WO2005020533A1 - Verfahren zur automatisierten generierung von zugriffskontrollierten, personifizierten daten und/oder programmen - Google Patents
Verfahren zur automatisierten generierung von zugriffskontrollierten, personifizierten daten und/oder programmen Download PDFInfo
- Publication number
- WO2005020533A1 WO2005020533A1 PCT/CH2003/000579 CH0300579W WO2005020533A1 WO 2005020533 A1 WO2005020533 A1 WO 2005020533A1 CH 0300579 W CH0300579 W CH 0300579W WO 2005020533 A1 WO2005020533 A1 WO 2005020533A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- user
- access
- programs
- central unit
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25875—Management of end-user data involving end-user authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/2668—Creating a channel for a dedicated end-user group, e.g. insertion of targeted commercials based on end-user profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Definitions
- the invention relates to a system and a method for the automated generation of access-controlled, personalized data and / or programs, in which a user accesses a central unit by means of a communication device via a network and the access-controlled data and / or programs are transmitted to at least one communication device.
- LAN Local Area Network
- WAN Wide Area Network
- Internet via, for example, the public switched telephone network (PSTN: Public Switched Telephone Network) or a cellular network (PLMN: Public Land Mobile Network) such as GSM (Global System for Mobile Communication) or UMTS (Universal Mobile Telephone System) etc. etc.
- PSTN Public Switched Telephone Network
- PLMN Public Land Mobile Network
- GSM Global System for Mobile Communication
- UMTS Universal Mobile Telephone System
- personalized data are displayed and / or processed and / or modified other computer systems are made available.
- Personalized data include digital data such as text, graphics, images, animations, video, quick-time and sound recordings.
- MPx MP3
- MPEGx MPEG7
- an automated, simple and rational system and method are to be proposed in order to easily generate user-specific data (personalized data), to manage it and to make it available to the corresponding user.
- a user accesses a central unit by means of a communication device via a network and access-controlled data and / or programs are transmitted to at least one communication device, data records with data elements structured according to authorization classes being generated and in at least one source database is stored, the user being identified by the central unit and the user being assigned an authorization class by means of a user database, access request data for access to the data records of the at least one source database being transmitted from the communication device to the central unit via the network, and whereby by means of a filter module of the central unit based on the authorization class of the user and the access request data, the personalized, access-controlled data and / or programs are generated.
- the central unit can, for example, generate an HTML (Hyper Text Markup Language) and / or HDML (Handheld Device Markup Language) and / or WML (Wireless Markup Language) and / or VRML (Virtual Reality Modeling Language) to generate the personalized data. and / or ASP (Active Server Pages) module.
- HTML Hyper Text Markup Language
- HDML High-held Device Markup Language
- WML Wireless Markup Language
- VRML Virtual Reality Modeling Language
- ASP Active Server Pages
- the access request data is used to determine the user to which user and / or user classes the personalized, access-controlled data and / or programs are transmitted.
- This variant has the advantage that simply protected information can be transmitted to several different users (e.g. Kogress information etc.) without the client having to worry about authorization classes and / or access rights etc.
- the data are filtered according to the authorization class of the corresponding user by means of an additional filter module of the communication device.
- This embodiment variant shows advantages in particular if the personalized data and / or programs via a second unidirectional communication channel, such as e.g. a broadcast transmitter, to be transmitted to several communication devices simultaneously, or more generally if the personalized data and / or programs are to be transmitted to several users simultaneously.
- a second unidirectional communication channel such as e.g. a broadcast transmitter
- Each user can then independently filter and / or decrypt the data according to their authorization class.
- clearing data are transmitted from the central unit to a clearing module, which clearing data clearing Include data for the aforementioned access to the access-controlled, personalized data and / or programs.
- the authorization classes and / or a user profile can include access condition data, which defines a monetary value of a credit limit that can be defined by the user and / or the central unit, up to which credit limit automatic billing of the related, personalized data and / or programs takes place.
- a user profile is created based on the respective user behavior and stored assigned to the user, the access-controlled, personalized data and / or programs being generated and / or optimized based at least in part on the user profile.
- the user profile can e.g. Personalized data on network properties and / or data on hardware properties of the communication device of the user and / or data on user behavior.
- One advantage of this embodiment variant is that the user can manage and / or have several very different communication devices centrally managed. He can e.g. Send the access request to the central unit by means of a WAP and / or SMS-capable mobile radio device and, for example, later quickly access the provided, personalized data via a more convenient interface of a computer system.
- the access-controlled, personalized data and / or programs can be stored in a permanent data memory of the central unit so that they can be accessed by the user.
- This is particularly useful for design variants where the user can define several user profiles for different communication devices.
- One advantage of this embodiment variant is that the user can use it to centrally manage several very different communication devices. Thus, for example, via a fast interface of a computer system for the central unit, he can determine and manage the data to be made available for another communication device, such as a WAP and / or SMS-capable mobile radio device.
- the user is assigned different user profiles for different communication devices.
- This embodiment variant has the advantage, for example, that data can be conveniently requested and sent by a user to all participants of a meeting or another event according to their authorization class.
- the access request data are encrypted via a first bidirectional communication channel to the central unit and the access-controlled, personalized data and / or programs are encrypted and transmitted unidirectionally to the communication device.
- the first bidirectional communication channel can comprise at least one mobile radio network and / or the second unidirectional communication channel can include at least one broadcast transmitter.
- This variant has the advantage that the first communication channel (security channel) achieves a high level of security for the identification of the user and transmission of the access request data. A faster and possibly also cheaper broadband channel, the second unidirectional communication channel, can then be selected for the data throughput-intensive transmission.
- the present invention also relates to a system for carrying out this method. Furthermore, it is not limited to the system and method mentioned, but also relates to a computer program product for implementing the method according to the invention.
- FIG. 1 shows a block diagram which schematically reproduces the system and the method for the automated generation of access-controlled, personalized data and / or programs.
- a user 10, ..., 14 accesses a central unit 40 by means of a communication device 20, ..., 24 via a network 30/31 and the access-controlled data and / or programs are accessed by at least one communication device 10, ..., 14 transferred.
- FIG. 1 schematically illustrates an architecture that can be used to implement the invention.
- a user 10, ..., 14 accesses a central unit 40 by means of a communication device 20, ..., 24 via a network 30/31, with access-controlled data and / or programs accessing at least one communication device 10, .. ., 14 are transmitted.
- the network 30/31 can comprise a communication network, such as a GSM or a UMTS network, or a satellite-based mobile radio network, and / or one or more fixed networks, for example the publicly switched telephone network, the worldwide Internet or a suitable LAN ( Local Area Network) or WAN (Wide Area Network). In particular, it also includes ISDN and XDSL connections.
- the connection between the receiving device 20,..., 24 and the central unit 40 can also be established via various data channels and not only directly via the described communication networks 30/31.
- the data can, for example, between the receiving device 20, ..., 24 and the central unit 40 via an interface (for example a wireless interface, such as an infrared interface or Bluetooth) to a data terminal, and from the data terminal via a communication network, or by means of a to a data terminal introduced removable chip card of the receiving device 20, ..., 24 are transmitted to the central unit 40 via this data terminal and a communication network 30/31.
- the receiving device 20,... 24 and the central unit 40 each comprise a communication module.
- the communication modules can be used to exchange data via the 30/31 communication network.
- the communication network 30/31 comprises, for example, a mobile radio network, for example a GSM, GPRS or UMTS network or another, for example satellite-based, mobile radio network, or a fixed network, for example an ISDN network, the public switched telephone network. network, a TV or radio cable network, or an IP network (Internet Protocol).
- the communication module comprises a mobile radio module for communication via a mobile radio network 31 and / or WLAN.
- Access-controlled data and / or programs are understood to mean, for example, digital data such as texts, graphics, images, maps, animations, moving images, video, quick-time, sound recordings, programs (software), program-related data and hyperlinks or references to multimedia data , These also include, for example, MPx (MP3) or MPEGx (MPEG4 or 7) standards as defined by the Moving Picture Experts Group.
- the user's communication device 20,..., 24 can be, for example, a PC (personal computer), TV, PDA (personal digital assistant) or a mobile radio device (in particular, for example, in combination with a broadcast receiver).
- the data records 421,..., 423 are generated with data elements 4211,..., 4214 structured according to authorization classes and stored in at least one source database 42.
- data can be stored at different locations in different networks or locally accessible for the central unit 40.
- the latter networks can be, for example, a LAN (Local Area Network) or a WAN (Wide Area Network), the Internet, broadcast cable networks, PSTN, PLMN or similar.
- the data records 421, ..., 423 can be extracted, for example, using a content-based indexing technique and can include keywords, synonyms, references to multimedia data (for example also hyperlinks), image and / or sound sequences, etc.
- Such systems are known in a wide variety of variations in the prior art. Examples of this are US Pat. No. 5,414,644, which describes a three-file indexing technique, or US Pat. No.
- the data records 421 423 can also be generated at least partially dynamically (in real time) based on user data from an access request, that is to say not only based on data from the source database 42.
- the user 10, ..., 14 is identified by the central unit 40, the user 10, ..., 14 being assigned an authorization class by means of a user database 45.
- Personal identification numbers (PIN) and / or so-called smart cards can be used for identification. Smart cards normally require a card reader in the communication device 20, ..., 24. In both cases, the name or another identification of the user 10, ..., 14 and the PIN are transmitted to the central unit 40 or a trusted remote server.
- An identification module 44 or authentication module 44 decrypts (if necessary) and checks the PIN via the user database 45. Credit cards can also be used as a variant for identifying the user 10,..., 14. If the user 10, ..., 14 uses his credit card, he can also enter his PIN.
- the magnetic stripe of the credit card contains the account number and the encrypted PIN of the authorized holder, ie in this case user 10, ..., 14.
- Decryption can take place directly in the card reader itself, as is customary in the prior art. Smart cards have the advantage that they allow greater security against fraud by additionally encrypting the PIN. This encryption can either be done using a dynamic numeric key, which contains time, day or month, or another algorithm. The decryption and identification does not take place in the device itself, but externally via the identification module 45.
- Another possibility is a chip card inserted directly into the communication device 20,..., 24.
- the chip card can be, for example, SIM cards (Subscriber Identification Module) or smart cards, with a number being assigned to the chip cards.
- the assignment can be made, for example, via an HLR (Home Location Register) by storing the IMSI (International Mobile Subscriber Identification) assigned to a phone number, for example an MSISDN (Mobile Subscriber ISDN), in the HRL.
- IMSI International Mobile Subscriber Identification
- MSISDN Mobile Subscriber ISDN
- a clear identification of the user 10, ..., 14 is then possible via this assignment.
- the user 10, ..., 14 transmits access request data for access to the data records 421, ..., 423 of the at least one source database 42 from the communication device 20 24 via the network 30/31 to the
- the access request data are checked in the central unit 40 and the desired personalized, access-controlled data and / or programs are then generated using a filter module 41 based on the authorization class of the user 10,..., 14 and the access request data.
- the personalized data can be, for example, in HTML (Hyper Text Markup Language) and / or HDML (Handheld Device Markup Language) and / or WML (Wireless Markup Language) and / or VRML (Virtual Reality Modeling Language) and / or ASD (Active Server Pages ) are generated and transmitted. This can be done, for example, by means of a corresponding hardware and / or software module of the central unit 40.
- the advantage of Active Server technology is, among other things, that it allows a dynamic access interface and / or surface to be generated for so-called access on demand.
- Other technologies with similar advantages are of course just as conceivable.
- the personalized, access-controlled data and / or programs can also be provided with an electronic stamp, an electronic signature or an electronic watermark by means of the filter module 41.
- the electronic signature allows the personalized, access-controlled data and / or programs to be added at any later time Assign time to the user 10, ..., 14 who obtained it from the central unit 40. This can prevent the abuse of personalized, access-controlled data and / or programs by the user 10 14.
- the data of the corresponding user 10, ..., 14 can also be filtered in the communication device 20, ..., 24, for example also according to the authorization class.
- the central unit 40 can generate a data token and transmit it to the receiving device 20,..., 24, a data token in each case data on a corresponding key for the access-controlled encrypted programs and / or data or an access permission to a key for decrypting access-controlled programs and / or data.
- the different data elements 4211, ..., 4214 of the data records 421, ..., 423 can, for example, not only be structured according to authorization classes, but can also be encrypted using different keys. This can be an additional filter module of the communication device 20, ..., 24, the data of the corresponding user 10, ..., 14 can also be filtered in the communication device 20, ..., 24, for example also according to the authorization class.
- the central unit 40 can generate a data token and transmit it to the receiving device 20,..., 24, a data token in each case data on a corresponding key for the access-controlled encrypted programs and / or data
- This embodiment variant has particular advantages if the personalized data and / or programs, for example, via a second unidirectional communication channel, such as e.g. a broadcast transmitter to be transmitted to a plurality of communication devices 20 24 at the same time.
- the access-controlled data and / or programs are transmitted from the central unit 40 to the at least one communication device 10,..., 14.
- the data can be transmitted automatically (e.g. after the access request has been made), for example in a push-down process as a data stream or with corresponding transfer protocols, etc. from the central unit 40 to the communication device 10,..., 14.
- the access-controlled, personalized data and / or programs can e.g. also be stored in a permanent data memory 46 of the central unit 40 so that it can be accessed by the user 10,..., 14, so that he can access the data with the communication device 10 14 at any later point in time.
- a permanent data memory 46 of the central unit 40 so that it can be accessed by the user 10,..., 14, so that he can access the data with the communication device 10 14 at any later point in time.
- Embodiment additionally clearing data from the central unit 40 on Clearing module 43 are transmitted, which clearing data include billing data for said access to the access-controlled, personalized data and / or programs.
- the clearing data can include clearing documents (for example electronically signed), similar to CDR documents (Call Data Records) as so-called DUR documents (DAB / DVB Usage Records), which are transmitted to the clearing module 43 via the central unit 40.
- the clearing module 43 does not necessarily have to be integrated into the central unit 40, but rather can be connected to the central unit 40 as an independent unit via a communication network 30/31.
- the clearing data includes clearing data with clearing parameters for debiting or crediting monetary amounts to the user and / or the provider in accordance with the related access-controlled programs and / or data
- the costs for access are calculated by the central unit 40 and the clearing of the monetary values via the financial institutions - credited to a corresponding account (sponsorship is also possible for the user) or debited. This can also be done before, after or at certain intervals (eg periodically) while the user is accessing the access-controlled data.
- the central unit 40 can also have the debit and / or credit note when the said access is charged for the amount of money 0.
- the user can also receive monetary values or other services credited, for example by viewing an advertising block integrated in the transmitted data.
- the clearing data for example periodically (for example with GSM / SMS, GSM / USSD, GPRS or UMTS) or each time a defined value of a monetary value or a defined time window is reached, can be sent to the central unit 40 or from the central unit 40 the communication device 20, ..., 24 are transmitted.
- the solvency of the relevant user 10,..., 14 can also be checked by the central unit 40 at a financial institution.
- the predefined value of the monetary value can be stored, for example, in a data memory of the receiving device 20, ..., 24.
- the credit or debit can be made before or after (prepaid / postpaid) the monetary value has been reached.
- the stored monetary value corresponds to a credit limit which, depending on the option, for example by the central unit 40 or the clearing module 43 is set.
- the calculation of the costs and their comparison with a predefined monetary value can be carried out by a cost recording module of the receiving device 20, ..., 24. This calculates the costs for access to the access-controlled programs and / or data based on cost data transmitted by the central unit 40.
- the cost recording module is, for example, a programmed software module, which is executed on a processor of the receiving device 40 or a chip card, or a hardware-implemented module.
- the chip card can be, for example, a multifunctional SIM card taking into account the MexE specifications (Mobile Station Application Execution Environment).
- the central unit 40 can create a user profile based on the respective user behavior and store it assigned to the user 10,..., 14, the access-controlled, personalized data and / or programs being generated and / or optimized based at least in part on the user profile.
- user-specific data on network properties and / or data on hardware properties of the communication device of the user 10,..., 14 and / or data on user behavior can be stored in the user profile.
- different user profiles for different communication devices (20, ..., 24) can, for example, also be stored associated with a user 10, ..., 14.
- the user profiles mentioned can be created automatically, for example, by means of the central unit 40 based on the respective user behavior and / or on the basis of user information of the user 10,.
- the central unit 40 can generate user-specifically optimized data and / or programs according to the user profile using the data of the at least one source database 42.
- the user profile for example, remains permanently assigned to a specific user in the central unit 40 or is created, for example, each time an access request is made.
- the user profile can in particular also include re-use conditions data which can be determined by the user 10, ..., 14 and / or the central unit 40 and / or authorized third parties (such as the providers of chargeable and / or copyrighted multimedia data etc.).
- the communication between the central unit 40 and the communication device 20,..., 24 can also take place, for example, via a plurality of communication channels instead of via a bidirectional communication channel.
- the access request data can be transmitted to the central unit 40 via a first bidirectional communication channel (for example a protected channel / security channel), the user 10,..., 14 being identified.
- a first bidirectional communication channel for example a protected channel / security channel
- the access-controlled, personalized data and / or programs are encrypted and transmitted unidirectionally to the communication device 20 24 via a second communication channel (broadband channel).
- the first bidirectional communication channel for example a protected channel / security channel
- Communication channel can include, for example, at least one mobile radio network 31.
- the second unidirectional communication channel can comprise, for example, at least one broadcast transmitter.
- the broadcast transmitter transmits the programs and / or data unidirectionally to receiving devices 20 24, for example by means of radio waves from a terrestrial or satellite-based broadcast transmission antenna via an air interface, or via broadcast cable networks.
- the operator of the central unit 40 can also include the various aspects in their common distinction, such as the broadcast content provider (responsible for the broadcast program), the broadcast service provider (packaging etc.) and the broadcast network provider (broadcasting, responsible for the conditional access) Etc.).
- broadcast receiver 24 is equipped with a broadcast receiver, by means of which the programs and / or data distributed by the broadcast transmitter can be received via broadcast channels, for example via the broadcast cable network or by means of a receiving antenna as radio waves via the air interface.
- Broadcast systems with such broadcast transmitters and broadcast receivers are known, for example, under the name Digital Audio Broadcasting (DAß) or Digital Video Broadcasting (DVB).
- DAß Digital Audio Broadcasting
- DVD Digital Video Broadcasting
- these services and service components are audio programs and / or data (services), in connection with DVB video or television programs, and / or data ( -services)) for authorized users, mechanisms for access-controlled programs and / or data (services), the so-called conditional access, are defined in the ETSI standard.
- the above-mentioned ETSI standards include scrambling / descrambling procedures (encryption / decryption), parameters for signaling and synchronization of conditional access as well as mechanisms for the control and distribution of authorizations (authorization data for users) through the transmission of so-called ECM - Messages (Entitlement Checking Messages) and EMM messages (Entitlement Management Messages) via the broadcast channels (broadcast cable network or air interface).
- conditional access flag and / or a conditional access identifier can be used for each of the service components transmitted via broadcast channels in order to indicate to the broadcast receiver whether or not the service component in question is using conditional access mechanisms and, if appropriate, what type of mechanisms are used .
- conditional access mechanisms For service components that are in a controlled access mode and that are referred to in this text as access-controlled programs and / or data, the data of the service component in question (which may relate to programs and / or data) are encrypted with a control word, this control Word is changed regularly and, in turn, encrypted by a session key (key) in the ECM messages is transmitted to the broadcast receiver.
- An access control system of the receiving device 20,..., 24 is identified by the conditional access identifier, which access control system can interpret and process the ECM and EMM messages transmitted by the broadcast transmitter.
- the encrypted, access-controlled programs and / or data in the receiving device 20, .. ., 24 are decrypted when access condition data of the access-controlled programs and / or data received via the broadcast channel match user authorization data.
- broadcast data can also transmit cost data to the receiving device 20 24, namely program costs for the access-controlled programs and / or data that are available for spontaneous payment per service, and / or costs per unit of time or calculation unit for the access-controlled programs and / or data that are used for the spontaneous payment per time unit or calculation unit and per service are available.
- a calculation unit can be, for example, a time unit, a logical unit, such as an entire video film or an entire piece of music, etc., or a transferred amount of data.
- the received access condition data can also include any other access conditions for access to the access-controlled programs and / or data.
- the unencrypted programs or data can be reproduced, for example, via a processing module of the receiving device 20 24 and from there via electroacoustic transducers or respective display units, to the user 10, ..., 14 of the receiving device 20, ..., 24.
- users 10, ..., 14 can use the access request data to determine to which users 10, ..., 14 and / or user classes the personal, access-controlled data and / or programs are to be transmitted ,
- the user 10,..., 14 to whom the data are transmitted need not necessarily be the same as the user 10 14 who transmitted the access request data to the central unit 40.
- Certain user groups for sending personalized, access-controlled data and / or programs can also be blocked by the central unit 40 based on the authorization class of a user 10, ..., 14.
- data can, for example, be conveniently sent by a user to all participants from a meeting or another event according to their authorization class.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Bioethics (AREA)
- Computer Graphics (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA038269724A CN1820478A (zh) | 2003-08-26 | 2003-08-26 | 用于自动产生访问受控的个性化数据和/或程序的方法 |
US10/568,581 US20070029379A1 (en) | 2003-08-26 | 2003-08-26 | Method of automated generation of access controlled, personalized data and/or programs |
PCT/CH2003/000579 WO2005020533A1 (de) | 2003-08-26 | 2003-08-26 | Verfahren zur automatisierten generierung von zugriffskontrollierten, personifizierten daten und/oder programmen |
JP2005508137A JP2007507012A (ja) | 2003-08-26 | 2003-08-26 | アクセスを規制された個人化データおよび/またはプログラムの自動生成方法 |
EP03818257A EP1658711A1 (de) | 2003-08-26 | 2003-08-26 | Verfahren zur automatisierten generierung von zugriffskontrollierten, personifizierten daten und/oder programmen |
AU2003250727A AU2003250727A1 (en) | 2003-08-26 | 2003-08-26 | Method for automated generation of access controlled, personalized data and/or programs |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CH2003/000579 WO2005020533A1 (de) | 2003-08-26 | 2003-08-26 | Verfahren zur automatisierten generierung von zugriffskontrollierten, personifizierten daten und/oder programmen |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005020533A1 true WO2005020533A1 (de) | 2005-03-03 |
Family
ID=34200825
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CH2003/000579 WO2005020533A1 (de) | 2003-08-26 | 2003-08-26 | Verfahren zur automatisierten generierung von zugriffskontrollierten, personifizierten daten und/oder programmen |
Country Status (6)
Country | Link |
---|---|
US (1) | US20070029379A1 (de) |
EP (1) | EP1658711A1 (de) |
JP (1) | JP2007507012A (de) |
CN (1) | CN1820478A (de) |
AU (1) | AU2003250727A1 (de) |
WO (1) | WO2005020533A1 (de) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006133032A1 (en) * | 2005-06-06 | 2006-12-14 | Lucent Technologies Inc. | Signal distribution system with user-defined channel comprising information from an external network |
WO2008016416A2 (en) * | 2006-08-01 | 2008-02-07 | Sbc Knowledge Ventures, L.P. | System and method of providing community content |
CN101888341A (zh) * | 2010-07-20 | 2010-11-17 | 上海交通大学 | 在分布式多信任域环境下基于可计算信誉度的访问控制方法 |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2864391B1 (fr) * | 2003-12-19 | 2006-03-17 | Viaccess Sa | Procede de protection contre le detournement d'un multiplex et systeme de diffusion pour mettre en oeuvre ce procede |
US7587186B2 (en) * | 2006-04-14 | 2009-09-08 | Robert Bosch Gmbh | Method for the radio transmission of traffic messages and radio receiver |
US9071859B2 (en) | 2007-09-26 | 2015-06-30 | Time Warner Cable Enterprises Llc | Methods and apparatus for user-based targeted content delivery |
US8099757B2 (en) | 2007-10-15 | 2012-01-17 | Time Warner Cable Inc. | Methods and apparatus for revenue-optimized delivery of content in a network |
US20090165032A1 (en) * | 2007-12-21 | 2009-06-25 | Ibiquity Digital Corporation | Method And Apparatus For Managing Broadcasting Services Using Broadcast Tokens |
AU2009205652B2 (en) | 2008-01-17 | 2015-01-22 | Tensegrity Technologies, Inc. | Methods and systems for designing a foot orthotic |
US8948731B2 (en) * | 2008-07-18 | 2015-02-03 | Qualcomm Incorporated | Rating of message content for content control in wireless devices |
US8813124B2 (en) | 2009-07-15 | 2014-08-19 | Time Warner Cable Enterprises Llc | Methods and apparatus for targeted secondary content insertion |
US9178634B2 (en) | 2009-07-15 | 2015-11-03 | Time Warner Cable Enterprises Llc | Methods and apparatus for evaluating an audience in a content-based network |
US8701138B2 (en) | 2010-04-23 | 2014-04-15 | Time Warner Cable Enterprises Llc | Zone control methods and apparatus |
US9078040B2 (en) | 2012-04-12 | 2015-07-07 | Time Warner Cable Enterprises Llc | Apparatus and methods for enabling media options in a content delivery network |
US9854280B2 (en) | 2012-07-10 | 2017-12-26 | Time Warner Cable Enterprises Llc | Apparatus and methods for selective enforcement of secondary content viewing |
US8862155B2 (en) | 2012-08-30 | 2014-10-14 | Time Warner Cable Enterprises Llc | Apparatus and methods for enabling location-based services within a premises |
US9131283B2 (en) * | 2012-12-14 | 2015-09-08 | Time Warner Cable Enterprises Llc | Apparatus and methods for multimedia coordination |
US10028025B2 (en) | 2014-09-29 | 2018-07-17 | Time Warner Cable Enterprises Llc | Apparatus and methods for enabling presence-based and use-based services |
US10586023B2 (en) | 2016-04-21 | 2020-03-10 | Time Warner Cable Enterprises Llc | Methods and apparatus for secondary content management and fraud prevention |
US11212593B2 (en) | 2016-09-27 | 2021-12-28 | Time Warner Cable Enterprises Llc | Apparatus and methods for automated secondary content management in a digital network |
US10911794B2 (en) | 2016-11-09 | 2021-02-02 | Charter Communications Operating, Llc | Apparatus and methods for selective secondary content insertion in a digital network |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998043177A1 (en) * | 1997-03-25 | 1998-10-01 | Intel Corporation | System for dynamically transcoding data transmitted between computers |
US5933500A (en) * | 1996-05-31 | 1999-08-03 | Thomson Consumer Electronics, Inc. | Adaptive decoding system for processing encrypted and non-encrypted broadcast, cable or satellite video data |
US20010037383A1 (en) * | 2000-02-02 | 2001-11-01 | Sabal Leonard E. | Methods and apparatus for providing high-speed internet access to a device consecutively accessible to different people at different times |
US20020001386A1 (en) * | 2000-06-30 | 2002-01-03 | Koichiro Akiyama | Broadcast receiving method and apparatus and information distributing method and apparatus |
US20020143961A1 (en) * | 2001-03-14 | 2002-10-03 | Siegel Eric Victor | Access control protocol for user profile management |
WO2003032222A1 (en) * | 2001-10-12 | 2003-04-17 | Telefonaktiebolaget L M Ericsson (Publ) | A system and a method relating to user profile access control |
US20030084184A1 (en) * | 1995-11-13 | 2003-05-01 | Motorola | Method and apparatus for rate governing communications |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5210868A (en) * | 1989-12-20 | 1993-05-11 | Hitachi Ltd. | Database system and matching method between databases |
US5414644A (en) * | 1993-11-24 | 1995-05-09 | Ethnographics, Inc. | Repetitive event analysis system |
US5958006A (en) * | 1995-11-13 | 1999-09-28 | Motorola, Inc. | Method and apparatus for communicating summarized data |
US5764899A (en) * | 1995-11-13 | 1998-06-09 | Motorola, Inc. | Method and apparatus for communicating an optimized reply |
US5771353A (en) * | 1995-11-13 | 1998-06-23 | Motorola Inc. | System having virtual session manager used sessionless-oriented protocol to communicate with user device via wireless channel and session-oriented protocol to communicate with host server |
US7181417B1 (en) * | 2000-01-21 | 2007-02-20 | Microstrategy, Inc. | System and method for revenue generation in an automatic, real-time delivery of personalized informational and transactional data |
US7174311B1 (en) * | 2000-07-13 | 2007-02-06 | Galietti Raymond A | Method and system for text data management and processing |
JP2002108870A (ja) * | 2000-09-27 | 2002-04-12 | Oki Electric Ind Co Ltd | 情報処理システムおよび情報処理方法 |
US20020091639A1 (en) * | 2001-01-11 | 2002-07-11 | Linq System Svenska Ab | Enterprise information and communication management system and method |
TW561770B (en) * | 2002-04-18 | 2003-11-11 | Benq Corp | Method for transforming personalized bills information of a mobile station user with short message service |
US9854058B2 (en) * | 2004-07-23 | 2017-12-26 | At&T Intellectual Property I, L.P. | Proxy-based profile management to deliver personalized services |
-
2003
- 2003-08-26 WO PCT/CH2003/000579 patent/WO2005020533A1/de not_active Application Discontinuation
- 2003-08-26 US US10/568,581 patent/US20070029379A1/en not_active Abandoned
- 2003-08-26 AU AU2003250727A patent/AU2003250727A1/en not_active Abandoned
- 2003-08-26 EP EP03818257A patent/EP1658711A1/de not_active Withdrawn
- 2003-08-26 JP JP2005508137A patent/JP2007507012A/ja active Pending
- 2003-08-26 CN CNA038269724A patent/CN1820478A/zh active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030084184A1 (en) * | 1995-11-13 | 2003-05-01 | Motorola | Method and apparatus for rate governing communications |
US5933500A (en) * | 1996-05-31 | 1999-08-03 | Thomson Consumer Electronics, Inc. | Adaptive decoding system for processing encrypted and non-encrypted broadcast, cable or satellite video data |
WO1998043177A1 (en) * | 1997-03-25 | 1998-10-01 | Intel Corporation | System for dynamically transcoding data transmitted between computers |
US20010037383A1 (en) * | 2000-02-02 | 2001-11-01 | Sabal Leonard E. | Methods and apparatus for providing high-speed internet access to a device consecutively accessible to different people at different times |
US20020001386A1 (en) * | 2000-06-30 | 2002-01-03 | Koichiro Akiyama | Broadcast receiving method and apparatus and information distributing method and apparatus |
US20020143961A1 (en) * | 2001-03-14 | 2002-10-03 | Siegel Eric Victor | Access control protocol for user profile management |
WO2003032222A1 (en) * | 2001-10-12 | 2003-04-17 | Telefonaktiebolaget L M Ericsson (Publ) | A system and a method relating to user profile access control |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006133032A1 (en) * | 2005-06-06 | 2006-12-14 | Lucent Technologies Inc. | Signal distribution system with user-defined channel comprising information from an external network |
WO2008016416A2 (en) * | 2006-08-01 | 2008-02-07 | Sbc Knowledge Ventures, L.P. | System and method of providing community content |
WO2008016416A3 (en) * | 2006-08-01 | 2009-02-19 | Sbc Knowledge Ventures Lp | System and method of providing community content |
CN101888341A (zh) * | 2010-07-20 | 2010-11-17 | 上海交通大学 | 在分布式多信任域环境下基于可计算信誉度的访问控制方法 |
CN101888341B (zh) * | 2010-07-20 | 2013-02-27 | 上海交通大学 | 在分布式多信任域环境下基于可计算信誉度的访问控制方法 |
Also Published As
Publication number | Publication date |
---|---|
AU2003250727A1 (en) | 2005-03-10 |
JP2007507012A (ja) | 2007-03-22 |
CN1820478A (zh) | 2006-08-16 |
US20070029379A1 (en) | 2007-02-08 |
EP1658711A1 (de) | 2006-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2005020533A1 (de) | Verfahren zur automatisierten generierung von zugriffskontrollierten, personifizierten daten und/oder programmen | |
DE60213650T2 (de) | Zugriff auf verschlüsselten rundsendeinhalt | |
EP1332585B1 (de) | Verfahren zur aggregation und zum übermitteln von multimediadaten | |
EP1264482B1 (de) | Verfahren und kommunikationssystem für die verrechnung von zugriffskontrollierten programmen und/oder daten von broadcastsendern | |
DE69908092T2 (de) | Interaktives spielsystem | |
DE60218057T2 (de) | Sichere handhabung von gespeicherten wertdaten objekten | |
DE69828279T2 (de) | Globales bedingtes zugangssystem für rundfunkdienste | |
EP1016282B1 (de) | Decoder-einrichtung für die entschlüsselung von verschlüsselten fernseh-programmen | |
EP1677537A1 (de) | Verfahren und Endgerät zum zugangsbeschränkten Empfang von Nutzdaten sowie Fernserver | |
JP2003519875A (ja) | 遠隔のeパース支払いシステム | |
DE10330089B4 (de) | Verfahren und Vorrichtung zum Übermitteln von Entschlüsselungscodes für frei übertragene, verschlüsselte Programminhalte an eindeutig identifizierbare Empfänger | |
EP1180313B1 (de) | Verfahren für die Bestellung und Übermittlung von digitalen Medienobjekten zu einem im Zuge der Bestellung übermittelten Ladezeitpunkt, und ein dafür ausgebildetes Kommunikationsendgerät | |
DE60225721T2 (de) | Verfahren zur zugriffskontrolle über spezifischen dienste via einem verteiler | |
EP1254556A1 (de) | Decodiergerät, decodierverfahren und chipkarte | |
WO2006107131A1 (en) | Method for the provision of charged contents of digital multimedia broadcasting | |
EP1414259B1 (de) | Verfahren zum Detektieren eines duplizierten Identifizierungsmoduls | |
EP1081884A2 (de) | Verfahren zur Übertragung von verschlüsselten Daten über ein Rundfunknetz, wobei die Entschlüsselungsdaten über eine Duplex-Fernmeldeverbindung angefordert werden | |
DE60224294T2 (de) | Verfahren, durch das ein verbraucher mit einem dienstanbieter in wechselwirkung treten kann | |
DE10248544A1 (de) | Verfahren zum Bereitstellen eines zugangsbeschränkten Dienstes und Kommunikationsvorrichtung dazu | |
DE10354029A1 (de) | Verfahren zur Bereitstellung von kostenpflichtigen Diensten | |
EP1469658A2 (de) | Verfahren zum Schutz von Daten gegen unberechtigte Benutzung auf einem Mobilfunkgerät | |
EP1248221A2 (de) | Portfolioverwaltungssystem und Verfahren zur Portfolioverwaltung mittels DAB | |
EP1027801A1 (de) | Verrechnungsverfahren in einem telekommunikationssystem | |
WO2002082333A2 (de) | Portfolioverwaltungssystem und verfahren zur portfolioverwaltung | |
EP1450503A2 (de) | System und Verfahren zur elektronischen Übertragung und Abrechnung von Informationsdaten |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 03826972.4 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2003818257 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005508137 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003250727 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1222/DELNP/2006 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007029379 Country of ref document: US Ref document number: 10568581 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2003818257 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 10568581 Country of ref document: US |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2003818257 Country of ref document: EP |