the module's RAM. The consumer appliance's serial number is extracted from the certificate along with the certificate type and sent along with the serial number for the local conditional access system and the type of the deployment module's CPU to the display controlled by the consumer appliance.
Returning now to FIG. 1 , in operation, once the copy protection system has been initialized, as part of this initialization process, the deployment module's authentication module 26 verifies a certificate obtained from consumer appliance 10. The deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number. Using the authentication information (e.g. the certificate along with information relating to the type of deployment module used), the transmission point selects an appropriate authentication code and sends it to the deployment module. The authentication information is sent to the transmission point in any conventional manner, for example, the deployment module displays the authentication information on a display associated with the consumer appliance. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
If the transmission point has positively authenticated the consumer appliance, it transmits a piece of authentication program code (e.g. a software program), along with other conventional authentication information, to the deployment module where the code is used by the POD to validate the certificate.. This transmission is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized. Specifically, content or data scrambled by conditional access module 36 in transmission point 14 is transmitted to consumer appliance 10 and from there to the deployment module 12. Within the deployment module it is de-scrambled by the deployment module conditional access module 22. Thereafter it is scrambled again by the deployment
module's copy protection module 24. The scrambled data is transmitted back to the consumer appliance 10 where its copy protection module 30 de-scrambles it.
Advantageously, by downloading the certificate authentication program code on demand from the transmission point (and not embedding the certificate authentication program code in the deployment module), the deployment module is able to operate with multiple types of certificates.
Finally, it is to be understood that although the invention is disclosed herein in the context of particular illustrative embodiments, those skilled in the art will be able to devise numerous alternative arrangements. In particular, the functions of the various elements shown in the FIGS 1 and 2, including functional blocks labeled as "processors" may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared. Moreover, explicit use of the term "processor" or "controller" should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, read-only memory (ROM) for storing software, random access memory (RAM), and non-volatile storage. Other hardware, conventional and/or custom, may also be included. Such alternative arrangements, although not explicitly shown or described herein, embody the principles of the present invention and are thus within its spirit and scope.
Claims
1. A one-way transmission system for certificate processing relating to copy protecting, the system comprising: a deployment module (12); a consumer appliance (10) connected to the deployment module (12); a transmission point (14) connected to the consumer appliance; and wherein the deployment module (12) transmits a request to the consumer appliance (10) for a certificate, a portion of the information contained in the certificate and information relating to the type of deployment module (12) is sent to the transmission point (14), using the portion of the information contained in the certificate and information relating to the type of deployment module (12) the transmission point (14) selects a certificate authentication code and transmits it to the deployment module (12), the authentication code is used to complete a copy protection validation process.
2. The system of claim 1 wherein the authentication code includes a program for validating the certificate.
3. The system of claim 1 further including a display (32) for displaying the portion of the information contained in the certificate and information relating to the type of deployment module (12).
4. A method of processing a certificate in a one-way transmission system relating to copy protecting, the method comprising the step of:
(a) transmitting a request for a certificate from a deployment module (14) to a consumer appliance (10); (b) sending a portion of the certificate and information relating to the type of deployment module to a transmission point (14);
(c) selecting an authentication program code using the portion of the certificate and the information relating to the type of deployment module; (d) transmitting the authentication program code from the transmission point (14) to the deployment module (12); and
5. The method of claim 4 further including the step of (e) completing a copy protection validation process using the authentication program code.
6. The method of claim 4 further including the step of displaying the portion of the certificate and information relating to the type of deployment module on a display device connected to the consumer appliance (10).
7. The method of claim 6 wherein the displaying step is used to facilitate sending the portion of the certificate and information relating to the type of deployment module to the transmission point (14) in the sending step.
8. A deployment module (12) for use in a one-way transmission system with a consumer appliance (10) and a transmission point (14), the deployment module (12) comprising: means for communicating (20) with the consumer appliance (10); and a processor (20) for requesting a certificate from the consumer appliance (10), and in response to the receipt of the certificate transmitting a portion of the certificate and information relating to the type of deployment module to the consumer appliance, and receiving an authentication code from the transmission point (14) selected using the portion of the certificate and the information relating to the type of deployment module.
9. The deployment module (12) of claim 8 wherein the authentication code includes a program for validating the certificate.
10. The deployment module (12) of claim 8, wherein the deployment module (12) is selected from the group consisting of a point of deployment module, wireless data interface appliance, smartcard, personal computer or internet interface appliance.
11. The deployment module (12) of claim 10, wherein the consumer appliance (10) is selected from the group consisting of a set-top box, wireless, interface appliance, cellular interface appliance, radio interface appliance, personal computer, or internet interface appliance.
12. A consumer appliance (10) for use one-way transmission with a deployment module (12) and a transmission point (10), the consumer appliance (10) comprising: means for communicating (20) with the deployment module; and a processor for (20), in response to a request of a certificate, transmitting the certificate to the deployment module (12), receiving a portion of the certificate and information relating to the type of deployment module, facilitating the transfer of the portion of the certificate and information relating to the type of deployment module to a transmission point (14).
13. The consumer appliance (10) of claim 12, wherein the consumer appliance (10) is selected from the group consisting of a set-top box, wireless, interface appliance, cellular interface appliance, radio interface appliance, personal computer, or internet interface appliance.
14. The consumer appliance (10) of claim 14, further including a display (32) for displaying portion of the certificate and information relating to the type of deployment module.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2001510070A JP2003504949A (en) | 1999-07-09 | 2000-07-05 | Generalized certificate handling for deployment module based copy protection systems |
| EP00949268A EP1110134A1 (en) | 1999-07-09 | 2000-07-05 | Generalized certificate processing for deployment module based copy protection systems |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US14350099P | 1999-07-09 | 1999-07-09 | |
| US60/143,500 | 1999-07-09 | ||
| US55759900A | 2000-04-25 | 2000-04-25 | |
| US09/557,599 | 2000-04-25 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2001004727A1 true WO2001004727A1 (en) | 2001-01-18 |
Family
ID=26841090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/EP2000/006371 WO2001004727A1 (en) | 1999-07-09 | 2000-07-05 | Generalized certificate processing for deployment module based copy protection systems |
Country Status (3)
| Country | Link |
|---|---|
| EP (1) | EP1110134A1 (en) |
| JP (1) | JP2003504949A (en) |
| WO (1) | WO2001004727A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1110399A1 (en) * | 1999-07-09 | 2001-06-27 | Koninklijke Philips Electronics N.V. | System and method for copy protecting transmitted information |
| WO2002101524A2 (en) * | 2001-06-11 | 2002-12-19 | Matsushita Electric Industrial Co., Ltd. | License management server, license management system and usage restriction method |
| WO2003009112A1 (en) * | 2001-07-17 | 2003-01-30 | Matsushita Electric Industrial Co., Ltd. | Content usage device and network system, and license information acquisition method |
| EP1434119A2 (en) * | 2002-12-25 | 2004-06-30 | Victor Company Of Japan, Limited | License management method and license management system |
| GB2489672A (en) * | 2011-03-28 | 2012-10-10 | Sony Corp | Authentication certificate distribution to set top boxes |
| US10769275B2 (en) | 2017-10-06 | 2020-09-08 | Ca, Inc. | Systems and methods for monitoring bait to protect users from security threats |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0714204A2 (en) * | 1994-11-26 | 1996-05-29 | Lg Electronics Inc. | Illegal view and copy protection method in digital video system and controlling method thereof |
| WO1999012088A1 (en) * | 1997-09-02 | 1999-03-11 | Siemens Aktiengesellschaft | Method for controlling distribution and use of software products with network-connected computers |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS62276648A (en) * | 1986-05-26 | 1987-12-01 | Toshiba Corp | Copy prevention system for floppy disk |
| KR0166923B1 (en) * | 1995-09-18 | 1999-03-20 | 구자홍 | Method and apparatus of preventing an illegal watching and copying in a digital broadcasting system |
| PT891669E (en) * | 1996-04-01 | 2001-01-31 | Macrovision Corp | METHOD FOR CONTROLLING COPY PROTECTION ON DIGITAL VIDEO NETWORKS |
| US7336785B1 (en) * | 1999-07-09 | 2008-02-26 | Koninklijke Philips Electronics N.V. | System and method for copy protecting transmitted information |
-
2000
- 2000-07-05 EP EP00949268A patent/EP1110134A1/en not_active Ceased
- 2000-07-05 WO PCT/EP2000/006371 patent/WO2001004727A1/en not_active Application Discontinuation
- 2000-07-05 JP JP2001510070A patent/JP2003504949A/en not_active Ceased
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0714204A2 (en) * | 1994-11-26 | 1996-05-29 | Lg Electronics Inc. | Illegal view and copy protection method in digital video system and controlling method thereof |
| WO1999012088A1 (en) * | 1997-09-02 | 1999-03-11 | Siemens Aktiengesellschaft | Method for controlling distribution and use of software products with network-connected computers |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1110399A1 (en) * | 1999-07-09 | 2001-06-27 | Koninklijke Philips Electronics N.V. | System and method for copy protecting transmitted information |
| EP1110399B1 (en) * | 1999-07-09 | 2018-09-12 | Koninklijke Philips N.V. | System and method for copy protecting transmitted information |
| WO2002101524A2 (en) * | 2001-06-11 | 2002-12-19 | Matsushita Electric Industrial Co., Ltd. | License management server, license management system and usage restriction method |
| WO2002101524A3 (en) * | 2001-06-11 | 2004-04-22 | Matsushita Electric Ind Co Ltd | License management server, license management system and usage restriction method |
| US7103663B2 (en) | 2001-06-11 | 2006-09-05 | Matsushita Electric Industrial Co., Ltd. | License management server, license management system and usage restriction method |
| WO2003009112A1 (en) * | 2001-07-17 | 2003-01-30 | Matsushita Electric Industrial Co., Ltd. | Content usage device and network system, and license information acquisition method |
| CN100419616C (en) * | 2001-07-17 | 2008-09-17 | 松下电器产业株式会社 | Content usage device and network system, and license information acquisition method |
| US7725399B2 (en) | 2001-07-17 | 2010-05-25 | Panasonic Corporation | Content usage device and network system, and license information acquisition method |
| EP1434119A2 (en) * | 2002-12-25 | 2004-06-30 | Victor Company Of Japan, Limited | License management method and license management system |
| EP1434119A3 (en) * | 2002-12-25 | 2005-01-12 | Victor Company Of Japan, Limited | License management method and license management system |
| GB2489672A (en) * | 2011-03-28 | 2012-10-10 | Sony Corp | Authentication certificate distribution to set top boxes |
| US10769275B2 (en) | 2017-10-06 | 2020-09-08 | Ca, Inc. | Systems and methods for monitoring bait to protect users from security threats |
Also Published As
| Publication number | Publication date |
|---|---|
| EP1110134A1 (en) | 2001-06-27 |
| JP2003504949A (en) | 2003-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1110399B1 (en) | System and method for copy protecting transmitted information | |
| EP0739135B1 (en) | Data security scheme for point-to-point communication sessions | |
| US6975725B1 (en) | Method for standardizing the use of ISO 7816 smart cards in conditional access systems | |
| EP1441525B1 (en) | System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal | |
| US8503675B2 (en) | Cable television secure communication system for one way restricted | |
| WO2001022724A1 (en) | Multimedia digital terminal and detachable module cooperating with the terminal comprising an interface protected against copying | |
| US20120230435A1 (en) | Media Codec Devices Providing Universality for Encoded Signal Origination and Decided Signal Distribution | |
| KR20040066901A (en) | Method and system for conditional access | |
| KR100763209B1 (en) | Networked conditional access module | |
| US8782417B2 (en) | Method and processing unit for secure processing of access controlled audio/video data | |
| CN100372379C (en) | Conditional access control | |
| US10075770B2 (en) | Method for protecting decryption keys in a decoder and decoder for implementing said method | |
| FI94008B (en) | Video signal decoder system | |
| WO2001004727A1 (en) | Generalized certificate processing for deployment module based copy protection systems | |
| US20050071866A1 (en) | System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal | |
| US20140089964A1 (en) | Networked conditional access module | |
| JP5127109B2 (en) | Method and apparatus for allowing unconfirmed viewing time on addressable pay television | |
| US9210137B2 (en) | Local digital network, methods for installing new devices and data broadcast and reception methods in such a network | |
| EP2514215B1 (en) | Method and processing unit for secure processing of access controlled audio/video data | |
| CN1476724A (en) | Eneryption system of wired television network | |
| US20050198502A1 (en) | Digital broadcasting system and contents protection method using the same | |
| JPH09212457A (en) | Ciphering and deciphering device of digital bidirectional communication terminal | |
| KR102078454B1 (en) | Method for preventing copying of a multimedia device through an authentication server | |
| WO2007037672A1 (en) | A conditional access device | |
| JPH01245727A (en) | Decoder of charged system and method for setting its initial information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AK | Designated states |
Kind code of ref document: A1 Designated state(s): JP |
|
| AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
| WWE | Wipo information: entry into national phase |
Ref document number: 2000949268 Country of ref document: EP |
|
| ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2001 510070 Kind code of ref document: A Format of ref document f/p: F |
|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
| WWP | Wipo information: published in national office |
Ref document number: 2000949268 Country of ref document: EP |
|
| WWR | Wipo information: refused in national office |
Ref document number: 2000949268 Country of ref document: EP |
|
| WWW | Wipo information: withdrawn in national office |
Ref document number: 2000949268 Country of ref document: EP |