WO2008127092A2 - Device and method for gaining conditional access to a data network - Google Patents

Device and method for gaining conditional access to a data network Download PDF

Info

Publication number
WO2008127092A2
WO2008127092A2 PCT/NL2008/050147 NL2008050147W WO2008127092A2 WO 2008127092 A2 WO2008127092 A2 WO 2008127092A2 NL 2008050147 W NL2008050147 W NL 2008050147W WO 2008127092 A2 WO2008127092 A2 WO 2008127092A2
Authority
WO
WIPO (PCT)
Prior art keywords
central server
data
transmitting device
routines
read
Prior art date
Application number
PCT/NL2008/050147
Other languages
French (fr)
Other versions
WO2008127092A3 (en
Inventor
Ronald Hendrik Van Herk
Original Assignee
Aht Europe Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aht Europe Ltd filed Critical Aht Europe Ltd
Publication of WO2008127092A2 publication Critical patent/WO2008127092A2/en
Publication of WO2008127092A3 publication Critical patent/WO2008127092A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/2665Gathering content from different sources, e.g. Internet and satellite
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/433Content storage operation, e.g. storage operation in response to a pause request, caching operations
    • H04N21/4334Recording operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/44236Monitoring of piracy processes or activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/442Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed, the storage space available from the internal hard disk
    • H04N21/4424Monitoring of the internal components or processes of the client device, e.g. CPU or memory load, processing speed, timer, counter or percentage of the hard disk space used
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/472End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
    • H04N21/47202End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/632Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing using a connection between clients on a wide area network, e.g. setting up a peer-to-peer communication via Internet for retrieving video segments from the hard-disk of other client devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence

Definitions

  • the invention relates to a device for gaining conditional access to a digital data network.
  • the invention also relates to a method for gaining conditional access to such a digital data network, and a computer program comprising program instructions for performing of the method by a computer.
  • the invention relates particularly to a device and method for gaining conditional access to streaming and on-demand content over the internet, on server/client basis as well as on peer-to-peer basis.
  • the internet is highly suitable for sending large quantities of data from a server to a (generally) large number of recipient client computers.
  • the data transfer generally takes place here between a server and a number of clients and/or between different clients, for instance in the form of so-called peer-to-peer networks.
  • the content of the data can herein relate to for instance music (audio) and/or images (video) in digital form, to database data, to software, television and radio programmes and so on.
  • streaming video and/or audio it is of particular importance that the data connection is of good quality. It is thus essential for instance that the data transfer, which generally takes place in the form of a sequence of successive data packets, takes place uninterruptedly so that a video and/or audio broadcast is not disrupted or slowed down.
  • the transfer speed of the data is sufficiently high. It is of further importance that a user knows whether the content received and viewed by him/her is reliable.
  • the exchange of data in the data network must therefore preferably be secured, wherein it is of particular importance that the authorization procedure can take place quickly without a user having to perform time-consuming operations to this end.
  • Existing authorization procedures for instance make use of cryptographic algorithms which use confidential data, such as for instance a secret code or key, present in the software of the client computer.
  • a device according to the invention preferably forms part of a dynamic network to which a large number of users can be connected, such a time-consuming authorization procedure is less suitable, among other reasons because it is unreliable and lengthy.
  • the invention has for its object to provide a device and method for transmitting digital data via a network reliably and quickly to recipient parties, in particular streaming video and/or audio data, and for gaining conditional access to such a digital data network.
  • the device according to the invention has for this purpose the features as described in claim 1.
  • a device for gaining conditional access to a digital data network under the control of a central server which device comprises at least one data processing unit and at least one data connection to the data network and the central server, in addition to software with receiving routines for receiving data from at least one transmitting device in the data network, read routines to enable the data to be read and shown, verification routines which can communicate with the central server in order to be able to verify the authenticity of the read routines, wherein the central server comprises at least one database with information relating to the location of the at least one transmitting device, and software adapted to verify the authenticity of the receiving device, it is possible to ensure that, among other things, the access to the data is controlled centrally and that the conditions for gaining access can be easily changed if desired. It is also possible to make the conditions for gaining access dependent on the transmitting device.
  • the device can form part of a platform server/client data network, wherein the device forms part of the client.
  • a network is also referred to as an IPTV network.
  • the device forms part of a peer-to-peer network (P2P) incorporating a plurality of devices.
  • P2P peer-to-peer network
  • the device according to the invention also comprises transmission routines for transmitting data being sent from the transmitting device or devices in the data network to at least one receiving device connected to the data network irrespective of the transmitting device or devices, and/or to the central server.
  • a first standalone device (a first "peer") according to the invention can provide a second standalone device (a second "peer" according to the invention with data.
  • the first standalone device can here have received the data from yet another standalone device according to the invention. It is also possible that the first standalone device is the starting point of the dynamic network from which determined content is generated. The content made available by the starting point of the network is thus rapidly accessible by the authorized part of the network users. Because according to the invention a peer can act as server (transmitting peer) at a given moment and as client (receiving peer) at another moment, a self-correcting data network is created with little susceptibility to disruption. This is because, if a peer is no longer functioning, the data transfer can then, if desired, take place from another peer.
  • a device can only gain conditional access to the data network via a central server.
  • the transmission routines of a device according to the invention can send data to the central server.
  • the server can record and store in its memory information relating to viewing behaviour. It thus becomes possible to store information relating to the channels which are preferably watched (favourite channels), relating to viewing time, zap behaviour, which genres are watched, which programs and so forth. It also becomes possible to provide interactive functionality to the clients, such as for instance online games, quizzes, ordering, voting and so on.
  • a further advantage of the device according to the invention is that the data transfer is not affected or disrupted by the fact of whether a peer is authorized or not. It is thus possible for a determined peer to act as server for the data without the peer in question being authorized to view the content or parts thereof.
  • the verification routines of the device according to the invention ensure, among other things, that the data can only be read by authorized users.
  • the verification routines are adapted to read information relating to the location of the at least one transmitting device, this information coming from the central server.
  • the verification routines are adapted to determine a sequence of control instructions which form an executable certificate for the read routines; execute the read routines to be verified wherein the executable certificate determined prior hereto is received from the central server and the associated sequence of control instructions is executed; compare the result obtained by executing the sequence of control instructions to the result associated with an authentic read routine; and further execute the read routines when the result of the comparison is positive.
  • the nature of the algorithm is preferably determined at random. In this manner a dynamic data network is thus constructed which is on the one hand able to distribute content quickly by making use of a large number of peers, but wherein on the other hand a high measure of security against unauthorized use is achieved without number codes and/or other aids, such as for instance a smart card, being necessary for this purpose.
  • the device according to the invention provides a solution for these per se contradictory objectives.
  • a dynamic digital network is understood to mean a digital network with a dynamic topology.
  • a data processing unit is understood to mean any digital processor such as may be present for instance in a personal computer, a mobile phone, a television decoder, a multimedia player, a game computer and other similar equipment.
  • a data network, or network in short is understood to mean any array of data connections mutually connected by means of cabling and/or by means of a gaseous medium.
  • the connections can here be formed for instance by optical cables, electricity cables or other electromagnetic connection, and/or by a wireless connection, wherein this is realized by for instance infrared or radio waves.
  • a positive result of the comparison is understood to mean that any change in data used by the read routines to be verified corresponds with the change which would occur with the use of the authentic read routines.
  • the sequence of control instructions forming the executable certificate is coded in a computer language which can be read by the processing unit of the device.
  • Each node of the dynamic network preferably comprises a device according to the invention.
  • a device can comprise hardware which can form a node with the required software. It is also possible to provide a node with the required software via the network itself.
  • the software is further provided with test routines for testing connections to other devices of the data network.
  • the testing can for instance be carried out in respect of the transfer speed of the relevant connection or in respect of the stability thereof.
  • the device according to the invention comprises software provided with evaluation routines for monitoring the quality of connections to other devices in the data network. It is additionally advantageous here that the evaluation routines also comprise of testing another connection when the quality of a random connection is below a set threshold value.
  • a further preferred embodiment comprises a device which has software which is further provided with storage memory for data and/or data network addresses of at least one other device. It thus becomes possible, in the case a connection to another device in the network has been closed for instance for quality reasons, to make this connection again at a later stage in order to check whether the data transfer has improved.
  • the device according to the invention is preferably characterized in that the software is further provided with decision routines which can allow a connection to be made to another device on the basis of predetermined criteria, such as for instance the quality of the connection, the properties of the relevant device, the authenticity of the relevant node and so forth. It will be apparent that the skilled person has different criteria available.
  • the invention also relates to a method for gaining conditional access to a digital data network under the control of a central server.
  • At least some of the nodes are herein provided with a device according to the invention.
  • the inventive method has the feature that a) a receiving device sends a request to the central server to be able to receive data from a determined transmitting device; b) the central server carries out an authentication of the receiving device; c) in the case the authentication is positive, the central server sends information to the receiving device relating to the location of the transmitting device; d) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; e) the transmitting device transmits the data to the receiving device.
  • a second preferred embodiment of the method according to the invention with a further increased level of security is characterized in that a) a transmitting device establishes a connection with the central server and transmits identification information thereto; b) a receiving device sends a request to the central server to be able to receive data from the transmitting device; c) the central server sends to the transmitting device an encryption code comprising a randomly generated algorithm; d) the central server carries out an authentication of the receiving device; e) in the case the authentication is positive, the central server sends information to the receiving device relating to the location and the identification of the transmitting device; f) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; g) the transmitting device transmits the data to the receiving device.
  • a third preferred embodiment of the method according to the invention with a security level which is increased still further is characterized in that a) a transmitting device establishes a connection with the central server and transmits identification information thereto; b) a receiving device sends a request to the central server to be able to receive data from the transmitting device; c) the central server sends to the receiving device an encryption code comprising a randomly generated algorithm; d) the central server sends a decryption code to the transmitting device; e) the central server carries out an authentication of the receiving device; f) in the case the authentication is positive, the central server sends information to the receiving device relating to the location and the identification of the transmitting device; g) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; h) the transmitting device transmits the data to the receiving device, together with the decryption code; i) the receiving device decrypts the data using the decryption code.
  • a further improved preferred variant has the feature that information relating to the location and identification of the transmitting device is only sent once the receiving device has settled a payment order sent thereto by the central server.
  • a payment order can be embodied in all known ways and can, if desired, be made subject to the wishes of a transmitting client or device.
  • a preferred variant of the invented method for verifying the client software which allows viewing of the content comprises of determining a sequence of control instructions forming an executable certificate for the read routines; executing the read routines to be verified, wherein the executable certificate determined prior hereto is received and the associated sequence of control instructions is executed; comparing the result obtained by executing the sequence of control instructions to the result associated with an authentic read routine; and further executing the read routines when the result of the comparison is positive.
  • the sequence of control instructions forming an executable certificate for the read routines can for instance be determined on the basis of the value(s) of a memory card of the software to be verified.
  • this signature is computed by executing the sequence of control instructions, wherein the value(s) of the memory card of the software to be verified is/are used.
  • sequence of control instructions forming the executable certificate are retrieved from the central server.
  • the software to be verified then returns to the central server a signature produced as a result of the sequence of control instructions, wherein the central server is provided with verification software which compares the produced signature to a predetermined signature stored in the central server.
  • the further execution of the read routines is prevented when the comparison of the stored and produced signatures is negative.
  • the user in question is then unable to read the content, although the relevant node can still continue to function as data provider for another node in the case of a dynamic peer-to-peer network.
  • the invention also relates to a computer program comprising program instructions for having a computer perform the above described method according to the invention.
  • the advantages hereof will not be further discussed here since they correspond largely with the advantages already discussed above with reference to the device and method.
  • the computer program is preferably arranged on a physical carrier, or the computer program is at least partially stored in a computer memory.
  • the invention likewise relates to a computer or device adapted to execute the computer program according to the invention.
  • figure 1 shows schematically an embodiment of a device according to the invention
  • figure 2 shows a schematic representation of a dynamic network incorporating a device according to the invention
  • figure 3 shows a schematic representation of a first variant of the method according to the invention
  • figure 4 shows a schematic representation of a second variant of the method according to the invention
  • figure 5 shows a schematic representation of a third variant of the method according to the invention.
  • a device 10 according to the invention is shown which is provided with an input/output unit 1 in which are stored the software routines which control the incoming and outgoing stream of content.
  • the device further comprises a routing unit 2 which comprises the routines which, if desired, transmit the incoming content to a determined other device of the dynamic data network.
  • device 10 is provided with one or more temporary data storage units 3 in which for instance data packets can be collected and stored before they are transmitted.
  • the device is further provided with a production unit 4 which prepares content to be transmitted, and with a playback unit 5 comprising the software routines enabling playback, and thus viewing, of collected content.
  • a dynamic digital network can indeed comprise multiple types of device 10, wherein each node of the network can have its own functionality.
  • a dynamic data network will thus comprise at least one node from which the content will be presented and sent to all other nodes requesting it.
  • Each node of the network can in principle form such a production node when the relevant node transmits at least a part of the content received thereby to another node. It is also possible for the network to comprise nodes which control the addition of new nodes (users) to the network (access nodes). Most nodes of the network will be user nodes. These comprise devices which are in any case able to receive content and, when requested, transmit content to another user node. Devices 10 for user nodes are preferably also provided with software routines for checking the quality of a connection to another node in respect of the quality thereof, and/or to break a connection to another node and/or conversely enter into such a connection. Some nodes in the network will serve only to immediately transmit received content to other nodes. Such a routing node will generally only be provided with a routing unit 2.
  • Figure 2 shows a possible way in which a dynamic network can be created.
  • Production node 11 supplies via the internet a determined content, for instance a streaming video broadcast, to a number of user nodes 12, 12' and 12" via connections 22, 22' and 22". Each node is provided with a device 10 according to the invention.
  • Another user node 13 is connected via connection 23 to user node 12, no other user node is connected for the time being to user node 12', and user node 13" is connected via connection 23" to user node 12".
  • Via the connections content is supplied from production node 11 via nodes 12 and 12" to respective nodes 13 and 13".
  • Node 13" herein obtains its data via node 12", this connection 23" however being of considerably poorer quality (being for instance much slower) than connection 23 between nodes 12 and 13. As shown, node 13" will at a given moment test the connection 25 to node 12. Because node 12 still has sufficient transfer capacity remaining, node 13" will establish a connection 25 with node 12. This connection is indicated in figure 2 with a broken line. Because node 13" is now receiving content more quickly from node 12 than from node 12", a situation can occur wherein connection 23" between nodes 13" and 12" is broken by node 13", shown in figure 2 with a cross. As indicated in figure 2, user node 14 in this situation still does not receive any content.
  • Node 14 requests information at a certain moment relating to the presence of surrounding nodes, and tests for instance the connection 26 to node 13. Information concerning the existence of node 13 can here optionally also be obtained from other nodes. If it is found that node 13 has sufficient transmission capacity remaining, node 13 will begin to send content to node 14 via connection 26, as once again indicated with a broken line. This content is sent to node 14 independently of production node 11 or other nodes 12 and 12" which function as production node. If desired, node 14 can also obtain content from user node 12' by opening a connection 27 therewith if the transfer speed between this node 12' and node 14 is sufficiently high.
  • connection 27 If the test of this connection 27 is positive, the connection is also made, wherein node 14 can on balance thus retrieve the content even more quickly.
  • the shown simple embodiment illustrates the dynamic character of the data network. It will be apparent that the speed at which the transfer of content can take place within the digital data network will be substantially proportional to the number of (user) nodes. It will also be apparent that the transfer of data from one node to another node can take place irrespective of the fact of whether a determined user can actually also view the content, in other words whether said user is authorized.
  • the device and method according to the invention are particularly suitable for the above described dynamic network, it is expressly stated that the device and method according to the invention can also be applied on a server/client network.
  • the schematically represented live streaming security comprises a first step in which a viewer 100 (receiving device) selects a broadcasting channel broadcast by a transmitting device 110 from a summary presented by a central server 120.
  • a transmitting device 110 can for instance be identified by an IP address, a port and/or a unique identification number. These data are stored in a database of central server 12 when transmitting device 110 logs on. It is noted that a transmitting device 110 may also comprise a private channel.
  • viewer 100 requests the datastream at central server 120, also referred to hereinafter as Ground Control server.
  • Authentication of viewer 100 then takes place at server 120, preferably on the basis of one or more of the following data: MAC address of the viewer, IP address of the viewer, serial number of the processor in the digital system, password, pin code and/or digital fingerprint of the memory map of the digital system. These operations are indicated schematically in figure 3 by arrow 101.
  • a payment operation preferably takes place between Ground Control server 120 and viewer 100 if this is necessary for the relevant date stream.
  • Server 120 then sends the information relating to the location of the point of origin of the stream to the viewer. These operations are shown schematically in figure 3 by arrow 102.
  • the digital system of viewer 100 makes a request at the point of origin of the datastream.
  • the datastream is delivered to viewer 100 via the peer-to-peer network (100, 110, 111).
  • This operation is indicated schematically in figure 3 by arrows 104.
  • the peer-to-peer network can comprise viewers 100, transmitting devices 110 as well as devices 111, wherein the latter (devices 111) serve as the datastream- transmitting devices.
  • a transmitting device HOA logs on and provides an identification (ID). If desired, this ID consists of multiple data, such as for instance the channel name, the desired method of payment, price information, optional geographical limitations (for instance when content is only available for a particular country), specifications and so on. This operation is indicated schematically in figure 4 by arrow 201.
  • a viewer 100 logs on and authentication takes place as already described above. This operation is indicated schematically in figure 4 by arrow 202.
  • the Ground Control server sends an object code having therein a randomly generated algorithm to transmitter 11OA. This operation is indicated schematically in figure 4 by arrow 203.
  • the Ground Control server sends the ID and the location of transmitter
  • Control server also sends the object code with the algorithm for decoding to viewer 100.
  • a fifth step the digital system of viewer 100 makes a request at the point of origin of the datastream, this being transmitting device HOA.
  • This operation is indicated schematically in figure 4 by arrow 205.
  • the datastream is delivered to viewer 100 via peer-to-peer network (100,
  • FIG 5 a datastream of a third embodiment of the method according to the invention is shown schematically.
  • This embodiment comprises an additional security step, wherein the randomly generated algorithm can only be used with a likewise randomly generated decryption code (key).
  • a transmitting device 11OA logs on and provides an identification (ID). If desired, this ID consists of multiple data, such as for instance the channel name, the desired method of payment, price information, optional geographical limitations (for instance when content is only available for a particular country), specifications and so on. This operation is indicated schematically in figure 5 by arrow 301.
  • a viewer 100 logs on and authentication takes place as already described above. This operation is indicated schematically in figure 5 by arrow 302.
  • the Ground Control server sends an object code having therein a randomly generated algorithm to transmitter 11OA. This operation is indicated schematically in figure 5 by arrow 303.
  • the key is sent separately by the Ground Control server 120 to transmitter 11OA and incorporated by transmitter 11OA in the datastream.
  • This operation is indicated schematically in figure 5 by arrow 301.
  • Transmitter 11OA therefore transmits the key, via dynamic network (110, 111, 100), to viewer 100 by integrating it into the datastream.
  • the Ground Control server sends the object code with the algorithm to viewer 100 in step 304.
  • the operations shown in figure 5 are further the same as already discussed above with reference to the second preferred variant.
  • Content in the form of files is pre-encoded and made available by applying the above described Digital Rights Management (DRM) solution. The files can be published and exchanged by everyone without everyone being able to view them.
  • DRM Digital Rights Management
  • the files are coded and stored in a file format which can only be played back by the digital software system of a receiving device 100 (designated commercially with the brand name NuvioXS).
  • the file does not contain all information required to decode the file.
  • an appropriate algorithm is sent by the Ground Control server, optionally including a key (in accordance with the second and third preferred variant respectively) to enable decoding of the file.
  • the file format also referred to as AHT (Encryptic) media format and making use of a file extension ".AMF" (AHT Media File/Format) is composed in the form of a block of data (header) for a coded media file (MPEG, MP3, AVI etc.).
  • the block of data indicates what type of data is to be found in the file and the manner in which this data has been coded.
  • the information available in the file is generally not sufficient for decoding thereof.
  • the file contains information relating to the nature of the algorithm used and the associated parameter set. If the central server is approached with this data, the central server can then prepare a key with data from its database in the form of an algorithm and send this to the client for decoding purposes.
  • a security methodology for the object code is provided for the viewers.
  • the randomly generated algorithm sent by the Ground Control server is packed in object code which, for instance in set-top boxes and comparable hardware products, is preferably injected directly into the memory map.
  • object code which, for instance in set-top boxes and comparable hardware products, is preferably injected directly into the memory map.
  • the object code moves to another location in the memory map and the program code is "damaged", whereby decoding no longer operates properly and the signal cannot be viewed.
  • the client software preferably comprises a so-called virtual processor.
  • the object code sent by the Ground Control server is preferably written in program format for this virtual processor.
  • a program code is hereby generated which is completely different from that usual in any other processor architecture. The result is an additional degree of difficulty in cracking the algorithm.
  • use is preferably made of Interval Code Exchange (ICE).
  • ICE Interval Code Exchange
  • ICE a new random algorithm is generated by the Ground Control server at regular or random intervals.
  • the new encoding object code is preferably sent to the transmitter and the new decoding object code is sent to the client.
  • This embodiment is preferably applied in combination with the use of keys (see third preferred variant).
  • Timestamp information is preferably also generated with the object code. This timestamp is generally an absolute point in the datastream (P2P or IPTV) at which the new algorithm comes into operation.
  • the device according to the invention is particularly suitable for use in making content available to for instance mobile communication equipment, such as mobile phones, pocket computers, PDAs and game computers; and media players such as digital television and radio sets, personal computers, DVD players and other such devices.
  • the device according to the invention makes it possible to display video and television signals peer-to-peer, play back content from the data network, preferably only for authorized users, play back internet radio signals, show web television channels, as well as to the download audio and video content and, if desired, copy it to external devices such as for instance to an iPod and/or an MP3 player.
  • a particularly suitable application comprises of making content available in the form of video images from different locations of a racing car circuit.
  • a user can select the images he/she wishes to view in a determined node while making use of the invented device. If desired, this authorized user can thus follow a specific racing car or take up a position in the pits, view images of a particular bend in the circuit, and so forth. This is made possible by the speed at which the data can be transmitted via the dynamic network.
  • Other particularly suitable applications include images of multi-sport events, such as for instance the Olympic Games, wherein the authorized user can receive and watch images of his/her favourite sport without having to depend on what the television broadcasting companies offer, and set up an own television channel which distributes content via the network.
  • the device according to the invention can in principle be connected to any type of screen and/or sound installation and comprises software applications which, individually or in combination, can show streaming internet television channels, play back streaming internet radio channels, provide options for downloading content free of charge or offered via commercial download portal, and enable playing of (interactive) games.
  • the content can herein be offered against payment and, if desired, be supplied via a peer-to-peer network by means of file-sharing or live video streaming.
  • Live streaming video and/or audio content can moreover be protected against illegal copying according to the invention by means of the above described verifying means (conditional access).
  • File-sharing content is preferably further protected against illegal copying by means of DRM.
  • the content is preferably made available in an interactive manner via two-way internet traffic, wherein all the above functions can also be applied as software application, independently of the device, on other devices.

Abstract

The invention comprises a device and method for gaining conditional access to a digital data network under the control of a central server. The device comprises at least one data processing unit and at least one data connection to a data network and the central server, wherein the device is provided with software with receiving routines for receiving data from at least one transmitting device in the data network, read routines to enable the data to be read and shown, verification routines which can communicate with the central server in order to be able to verify the authenticity of the read routines, and wherein the central server comprises at least one database with information relating to the location of the at least one transmitting device, and software adapted to verify the authenticity of the receiving device.

Description

Device and method for gaining conditional access to a data network
The invention relates to a device for gaining conditional access to a digital data network. The invention also relates to a method for gaining conditional access to such a digital data network, and a computer program comprising program instructions for performing of the method by a computer.
The invention relates particularly to a device and method for gaining conditional access to streaming and on-demand content over the internet, on server/client basis as well as on peer-to-peer basis.
The internet is highly suitable for sending large quantities of data from a server to a (generally) large number of recipient client computers. The data transfer generally takes place here between a server and a number of clients and/or between different clients, for instance in the form of so-called peer-to-peer networks. The content of the data can herein relate to for instance music (audio) and/or images (video) in digital form, to database data, to software, television and radio programmes and so on. In so-called streaming video and/or audio it is of particular importance that the data connection is of good quality. It is thus essential for instance that the data transfer, which generally takes place in the form of a sequence of successive data packets, takes place uninterruptedly so that a video and/or audio broadcast is not disrupted or slowed down. It is necessary for this purpose among other things that the transfer speed of the data is sufficiently high. It is of further importance that a user knows whether the content received and viewed by him/her is reliable. The exchange of data in the data network must therefore preferably be secured, wherein it is of particular importance that the authorization procedure can take place quickly without a user having to perform time-consuming operations to this end. Existing authorization procedures for instance make use of cryptographic algorithms which use confidential data, such as for instance a secret code or key, present in the software of the client computer. Because a device according to the invention preferably forms part of a dynamic network to which a large number of users can be connected, such a time-consuming authorization procedure is less suitable, among other reasons because it is unreliable and lengthy. The invention has for its object to provide a device and method for transmitting digital data via a network reliably and quickly to recipient parties, in particular streaming video and/or audio data, and for gaining conditional access to such a digital data network.
The device according to the invention has for this purpose the features as described in claim 1. By providing according to the invention a device for gaining conditional access to a digital data network under the control of a central server, which device comprises at least one data processing unit and at least one data connection to the data network and the central server, in addition to software with receiving routines for receiving data from at least one transmitting device in the data network, read routines to enable the data to be read and shown, verification routines which can communicate with the central server in order to be able to verify the authenticity of the read routines, wherein the central server comprises at least one database with information relating to the location of the at least one transmitting device, and software adapted to verify the authenticity of the receiving device, it is possible to ensure that, among other things, the access to the data is controlled centrally and that the conditions for gaining access can be easily changed if desired. It is also possible to make the conditions for gaining access dependent on the transmitting device.
The device can form part of a platform server/client data network, wherein the device forms part of the client. Such a network is also referred to as an IPTV network. Preferably however, the device forms part of a peer-to-peer network (P2P) incorporating a plurality of devices. In this preferred embodiment the device according to the invention also comprises transmission routines for transmitting data being sent from the transmitting device or devices in the data network to at least one receiving device connected to the data network irrespective of the transmitting device or devices, and/or to the central server. In such a peer-to-peer network a first standalone device (a first "peer") according to the invention can provide a second standalone device (a second "peer") according to the invention with data. The first standalone device can here have received the data from yet another standalone device according to the invention. It is also possible that the first standalone device is the starting point of the dynamic network from which determined content is generated. The content made available by the starting point of the network is thus rapidly accessible by the authorized part of the network users. Because according to the invention a peer can act as server (transmitting peer) at a given moment and as client (receiving peer) at another moment, a self-correcting data network is created with little susceptibility to disruption. This is because, if a peer is no longer functioning, the data transfer can then, if desired, take place from another peer. In a traditional (hierarchical) server-client network this is not possible because, if the server is no longer functioning, this has immediate consequences for the client which after all no longer has access to the server data. According to the invention a device can only gain conditional access to the data network via a central server. The transmission routines of a device according to the invention can send data to the central server. This has the additional advantage that the server can record and store in its memory information relating to viewing behaviour. It thus becomes possible to store information relating to the channels which are preferably watched (favourite channels), relating to viewing time, zap behaviour, which genres are watched, which programs and so forth. It also becomes possible to provide interactive functionality to the clients, such as for instance online games, quizzes, ordering, voting and so on.
A further advantage of the device according to the invention is that the data transfer is not affected or disrupted by the fact of whether a peer is authorized or not. It is thus possible for a determined peer to act as server for the data without the peer in question being authorized to view the content or parts thereof. The verification routines of the device according to the invention ensure, among other things, that the data can only be read by authorized users.
In a preferred embodiment of the device according to the invention the verification routines are adapted to read information relating to the location of the at least one transmitting device, this information coming from the central server.
In a further preferred embodiment of the device according to the invention the verification routines are adapted to determine a sequence of control instructions which form an executable certificate for the read routines; execute the read routines to be verified wherein the executable certificate determined prior hereto is received from the central server and the associated sequence of control instructions is executed; compare the result obtained by executing the sequence of control instructions to the result associated with an authentic read routine; and further execute the read routines when the result of the comparison is positive.
Preferably renewing, i.e. changing, the full algorithm of the executable certificate at set times moreover achieves that it becomes exceptionally difficult for malicious persons to circumvent the authorization procedure. The nature of the algorithm is preferably determined at random. In this manner a dynamic data network is thus constructed which is on the one hand able to distribute content quickly by making use of a large number of peers, but wherein on the other hand a high measure of security against unauthorized use is achieved without number codes and/or other aids, such as for instance a smart card, being necessary for this purpose. The device according to the invention provides a solution for these per se contradictory objectives.
In the context of this application a dynamic digital network is understood to mean a digital network with a dynamic topology. In the context of the present invention a data processing unit is understood to mean any digital processor such as may be present for instance in a personal computer, a mobile phone, a television decoder, a multimedia player, a game computer and other similar equipment. In the context of the present invention a data network, or network in short, is understood to mean any array of data connections mutually connected by means of cabling and/or by means of a gaseous medium. The connections can here be formed for instance by optical cables, electricity cables or other electromagnetic connection, and/or by a wireless connection, wherein this is realized by for instance infrared or radio waves. In the verification of the read routines a positive result of the comparison is understood to mean that any change in data used by the read routines to be verified corresponds with the change which would occur with the use of the authentic read routines.
In a preferred embodiment of the device the sequence of control instructions forming the executable certificate is coded in a computer language which can be read by the processing unit of the device.
Each node of the dynamic network preferably comprises a device according to the invention. Such a device can comprise hardware which can form a node with the required software. It is also possible to provide a node with the required software via the network itself.
In a further preferred variant of the device according to the invention the software is further provided with test routines for testing connections to other devices of the data network. The testing can for instance be carried out in respect of the transfer speed of the relevant connection or in respect of the stability thereof.
In another further preferred embodiment the device according to the invention comprises software provided with evaluation routines for monitoring the quality of connections to other devices in the data network. It is additionally advantageous here that the evaluation routines also comprise of testing another connection when the quality of a random connection is below a set threshold value.
A further preferred embodiment comprises a device which has software which is further provided with storage memory for data and/or data network addresses of at least one other device. It thus becomes possible, in the case a connection to another device in the network has been closed for instance for quality reasons, to make this connection again at a later stage in order to check whether the data transfer has improved. The device according to the invention is preferably characterized in that the software is further provided with decision routines which can allow a connection to be made to another device on the basis of predetermined criteria, such as for instance the quality of the connection, the properties of the relevant device, the authenticity of the relevant node and so forth. It will be apparent that the skilled person has different criteria available.
The invention also relates to a method for gaining conditional access to a digital data network under the control of a central server. At least some of the nodes are herein provided with a device according to the invention. The inventive method has the feature that a) a receiving device sends a request to the central server to be able to receive data from a determined transmitting device; b) the central server carries out an authentication of the receiving device; c) in the case the authentication is positive, the central server sends information to the receiving device relating to the location of the transmitting device; d) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; e) the transmitting device transmits the data to the receiving device.
A second preferred embodiment of the method according to the invention with a further increased level of security is characterized in that a) a transmitting device establishes a connection with the central server and transmits identification information thereto; b) a receiving device sends a request to the central server to be able to receive data from the transmitting device; c) the central server sends to the transmitting device an encryption code comprising a randomly generated algorithm; d) the central server carries out an authentication of the receiving device; e) in the case the authentication is positive, the central server sends information to the receiving device relating to the location and the identification of the transmitting device; f) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; g) the transmitting device transmits the data to the receiving device.
A third preferred embodiment of the method according to the invention with a security level which is increased still further is characterized in that a) a transmitting device establishes a connection with the central server and transmits identification information thereto; b) a receiving device sends a request to the central server to be able to receive data from the transmitting device; c) the central server sends to the receiving device an encryption code comprising a randomly generated algorithm; d) the central server sends a decryption code to the transmitting device; e) the central server carries out an authentication of the receiving device; f) in the case the authentication is positive, the central server sends information to the receiving device relating to the location and the identification of the transmitting device; g) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; h) the transmitting device transmits the data to the receiving device, together with the decryption code; i) the receiving device decrypts the data using the decryption code.
A further improved preferred variant has the feature that information relating to the location and identification of the transmitting device is only sent once the receiving device has settled a payment order sent thereto by the central server. Such a payment order can be embodied in all known ways and can, if desired, be made subject to the wishes of a transmitting client or device.
A preferred variant of the invented method for verifying the client software which allows viewing of the content (hereinbelow the "read routines") comprises of determining a sequence of control instructions forming an executable certificate for the read routines; executing the read routines to be verified, wherein the executable certificate determined prior hereto is received and the associated sequence of control instructions is executed; comparing the result obtained by executing the sequence of control instructions to the result associated with an authentic read routine; and further executing the read routines when the result of the comparison is positive.
The sequence of control instructions forming an executable certificate for the read routines can for instance be determined on the basis of the value(s) of a memory card of the software to be verified. The execution of the read routines to be verified, wherein the executable certificate determined prior hereto is received and the associated sequence of control instructions is executed, preferably results in a signature which has to be verified. In a preferred variant this signature is computed by executing the sequence of control instructions, wherein the value(s) of the memory card of the software to be verified is/are used.
In another preferred embodiment the sequence of control instructions forming the executable certificate are retrieved from the central server. The software to be verified then returns to the central server a signature produced as a result of the sequence of control instructions, wherein the central server is provided with verification software which compares the produced signature to a predetermined signature stored in the central server.
In yet another preferred embodiment of the method the further execution of the read routines is prevented when the comparison of the stored and produced signatures is negative. The user in question is then unable to read the content, although the relevant node can still continue to function as data provider for another node in the case of a dynamic peer-to-peer network.
In order to further improve the security of the dynamic network, it is recommended to determine a plurality of executable certificates which differ from each other through time.
The invention also relates to a computer program comprising program instructions for having a computer perform the above described method according to the invention. The advantages hereof will not be further discussed here since they correspond largely with the advantages already discussed above with reference to the device and method. The computer program is preferably arranged on a physical carrier, or the computer program is at least partially stored in a computer memory. The invention likewise relates to a computer or device adapted to execute the computer program according to the invention.
The invention will now be further elucidated on the basis of the exemplary embodiments shown in the following figures, to which the invention is not limited.
Herein: figure 1 shows schematically an embodiment of a device according to the invention; figure 2 shows a schematic representation of a dynamic network incorporating a device according to the invention; figure 3 shows a schematic representation of a first variant of the method according to the invention; figure 4 shows a schematic representation of a second variant of the method according to the invention; and figure 5 shows a schematic representation of a third variant of the method according to the invention. With reference to figure 1, a device 10 according to the invention is shown which is provided with an input/output unit 1 in which are stored the software routines which control the incoming and outgoing stream of content. The device further comprises a routing unit 2 which comprises the routines which, if desired, transmit the incoming content to a determined other device of the dynamic data network. If desired, device 10 is provided with one or more temporary data storage units 3 in which for instance data packets can be collected and stored before they are transmitted. The device is further provided with a production unit 4 which prepares content to be transmitted, and with a playback unit 5 comprising the software routines enabling playback, and thus viewing, of collected content. It will be apparent that not every device 10 forming part of the data network has to be provided with all of the above discussed units. A dynamic digital network can indeed comprise multiple types of device 10, wherein each node of the network can have its own functionality. A dynamic data network will thus comprise at least one node from which the content will be presented and sent to all other nodes requesting it. Each node of the network can in principle form such a production node when the relevant node transmits at least a part of the content received thereby to another node. It is also possible for the network to comprise nodes which control the addition of new nodes (users) to the network (access nodes). Most nodes of the network will be user nodes. These comprise devices which are in any case able to receive content and, when requested, transmit content to another user node. Devices 10 for user nodes are preferably also provided with software routines for checking the quality of a connection to another node in respect of the quality thereof, and/or to break a connection to another node and/or conversely enter into such a connection. Some nodes in the network will serve only to immediately transmit received content to other nodes. Such a routing node will generally only be provided with a routing unit 2.
Figure 2 shows a possible way in which a dynamic network can be created. Production node 11 supplies via the internet a determined content, for instance a streaming video broadcast, to a number of user nodes 12, 12' and 12" via connections 22, 22' and 22". Each node is provided with a device 10 according to the invention. Another user node 13 is connected via connection 23 to user node 12, no other user node is connected for the time being to user node 12', and user node 13" is connected via connection 23" to user node 12". Via the connections content is supplied from production node 11 via nodes 12 and 12" to respective nodes 13 and 13". Node 13" herein obtains its data via node 12", this connection 23" however being of considerably poorer quality (being for instance much slower) than connection 23 between nodes 12 and 13. As shown, node 13" will at a given moment test the connection 25 to node 12. Because node 12 still has sufficient transfer capacity remaining, node 13" will establish a connection 25 with node 12. This connection is indicated in figure 2 with a broken line. Because node 13" is now receiving content more quickly from node 12 than from node 12", a situation can occur wherein connection 23" between nodes 13" and 12" is broken by node 13", shown in figure 2 with a cross. As indicated in figure 2, user node 14 in this situation still does not receive any content. Node 14 requests information at a certain moment relating to the presence of surrounding nodes, and tests for instance the connection 26 to node 13. Information concerning the existence of node 13 can here optionally also be obtained from other nodes. If it is found that node 13 has sufficient transmission capacity remaining, node 13 will begin to send content to node 14 via connection 26, as once again indicated with a broken line. This content is sent to node 14 independently of production node 11 or other nodes 12 and 12" which function as production node. If desired, node 14 can also obtain content from user node 12' by opening a connection 27 therewith if the transfer speed between this node 12' and node 14 is sufficiently high. If the test of this connection 27 is positive, the connection is also made, wherein node 14 can on balance thus retrieve the content even more quickly. The shown simple embodiment illustrates the dynamic character of the data network. It will be apparent that the speed at which the transfer of content can take place within the digital data network will be substantially proportional to the number of (user) nodes. It will also be apparent that the transfer of data from one node to another node can take place irrespective of the fact of whether a determined user can actually also view the content, in other words whether said user is authorized. Although the device and method according to the invention are particularly suitable for the above described dynamic network, it is expressly stated that the device and method according to the invention can also be applied on a server/client network.
Referring to figure 3, a datastream of a first embodiment of the method according to the invention is shown schematically. The schematically represented live streaming security comprises a first step in which a viewer 100 (receiving device) selects a broadcasting channel broadcast by a transmitting device 110 from a summary presented by a central server 120. A transmitting device 110 can for instance be identified by an IP address, a port and/or a unique identification number. These data are stored in a database of central server 12 when transmitting device 110 logs on. It is noted that a transmitting device 110 may also comprise a private channel. Via the software on his/her digital system, viewer 100 then requests the datastream at central server 120, also referred to hereinafter as Ground Control server. Authentication of viewer 100 then takes place at server 120, preferably on the basis of one or more of the following data: MAC address of the viewer, IP address of the viewer, serial number of the processor in the digital system, password, pin code and/or digital fingerprint of the memory map of the digital system. These operations are indicated schematically in figure 3 by arrow 101. In a second step a payment operation preferably takes place between Ground Control server 120 and viewer 100 if this is necessary for the relevant date stream. Server 120 then sends the information relating to the location of the point of origin of the stream to the viewer. These operations are shown schematically in figure 3 by arrow 102. In a third step the digital system of viewer 100 makes a request at the point of origin of the datastream. This operation is indicated schematically in figure 3 by arrow 103. In a fourth step the datastream is delivered to viewer 100 via the peer-to-peer network (100, 110, 111). This operation is indicated schematically in figure 3 by arrows 104. It is noted that the peer-to-peer network can comprise viewers 100, transmitting devices 110 as well as devices 111, wherein the latter (devices 111) serve as the datastream- transmitting devices.
With reference to figure 4, a datastream of a second embodiment of the method according to the invention is shown schematically.
In a first step a transmitting device HOA logs on and provides an identification (ID). If desired, this ID consists of multiple data, such as for instance the channel name, the desired method of payment, price information, optional geographical limitations (for instance when content is only available for a particular country), specifications and so on. This operation is indicated schematically in figure 4 by arrow 201. In a second step a viewer 100 logs on and authentication takes place as already described above. This operation is indicated schematically in figure 4 by arrow 202. In a third step the Ground Control server sends an object code having therein a randomly generated algorithm to transmitter 11OA. This operation is indicated schematically in figure 4 by arrow 203. In a fourth step the Ground Control server sends the ID and the location of transmitter
HOA to viewer 100 after optional possible payment has been made. The Ground
Control server also sends the object code with the algorithm for decoding to viewer 100.
These operations are indicated schematically in figure 4 by arrow 204.
In a fifth step the digital system of viewer 100 makes a request at the point of origin of the datastream, this being transmitting device HOA. This operation is indicated schematically in figure 4 by arrow 205.
In a sixth step the datastream is delivered to viewer 100 via peer-to-peer network (100,
110, 111). This operation is indicated schematically in figure 4 by arrows 206.
Referring to figure 5, a datastream of a third embodiment of the method according to the invention is shown schematically.
This embodiment comprises an additional security step, wherein the randomly generated algorithm can only be used with a likewise randomly generated decryption code (key).
In a first step a transmitting device 11OA logs on and provides an identification (ID). If desired, this ID consists of multiple data, such as for instance the channel name, the desired method of payment, price information, optional geographical limitations (for instance when content is only available for a particular country), specifications and so on. This operation is indicated schematically in figure 5 by arrow 301. In a second step a viewer 100 logs on and authentication takes place as already described above. This operation is indicated schematically in figure 5 by arrow 302. In a third step the Ground Control server sends an object code having therein a randomly generated algorithm to transmitter 11OA. This operation is indicated schematically in figure 5 by arrow 303. Simultaneously or in a separate step of the present preferred method the key is sent separately by the Ground Control server 120 to transmitter 11OA and incorporated by transmitter 11OA in the datastream. This operation is indicated schematically in figure 5 by arrow 301. Transmitter 11OA therefore transmits the key, via dynamic network (110, 111, 100), to viewer 100 by integrating it into the datastream. As already described above, the Ground Control server sends the object code with the algorithm to viewer 100 in step 304. The operations shown in figure 5 are further the same as already discussed above with reference to the second preferred variant. Content in the form of files is pre-encoded and made available by applying the above described Digital Rights Management (DRM) solution. The files can be published and exchanged by everyone without everyone being able to view them. The files are coded and stored in a file format which can only be played back by the digital software system of a receiving device 100 (designated commercially with the brand name NuvioXS). The file does not contain all information required to decode the file. At the moment a viewer wishes to play back the file, an appropriate algorithm is sent by the Ground Control server, optionally including a key (in accordance with the second and third preferred variant respectively) to enable decoding of the file.
The file format, also referred to as AHT (Encryptic) media format and making use of a file extension ".AMF" (AHT Media File/Format) is composed in the form of a block of data (header) for a coded media file (MPEG, MP3, AVI etc.). The block of data indicates what type of data is to be found in the file and the manner in which this data has been coded. The information available in the file is generally not sufficient for decoding thereof. The file contains information relating to the nature of the algorithm used and the associated parameter set. If the central server is approached with this data, the central server can then prepare a key with data from its database in the form of an algorithm and send this to the client for decoding purposes.
According to the invention a security methodology for the object code is provided for the viewers. The randomly generated algorithm sent by the Ground Control server is packed in object code which, for instance in set-top boxes and comparable hardware products, is preferably injected directly into the memory map. As soon as the memory map changes, for instance due to hacking tools or memory scanners starting up, the object code moves to another location in the memory map and the program code is "damaged", whereby decoding no longer operates properly and the signal cannot be viewed.
According to the invention the client software preferably comprises a so-called virtual processor. The object code sent by the Ground Control server is preferably written in program format for this virtual processor. A program code is hereby generated which is completely different from that usual in any other processor architecture. The result is an additional degree of difficulty in cracking the algorithm. According to the invention use is preferably made of Interval Code Exchange (ICE). Using ICE a new random algorithm is generated by the Ground Control server at regular or random intervals. At these points in time the new encoding object code is preferably sent to the transmitter and the new decoding object code is sent to the client. This embodiment is preferably applied in combination with the use of keys (see third preferred variant). Timestamp information is preferably also generated with the object code. This timestamp is generally an absolute point in the datastream (P2P or IPTV) at which the new algorithm comes into operation.
The device according to the invention is particularly suitable for use in making content available to for instance mobile communication equipment, such as mobile phones, pocket computers, PDAs and game computers; and media players such as digital television and radio sets, personal computers, DVD players and other such devices. The device according to the invention makes it possible to display video and television signals peer-to-peer, play back content from the data network, preferably only for authorized users, play back internet radio signals, show web television channels, as well as to the download audio and video content and, if desired, copy it to external devices such as for instance to an iPod and/or an MP3 player.
A particularly suitable application comprises of making content available in the form of video images from different locations of a racing car circuit. By sending the digital video images to the network from the racing cars, the pits, cameras set up along the circuit, from a production node, a user can select the images he/she wishes to view in a determined node while making use of the invented device. If desired, this authorized user can thus follow a specific racing car or take up a position in the pits, view images of a particular bend in the circuit, and so forth. This is made possible by the speed at which the data can be transmitted via the dynamic network. Other particularly suitable applications include images of multi-sport events, such as for instance the Olympic Games, wherein the authorized user can receive and watch images of his/her favourite sport without having to depend on what the television broadcasting companies offer, and set up an own television channel which distributes content via the network. The device according to the invention can in principle be connected to any type of screen and/or sound installation and comprises software applications which, individually or in combination, can show streaming internet television channels, play back streaming internet radio channels, provide options for downloading content free of charge or offered via commercial download portal, and enable playing of (interactive) games.
The content can herein be offered against payment and, if desired, be supplied via a peer-to-peer network by means of file-sharing or live video streaming. Live streaming video and/or audio content can moreover be protected against illegal copying according to the invention by means of the above described verifying means (conditional access). File-sharing content is preferably further protected against illegal copying by means of DRM. The content is preferably made available in an interactive manner via two-way internet traffic, wherein all the above functions can also be applied as software application, independently of the device, on other devices.

Claims

Claims
1. Device for gaining conditional access to a digital data network under the control of a central server, which device comprises at least one data processing unit and at least one data connection to the data network and the central server, in addition to software with receiving routines for receiving data from at least one transmitting device in the data network, read routines to enable the data to be read and shown, verification routines which can communicate with the central server in order to be able to verify the authenticity of the read routines, wherein the central server comprises at least one database with information relating to the location of the at least one transmitting device, and software adapted to verify the authenticity of the receiving device.
2. Device as claimed in claim 1, characterized in that the verification routines are adapted to read information relating to the location of the at least one transmitting device, this information coming from the central server.
3. Device as claimed in claim 1, characterized in that the verification routines are adapted to:
- determine a sequence of control instructions which form an executable certificate for the read routines;
- execute the read routines to be verified wherein the executable certificate determined prior hereto is received from the central server and the associated sequence of control instructions is executed;
- compare the result obtained by executing the sequence of control instructions to the result associated with an authentic read routine;
- further execute the read routines when the result of the comparison is positive.
4. Device as claimed in claim 3, characterized in that the sequence of control instructions forming the executable certificate is coded in a computer language which can be read by the processing unit of the device.
5. Device as claimed in any of the foregoing claims, characterized in that it comprises means for returning to the central server a signature produced as a result of the sequence of control instructions, wherein the central server is provided with verification software suitable for comparing the produced signature and a predetermined signature stored in the central server.
6. Device as claimed in claim 5, characterized in that it comprises means which prevent the further execution of the read routines when the comparison is negative.
7. Device as claimed in any of the foregoing claims, characterized in that the verification means comprise means for determining a plurality of executable certificates which differ from each other through time.
8. Device as claimed in any of the foregoing claims, characterized in that the device also comprises transmission routines for transmitting data being received from the transmitting device or devices in the data network to at least one receiving device connected to the data network irrespective of the transmitting device or devices, and/or to the central server.
9. Device as claimed in any of the foregoing claims, characterized in that the software is further provided with storage memory for data and/or data network addresses of at least one other device.
10. Method for gaining conditional access to a digital data network under the control of a central server, at least some of the nodes of the network being provided with a device as claimed in any of the foregoing claims, characterized in that a) a receiving device sends a request to the central server to be able to receive data from a determined transmitting device; b) the central server carries out an authentication of the receiving device; c) in the case the authentication is positive, the central server sends information to the receiving device relating to the location of the transmitting device; d) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; e) the transmitting device transmits the data to the receiving device.
11. Method for gaining conditional access to a digital data network under the control of a central server, at least some of the nodes of the network being provided with a device as claimed in any of the foregoing claims, characterized in that a) a transmitting device establishes a connection with the central server and transmits identification information thereto; b) a receiving device sends a request to the central server to be able to receive data from the transmitting device; c) the central server sends to the transmitting device an encryption code comprising a randomly generated algorithm; d) the central server carries out an authentication of the receiving device; e) in the case the authentication is positive, the central server sends information to the receiving device relating to the location and the identification of the transmitting device; f) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; g) the transmitting device transmits the data to the receiving device.
12. Method for gaining conditional access to a digital data network under the control of a central server, at least some of the nodes of the network being provided with a device as claimed in any of the foregoing claims, characterized in that a) a transmitting device establishes a connection with the central server and transmits identification information thereto; b) a receiving device sends a request to the central server to be able to receive data from the transmitting device; c) the central server sends to the receiving device an encryption code comprising a randomly generated algorithm; d) the central server sends a decryption code to the transmitting device; e) the central server carries out an authentication of the receiving device; f) in the case the authentication is positive, the central server sends information to the receiving device relating to the location and the identification of the transmitting device; g) the receiving device sends a request to the transmitting device to be able to receive data from this transmitting device; h) the transmitting device transmits the data to the receiving device, together with the decryption code; i) the receiving device decrypts the data using the decryption code.
13. Method as claimed in any of the claims 10-12, characterized in that information relating to the location and identification of the transmitting device is only sent once the receiving device has settled a payment order sent thereto by the central server.
14. Method as claimed in any of the claims 11-13, characterized in that verification comprises of:
- determining a sequence of control instructions forming an executable certificate for the read routines;
- executing the read routines to be verified, wherein the executable certificate determined prior hereto is received and the associated sequence of control instructions is executed;
- comparing the result obtained by executing the sequence of control instructions to the result associated with an authentic read routine;
- further executing the read routines when the result of the comparison is positive.
15. Method as claimed in claim 14, characterized in that the sequence of control instructions forming the executable certificate is coded in a computer language which can be read by the processing unit of the device.
16. Method as claimed in claim 14, characterized in that the sequence of control instructions forming the executable certificate are retrieved from the central server.
17. Method as claimed in claim 16, characterized in that as a result of the sequence of control instructions a signature is produced which is subsequently returned to the central server, wherein the central server then compares the produced signature to a predetermined signature stored in the central server.
18. Method as claimed in claim 17, characterized in that the further execution of the read routines is prevented when the comparison is negative.
19. Method as claimed in any of the foregoing claims 10-18, characterized in that a plurality of executable certificates is determined which differ from each other through time.
20. Computer program comprising program instructions for having a computer perform the method as claimed in any of the claims 10-19.
21. Computer program as claimed in claim 20, characterized in that the computer program is arranged on a physical carrier.
22. Computer program as claimed in claim 21, characterized in that the computer program is at least partially stored in a computer memory.
23. Computer adapted to execute a computer program as claimed in any of the claims
20-22.
24. Media player which comprises a device as claimed in any of the claims 1-9.
PCT/NL2008/050147 2007-03-14 2008-03-14 Device and method for gaining conditional access to a data network WO2008127092A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NL2000541 2007-03-14
NL2000541 2007-03-14

Publications (2)

Publication Number Publication Date
WO2008127092A2 true WO2008127092A2 (en) 2008-10-23
WO2008127092A3 WO2008127092A3 (en) 2009-02-19

Family

ID=39791005

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NL2008/050147 WO2008127092A2 (en) 2007-03-14 2008-03-14 Device and method for gaining conditional access to a data network

Country Status (1)

Country Link
WO (1) WO2008127092A2 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005029842A1 (en) * 2003-09-17 2005-03-31 Matsushita Electric Industrial Co., Ltd. Application execution device, application execution method, integrated circuit, and computer-readable program
FR2876859A1 (en) * 2004-10-18 2006-04-21 Viaccess Sa METHOD AND SYSTEM FOR CONTROLLING ENABLING INTERNAL SOFTWARE ENABLING A RECEIVER TERMINAL

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005029842A1 (en) * 2003-09-17 2005-03-31 Matsushita Electric Industrial Co., Ltd. Application execution device, application execution method, integrated circuit, and computer-readable program
FR2876859A1 (en) * 2004-10-18 2006-04-21 Viaccess Sa METHOD AND SYSTEM FOR CONTROLLING ENABLING INTERNAL SOFTWARE ENABLING A RECEIVER TERMINAL

Also Published As

Publication number Publication date
WO2008127092A3 (en) 2009-02-19

Similar Documents

Publication Publication Date Title
US9900306B2 (en) Device authentication for secure key retrieval for streaming media players
US10389689B2 (en) Systems and methods for securely streaming media content
US9769507B2 (en) System, method, and infrastructure for real-time live streaming content
US9026782B2 (en) Token-based entitlement verification for streaming media decryption
US9038147B2 (en) Progressive download or streaming of digital media securely through a localized container and communication protocol proxy
US20110047566A1 (en) System and method for session management of streaming media
US20100250704A1 (en) Peer-to-peer content distribution with digital rights management
US11451866B2 (en) Systems and methods for data processing, storage, and retrieval from a server
CN103355000A (en) Extending data confidentiality into a player application
WO2005116905A2 (en) Method, apparatus and system for remote real-time access of multimedia content
CN108881966A (en) A kind of information processing method and relevant device
JP2004294474A (en) System, method and program for providing contents
JP2006508563A (en) How to check the validity of a digital home network key
US9609279B2 (en) Method and system for providing secure CODECS
CN108769748B (en) Information processing method and related equipment
WO2008127092A2 (en) Device and method for gaining conditional access to a data network
CN102497269A (en) Bill authentication method and bill authentication system
CN111355980B (en) Copyright attribution processing method and system for digital video product
EP4016969A1 (en) Methods for data processing, storage, and retrieval from a server
NL2000041C2 (en) Equipment and method are for formation of a dynamic digital data network and involves at least oen data processor and at least one data connection with a data network of several related installations
Storey The design and implementation of a security and containment platform for peer-to-peer media distribution

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08723898

Country of ref document: EP

Kind code of ref document: A2

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC DATED 22.01.10

122 Ep: pct application non-entry in european phase

Ref document number: 08723898

Country of ref document: EP

Kind code of ref document: A2