WO2005083917A1 - Improvements relating to digital broadcasting communications - Google Patents

Improvements relating to digital broadcasting communications Download PDF

Info

Publication number
WO2005083917A1
WO2005083917A1 PCT/GB2005/000650 GB2005000650W WO2005083917A1 WO 2005083917 A1 WO2005083917 A1 WO 2005083917A1 GB 2005000650 W GB2005000650 W GB 2005000650W WO 2005083917 A1 WO2005083917 A1 WO 2005083917A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
content
provider
encryption
subscriber
Prior art date
Application number
PCT/GB2005/000650
Other languages
French (fr)
Inventor
Simon Rafe Cavill
Gavin Kenny
Original Assignee
Logicacmg Uk Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Logicacmg Uk Limited filed Critical Logicacmg Uk Limited
Publication of WO2005083917A1 publication Critical patent/WO2005083917A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/09Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
    • H04H60/14Arrangements for conditional access to broadcast information or to broadcast-related services
    • H04H60/15Arrangements for conditional access to broadcast information or to broadcast-related services on receiving information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/09Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
    • H04H60/14Arrangements for conditional access to broadcast information or to broadcast-related services
    • H04H60/23Arrangements for conditional access to broadcast information or to broadcast-related services using cryptography, e.g. encryption, authentication, key distribution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H2201/00Aspects of broadcast communication
    • H04H2201/30Aspects of broadcast communication characterised by the use of a return channel, e.g. for collecting users' opinions, for returning broadcast space/time information or for requesting data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/09Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
    • H04H60/14Arrangements for conditional access to broadcast information or to broadcast-related services
    • H04H60/16Arrangements for conditional access to broadcast information or to broadcast-related services on playing information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04HBROADCAST COMMUNICATION
    • H04H60/00Arrangements for broadcast applications with a direct linking to broadcast information or broadcast space-time; Broadcast-related systems
    • H04H60/09Arrangements for device control with a direct linkage to broadcast information or to broadcast space-time; Arrangements for control of broadcast-related services
    • H04H60/14Arrangements for conditional access to broadcast information or to broadcast-related services
    • H04H60/21Billing for the use of broadcast information or broadcast-related information
    • H04H60/22Billing for the use of broadcast information or broadcast-related information per use

Definitions

  • This invention relates to Digital Broadcasting communications systems, and in particular to a system providing subscribers conditional access to digital broadcasting services and mechanisms for secure distribution of content relating to these digital broadcasting services to authorised subscribers.
  • Digital Broadcasting communications systems Across the World there is a movement at government level to reorganize and reallocate the available radio frequency spectrum to incorporate support for the evergrowing demands for personal mobile telephony and broadcasting communications.
  • a major element of this movement is to utilise so-called digital communication services over the previous analogue systems. This has already happened several years ago with mobile telephony systems as they moved to a digital signaling system as part of the development of the now near global GSM standards .
  • a return channel is provided indirectly by connecting the digital receiver unit to the public telephone network.
  • the public telephone network provides bidirectional communication between broadcaster and receiver. This allows a consumer to order programs on a pay per view basis by sending a request to the broadcaster. The broadcaster then responds by sending the appropriate key back over the public telephone network so that the digital receiver unit can decrypt the requested program.
  • Such a system suffers from a number of problems . In general, public telephone networks are not secure and so the encryption keys may be intercepted reasonably easily. In addition, the need for bidirectional communication across the public telephone network adds complexity to the system.
  • Such a central system requires scaling to cope with potentially a large number of simultaneous transactions, e.g. as many subscribers request a program immediately before its transmission.
  • the central system would have to handle the large number or requests, authenticate each digital receiver, check the account permissions and issue the required key back to the subscriber in a short period of time. This results in a sizeable up-front cost for the service provider.
  • the present invention resides in a transmission apparatus for use in a digital broadcast system, comprising: a content provider operable to provide content of a conditional access service to be transmitted by the transmission apparatus; an encryption key provider operable to provide an encryption key to be used for encryption of content provided by the content provider; a decryption key provider operable to provide a decryption key to be used by a receiver apparatus of a subscriber who subscribes to the conditional access service to decrypt the encrypted content; a content encryption provider operable to encrypt content provided by the content provider using the encryption key provided by the key provider; a decryption key encryption provider operable to encrypt the decryption key using a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; a transmitter operable to broadcast digitally the encrypted content and the decryption key; and forwarding means operable to forward the encrypted decryption key for receipt by the receiver apparatus.
  • an improved transmission apparatus benefits from a greater level of security.
  • the enhance security is afforded by providing means for encrypting the decryption key prior to sending the decryption key.
  • each decryption key is encrypted using a unique key associated with that subscriber.
  • anyone else intercepting the decryption key will have difficulty in identifying it as a decryption key and, even if they do appreciate its significance, v/ill not be able to use the decryption key as they will not know the unique key associated with the true recipient .
  • the above aspect should be construed functionally. As such, the physical arrangement of parts is flexible.
  • the encryption key provider and the decryption key provider may be separate or there may be a single key provider.
  • the content encryption provider and the decryption key encryption provider may be separate or there may be a single encryption provider.
  • a single means may provide more than one function.
  • the decryption key provider also performs encryption of the decryption key.
  • the decryption key encryption provider is further operable to encrypt the decryption key using a unique key associated with the subscriber that comprises a public key according to a PKI infrastructure. This offers a high level of security as it allows, optionally, the decryption key to be encrypted by the encryption provider using the unique key associated with the subscriber and one or more key encryption keys.
  • the tree hierarchy is organised according to subscribers and groups of subscribers in a branched structure.
  • New encryption and decryption key pairs should be reissued to remaining subscribers when a subscriber leaves (or after a certain number of subscribers leave) : using a tree structure means that only branches containing the old subscriber (s) need be updated with new keys.
  • the encryption key provider is operable to provide an updated encryption key to the encryption provider
  • the decryption key provider is operable to provide an updated decryption key to the encryption provider
  • the content encryption provider is operable to encrypt the updated decryption key with the key encryption key
  • the decryption key encryption provider is operable to encrypt the content using the updated encryption key
  • the transmitter is operable to transmit the encrypted decryption key and encrypted content.
  • security is raised by providing new encryption/decryption key pairs from time to time.
  • the intervals between updates may be freely chosen, and may be regular or they may be irregular.
  • the transmitter provides the forwarding means such that the encrypted decryption key is broadcast.
  • the transmission apparatus further comprises a receiver unit operable to receive a signal over a channel provided by a telephone network.
  • This channel may be used to transmit the encrypted decryption keys.
  • its main advantage is seen to be in the provision of a return channel. This allows the subscriber to communicate with the transmission apparatus.
  • the receiver unit may be configured to recognise a signal received from the channel corresponding to a request made by the subscriber to join a conditional access service.
  • the receiver unit may be configured to recognise a signal received from the channel corresponding to an acknowledgement of receipt of a decryption key.
  • the content provider is operable to provide content relating to a plurality of conditional access services, and wherein the encryption key provider is operable to provide an encryption key, the decryption key provider is operable to provide a decryption key for each of the conditional access services, and the content encryption provider is operable to encrypt the content of each of the conditional access services with its associated encryption key.
  • the encryption key provider is operable to provide an encryption key
  • the decryption key provider is operable to provide a decryption key for each of the conditional access services
  • the content encryption provider is operable to encrypt the content of each of the conditional access services with its associated encryption key.
  • the transmission apparatus may further comprise a subscriber database operable to store details of the subscriber relating to the conditional access services to which they subscribe and to their unique key.
  • the encryption provider may then be operable to receive the details stored in the subscriber database and to encrypt the decryption key for each conditional access service to which the subscriber subscribes using the subscriber's unique key.
  • the present invention resides in a receiver apparatus associated with a subscriber for use in a digital broadcast system, comprising: a key encryption key store operable to store a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; a decryption key receiver operable to receive an encrypted decryption key; a decryption provider operable to decrypt the encrypted decrypted key, received by the receiver, using the key encryption key provided by the key store and to provide the decrypted decryption key for storage in a decryption key store; and a content receiver operable to receive a digital broadcast including encrypted content of a conditional access service; wherein the decryption provider is operable to use the decryption key provided by the decryption key store to decrypt the encrypted content .
  • the improved security already described in respect to a transmission apparatus above may also be enjoyed by a complementary receiver apparatus.
  • this second aspect should be construed functionally.
  • the physical arrangement of parts is flexible.
  • the encryption key store and the decryption key store may be separate or there may be a single key store.
  • a single means may provide more than one function.
  • the receiver apparatus further comprises means for communicating on a channel provided by a telephone network, such as a public switched telephone network.
  • the means are operable to communicate over a a mobile telephone network.
  • the receiver apparatus further comprises a cache operable to receive and store content received by the content receiver and/or decrypted content from the content decryption provider.
  • the content receiver is operable to receive a digital broadcast including encrypted content of a plurality of conditional access services
  • the decryption key receiver is operable to receive an encrypted decryption key for two or more of the conditional access services
  • the decryption provider is operable to decrypt the encrypted decrypted keys of the two or more conditional access services using the key encryption key provided by the key encryption key store and to provide the decrypted decryption key for storage in the decryption key store
  • the decryption provider is operable to decrypt the encrypted content of the two or more conditional access services using the associated decryption keys.
  • the receiver apparatus has an associated unique identifier that allows the receiver apparatus to be identified when conditional access services are requested.
  • the receiver apparatus may further comprises associated slave devices, each device having a unique identifier. This allows content to be sent to the receiver apparatus that may then be distributed to all or some of the slave devices according to their unique identification numbers. For example, music files may be sent to a digital radio that can be shared with an associated MP3 player or the like. In this way, copyright material may be distributed between multiple devices while still observing copyright law restrictions as to copying.
  • the present invention resides in a broadcast system comprising any of the transmitter apparatus described above, any of the receiver apparatus described above and a telephone network, wherein the receiver apparatus is operable to communicate with the transmitter apparatus over the telephone network.
  • the present invention resides in a method of operating transmission apparatus for use in a digital broadcast system, comprising: using a content provider to provide content of a conditional access service to be transmitted by the transmission apparatus; using an encryption key provider to provide an encryption key to be used for encryption of content provided by the content provider; using a decryption key provider to provide a decryption key to be used by a receiver apparatus of a subscriber who subscribes to the conditional access service to decrypt the encrypted content; using a content encryption provider to encrypt content provided by the content provider using the encryption key provided by the key provider; using a decryption key encryption provider to encrypt the decryption key using a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; using a transmitter to broadcast digitally the encrypted content and the decryption key; and using forwarding means to forward the encrypted decryption key for receipt by the receiver apparatus .
  • the present invention resides in a method of using receiver apparatus associated with a subscriber for use in a digital broadcast system, comprising: using a key encryption key store to store a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; using a decryption key receiver to receive an encrypted decryption key; using a decryption provider to decrypt the encrypted decrypted key, received by the receiver, using the key encryption key provided by the key store and to provide the decrypted decryption key for storage in a decryption key store; and using a content receiver to receive a digital broadcast including encrypted content of a conditional access service; and using the decryption provider to use the decryption key provided by the decryption key store to decrypt the encrypted content .
  • the present invention resides in the combination of the methods according to the fourth and fifth aspects of the invention.
  • the present invention also resides in a computer programmed to cause transmission apparatus to operate in accordance with any of the methods described above or to cause receiver apparatus to operate in accordance with any of the methods described above.
  • the present invention resides in a computer program comprising computer code instructions that, when loaded into a computer, causes transmission apparatus to operate in accordance with any of the methods described above or to cause receiver apparatus to operate in accordance with any of the methods described above .
  • Other optional features of the invention according to its various aspects are set out in the appended claims.
  • the invention and optional features of preferred embodiments described above enable digital broadcasters and others to create commercially sustainable operations, allowing individual consumers to securely select and download copyrighted material on a secure encrypted basis into a suitable receiving device that can then "unlock" the contents to the authorized consumer, whilst at the same time preventing the content of such files from being distributed to others on an illegal basis.
  • the invention facilitates a "return channel" from the individual consumer back to the broadcaster enabling various information to be passed back to the original content provider/broadcaster confirming the correct delivery of specific data files and other information.
  • the present invention resides in the appreciation that a selective broadcast function can be achieved by general broadcast of encrypted content data and decryption by selected users of that data content by use of the identity of that user or device.
  • the data content hereinafter described can comprise any form of broadcast services such as streamed audio and video services either viewed “live” or stored on a device for later viewing. It can also encompass any other form of digital data including, but not limited to MP3 audio files, web-based media content, various formats of video files, games, maps and other applications as well as graphic files including barcodes that can be "scanned” from the device using standard retail type laser scanners.
  • the embodiment hereinafter described can be considered to be an apparatus for providing conditional access to the whole range of digital broadcasting services, such as DAB radio services, preferably comprising a secure server added to the digital broadcasting transmission system and a secure client added to the digital receiver, such as a DAB radio, wherein the secure server has means to digitally encrypt content being transmitted over the digital broadcasting channel and means for controlling distribution of the encryption keys only to those secure clients which are authorised to receive the digital broadcast service (s) and have requested to receive those services at that point in time.
  • the digital receivers preferably have integrated electronic means to request access to the digital broadcast services via a mobile radio telephony system or fixed wired telephony system.
  • the secure server preferably has means for recording each secure client's utilisation of each of the available digital delivery services, whether on a per volume or per time basis, and means for providing these accounting records to a customer billing system.
  • The, secure client preferably has means to uniquely identify the digital receiver based on a PKI certificate stored securely on the digital receiver chipset .
  • the embodiment described hereinafter can furthermore be considered to be a method for providing conditional access to digital broadcast service (s), such as DAB radio services, wherein a secure server preferably digitally encrypts content for transmission over the digital media channel and controls distribution of the encryption keys only to those secure clients which are authorised to receive the digital service (s) and have requested to receive those services at that point in time.
  • the secure client preferably requests access to any of the digital broadcast services at any time via a mobile radio telephony system or fixed wired telephony system.
  • the secure client may also uniquely identify the digital receiver based on a PKI certificate stored securely on the digital device chipset.
  • the certificate belonging to the digital receiver such as a DAB radio, is associated with a secondary identifier such that the utilisation of the digital services can be billed to an account associated with this secondary identifier.
  • the secure server preferably records each secure client's utilisation of each of the available digital broadcast services, whether on a per volume or per time basis, and provides these accounting records to a customer billing system.
  • the secure server may also change the encryption key when one of the secure clients requests to leave or is forced to leave the associated service and distribute the updated key to the remaining secure clients.
  • a series of secondary identifiers associated with slave electronic devices served by the digital receiver are preferably registered under the same subscription, so that content received by the digital receiver can be forwarded to the slave devices without infringing the copyright of the content owner. This is facilitated by the fact that the services/content being transmitted by the broadcaster is encrypted and can only be accessed and/or viewed by means of a key mechanism held within the receiving device that decrypts the content and presents it to the user.
  • the received services/content is stored encrypted within the body of the receiving unit or within a removable memory storage device.
  • a digital receiving system apparatus such as a digital radio system apparatus, include: means to support conditional access to digital broadcast services by digitally encrypting the content and controlling distribution of the encryption keys to only those subscribers who are authorised to receive the services and have requested to receive those services at that point in time; means for digital service subscribers to request access to these services electronically via a mobile radio telephony system or fixed wired telephony system; means for the subscriber's utilisation of each of the digital services to be recorded on a per volume or per duration basis and means for providing these accounting records to a customer billing system; and means for uniquely identifying the digital receiver based on a PKI certificate stored securely on the digital receiver chipset .
  • a method of operating a digital receiver system include the steps of: digitally encrypting the digital service (s) and controlling distribution of the encryption keys to only those subscribers who are authorised to receive the services and have requested to receive those services at that point in time; enabling the digital service subscriber to request via electronic means access to any of the > subscribed digital service (s) at any time; enabling the utilisation of each of the digital service (s) by each subscriber to be recorded and presented to a customer billing system; changing the encryption key when one or more of the subscribers requests to leave or is forced to leave the service and distributing the updated key to the remaining subscribers; enabling the digital service subscriber to be uniquely identified by a PKI certificate stored securely on the digital device chipset; and enabling a series of secondary identifiers associated with slave electronic devices served by the digital receiver to be registered under the same subscriber so that content received by the digital receiver can be forwarded to the slave devices without infringing the digital rights of the content owner.
  • Figure 1 is a schematic diagram showing the functional relationships between the systems which co-operate to form a general embodiment of the invention
  • Figure 2 is a flow chart showing the process by which conditional access to digital broadcast services is effected
  • Figure 3 is a flow chart showing the process by which content is distributed securely to authorised subscribers
  • Figure 4 is a flow chart showing the process by which content relating to the digital broadcast service is securely distributed to authorised subscribers.
  • DAB Digital Audio Broadcasting
  • ITU International Telecommunications Union
  • the preferred embodiment uses already established techniques for encapsulating multicast Internet Protocol (IP) packets onto the forward channel, but the techniques described herein can apply to any means for transmitting services over the digital network.
  • the term service can apply to any common content delivered to one or more subscribing users over the forward channel and includes but is not limited to video (of any transmission standard) , audio (of any transmission standard) , data related to Internet/World Wide Web (www) applications, data related to distributed database applications and file distribution.
  • the system described in this invention enables Digital Broadcast operators to control which subscribers can have access to these services ("conditional access services"). This may be required for instance in service scenarios whereby the operator wishes to charge for the content received by each subscriber or where the content is sensitive in nature and therefore necessitates restricted access.
  • the subscriber can request to join or leave any of his subscribed conditional access services at any time and may, if the receiver equipment permits, be able to access more than one service at a time.
  • the latter can be achieved by multiplexing several of the conditional access services onto the same digital broadcast channel, using different encryption keys to separate each traffic stream.
  • the digital receiver will only be able to decrypt those traffic streams for which the encryption keys are held.
  • Each of the resulting data streams can either be used immediately or cached at the receiver.
  • the Digital Broadcast operator can elect at any time to deny a subscriber access to any of the services.
  • the Digital Broadcast operator may continue to provide existing uncontrolled "free to air" services in parallel with the conditional access services over the same digital channel if desired.
  • the subscriber registers for the service by providing a unique identifier for the Digital Receiving device through which the subscriber can be identified when requesting access to the conditional access services.
  • the registration process defines the set of services which the subscriber will be allowed to access, from the overall portfolio of services offered by the Digital Broadcasting operator.
  • the registration information may also contain supplementary identity information, for example the International Mobile Subscriber Identifier (IMSI) according to the "GSM" standard which may enable the Digital Broadcasting operator to authenticate and charge the customer against their mobile phone account.
  • IMSI International Mobile Subscriber Identifier
  • the subscriber may also register one or more secondary identifiers for suitably-equipped slave electronic devices such as MP3 players, digital televisions, hi-fi systems and Personal Computers which may receive and use the conditional access service (s) under the same subscription without infringing digital rights.
  • Figure 1 shows the components which co-operate in a general embodiment of the invention. Note that the traffic links (which carry one of services described above) are shown as full lines, signalling links for (a) allowing subscribers to request access and (b) controlling distribution of the content are shown as broken lines.
  • the core digital broadcast network comprises a number of Digital Receivers 15 receiving one or more services from a number of Transmitting Stations 9.
  • the Digital Content Transmission system 8 provides the means to support transmission of any range of content media formats over the broadcast channel as supplied by one or more Content Servers 7.
  • the digital broadcast network provides the means to deliver content from the Content Server to the Digital Receivers 15, over the "forward" broadcast channel.
  • a second network illustrated in Figure 1 as a Public Land Mobile Network (PLMN) , can optionally be added to the system, comprising one or more Base Stations 17 and Core
  • This second network provides the means to enable the Digital Receiver 15 to request services and confirm receipt of service transmission and signalling received on the forward channel, and constitutes the "control" channel.
  • the return channel is supported by a standard PLMN service, such as but not limited to General Packet Radio Service (GPRS) ,
  • GPRS General Packet Radio Service
  • the Digital Receiver 15 is a handheld or portable device (with audio, video and/or textual outputs) to which the necessary mobile phone circuitry has been added to provide one or more of the return channel options described.
  • the Digital Receiver 15 is integrated with a vehicular entertainment system (for example in-car radio or back-seat video screens) with again the necessary mobile phone circuitry added to provide one or more of the return channel options described.
  • This arrangement can also be achieved through the use of a wireless interface facilitated by a Bluetooth link or similar between the entertainment system and a local mobile phone .
  • a wireless interface facilitated by a Bluetooth link or similar between the entertainment system and a local mobile phone .
  • the Digital Receiver 15 is added to a standard mobile phone device in such a fashion that the subscriber continues to be served and billed by the mobile phone operator and receives additional services via the media broadcast channel .
  • the Digital Receiver 15 is a part of a fixed installation within a building and uses any available telecommunications link (for example fixed phone network, Internet, mobile network, satellite network) to provide the return channel .
  • the Digital Receiver 15 is a stand alone device (typically a household radio, mobile/car radio, video/media player or part of a home entertainment system) .and the subscriber uses a separate existing telecommunications link (for example fixed phone network, Internet, mobile network, satellite network) to provide the return channel either directly or indirectly (through a call to a human or computer based call centre) to request new services or confirm correct delivery of a requested item of entertainment or received data file.
  • the Digital Receiver 15 facilitates a direct return channel back to the User Management System 4
  • the subscriber is able to directly interact with the service to request items of entertainment or data files which can be loaded into the Content Store 16 and subsequently transmitted to that subscriber.
  • 15 with a direct/indirect return channel is that the user can "instantly" access any particular service or content they are authorised to receive through either a packaged subscription or on an "ad hoc" basis using the existing validation and payment mechanisms already in place within any of the mobile operators willing to participate in this service.
  • users Unlike existing fixed broadcasting services, users also have the potential capability to "roam” across any boundary or country across the world that offers a GSM based mobile telephony service and suitable radio broadcasting facilities.
  • Validation and payment for services or content can be made back to the users mobile phone account resident at their "home" mobile operator on either a pre-pay, post pay or subscription model.
  • the components added to this digital broadcasting architecture relevant to this invention are comprised in two subsystems.
  • the first subsystem, the Secure Server 1, is added to or interfaced with the head-end of the Digital Broadcast Transmission system 8 and comprises a Key Server 2, Encryption Server 3, User Management System 4, Subscriber Database 5 and Content Store 16. These components may be implemented on separate hardware units or integrated into a smaller number of units or a single unit.
  • the User Management System 4 controls which subscribers can have access to the "conditional access services" through interrogating the Subscriber Database 5.
  • the Database 5 contains a directory of subscribers, each entry detailing the subscriber's identity, means by which the subscriber can be authenticated and a list of those conditional access services to which the subscriber is allowed access.
  • the Subscriber Database 5 may also contain other information for each subscriber related to the service contract, for example defining the agreed payment mechanism.
  • the User Management System 4 and Subscriber Database 5 may be part of an existing operator's infrastructure.
  • the User Management System 4 may have interfaces to external Customer Care and Billing Systems 6, such as those incorporated in existing mobile telephony systems, to enable provisioning and updating of subscriber details in the Subscriber Database 5.
  • the interface may also provide records detailing the usage of each conditional access service made by each subscriber, whether based on volume of information transmitted or duration of service connection, in order that this may be monitored and/or the subscriber charged for use of the service .
  • the User Management System 4 or the Content Server 7 may also advertise services over the forward channel from which the subscriber is able to select. This is known as providing an "Electronic Programme Guide" in digital broadcasting systems.
  • Content to be transmitted over the digital broadcast channels is received from the appropriate Content Servers 7 by the Encryption Server 3.
  • a mapping exists between one or more input data streams (identifying for example by source or destination address/port number) and the output data stream for transmission over the broadcast channel (s) .
  • More than one output stream can be supported on each channel by using suitable multiplexing techniques.
  • Each output data stream equates to one of the conditional access services offered by the operator.
  • the function of the Encryption Server 3 is to apply a suitable encryption algorithm to each output stream of data using a known "traffic key". A separate traffic key is used to encrypt each stream in order that access to content for each conditional access service can be individually controlled.
  • the operation of the Encryption Server 3 is not restricted to any particular encryption algorithm or protocol layer at which encryption is applied, and could be applied to continuous or non-continuous streams of data. Typically standard commercial or military encryption methods will be used.
  • data streams are encrypted and transmitted over the broadcast channel as IP Multicast packets using established techniques for encapsulating IP packets on the DAB bearer.
  • Standard IPSec security methods defined by IETF standards RFC 2402, 2406 can be applied to each output IP multicast stream.
  • Content may optionally be stored locally at a Content Store 16 within the Secure Server 1, for transmission at a specified scheduled time or times, for re-transmission (for example if previous transmissions were detected as corrupted) , or for repeated cyclical transmission using a carrousel technique. This is where specific items of data are loaded into the Content Store 16 and repeatedly transmitted at regular intervals until a pre-set time limit has expired, or an acknowledgement of successful delivery has been received from the intended recipients using one of the return channels described previously.
  • the traffic keys to be used to encrypt and decrypt each conditional access service are generated by the Key Server
  • the key server also specifies the encryption algorithm which should be used by the Encryption Server 3 and Encryption Client 11.
  • the traffic key is changed during service transmission to deny subsequent access to the service for a subscriber leaving the group whether on request by the subscriber or forced to leave by the Digital Broadcast operator. This may be done as soon as the subscriber requests to leave the group, or more efficiently performed as a batch so that the traffic key update denies access to one or more subscribers who have left over a given time interval .
  • the traffic key may also be changed to prevent unauthorised users from determining the traffic key through cryptoanalysis and hence gaining access to the content.
  • the new traffic key is distributed to all remaining authorised subscribers. Keys may be distributed over the control channel, and/or via the broadcast forward channel as appropriate for the application.
  • the traffic key is distributed to each user using established techniques, whereby the key is delivered to each subscriber encrypted using one or more key encryption keys and also, optionally, with their unique key (for example their public key in a PKI infrastructure) . Positive confirmation may be generated by each subscriber when a new key is received to enable the Key Server 2 to keep track of current recipients and possible stragglers. Where security is not so sensitive, traffic keys may be distributed according to key encryption keys belonging to a number of subscribers organised into one or more groups.
  • traffic keys will be available to all members of that subscriber group.
  • traffic keys may be encrypted using a combination of one or more key encryption keys with that subscriber's unique key.
  • keys are distributed using the Logical Key Hierarchy (LKH) approach defined in IETF standard RFC 2627 whereby the key encryption keys are arranged in a tree hierarchy. This has the benefit of improving the efficiency of key management by only re-keying those branches of the tree affected by the removal of one or more subscribers .
  • LSH Logical Key Hierarchy
  • the first class relates to continuous or continual streams of live or pre-recorded content (for example live Radio or Television) which subscribers can request to join during transmission and, if the service model permits, be charged only for that part of the content received. That is from the time the subscriber has received the necessary encryption key and can decode the content from the Digital Broadcast channel .
  • the second relates to delivering contiguous blocks of data (for example data files, database updates, video clips) which only are meaningful at the application level when received in full. In this instance delivery of content will require scheduling and subscribers wishing to access the content will need to request to join the service and hence receive the necessary encryption keys in advance.
  • the second subsystem, the Secure Client 10, is added or interfaced to the Digital Receiver 15 and comprises a Key Client 12, Encryption Client 11, and optionally a Cache 13 and Service Guide 14.
  • a unique identifier 19 is also added, if not already present, to the handset to enable the subscriber or the handset to be uniquely identified when requesting a conditional access service (see later for more detail) .
  • These components may be implemented on separate hardware units or integrated into a smaller number of units, some or all of these may be integrated on the receiver itself.
  • the Encryption Client 11 receives the encrypted content received on one or more of the media broadcast channels and if it has the correct traffic key(s) for one or more of the conditional access services decrypts the content using the specified algorithm.
  • the Key Client 12 decodes the traffic key messages received from the Key Server for the currently subscribed services using key encryption keys and optionally its private key, and provides the traffic key(s) to the Encryption Client 11. It also responds to subscriber's requests for new services, made via the Service Guide 14, by requesting the requisite traffic key from the Key Server 2. This process will require the subscriber to be authenticated, which can be achieved through a number of established techniques including password authentication,
  • An electronic Service Guide 14 provides information on the available services and the attributes required to receive the content stream, for example the Broadcast service channel frequency and receive address/port of the data stream related to the conditional access service.
  • the notification can be made over an open broadcast channel, via the control channels or other electronic or no- electronic means as desired.
  • the notification is received by the Digital Receiver 15 and displayed by the Service Guide 14 (step 202) .
  • the subscriber can at any time, before or during service transmission, elect to request to join the service (step 203) . This is achieved by the Key Client 12 signalling to the Key Server 2 that service is required, either over the control channel or other establishment means (step 204) .
  • this signal contains the subscriber identity and the identifier of the service required.
  • the subscriber identity may be a Unique Identifier 19 relating to the person using the receiver (for example through entering a code through the handset, or inserting a SmartCard or similar into the device or, in an embodiment based on a standard mobile phone device, a standard Subscriber Identity Module (SIM) ) or may be a Unique Identifier allocated to the receiver 19, preferably permanently stored on the receiving device chipset.
  • the receipt of the signal by the Key Server 2 causes the User Management System 4 to first authenticate the subscriber (step 206) and then determine in conjunction with the Subscriber Database 5 that the subscriber is authorised to receive the requested content (step 208) .
  • Authentication may require an intermediate step, in order that the Key Client 12 is challenged by the Key Server 2, similar to that familiar in GSM mobile phones.
  • the User Management System registers that the subscriber is now able to receive the service and commands the Key Server 2 to download the traffic key so that the subscriber can access the content (step 209) .
  • the traffic key is encrypted with the subscriber's unique key (for example public key in the PKI infrastructure) , which has previously been provided to the User Management System when the subscriber registered, so that the Key Client can simply retrieve the traffic key by performing the necessary decryption (for example with their corresponding private key in the PKI infrastructure) .
  • a series of key encryption keys are used to distribute the traffic key according to a Logical Key Hierarchy (LKH)
  • the first KEK is encrypted with the unique key
  • the second KEK is encrypted with the encrypted version of the first KEK
  • the Traffic key is encrypted with the encrypted version of the last KEK.
  • the Key Client then is delivered a series of keys each of which needs to be decrypted in turn to decipher the traffic key.
  • the initial key set is received (step 210) it is passed to the Encryption Client 11 and stored locally, either in volatile or permanent memory depending on security requirements.
  • the Key Client 12 also sends a key acknowledgement signal (step 211) to the Key Server which records successful delivery (step 212) .
  • the Key Server 2 When the service is initiated the Key Server 2 generates a traffic key (step 301) according to the security policy defined for the service and sets it in the Encryption Server 3 (step 302) .
  • One or more subscribers may elect to join the service (using the procedure in Figure 2) , and if authorised receive the key set, comprising the traffic key and the series of KEKs.
  • the Key Client 12 deciphers the traffic key using its private key and the KEKs (step 210) , and sets the traffic key in the Encryption Client 11 (step 303) .
  • the Content Server begins to send data (step 304) as a continuous or non-continuous stream.
  • the data is received and potentially reformatted by the Encryption Server 3, and may be stored within the Content Store 16 for later transmission (and re-transmission) if required by the service description (Step 306) .
  • the content is ready to be transmitted, it is forwarded to the Encryption Server 3, encrypted with the traffic key and transmitted over the allocated broadcast forward channel (step 307) .
  • the data stream is received and decrypted by the authorised subscribers with the provisioned traffic key (step 308) .
  • Subscribers may join the service using the procedure defined in Figure 2 at any time during the service session. Subscribers may at any time also elect to leave the service.
  • the procedure followed is shown in Figure 4.
  • the Key Client 12 issues a signal (309) to the Key Server 2, which registers that a subscriber wishes to leave (step 310) and initiates a process to refresh the traffic key. Depending on performance considerations this may or may not occur immediately when the request is received; if desired requests to leave may be batched over a period of time, so that the overhead in distributing the new traffic key is reduced.
  • a new traffic key step 311) and optionally a set of KEKs (step 312) are generated to effect the traffic key change.
  • the new traffic key is distributed individually to each remaining subscriber encrypted using their unique key. This ensures that the leaving subscriber (s) cannot decrypt the new traffic key and hence no longer have access to the service .
  • the new traffic key is distributed using KEKs arranged in a Logical Key Hierarchy (LKH) .
  • LSH Logical Key Hierarchy
  • the KEKs are arranged in a binomial tree such that each node in the tree is a KEK known only to those subscribers beneath that node in the tree.
  • To distribute the new traffic key it is necessary to change the KEKs in the hierarchy which relate to branches in the tree containing subscribers that are to be removed from the service.
  • the new traffic key and modified KEKs are then distributed to all subscribers in such a way that only those subscribers remaining in the service can decrypt the necessary KEKs and hence discover the new traffic key. This significantly reduces the amount of new key material that has to be distributed for large subscriber populations.
  • the new keys are downloaded over the forward channel (step 313) and received by the Key Clients (step 314) . These optionally send a key receipt (step 315) which is recorded in the Key Server (step 316) .
  • the new traffic key is received by the Key Client, it passes it to the Encryption Client 11 (step 317) .
  • the Encryption Client continues to decrypt the traffic stream with the old traffic key, until it detects from the data stream that there has been a key change .
  • the Key Server 2 continues to use the old traffic key until either (a) key receipts have been received from all the currently authorised subscribers and/or (b) a timer has elapsed. At this time the Key Server switches to the new traffic key (Step 318) and sets this key in the Encryption Server (Step 319) . All subsequent data will be encrypted with the new traffic key (Step 320) .
  • the Encryption Client 11 will detect a change in traffic key (at step 321) by either a signalling pre-amble or preferably using a key identifier in the encrypted packet header (such as the Security Parameter Index defined by the IPSEC standard) . It then switches to the new key and continues to receive data without interruption to service.
  • a key identifier such as the Security Parameter Index defined by the IPSEC standard

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

Improvements relating to digital broadcasting communications to a Digital Broadcast communications system, comprising a Transmission System (8), a number of Transmitting Stations (9) and a number of Receivers (15), are added Secure Server (1) and Secure Client (10) subsystems. The Secure Server (1) encrypts one or more traffic streams received from Content Servers (7) before transmission of the Digital Media communications system, and controls distribution of the encryption keys only to those Secure Clients (10) which are allowed access to the content and have requested the service at that time. The Secure Client can request access to any of the subscribed services at any time via a return channel and is charged only for the content received. This enables the Digital Broadcast operator to provide pay-for-content or restricted access services using a centrally-controlled access mechanism.

Description

Improvements Relating to Digital Broadcasting Communications
This invention relates to Digital Broadcasting communications systems, and in particular to a system providing subscribers conditional access to digital broadcasting services and mechanisms for secure distribution of content relating to these digital broadcasting services to authorised subscribers. Across the World there is a movement at government level to reorganize and reallocate the available radio frequency spectrum to incorporate support for the evergrowing demands for personal mobile telephony and broadcasting communications. A major element of this movement is to utilise so-called digital communication services over the previous analogue systems. This has already happened several years ago with mobile telephony systems as they moved to a digital signaling system as part of the development of the now near global GSM standards . The move from analogue to digital systems is now happening across the world in both radio and television broadcast services as the new Digital Audio Broadcast (or DAB) for radio and Digital Video Broadcasting (DVB) family of standards for television services have been adopted as global standards . Whilst this new generation of digital standards provide broadcasting facilities for audio/visual services as before, they can also transfer data in various formats to suitably equipped receiving devices using Internet based protocols. Current data based services for DAB radio and digital television include electronic program guides (EPG) , MP3 audio files, games, video files, travel information and in- car navigation / telematics amongst others. At present, almost all current commercial data services run across digital broadcast systems are either provided on a free-to-all basis or on a simple monthly subscription model to consumers. In almost all current commercial applications, it is not possible to allow subscribers to receive individual programs on a one-off basis or to download data files such as video clips, MP3 files, games etc on a pay as you go basis. This situation is further complicated in that these applications currently have no means of acknowledging the correct delivery and receipt of any item sent to an individual's receiving device through the digital broadcast medium. This is because, by their very nature, all broadcasting systems are of a one-way nature and have no return channel from the individual consumer back to the broadcaster over the broadcasting system. This makes it difficult for a commercial broadcasting service to operate an individual download service, as without confirmed delivery, it is difficult for the operator to justify billing a consumer for a specific file or other item. Recently, digital TV services have become available that operate using a digital receiver unit that receives broadcast signals collected from an aerial, satellite dish or from cable. A return channel is provided indirectly by connecting the digital receiver unit to the public telephone network. In fact, the public telephone network provides bidirectional communication between broadcaster and receiver. This allows a consumer to order programs on a pay per view basis by sending a request to the broadcaster. The broadcaster then responds by sending the appropriate key back over the public telephone network so that the digital receiver unit can decrypt the requested program. Such a system suffers from a number of problems . In general, public telephone networks are not secure and so the encryption keys may be intercepted reasonably easily. In addition, the need for bidirectional communication across the public telephone network adds complexity to the system. Also, such a central system requires scaling to cope with potentially a large number of simultaneous transactions, e.g. as many subscribers request a program immediately before its transmission. The central system would have to handle the large number or requests, authenticate each digital receiver, check the account permissions and issue the required key back to the subscriber in a short period of time. This results in a sizeable up-front cost for the service provider. At the same time, there is a further issue within the media industry to ensure that any copyrighted material paid for and downloaded through these digital broadcasting systems by an individual is not subsequently copied and freely distributed to others on an illegal basis. From a first aspect, the present invention resides in a transmission apparatus for use in a digital broadcast system, comprising: a content provider operable to provide content of a conditional access service to be transmitted by the transmission apparatus; an encryption key provider operable to provide an encryption key to be used for encryption of content provided by the content provider; a decryption key provider operable to provide a decryption key to be used by a receiver apparatus of a subscriber who subscribes to the conditional access service to decrypt the encrypted content; a content encryption provider operable to encrypt content provided by the content provider using the encryption key provided by the key provider; a decryption key encryption provider operable to encrypt the decryption key using a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; a transmitter operable to broadcast digitally the encrypted content and the decryption key; and forwarding means operable to forward the encrypted decryption key for receipt by the receiver apparatus. Thus, an improved transmission apparatus is provided that benefits from a greater level of security. The enhance security is afforded by providing means for encrypting the decryption key prior to sending the decryption key. Moreover, each decryption key is encrypted using a unique key associated with that subscriber. Hence, anyone else intercepting the decryption key will have difficulty in identifying it as a decryption key and, even if they do appreciate its significance, v/ill not be able to use the decryption key as they will not know the unique key associated with the true recipient . The above aspect should be construed functionally. As such, the physical arrangement of parts is flexible. For example, the encryption key provider and the decryption key provider may be separate or there may be a single key provider. In addition, the content encryption provider and the decryption key encryption provider may be separate or there may be a single encryption provider. In addition, a single means may provide more than one function. For example, according to a currently preferred embodiment, the decryption key provider also performs encryption of the decryption key. Optionally, the decryption key encryption provider is further operable to encrypt the decryption key using a unique key associated with the subscriber that comprises a public key according to a PKI infrastructure. This offers a high level of security as it allows, optionally, the decryption key to be encrypted by the encryption provider using the unique key associated with the subscriber and one or more key encryption keys. Preferably, the tree hierarchy is organised according to subscribers and groups of subscribers in a branched structure. This is advantageous in a system comprising many subscribers that may leave a conditional access service at any time. New encryption and decryption key pairs should be reissued to remaining subscribers when a subscriber leaves (or after a certain number of subscribers leave) : using a tree structure means that only branches containing the old subscriber (s) need be updated with new keys. Preferably, the encryption key provider is operable to provide an updated encryption key to the encryption provider, the decryption key provider is operable to provide an updated decryption key to the encryption provider, the content encryption provider is operable to encrypt the updated decryption key with the key encryption key and the decryption key encryption provider is operable to encrypt the content using the updated encryption key, and the transmitter is operable to transmit the encrypted decryption key and encrypted content. Thus, security is raised by providing new encryption/decryption key pairs from time to time. The intervals between updates may be freely chosen, and may be regular or they may be irregular. In a currently preferred embodiment, the transmitter provides the forwarding means such that the encrypted decryption key is broadcast. This is a convenient way of distributing decryption keys and also has benefits in term of security. As mentioned above, encrypted decryption keys are difficult to spot as they look similar to other types of encrypted data. Broadcasting the encrypted decryption keys with encrypted programs and other encrypted data effectively camouflages the encrypted keys. Preferably, the transmission apparatus further comprises a receiver unit operable to receive a signal over a channel provided by a telephone network. This channel may be used to transmit the encrypted decryption keys. However, its main advantage is seen to be in the provision of a return channel. This allows the subscriber to communicate with the transmission apparatus. For example, the receiver unit may be configured to recognise a signal received from the channel corresponding to a request made by the subscriber to join a conditional access service. As a further example, the receiver unit may be configured to recognise a signal received from the channel corresponding to an acknowledgement of receipt of a decryption key. Optionally, the content provider is operable to provide content relating to a plurality of conditional access services, and wherein the encryption key provider is operable to provide an encryption key, the decryption key provider is operable to provide a decryption key for each of the conditional access services, and the content encryption provider is operable to encrypt the content of each of the conditional access services with its associated encryption key. Thus a number of encrypted conditional access services may be transmitted, and subscribers may choose freely the services to which they will have access. The appropriate decryption keys may then be provided to those subscribers. The transmission apparatus may further comprise a subscriber database operable to store details of the subscriber relating to the conditional access services to which they subscribe and to their unique key. The encryption provider may then be operable to receive the details stored in the subscriber database and to encrypt the decryption key for each conditional access service to which the subscriber subscribes using the subscriber's unique key. From a second aspect, the present invention resides in a receiver apparatus associated with a subscriber for use in a digital broadcast system, comprising: a key encryption key store operable to store a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; a decryption key receiver operable to receive an encrypted decryption key; a decryption provider operable to decrypt the encrypted decrypted key, received by the receiver, using the key encryption key provided by the key store and to provide the decrypted decryption key for storage in a decryption key store; and a content receiver operable to receive a digital broadcast including encrypted content of a conditional access service; wherein the decryption provider is operable to use the decryption key provided by the decryption key store to decrypt the encrypted content . Thus, the improved security already described in respect to a transmission apparatus above may also be enjoyed by a complementary receiver apparatus. As for the first aspect, this second aspect should be construed functionally. As such, the physical arrangement of parts is flexible. For example, the encryption key store and the decryption key store may be separate or there may be a single key store. In addition, a single means may provide more than one function. Preferably, the receiver apparatus further comprises means for communicating on a channel provided by a telephone network, such as a public switched telephone network. Preferably, the means are operable to communicate over a a mobile telephone network. Optionally, the receiver apparatus further comprises a cache operable to receive and store content received by the content receiver and/or decrypted content from the content decryption provider. Preferably, the content receiver is operable to receive a digital broadcast including encrypted content of a plurality of conditional access services, the decryption key receiver is operable to receive an encrypted decryption key for two or more of the conditional access services, the decryption provider is operable to decrypt the encrypted decrypted keys of the two or more conditional access services using the key encryption key provided by the key encryption key store and to provide the decrypted decryption key for storage in the decryption key store, and the decryption provider is operable to decrypt the encrypted content of the two or more conditional access services using the associated decryption keys. Optionally, the receiver apparatus has an associated unique identifier that allows the receiver apparatus to be identified when conditional access services are requested. In addition, the receiver apparatus may further comprises associated slave devices, each device having a unique identifier. This allows content to be sent to the receiver apparatus that may then be distributed to all or some of the slave devices according to their unique identification numbers. For example, music files may be sent to a digital radio that can be shared with an associated MP3 player or the like. In this way, copyright material may be distributed between multiple devices while still observing copyright law restrictions as to copying. From a third aspect, the present invention resides in a broadcast system comprising any of the transmitter apparatus described above, any of the receiver apparatus described above and a telephone network, wherein the receiver apparatus is operable to communicate with the transmitter apparatus over the telephone network. From a fourth aspect, the present invention resides in a method of operating transmission apparatus for use in a digital broadcast system, comprising: using a content provider to provide content of a conditional access service to be transmitted by the transmission apparatus; using an encryption key provider to provide an encryption key to be used for encryption of content provided by the content provider; using a decryption key provider to provide a decryption key to be used by a receiver apparatus of a subscriber who subscribes to the conditional access service to decrypt the encrypted content; using a content encryption provider to encrypt content provided by the content provider using the encryption key provided by the key provider; using a decryption key encryption provider to encrypt the decryption key using a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; using a transmitter to broadcast digitally the encrypted content and the decryption key; and using forwarding means to forward the encrypted decryption key for receipt by the receiver apparatus . From a fifth aspect, the present invention resides in a method of using receiver apparatus associated with a subscriber for use in a digital broadcast system, comprising: using a key encryption key store to store a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; using a decryption key receiver to receive an encrypted decryption key; using a decryption provider to decrypt the encrypted decrypted key, received by the receiver, using the key encryption key provided by the key store and to provide the decrypted decryption key for storage in a decryption key store; and using a content receiver to receive a digital broadcast including encrypted content of a conditional access service; and using the decryption provider to use the decryption key provided by the decryption key store to decrypt the encrypted content . From a sixth aspect, the present invention resides in the combination of the methods according to the fourth and fifth aspects of the invention. The present invention also resides in a computer programmed to cause transmission apparatus to operate in accordance with any of the methods described above or to cause receiver apparatus to operate in accordance with any of the methods described above. In addition , the present invention resides in a computer program comprising computer code instructions that, when loaded into a computer, causes transmission apparatus to operate in accordance with any of the methods described above or to cause receiver apparatus to operate in accordance with any of the methods described above . Other optional features of the invention according to its various aspects are set out in the appended claims. The invention and optional features of preferred embodiments described above enable digital broadcasters and others to create commercially sustainable operations, allowing individual consumers to securely select and download copyrighted material on a secure encrypted basis into a suitable receiving device that can then "unlock" the contents to the authorized consumer, whilst at the same time preventing the content of such files from being distributed to others on an illegal basis. At the same time, the invention facilitates a "return channel" from the individual consumer back to the broadcaster enabling various information to be passed back to the original content provider/broadcaster confirming the correct delivery of specific data files and other information. The present invention resides in the appreciation that a selective broadcast function can be achieved by general broadcast of encrypted content data and decryption by selected users of that data content by use of the identity of that user or device. The data content hereinafter described can comprise any form of broadcast services such as streamed audio and video services either viewed "live" or stored on a device for later viewing. It can also encompass any other form of digital data including, but not limited to MP3 audio files, web-based media content, various formats of video files, games, maps and other applications as well as graphic files including barcodes that can be "scanned" from the device using standard retail type laser scanners. The embodiment hereinafter described can be considered to be an apparatus for providing conditional access to the whole range of digital broadcasting services, such as DAB radio services, preferably comprising a secure server added to the digital broadcasting transmission system and a secure client added to the digital receiver, such as a DAB radio, wherein the secure server has means to digitally encrypt content being transmitted over the digital broadcasting channel and means for controlling distribution of the encryption keys only to those secure clients which are authorised to receive the digital broadcast service (s) and have requested to receive those services at that point in time. In this embodiment, the digital receivers preferably have integrated electronic means to request access to the digital broadcast services via a mobile radio telephony system or fixed wired telephony system. Also the secure server preferably has means for recording each secure client's utilisation of each of the available digital delivery services, whether on a per volume or per time basis, and means for providing these accounting records to a customer billing system. The, secure client preferably has means to uniquely identify the digital receiver based on a PKI certificate stored securely on the digital receiver chipset . The embodiment described hereinafter can furthermore be considered to be a method for providing conditional access to digital broadcast service (s), such as DAB radio services, wherein a secure server preferably digitally encrypts content for transmission over the digital media channel and controls distribution of the encryption keys only to those secure clients which are authorised to receive the digital service (s) and have requested to receive those services at that point in time. The secure client preferably requests access to any of the digital broadcast services at any time via a mobile radio telephony system or fixed wired telephony system. The secure client may also uniquely identify the digital receiver based on a PKI certificate stored securely on the digital device chipset. Preferably the certificate belonging to the digital receiver, such as a DAB radio, is associated with a secondary identifier such that the utilisation of the digital services can be billed to an account associated with this secondary identifier. The secure server preferably records each secure client's utilisation of each of the available digital broadcast services, whether on a per volume or per time basis, and provides these accounting records to a customer billing system. The secure server may also change the encryption key when one of the secure clients requests to leave or is forced to leave the associated service and distribute the updated key to the remaining secure clients. A series of secondary identifiers associated with slave electronic devices served by the digital receiver are preferably registered under the same subscription, so that content received by the digital receiver can be forwarded to the slave devices without infringing the copyright of the content owner. This is facilitated by the fact that the services/content being transmitted by the broadcaster is encrypted and can only be accessed and/or viewed by means of a key mechanism held within the receiving device that decrypts the content and presents it to the user. The received services/content is stored encrypted within the body of the receiving unit or within a removable memory storage device. This prevents private content being accessed by unauthorised viewers and also ensures that it cannot be copied and viewed on another device that has not been previously registered by the authorised user. Features of an embodiment of the present invention, provided in a digital receiving system apparatus, such as a digital radio system apparatus, include: means to support conditional access to digital broadcast services by digitally encrypting the content and controlling distribution of the encryption keys to only those subscribers who are authorised to receive the services and have requested to receive those services at that point in time; means for digital service subscribers to request access to these services electronically via a mobile radio telephony system or fixed wired telephony system; means for the subscriber's utilisation of each of the digital services to be recorded on a per volume or per duration basis and means for providing these accounting records to a customer billing system; and means for uniquely identifying the digital receiver based on a PKI certificate stored securely on the digital receiver chipset . Features of an embodiment of the present invention, provided by a method of operating a digital receiver system, include the steps of: digitally encrypting the digital service (s) and controlling distribution of the encryption keys to only those subscribers who are authorised to receive the services and have requested to receive those services at that point in time; enabling the digital service subscriber to request via electronic means access to any of the > subscribed digital service (s) at any time; enabling the utilisation of each of the digital service (s) by each subscriber to be recorded and presented to a customer billing system; changing the encryption key when one or more of the subscribers requests to leave or is forced to leave the service and distributing the updated key to the remaining subscribers; enabling the digital service subscriber to be uniquely identified by a PKI certificate stored securely on the digital device chipset; and enabling a series of secondary identifiers associated with slave electronic devices served by the digital receiver to be registered under the same subscriber so that content received by the digital receiver can be forwarded to the slave devices without infringing the digital rights of the content owner. Embodiments of the invention will now be described with reference to the Figures, in which: Figure 1 is a schematic diagram showing the functional relationships between the systems which co-operate to form a general embodiment of the invention; Figure 2 is a flow chart showing the process by which conditional access to digital broadcast services is effected; Figure 3 is a flow chart showing the process by which content is distributed securely to authorised subscribers; and Figure 4 is a flow chart showing the process by which content relating to the digital broadcast service is securely distributed to authorised subscribers. The following embodiments illustrate the invention using a standard digital network, such as a digital radio network according to the Digital Audio Broadcasting (DAB) as defined by the Eureka 147 standards supported by the International Telecommunications Union (ITU) . The preferred embodiment uses already established techniques for encapsulating multicast Internet Protocol (IP) packets onto the forward channel, but the techniques described herein can apply to any means for transmitting services over the digital network. The term service can apply to any common content delivered to one or more subscribing users over the forward channel and includes but is not limited to video (of any transmission standard) , audio (of any transmission standard) , data related to Internet/World Wide Web (www) applications, data related to distributed database applications and file distribution. The system described in this invention enables Digital Broadcast operators to control which subscribers can have access to these services ("conditional access services"). This may be required for instance in service scenarios whereby the operator wishes to charge for the content received by each subscriber or where the content is sensitive in nature and therefore necessitates restricted access. The subscriber can request to join or leave any of his subscribed conditional access services at any time and may, if the receiver equipment permits, be able to access more than one service at a time. The latter can be achieved by multiplexing several of the conditional access services onto the same digital broadcast channel, using different encryption keys to separate each traffic stream. The digital receiver will only be able to decrypt those traffic streams for which the encryption keys are held. Each of the resulting data streams can either be used immediately or cached at the receiver. The Digital Broadcast operator can elect at any time to deny a subscriber access to any of the services. The Digital Broadcast operator may continue to provide existing uncontrolled "free to air" services in parallel with the conditional access services over the same digital channel if desired. The subscriber registers for the service by providing a unique identifier for the Digital Receiving device through which the subscriber can be identified when requesting access to the conditional access services. The registration process defines the set of services which the subscriber will be allowed to access, from the overall portfolio of services offered by the Digital Broadcasting operator. The registration information may also contain supplementary identity information, for example the International Mobile Subscriber Identifier (IMSI) according to the "GSM" standard which may enable the Digital Broadcasting operator to authenticate and charge the customer against their mobile phone account. As an extension to the basic service, the subscriber may also register one or more secondary identifiers for suitably-equipped slave electronic devices such as MP3 players, digital televisions, hi-fi systems and Personal Computers which may receive and use the conditional access service (s) under the same subscription without infringing digital rights. Figure 1 shows the components which co-operate in a general embodiment of the invention. Note that the traffic links (which carry one of services described above) are shown as full lines, signalling links for (a) allowing subscribers to request access and (b) controlling distribution of the content are shown as broken lines. The core digital broadcast network comprises a number of Digital Receivers 15 receiving one or more services from a number of Transmitting Stations 9. The Digital Content Transmission system 8 provides the means to support transmission of any range of content media formats over the broadcast channel as supplied by one or more Content Servers 7. The digital broadcast network provides the means to deliver content from the Content Server to the Digital Receivers 15, over the "forward" broadcast channel. A second network, illustrated in Figure 1 as a Public Land Mobile Network (PLMN) , can optionally be added to the system, comprising one or more Base Stations 17 and Core
Networks 18. This second network provides the means to enable the Digital Receiver 15 to request services and confirm receipt of service transmission and signalling received on the forward channel, and constitutes the "control" channel. In the preferred embodiment the return channel is supported by a standard PLMN service, such as but not limited to General Packet Radio Service (GPRS) ,
Unstructured Supplementary Services Data (USSD) , Wireless Application Protocol (WAP) or Short Message Service (SMS) according to the "GSM" standard. The invention also extends to supporting the control channel over other electronic means or, for more limited service provision, through nonelectronic means. In one arrangement of the invention, the Digital Receiver 15 is a handheld or portable device (with audio, video and/or textual outputs) to which the necessary mobile phone circuitry has been added to provide one or more of the return channel options described. In another arrangement the Digital Receiver 15 is integrated with a vehicular entertainment system (for example in-car radio or back-seat video screens) with again the necessary mobile phone circuitry added to provide one or more of the return channel options described. This arrangement can also be achieved through the use of a wireless interface facilitated by a Bluetooth link or similar between the entertainment system and a local mobile phone . The advantage of using a mobile system for the return channel over a fixed system is that there is no set-up required as the receiver is moved from location to location. The return channel is not dependent on the receiving device being in any particular location. In addition, the system does not incur installation costs over what is required to fit the equipment for the first time, also the user does not have to spend time aligning aerials (since digital radio does not require directional receiving aerials) but only has to turn the equipment on to be able to use the service . In a further arrangement the Digital Receiver 15 is added to a standard mobile phone device in such a fashion that the subscriber continues to be served and billed by the mobile phone operator and receives additional services via the media broadcast channel . In a further arrangement the Digital Receiver 15 is a part of a fixed installation within a building and uses any available telecommunications link (for example fixed phone network, Internet, mobile network, satellite network) to provide the return channel . In a further arrangement the Digital Receiver 15 is a stand alone device (typically a household radio, mobile/car radio, video/media player or part of a home entertainment system) .and the subscriber uses a separate existing telecommunications link (for example fixed phone network, Internet, mobile network, satellite network) to provide the return channel either directly or indirectly (through a call to a human or computer based call centre) to request new services or confirm correct delivery of a requested item of entertainment or received data file. Where the particular arrangement of the Digital Receiver 15 facilitates a direct return channel back to the User Management System 4, the subscriber is able to directly interact with the service to request items of entertainment or data files which can be loaded into the Content Store 16 and subsequently transmitted to that subscriber. The particular arrangement of a mobile Digital Receiver
15 with a direct/indirect return channel is that the user can "instantly" access any particular service or content they are authorised to receive through either a packaged subscription or on an "ad hoc" basis using the existing validation and payment mechanisms already in place within any of the mobile operators willing to participate in this service. Unlike existing fixed broadcasting services, users also have the potential capability to "roam" across any boundary or country across the world that offers a GSM based mobile telephony service and suitable radio broadcasting facilities. Validation and payment for services or content can be made back to the users mobile phone account resident at their "home" mobile operator on either a pre-pay, post pay or subscription model. The components added to this digital broadcasting architecture relevant to this invention are comprised in two subsystems. The first subsystem, the Secure Server 1, is added to or interfaced with the head-end of the Digital Broadcast Transmission system 8 and comprises a Key Server 2, Encryption Server 3, User Management System 4, Subscriber Database 5 and Content Store 16. These components may be implemented on separate hardware units or integrated into a smaller number of units or a single unit. The User Management System 4 controls which subscribers can have access to the "conditional access services" through interrogating the Subscriber Database 5. The Subscriber
Database 5 contains a directory of subscribers, each entry detailing the subscriber's identity, means by which the subscriber can be authenticated and a list of those conditional access services to which the subscriber is allowed access. The Subscriber Database 5 may also contain other information for each subscriber related to the service contract, for example defining the agreed payment mechanism. The User Management System 4 and Subscriber Database 5 may be part of an existing operator's infrastructure. The User Management System 4 may have interfaces to external Customer Care and Billing Systems 6, such as those incorporated in existing mobile telephony systems, to enable provisioning and updating of subscriber details in the Subscriber Database 5. The interface may also provide records detailing the usage of each conditional access service made by each subscriber, whether based on volume of information transmitted or duration of service connection, in order that this may be monitored and/or the subscriber charged for use of the service . The User Management System 4 or the Content Server 7 may also advertise services over the forward channel from which the subscriber is able to select. This is known as providing an "Electronic Programme Guide" in digital broadcasting systems. Content to be transmitted over the digital broadcast channels is received from the appropriate Content Servers 7 by the Encryption Server 3. At the Encryption Server 3 a mapping exists between one or more input data streams (identifying for example by source or destination address/port number) and the output data stream for transmission over the broadcast channel (s) . More than one output stream can be supported on each channel by using suitable multiplexing techniques. Each output data stream equates to one of the conditional access services offered by the operator. The function of the Encryption Server 3 is to apply a suitable encryption algorithm to each output stream of data using a known "traffic key". A separate traffic key is used to encrypt each stream in order that access to content for each conditional access service can be individually controlled. The operation of the Encryption Server 3 is not restricted to any particular encryption algorithm or protocol layer at which encryption is applied, and could be applied to continuous or non-continuous streams of data. Typically standard commercial or military encryption methods will be used. In one embodiment data streams are encrypted and transmitted over the broadcast channel as IP Multicast packets using established techniques for encapsulating IP packets on the DAB bearer. In this instance, standard IPSec security methods defined by IETF standards RFC 2402, 2406 can be applied to each output IP multicast stream. Content may optionally be stored locally at a Content Store 16 within the Secure Server 1, for transmission at a specified scheduled time or times, for re-transmission (for example if previous transmissions were detected as corrupted) , or for repeated cyclical transmission using a carrousel technique. This is where specific items of data are loaded into the Content Store 16 and repeatedly transmitted at regular intervals until a pre-set time limit has expired, or an acknowledgement of successful delivery has been received from the intended recipients using one of the return channels described previously. The traffic keys to be used to encrypt and decrypt each conditional access service are generated by the Key Server
2, and passed to the Encryption Server 3 and, in the case of the decryption keys, also to each currently authorised subscriber. This ensures that only authorised subscribers can decrypt the content related to each conditional access service. The key server also specifies the encryption algorithm which should be used by the Encryption Server 3 and Encryption Client 11. The traffic key is changed during service transmission to deny subsequent access to the service for a subscriber leaving the group whether on request by the subscriber or forced to leave by the Digital Broadcast operator. This may be done as soon as the subscriber requests to leave the group, or more efficiently performed as a batch so that the traffic key update denies access to one or more subscribers who have left over a given time interval . The traffic key may also be changed to prevent unauthorised users from determining the traffic key through cryptoanalysis and hence gaining access to the content. The new traffic key is distributed to all remaining authorised subscribers. Keys may be distributed over the control channel, and/or via the broadcast forward channel as appropriate for the application. The traffic key is distributed to each user using established techniques, whereby the key is delivered to each subscriber encrypted using one or more key encryption keys and also, optionally, with their unique key (for example their public key in a PKI infrastructure) . Positive confirmation may be generated by each subscriber when a new key is received to enable the Key Server 2 to keep track of current recipients and possible stragglers. Where security is not so sensitive, traffic keys may be distributed according to key encryption keys belonging to a number of subscribers organised into one or more groups. As a result, the traffic key will be available to all members of that subscriber group. In circumstances where individual communication to a subscriber is required, e.g. to each member of a subscriber group to update traffic keys subsequent to a subscriber leaving that group, traffic keys may be encrypted using a combination of one or more key encryption keys with that subscriber's unique key. In one embodiment keys are distributed using the Logical Key Hierarchy (LKH) approach defined in IETF standard RFC 2627 whereby the key encryption keys are arranged in a tree hierarchy. This has the benefit of improving the efficiency of key management by only re-keying those branches of the tree affected by the removal of one or more subscribers . Two major classes of conditional access service are identified with differing requirements on how the key distribution should be managed. The first class relates to continuous or continual streams of live or pre-recorded content (for example live Radio or Television) which subscribers can request to join during transmission and, if the service model permits, be charged only for that part of the content received. That is from the time the subscriber has received the necessary encryption key and can decode the content from the Digital Broadcast channel . The second relates to delivering contiguous blocks of data (for example data files, database updates, video clips) which only are meaningful at the application level when received in full. In this instance delivery of content will require scheduling and subscribers wishing to access the content will need to request to join the service and hence receive the necessary encryption keys in advance. The second subsystem, the Secure Client 10, is added or interfaced to the Digital Receiver 15 and comprises a Key Client 12, Encryption Client 11, and optionally a Cache 13 and Service Guide 14. A unique identifier 19 is also added, if not already present, to the handset to enable the subscriber or the handset to be uniquely identified when requesting a conditional access service (see later for more detail) . These components may be implemented on separate hardware units or integrated into a smaller number of units, some or all of these may be integrated on the receiver itself. The Encryption Client 11 receives the encrypted content received on one or more of the media broadcast channels and if it has the correct traffic key(s) for one or more of the conditional access services decrypts the content using the specified algorithm. This may be viewed or listened to immediately through the Digital Receiver 15 (or peripheral device) or stored in a Cache 13, either in encrypted or decrypted form. The Key Client 12 decodes the traffic key messages received from the Key Server for the currently subscribed services using key encryption keys and optionally its private key, and provides the traffic key(s) to the Encryption Client 11. It also responds to subscriber's requests for new services, made via the Service Guide 14, by requesting the requisite traffic key from the Key Server 2. This process will require the subscriber to be authenticated, which can be achieved through a number of established techniques including password authentication,
PKI certificates or chip-based challenge handshake authentication methods (eg GSM SIM based authentication) , and then authorised for receiving the service. An electronic Service Guide 14 provides information on the available services and the attributes required to receive the content stream, for example the Broadcast service channel frequency and receive address/port of the data stream related to the conditional access service. The process by which a subscriber gains access to one of the conditional access services is now described with reference to Figure 2. When a new service becomes available the User Management System 4, potentially in response to some external stimulus from one of the Content Servers 7, issues a notification (step 201) to all subscribers. This contains details of the service (including identifier and description) , information regarding how the Digital Receiver 15 should be configured to receive the service (including digital radio frequency and address/port to which the data stream shall be delivered) and other supplementary information (for example the service transmission time(s)). The notification can be made over an open broadcast channel, via the control channels or other electronic or no- electronic means as desired. The notification is received by the Digital Receiver 15 and displayed by the Service Guide 14 (step 202) . The subscriber can at any time, before or during service transmission, elect to request to join the service (step 203) . This is achieved by the Key Client 12 signalling to the Key Server 2 that service is required, either over the control channel or other establishment means (step 204) . As a minimum this signal contains the subscriber identity and the identifier of the service required. The subscriber identity may be a Unique Identifier 19 relating to the person using the receiver (for example through entering a code through the handset, or inserting a SmartCard or similar into the device or, in an embodiment based on a standard mobile phone device, a standard Subscriber Identity Module (SIM) ) or may be a Unique Identifier allocated to the receiver 19, preferably permanently stored on the receiving device chipset. The receipt of the signal by the Key Server 2 (step 205) causes the User Management System 4 to first authenticate the subscriber (step 206) and then determine in conjunction with the Subscriber Database 5 that the subscriber is authorised to receive the requested content (step 208) . Authentication may require an intermediate step, in order that the Key Client 12 is challenged by the Key Server 2, similar to that familiar in GSM mobile phones. Following successful authentication and authorisation, the User Management System registers that the subscriber is now able to receive the service and commands the Key Server 2 to download the traffic key so that the subscriber can access the content (step 209) . In the simplest embodiment the traffic key is encrypted with the subscriber's unique key (for example public key in the PKI infrastructure) , which has previously been provided to the User Management System when the subscriber registered, so that the Key Client can simply retrieve the traffic key by performing the necessary decryption (for example with their corresponding private key in the PKI infrastructure) . In one embodiment, where a series of key encryption keys (KEKs) are used to distribute the traffic key according to a Logical Key Hierarchy (LKH) , the first KEK is encrypted with the unique key, the second KEK is encrypted with the encrypted version of the first KEK, and so on, until the traffic key is encrypted with the encrypted version of the last KEK. The Key Client then is delivered a series of keys each of which needs to be decrypted in turn to decipher the traffic key. When the initial key set is received (step 210) it is passed to the Encryption Client 11 and stored locally, either in volatile or permanent memory depending on security requirements. The Key Client 12 also sends a key acknowledgement signal (step 211) to the Key Server which records successful delivery (step 212) . The process by which the content is securely distributed to authorised subscribers is now described with reference to Figure 3. When the service is initiated the Key Server 2 generates a traffic key (step 301) according to the security policy defined for the service and sets it in the Encryption Server 3 (step 302) . One or more subscribers may elect to join the service (using the procedure in Figure 2) , and if authorised receive the key set, comprising the traffic key and the series of KEKs. The Key Client 12 deciphers the traffic key using its private key and the KEKs (step 210) , and sets the traffic key in the Encryption Client 11 (step 303) . At some point after the service is initiated the Content Server begins to send data (step 304) as a continuous or non-continuous stream. The data is received and potentially reformatted by the Encryption Server 3, and may be stored within the Content Store 16 for later transmission (and re-transmission) if required by the service description (Step 306) . When the content is ready to be transmitted, it is forwarded to the Encryption Server 3, encrypted with the traffic key and transmitted over the allocated broadcast forward channel (step 307) . The data stream is received and decrypted by the authorised subscribers with the provisioned traffic key (step 308) .
Subscribers may join the service using the procedure defined in Figure 2 at any time during the service session. Subscribers may at any time also elect to leave the service. The procedure followed is shown in Figure 4. The Key Client 12 issues a signal (309) to the Key Server 2, which registers that a subscriber wishes to leave (step 310) and initiates a process to refresh the traffic key. Depending on performance considerations this may or may not occur immediately when the request is received; if desired requests to leave may be batched over a period of time, so that the overhead in distributing the new traffic key is reduced. At the appropriate time, a new traffic key (step 311) and optionally a set of KEKs (step 312) are generated to effect the traffic key change. In one embodiment the new traffic key is distributed individually to each remaining subscriber encrypted using their unique key. This ensures that the leaving subscriber (s) cannot decrypt the new traffic key and hence no longer have access to the service . In another embodiment, which is preferable from a scalability viewpoint, the new traffic key is distributed using KEKs arranged in a Logical Key Hierarchy (LKH) . In this method, described in IETF RFC 2627, the KEKs are arranged in a binomial tree such that each node in the tree is a KEK known only to those subscribers beneath that node in the tree. To distribute the new traffic key it is necessary to change the KEKs in the hierarchy which relate to branches in the tree containing subscribers that are to be removed from the service. The new traffic key and modified KEKs are then distributed to all subscribers in such a way that only those subscribers remaining in the service can decrypt the necessary KEKs and hence discover the new traffic key. This significantly reduces the amount of new key material that has to be distributed for large subscriber populations. The new keys are downloaded over the forward channel (step 313) and received by the Key Clients (step 314) . These optionally send a key receipt (step 315) which is recorded in the Key Server (step 316) . As soon as the new traffic key is received by the Key Client, it passes it to the Encryption Client 11 (step 317) . The Encryption Client continues to decrypt the traffic stream with the old traffic key, until it detects from the data stream that there has been a key change . The Key Server 2 continues to use the old traffic key until either (a) key receipts have been received from all the currently authorised subscribers and/or (b) a timer has elapsed. At this time the Key Server switches to the new traffic key (Step 318) and sets this key in the Encryption Server (Step 319) . All subsequent data will be encrypted with the new traffic key (Step 320) . The Encryption Client 11 will detect a change in traffic key (at step 321) by either a signalling pre-amble or preferably using a key identifier in the encrypted packet header (such as the Security Parameter Index defined by the IPSEC standard) . It then switches to the new key and continues to receive data without interruption to service. As will be appreciated by those skilled in the art, variations may be made to the embodiments described above
• without departing from the scope of the present invention as defined by the appended claims. An illustrative rather than exhaustive list of variations have been described above. The present invention may be implemented in different forms, e.g. hardware or software. As such, the above description and claims should be interpreted in a functional sense. It will be clear to the skilled person how the functional elements may be physically implemented. It will also be evident to the skilled person that various physical parts may be assigned more than one function. For example, separate receivers > transmitters, encryption providers, decryption providers, key providers and key stores may be grouped together in different arrangements as circumstances require .

Claims

Claims
1. Transmission apparatus for use in a digital broadcast system, comprising: a content provider operable to provide content of a conditional access service to be transmitted by the transmission apparatus; an encryption key provider operable to provide an encryption key to be used for encryption of content provided by the content provider; a decryption key provider operable to provide a decryption key to be used by a receiver apparatus of a subscriber who subscribes to the conditional access service to decrypt the encrypted content ; a content encryption provider operable to encrypt content provided by the content provider using the encryption key provided by the key provider; a decryption key encryption provider operable to encrypt the decryption key using a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; a transmitter operable to broadcast digitally the encrypted content and the decryption key; and forwarding means operable to forward the encrypted decryption key for receipt by the receiver apparatus.
2. The transmission apparatus of claim 1, wherein the decryption key encryption provider is further operable to encrypt the decryption key using a unique key associated with the subscriber that comprises a public key according to a PKI infrastructure.
3. The transmission apparatus of claim 2, wherein the decryption key encryption provider is operable to encrypt the decryption key using both the unique key associated with the subscriber and one or more key encryption keys.
4. The transmission apparatus of claim 3, wherein the key encryption keys are organised according to a tree hierarchy.
5. The transmission apparatus of claim 4, wherein the tree hierarchy is organised according to subscribers and groups of subscribers in a branched structure .
6. The transmission apparatus of any preceding claim, further comprising means operable to assign a unique key to a new subscriber and wherein the forwarding means is operable to forward the unique key for receipt by the receiver apparatus of the new subscriber.
7. The transmission apparatus of any preceding claim, wherein the encryption key provider is operable to provide an updated encryption key to the encryption provider, the decryption key provider is operable to provide an updated decryption key to the encryption provider, the content encryption provider is operable to encrypt the updated decryption key with the key encryption key and the decryption key encryption provider is operable to encrypt the content using the updated encryption key, and the transmitter is operable to transmit the encrypted decryption key and encrypted content .
8. The transmission apparatus of any preceding claim, wherein the transmitter provides the forwarding means such that the encrypted decryption key is broadcast.
9. The transmission apparatus of any preceding claim, further comprising a receiver unit operable to receive a signal received from the channel over a channel provided by a telephone network.
10. The transmission apparatus of claim 9, wherein the receiver unit is operable to recognise a signal received from the channel corresponding to an acknowledgement of receipt of a decryption key.
11. The transmission apparatus of claim 10, wherein the receiver unit is operable to recognise a signal corresponding to a request to join a conditional access service.
12. The transmission apparatus of any preceding claim, further comprising a content store operable to receive and store encrypted content provided by the content encryption provider and subsequently to provide the encrypted content to the transmitter.
13. The transmission apparatus of claim 12, wherein the content store is operable to provide repeatedly the encrypted content to the transmission for repeated transmission.
14. The transmission apparatus of claim 12 or claim 13, wherein the content store is operable also to store encrypted decryption keys.
15. The transmission apparatus of any preceding claim, wherein the content provider is operable to provide content relating to a plurality of conditional access services, and wherein the encryption key provider is operable to provide an encryption key, the decryption key provider is operable to provide a decryption key for each of the conditional access services, and the content encryption provider is operable to encrypt the content of each of the conditional access services with its associated encryption key.
16. The transmission apparatus of claim 15, further comprising a multiplexer operable to multiplex encrypted content of two or more of the plurality of conditional access services onto a single broadcast channel .
17. The transmission apparatus of claim 15 or claim 16, further comprising a subscriber database operable to store details of the subscriber relating to the conditional access services to which they subscribe and to a unique key associated with the subscriber.
18. The transmission apparatus of claim 17, wherein the decryption key encryption provider is operable to receive the details stored in the subscriber database and to encrypt the decryption key for each conditional access service to which the subscriber subscribes using the key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs and/or the subscriber's unique key.
19. The transmission apparatus of claim 17 or claim 18, wherein the subscriber database is operable also to store details relating to an account associated with the subscriber for billing purposes.
20. The transmission apparatus of claim 19, wherein the account is associated with the telephone network provider of the telephone network that provides the return channel .
21. The transmission apparatus of claim 20, further comprising a communication link to a billing system of the telephone network provider.
22. The transmission apparatus according to any preceding claim operating as a digital television or digital radio transmitter.
23. Receiver apparatus associated with a subscriber for use in a digital broadcast system, comprising: a key encryption key store operable to store a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; a decryption key receiver operable to receive an encrypted decryption key; a decryption provider operable to decrypt the encrypted decrypted key, received by the receiver, using the key encryption key provided by the key store and to provide the decrypted decryption key for storage in a decryption key store; and a content receiver operable to receive a digital broadcast including encrypted content of a conditional access service; wherein the decryption provider is operable to use the decryption key provided by the decryption key store to decrypt the encrypted content .
24. The receiver apparatus of claim 23, wherein the key encryption key store is operable to store a unique key associated with the subscriber that comprises a private key according to a PKI infrastructure .
25. The receiver apparatus of claim 24, wherein the decryption provider is operable to decrypt the decryption key using both the unique key and one or more key encryption keys .
26. The receiver apparatus of claim 25, wherein the key encryption keys are organised according to a tree hierarchy.
27. The receiver apparatus of claim 26, wherein the tree hierarchy is organised according to subscribers and groups of subscribers in a branched structure .
28. The receiver apparatus of any of claims 23 to 27, wherein the encrypted decryption key is transmitted as part of the digital broadcast and a common receiver provides both the decryption key receiver and the content receiver.
29. The receiver apparatus of any of claims 23 to 28, further comprising means for communicating on a channel provided by a telephone network.
30. The receiver of claim 29, comprising means for communicating on a mobile telephone network or a data network such as a data radio network.
31. The receiver apparatus of claim 29 or claim 30, further operable to send a signal on the channel to acknowledge receipt of a decryption key.
32. The receiver apparatus of any of claims 29 to 31, further operable to send a signal on the channel to request a new conditional access service.
33. The receiver apparatus of any of claims 23 to 32, further comprising a cache operable to receive and store content received by the content receiver.
34. The receiver apparatus of claim 33, wherein the cache is operable to receive and store decrypted content from the decryption provider.
35. The receiver apparatus of any of claims 23 to 34, wherein the content receiver is operable to receive a digital broadcast including encrypted content of a plurality of conditional access services, the decryption key receiver is operable to receive an encrypted decryption key for two or more of the conditional access services, the decryption provider is operable to decrypt the encrypted decrypted keys of the two or more conditional access services using the key encryption key provided by the key encryption key store and to provide the decrypted decryption key for storage in the decryption key store, and the decryption provider is operable to decrypt the encrypted content of the two or more conditional access services using the associated decryption keys .
36. The receiver apparatus of claim 35, wherein the receiver apparatus has an associated unique identifier that allows the receiver apparatus to be identified when conditional access services are requested.
37. The receiver apparatus of any of claims 23 to 36, further comprising associated slave devices, each device having a unique identifier.
38. The receiver apparatus of any of claims 23 to 37 comprising a digital television, a digital radio, a computer or an in-car entertainment system.
39. A broadcast system comprising the transmitter apparatus of any of claims 1 to 22, the receiver apparatus of any of claims 23 to 38 and a telephone network, wherein the receiver apparatus is operable to communicate with the transmitter apparatus over the telephone network.
40. The broadcast system of claim 39, wherein the telephone network is a mobile telephone network.
41. A method of operating transmission apparatus for use in a digital broadcast system, comprising: using a content provider to provide content of a conditional access service to be transmitted by the transmission apparatus; using an encryption key provider to provide an encryption key to be used for encryption of content provided by the content provider; using a decryption key provider to provide a decryption key to be used by a receiver apparatus of a subscriber who subscribes to the conditional access service to decrypt the encrypted content ; using a content encryption provider to encrypt content provided by the content provider using the encryption key provided by the key provider; using a decryption key encryption provider to encrypt the decryption key using a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; using a transmitter to broadcast digitally the encrypted content and the decryption key; and using forwarding means to forward the encrypted decryption key for receipt by the receiver apparatus.
42. The method of claim 1, wherein the decryption key encryption provider is further used to encrypt the decryption key using a unique key associated with the subscriber that comprises a public key according to a PKI infrastructure .
43. The method of claim 41 or claim 42, comprising using the decryption key encryption provider to encrypt the decryption key using the both unique key associated with the subscriber and one or more key encryption keys.
44. The method of claim 3, wherein the key encryption keys are organised according to a tree hierarchy.
45. The method of claim 44, wherein the tree hierarchy is organised according to subscribers and groups of subscribers in a branched structure .
46. The method of any 'of claims 41 to 45, comprising using means to assign a unique key to a new subscriber and using the forwarding means to forward the unique key for receipt by the receiver apparatus of the new subscriber.
47. The method of any of claims 41 to 46, comprising using the encryption key provider to provide an updated encryption key to the encryption provider, the decryption key provider is operable to provide an updated decryption key to the encryption provider, using the content encryption provider to encrypt the updated decryption key with the key encryption key and subsequently to encrypt the content using the updated encryption key, and using the transmitter to transmit the encrypted decryption key and encrypted content .
48. The method of any of claims 41 to 47, comprising using the transmitter as the forwarding means such that the encrypted decryption key is broadcast.
49. The method of any of claims 41 to 48, further comprising using receiver unit to receive a signal received from the channel over a channel provided by a telephone network.
50. The method of claim 49, comprising using the receiver unit to recognise a signal received from the channel corresponding to an acknowledgement of receipt of a decryption key.
51. The method of claim 50, comprising using the receiver unit to recognise a signal corresponding to a request to join a conditional access service.
52. The method of any of claims 41 to 51, comprising using a content store operable to receive and store encrypted content provided by the content encryption provider and subsequently to provide the encrypted content to the transmitter.
53. The method of claim 52, comprising using the content store to provide repeatedly the encrypted content to the transmission for repeated transmission.
54. The method of claim 52 or claim 53, comprising using the content store to store encrypted decryption keys.
55. The method of any of claims 41 to 54, comprising using the content provider to provide content relating to a plurality' of conditional access services, using the encryption key provider to provide an encryption key, the decryption key provider to provide a decryption key for each of the conditional access services, and using the content encryption provider to encrypt the content of each conditional access services with its associated encryption key.
56. The method of claim 55, comprising using a multiplexer to multiplex encrypted content of two or more of the plurality of conditional access services onto a single broadcast channel .
57. The method of claim 55 or claim 56, comprising using a subscriber operable to store details of the subscriber relating to the conditional access services to which they subscribe and to a unique key associated with the subscriber.
58. The method of claim 57, comprising using the decryption key encryption provider to receive the details stored in the subscriber database and to encrypt the decryption key for each conditional access service to which the subscriber subscribes using the key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs and/or the subscriber's unique key.
59. The method of claim 57 or claim 58, comprising using the subscriber database to store details relating to an account associated with the subscriber for billing purposes.
60. The method of claim 59, wherein the account is associated with the telephone network provider of the telephone network that provides the return channel .
61. The method of claim 60, comprising using a communication link to a billing system of the telephone network provider.
62. A method of using receiver apparatus associated with a subscriber for use in a digital broadcast system, comprising: using a key encryption key store to store a key encryption key associated with the subscriber or a group of subscribers to which the subscriber belongs; using a decryption key receiver to receive an encrypted decryption key; using a decryption provider to decrypt the encrypted decrypted key, received by the receiver, using the key encryption key provided by the key store and to provide the decrypted decryption key for storage in a decryption key store; and using a content receiver to receive a digital broadcast including encrypted content of a conditional access service; and using the decryption provider to use the decryption key provided by the decryption key store to decrypt the encrypted content .
63. The method of claim 62, wherein the key encryption key store is operable to store a unique key associated with the subscriber that comprises a private key according to a PKI infrastructure .
64. The method of claim 62 or claim 63, comprising using the decryption provider to decrypt the decryption key using both the unique key and one or more key encryption keys.
65. The method of claim 64, wherein the key encryption keys are organised according to a tree hierarchy.
66 . The method of claim 65, wherein the tree hierarchy is organised according to subscribers and groups of subscribers in a branched structure .
67. The method of any of claims 62 to 66, comprising transmitting the encrypted decryption key as part of the digital broadcast and using a common receiver as both the decryption key receiver and the content receiver.
68. The method of any of claims 62 to 67, comprising using means for communicating on a channel provided by a telephone network.
69. The method of claim 68, comprising using the means to communicate on a mobile telephone network or a data network such as a data radio network.
70. The method of claim 68 or claim 69, comprising sending a signal on the channel to acknowledge receipt of a decryption key.
71. The method of any of claims 68 to 70, comprising sending a signal on the channel to request a new conditional access service.
72. The method of any of claims 62 to 71, comprising using a cache to receive and store content received by the content receiver.
73. The method of claim 72, comprising using the cache to receive and store decrypted content from the decryption provider.
74. The method of any of claims 62 to 73, comprising using the content receiver to receive a digital broadcast including encrypted content of a plurality of conditional access services, using the decryption key receiver to receive an encrypted decryption key for two or more of the conditional access services, using the decryption provider to decrypt the encrypted decrypted keys of the two or more conditional access services using the key encryption key provided by the encryption key store and to provide the decrypted decryption key for storage in the decryption key store, and using the decryption provider to decrypt the encrypted content of the two or more conditional access services using the associated decryption keys.
75. The method of claim 74, wherein the receiver apparatus has an associated unique identifier that allows the receiver apparatus to be identified when conditional access services are requested.
76. The method of any of claims 62 to 75, further comprising associated slave devices, each device having a unique identifier.
77. A computer programmed to cause transmission apparatus to operate in accordance with the method any of claims 41 to 61 or to cause receiver apparatus to operate in accordance with the method of any of claims 62 to 76.
78. A computer program comprising computer code instructions that, when loaded into a computer, causes transmission apparatus to operate in accordance with the method of any of claims 41 to 61 or to cause receiver apparatus to operate in accordance with the method of any of claims 62 to 76.
79. Apparatus for providing conditional access to digital radio service (s), comprising a secure server added to the digital radio transmission system and a secure client added to the digital radio receiver, wherein the secure server has means to digitally encrypt content being transmitted over the digital radio channel and means for controlling distribution of the encryption keys only to those secure clients which are authorised to receive the digital radio service (s) and have requested to receive those services at that point in time.
80. The apparatus of claim 79, wherein the digital radio receivers have integrated electronic means to request access to the digital radio services via a mobile radio telephony system or fixed wired telephony system.
81. The apparatus of claim 79 or claim 80, wherein the secure server has means for recording each secure client's utilisation of each of the available digital radio services, whether on a per volume or per time basis, and means for providing these accounting records to a customer billing system.
82. The apparatus of any of claims 79 to 81, wherein the secure client has means to uniquely identify the digital radio receiver based on a serial number stored permanently on the digital radio chipset .
83. The apparatus of any of claims 79 to 82, further comprising a series of slave electronic devices with associated secondary serial numbers served by the digital radio receiver and registered under the same subscription, so that content received by the digital radio receiver can be forwarded to the slave devices without infringing the copyright of the content owner.
84. The apparatus of any of claims 79 to 83, wherein the services/content being transmitted by the broadcaster is encrypted and can only be accessed and/or viewed by means of a key mechanism held within the receiving device that decrypts the content and presents it to the user.
85. The apparatus of any of claims 79 to 84, wherein the received services/content is stored encrypted within the body of the receiving unit or within a removable memory storage device.
86. A method for providing conditional access to digital radio service (s), wherein a secure server digitally encrypts content for transmission over the digital radio channel and controls distribution of the encryption keys only to those secure clients which are authorised to receive the digital radio service (s) and have requested to receive those services at that point in time.
87. The method of claim 86, wherein the secure client requests access to any of the digital radio services at any time via a mobile radio telephony system or fixed wired telephony system.
88. The method of claim 86 or claim 87, wherein the secure client also uniquely identifies the digital radio receiver based on a serial number stored permanently on the digital radio chipset .
89. The method of claim 88, wherein the serial number of the digital radio receiver is associated with a secondary identifier such that the utilisation of the digital radio services can be billed to an account associated with this secondary identifier.
90. The method of any of claims 86 to 89, wherein the secure server records each secure client's utilisation of each of the available digital radio services, whether on a per volume or per time basis, and provides these accounting records to a customer billing system.
91. The method of any of claims 86 to 90, wherein the secure server also changes the encryption key when one of the secure clients requests to leave or is forced to leave the associated service and distribute the updated key to the remaining secure clients.
92. A digital radio system apparatus including: means to support conditional access to digital radio services by digitally encrypting the content and controlling distribution of the encryption keys to only those subscribers who are authorised to receive the services and have requested to receive those services at that point in time; means for digital radio subscribers to request access to these services electronically via a mobile radio telephony system or fixed wired telephony system; means for the subscriber's utilisation of each of the digital radio services to be recorded on a per volume or per duration basis and means for providing these accounting records to a customer billing system; and means for uniquely identifying the digital radio receiver based on a serial number stored permanently on the digital radio chipset.
93. A method of operating a digital radio system, include the steps of: digitally encrypting the digital radio service (s) and controlling distribution of the encryption keys to only those subscribers who are authorised to receive the services and have requested to receive those services at that point in time; enabling the digital radio subscriber to request via electronic means access to any of the subscribed digital radio service (s) at any time; enabling the utilisation of each of the digital radio service (s) by each subscriber to be recorded and presented to a customer billing system; changing the encryption key when one or more of the subscribers requests to leave or is forced to leave the service and distributing the updated key to the remaining subscribers; enabling the digital radio subscriber to be uniquely identified by a serial number stored permanently on the digital radio chipset; and enabling a series of secondary serial numbers associated with slave electronic devices served by the digital radio receiver to be registered under the same subscriber so that content received by the digital radio receiver can be forwarded to the slave devices without infringing the digital rights of the content owner.
PCT/GB2005/000650 2004-02-23 2005-02-23 Improvements relating to digital broadcasting communications WO2005083917A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0403982.2 2004-02-23
GB0403982A GB0403982D0 (en) 2004-02-23 2004-02-23 Improvements relating to digital radio communications

Publications (1)

Publication Number Publication Date
WO2005083917A1 true WO2005083917A1 (en) 2005-09-09

Family

ID=32050707

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2005/000650 WO2005083917A1 (en) 2004-02-23 2005-02-23 Improvements relating to digital broadcasting communications

Country Status (2)

Country Link
GB (1) GB0403982D0 (en)
WO (1) WO2005083917A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2448944A (en) * 2007-05-02 2008-11-05 Film Night Ltd Scaling video to be sent over a mobile network depending on spatial loss
WO2009085919A1 (en) * 2007-12-21 2009-07-09 Ibiquity Digital Corporation Radio service registry
WO2009157800A1 (en) * 2008-06-25 2009-12-30 Федеральное Государственное Унитарное Предприятие Ордена Трудового Красного Знамени Научно-Исследовательский Институт Радио (Фгуп Ниир) System for protecting information in subscriber networks
CN105527630A (en) * 2015-05-21 2016-04-27 北京中电华大电子设计有限责任公司 Satellite navigation chip integrated with data safety function and application method of chip
US10178399B2 (en) 2013-02-28 2019-01-08 Sonic Ip, Inc. Systems and methods of encoding multiple video streams for adaptive bitrate streaming
CN111278007A (en) * 2020-01-22 2020-06-12 湖南科大天河通信股份有限公司 Encryption method, device and system based on data radio station communication
US11025902B2 (en) 2012-05-31 2021-06-01 Nld Holdings I, Llc Systems and methods for the reuse of encoding information in encoding alternative streams of video data

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003051056A1 (en) * 2001-12-10 2003-06-19 International Business Machines Corporation Access to encrypted broadcast content

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003051056A1 (en) * 2001-12-10 2003-06-19 International Business Machines Corporation Access to encrypted broadcast content

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8363715B2 (en) 2007-05-02 2013-01-29 Saffron Digital Limited Processing compressed video data
GB2448944A (en) * 2007-05-02 2008-11-05 Film Night Ltd Scaling video to be sent over a mobile network depending on spatial loss
US8331439B2 (en) 2007-05-02 2012-12-11 Saffron Digital Limited Processing video data
GB2448944B (en) * 2007-05-02 2011-11-23 Film Night Ltd Processing video data
US8085750B2 (en) 2007-05-02 2011-12-27 Saffron Digital Limited Streaming video data to mobile devices
WO2009085919A1 (en) * 2007-12-21 2009-07-09 Ibiquity Digital Corporation Radio service registry
US8521079B2 (en) 2007-12-21 2013-08-27 Ibiquity Digital Corporation Radio service registry
WO2009157800A1 (en) * 2008-06-25 2009-12-30 Федеральное Государственное Унитарное Предприятие Ордена Трудового Красного Знамени Научно-Исследовательский Институт Радио (Фгуп Ниир) System for protecting information in subscriber networks
US11025902B2 (en) 2012-05-31 2021-06-01 Nld Holdings I, Llc Systems and methods for the reuse of encoding information in encoding alternative streams of video data
US10178399B2 (en) 2013-02-28 2019-01-08 Sonic Ip, Inc. Systems and methods of encoding multiple video streams for adaptive bitrate streaming
US10728564B2 (en) 2013-02-28 2020-07-28 Sonic Ip, Llc Systems and methods of encoding multiple video streams for adaptive bitrate streaming
CN105527630A (en) * 2015-05-21 2016-04-27 北京中电华大电子设计有限责任公司 Satellite navigation chip integrated with data safety function and application method of chip
CN111278007A (en) * 2020-01-22 2020-06-12 湖南科大天河通信股份有限公司 Encryption method, device and system based on data radio station communication
CN111278007B (en) * 2020-01-22 2023-04-07 湖南科大天河通信股份有限公司 Encryption method, device and system based on data radio station communication

Also Published As

Publication number Publication date
GB0403982D0 (en) 2004-03-31

Similar Documents

Publication Publication Date Title
EP1452027B1 (en) Access to encrypted broadcast content
US7266198B2 (en) System and method for providing authorized access to digital content
JP4705958B2 (en) Digital Rights Management Method for Broadcast / Multicast Service
JP5296124B2 (en) Method and apparatus for time-based billing for broadcast-multicast service (BCMCS) in a wireless communication system
EP2061244B1 (en) Protection of broadcast content with key distribution using telecommunications network
EP1530339B1 (en) Method and apparatuses for access control to encrypted data services for a vehicle entertainment and information processing device
US7055030B2 (en) Multicast communication system
WO2007144388A1 (en) A method for restricting access to digital content
KR100981568B1 (en) Apparatus and method protecting contents supported broadcast service between service provider and several terminals
US20040120527A1 (en) Method and apparatus for security in a data processing system
MX2007003228A (en) System and method for providing authorized access to digital content.
JP2012507195A (en) Method and apparatus for billing and security architecture for field cast services
KR20090106361A (en) Method and apparutus for broadcasting service using encryption key in a communication system
KR20100092987A (en) System and method for using drm to control conditional access to broadband digital content
MXPA05002221A (en) Method and apparatus for secure data transmission in a mobile communication system.
KR20050094042A (en) System and method for controlling broadcast multimedia using plural wireless network connections
JP2011172276A (en) Method, device and system for relating entities for protecting content to each other
CA2586172C (en) System and method for providing authorized access to digital content
IL172931A (en) Method and apparatus for security in a data processing system
KR20040083504A (en) A hybrid network encrypt/decrypt scheme
WO2005083917A1 (en) Improvements relating to digital broadcasting communications
US8515064B2 (en) Method and an apparatus for key management in a communication network
JP2007515112A (en) Apparatus and method for transmitting and receiving broadcast services
KR20060105934A (en) Apparatus and method jointing digital rights management contents between service provider supported broadcast service and terminal, and the system thereof
CN101425862B (en) Mobile multimedia broadcast service operation management system and method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase