WO2010006290A1 - Video on demand simulcrypt - Google Patents

Video on demand simulcrypt Download PDF

Info

Publication number
WO2010006290A1
WO2010006290A1 PCT/US2009/050294 US2009050294W WO2010006290A1 WO 2010006290 A1 WO2010006290 A1 WO 2010006290A1 US 2009050294 W US2009050294 W US 2009050294W WO 2010006290 A1 WO2010006290 A1 WO 2010006290A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
system
vod
control word
configured
Prior art date
Application number
PCT/US2009/050294
Other languages
French (fr)
Inventor
Robert Kulakowski
Original Assignee
Verimatrix, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US7971908P priority Critical
Priority to US61/079,719 priority
Application filed by Verimatrix, Inc. filed Critical Verimatrix, Inc.
Publication of WO2010006290A1 publication Critical patent/WO2010006290A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network, synchronizing decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates

Abstract

Systems and methods in accordance with embodiments of the invention provide the ability for VOD operators to export control words used to technically protect content The content protection system is configured to receive content and to technically protect the content using at least one control word The content protection system is configured to provide the control word to at least one conditional access system and the VOD operator system via a simulcrypt interface, each conditional access system is configured to encrypt the control word and provide an entitlement control message containing the encrypted control word The VOD server is configured to provide the technically protected content to a user device via the shared network in response to a request from the device, and the device is configured to receive the protected content, identify an entitlement message and extract the control word and access the content using the control word.

Description

VI DEO ON DEMAN D SIMULCRYPT

FIELD OF THE INVENTION

[0001 ] The present invention relates to Video on Demand (VOD] systems and more specifically to content protection systems including VOD simulcrypts.

BACKGROUND OF THE I NVENTION

[0002] Video on Demand (VOD] systems allow users to select and watch video content on demand. VOD systems typically stream content over a shared network to a user device such as, but not limited to, a set top box, personal computer, or a mobile phone handset. The ability of any device on the shared network to access streamed content has prompted many VOD operators to use Conditional Access Systems (CAS] to restrict the ability of user devices to playback VOD content intended for other subscribers.

[0003] A CAS enables a VOD provider to restrict access to a piece of content to certain viewers by scrambling and/or encrypting portions of the content. A viewer's user device utilizes a conditional access module to decrypt and/or descramble the content for viewing. A CAS used in a DVB system, which supports VOD, typically performs scrambling/descrambling, and entitlement checking as part of an overall process for controlling access to VOD content. The scrambling/descrambling function aims to make the content incomprehensible to unauthorized users. The scrambling function is seeded using a Control Word, which is typically a random number. Any receiver having an appropriate descrambler and knowledge of the Control Word can achieve descrambling. The entitlement checking function involves broadcasting the conditions required to access a piece of content, together with the encrypted Control Word to enable authorized user devices to descramble the content. The Control Word is sent inside a dedicated message called an Entitlement Control Message (ECM] that is streamed with the content. The Control Word in the ECM is encrypted and CAS systems typically use proprietary processes to produce an ECM. Therefore, a first CAS provider is unlikely to be able to use the ECM of a second CAS provider to obtain access to a Control Word used to scramble a piece of protected content.

SUMMARY OF THE INVENTION

[0004-] Systems and methods in accordance with embodiments of the invention provide the ability for VOD operators to export control words used to technically protect content. [0005] One embodiment of the invention includes a content protection system configured to communicate with a VOD server, at least one conditional access system and an VOD operator system, and a plurality of user devices configured to communicate with the VOD server via a shared network, where the plurality of user devices each include a conditional access system module. In addition, the content protection system is configured to receive content, and to technically protect the content using at least one control word, the content protection system is configured to provide the at least one control word to the at least one conditional access system and the VOD operator system via a simulcrypt interface, each conditional access system is configured to encrypt the at least one control word and provide an entitlement control message containing the at least one encrypted control word to the content protection system, the content protection system is configured to combine each entitlement control message received from the at least one conditional access system with the technically protected content to produce technically protected content that is provided to the VOD server, the VOD server is configured to provide the technically protected content to a specific user device via the shared network in response to a request from the user device, and a user device is configured to receive the technically protected content, identify an entitlement message from which the conditional access system module can extract the at least one control word, and access the content using the at least one control word.

[0006] I n a further embodiment, the VOD operator system is configured to encrypt the at least one control word and provide an entitlement control message containing the at least one encrypted control word to the content protection system, and the content protection system is also configured to combine the entitlement control message received from the VOD operator system with the technically protected content.

[0007] I n another embodiment, the entitlement control message provided by the VOD operator system is configured to enable the extraction of the at least one encrypted control word in accordance with a standard.

[0008] In a still further embodiment, the VOD operator system is configured to store the at least one control word in a database, where the at least one control word is associated with the technically protected content in the database.

[0009] In still another embodiment, the VOD operator system is configured to store control word identification data associated with the at least one control word in the database.

[0010] A yet further embodiment includes a scrambling and encryption module configured to receive content and to communicate with a control word generator and an insert multiplexer, a simulcrypt synchronizer configured to communicate with the control word generator, and at least one conditional accesses system and a VOD operator system by a simulcrypt interface, and an entitlement control message aggregator configured to communication with the at least one conditional access system, the VOD operator system, and the insert multiplexer. I n addition, the control word generator is configured to generate at least one control word and to provide the at least one control word to the scrambling and encryption module, and to the simulcrypt synchronizer, the scrambling and encryption module is configured to perform scrambling and encryption operations utilizing the at least one control word, the simulcrypt synchronizer is configured to provide the at least one control word to the at least one conditional access system and the VOD operator system via the simulcrypt interface, the entitlement control message aggregator is configured to receive an entitlement control message from each of the at least one conditional access system and provide the at least one entitlement control message to the insert multiplexer, and the insert multiplexer is configured to combine the scrambled and encrypted content with the at Least one entitlement control message and output technically protected content.

[001 1 ] I n yet another embodiment, the entitlement control message aggregator is also configured to receive an entitlement control message from the VOD operator system and to provide the entitlement control message from the VOD operator system to the insert multiplexer, and the insert multiplexer is also configured to combine the entitlement control message from the VOD operator system with the scrambled and encrypted content. [0012] I n a further embodiment again, the entitlement control message provided by the VOD operators system contains an encrypted copy of the at least one control word, and the entitlement control message conforms with a standard entitlement control message format.

[0013] Another embodiment again includes generating at least one control word and using the control word to technically protect content using a content protection system, providing the at least one control word to at least one conditional access system and to a VOD operator system, receiving an entitlement control message from each of the at least one conditional access system at the content protection system, and aggregating the at least one entitlement control message and combining the at least one entitlement control message with the technically protected content to output technically protected content from the content protection system to a VOD server, providing the technically protected content from the VOD server to a user device upon receipt of request from the user device by the VOD server, where the user device includes a conditional access system module that enables the user device to extract the at least one control word from one of the at least one entitlement control messages and access the content.

[0014-] A further additional embodiment also includes receiving an entitlement control message from the VOD operator system, and combining the entitlement control message from the VOD operator system with the technically protected content using the content protection system. [0015] I n another additional embodiment, the entitlement control message from the VOD operator system conforms with a standard entitlement control message format. [0016] A still yet further embodiment also includes storing the at least one control word received by the VOD operator system in a database, where the at least one control word is associated with the technically protected content in the database.

[0017] Still yet another embodiment also includes storing control word index information associated with the at least one control word received by the VOD operator system in the database.

[0018] A still further embodiment again includes requesting content from a VOD server using a user device, receiving the requested content from the VOD server at the user device, where the received content is technically protected and includes a plurality of entitlement control messages, identifying an entitlement control message from which at least one control word is extracted using a conditional access system module on the user device, and accessing the content received by the user device using the at least one control word. [0019] Still another embodiment again includes accessing technically protected content using the conditional access system, locating an entitlement control message from which at least one control word is extracted using the conditional access system, generating a new entitlement control message using the conditional access system, and combining the new entitlement control message with the technically protected content.

[0020] I n a still further additional embodiment, the entitlement control message from which the control words are extracted conforms with a standard entitlement control message format.

BRI EF DESCRIPTION OF TH E DRAWINGS

[0021 ] Fig. 1 is a network diagram illustrating a VOD system incorporating a content protection system in accordance with an embodiment of the invention.

[0022] FIG. 2 is a block diagram of a content protection system incorporating a VOD simulcrypt in accordance with an embodiment of the invention. [0023] FIG. 3 is a flow chart illustrating a process for technically protecting content in accordance with an embodiment of the invention.

[0024-] FIG. 4 is a flow chart illustrating a process for inserting new entitlement control messages into previously scrambled and encrypted content in accordance with an embodiment of the invention.

[0025] FIG. 5 is a flow chart illustrating a process for requesting and accessing content from a VOD system in accordance with an embodiment of the invention.

DETAILED DESCRIPTION

[0026] Turning now to the drawings, content protection systems that include a Video On Demand (VOD] simulcrypt in accordance with embodiments of the invention are illustrated. The content protection system includes the ability to technically protect video content by scrambling and/or encrypting the video content using a process that is seeded by at least one Control Word. The Control Word(s] is output to at least one Conditional Access System (CAS] and to a VOD operator system. I n a number of embodiments, the CASs that receive the Control Word provide Entitlement Control Messages (ECMs] to the content protection system. In many embodiments, the VOD operator system also provides an ECM to the content protection system. I n several embodiments, the VOD operator system stores the Control Word(s] and Control Word index or identification information in a database that associates that Control Word(s] with the technically protected content. Each of the ECMs is aggregated and incorporated into a stream including the technically protected content. The Control Word(s] contained within an ECM generated by a specific CAS is capable of being extracted by a corresponding CAS module provided on a user device. Therefore, a user device can inspect a stream incorporating aggregated ECMs, identify an ECM from which it can extract a Control Word, determine whether the user device has permission to access the content, and access the content using an extracted Control Word, where appropriate. [0027] Many VOD operators have 8,000 to 12,000 (or more] encrypted movie titles. Content protection systems in accordance with embodiments of the invention enable VOD operators to generate and retain copies of the Control Word(s] used to technically protect each of the titles. In this way, the VOD operator can change CAS without needing to repeat the process of technically protecting the content of each title. In several embodiments, the VOD operator can simply obtain the Control Word(s] used to technically protect a title and provide the Control Word(s] to the new CAS. The Control Word(s] can be obtained from an ECM that was generated by the VOD operator and combined with the technically protected content by the content protection system or from a database of Control Words maintained by the VOD operator. The new CAS can then generate a new ECM that is combined with the technically protected content. I n many embodiments, a standards based ECM is provided to the content protection system by a VOD operator and the standards based ECM can be utilized by CAS modules of a new CAS without repeating the process of technically protecting the content and/or generating new ECMs. Content protection systems incorporating VOD simulcrypts and processes for accessing of technically protected content are discussed further below.

VOD systems incorporating a content protection system

[0028] A VOD system incorporating a content protection system in accordance with an embodiment of the invention is illustrated in FIG. 1. The VOD system 10 provides content on demand to a plurality of user devices 12 via a shared network 14. The user devices can include, but are not limited to, set top boxes, personal computers, or mobile phone handsets. The types of user devices serviced by a VOD system typically depend upon the nature of the shared network. I n a number of embodiments, the shared network is a traditional cable, satellite, or telecommunication company network. I n several embodiments, the shared network is a broadband fixed and/or wireless network. [0029] Content that is distributed via the VOD system is technically protected by a content protection system 16 prior to being made available to user devices 12 via a VOD server 18 connected to the network 14. The content protection system 16 is connected to a CAS 20, which is indicated as CAS provider, and a VOD operator system 22, which is indicated as CAS Operator. In embodiments where the shared network is a traditional cable, satellite, or telecommunication company network, the VOD server 18 is placed at the cable head-end serving a particular market and/or at cable hubs in Larger markets. I n embodiments where the shared network is a broadband network, greater flexibility exists with respect to the Location of the VOD server 18 and with distributing VOD servers throughout the shared network.

[0030] I n the illustrated embodiment, both the CAS 20 and the VOD operator system 22 are configured to provide ECMs to the content protection system in response to receipt of at Least one Control Word from the content protection system 16. I n many embodiments, the VOD system includes more than one CAS, and each CAS provides an ECM to the content protection system. In several embodiments, the VOD operator system does not provide an ECM to the content protection system. I nstead, the VOD operator system stores Control Word(s) and Control Word index or identification data provided by the content protection system in a database that associates the Control Word(s] with the relevant pieces of technically protected content. Content protection systems in accordance with embodiments of the invention are discussed further below. When Control Word data is stored in a database and the content contains more than one Control Word the database storage includes index information identifying the Control Word in the content. An example of Control Word index information include but are not limited to file offsets, time offsets, ECM counter values, etc.

Content protection systems incorporating a VOD simulcrypt

[0031 ] A content protection system including a VOD simulcrypt in accordance with an embodiment of the invention is illustrated in FIG. 2. The content protection system 100 includes a scrambling/encryption module 120 that receives data and is configured to communicate with an insert multiplexer 130 and a Control Word generator 150. The insert multiplexer 130 is configured to communicate with an ECM aggregator 140, and the Control Word generator 150 is configured to communicate with a simulcrypt synchronizer 160. [0032] The content protection system receives content of any type (i.e. video, music, text, and/or other types of content] as data via an input interface. The data is technically protected using scrambling and/or encryption by the scrambling/encryption module 1 20. The process used to scramble and/or encrypt the data is seeded by at Least one Control Word provided by the Control Word generator 150. In a number of embodiments, the Control Word generator is a random number generator. The at least one Control Word used to technically protect the data is also provided by the Control Word generator 150 to the simulcrypt synchronizer 160. The simulcrypt synchronizer enables the content protection system to communicate with at least one CAS 161 - 163 and a VOD operator system 164. In a number of embodiments, the simulcrypt synchronizer operates in accordance with the DVB simulcrypt interface, which is defined by the Digital Video Broadcasting Project consortium to enable the connection of an encryption system to one or more CASs in the context of broadcast digital video. I n other embodiments, any of a variety of simulcrypt interfaces can be used and/or developed to enable the transfer of Control Words to an external interface.

[0033] The Control Word(s] provided by the simulcrypt synchronizer 160 is processed by each CAS and used to generate ECMs that contain encrypted copies of the Control Word(s). Each CAS typically prepares the ECMs in standard or unique ways. An example of a standards based ECM format includes the format defined as part of DReaM-CAS specified by Sun Microsystems, I nc. of Santa Clara, California. Where a unique or proprietary ECM is generated, the ECM typically stores the Control Word(s] using a unique or proprietary encryption process.

[0034] Each CAS 161 - 163 provides an ECM containing the encrypted Control Word(s] through interfaces 141 - 143 to the ECM aggregation block 140. The ECM aggregation block 140 receives the ECMs and outputs an ECM stream to the insert multiplexer 130. The insert multiplexer receives the technically protected content stream data 121 from the scrambling/encryption module 120 and adds the ECMs into the output of the scrambling/encryption module. The output of the scrambling/encryption module can include, but is not limited to, a stream, a file, serial interface data or parallel interface data. [0035] I n many embodiments, the VOD operator system also provides an ECM through an interface 144 with the ECM aggregator 140, and the VOD operator's ECM is also provided to the insert multiplexer 130 for combination with the output of the scrambling/encryption module 120. As is discussed further below, the VOD operator's ECM can be a standards based ECM that can be used by a variety of CASs. When the VOD operator's ECM is a standards based ECM, the VOD operator system can be a CAS that produces the desired standards based ECM. Alternatively, the VOD operator's ECM can be a proprietary ECM that can be used by the VOD operator to provide the Control Word(s] to another CAS at a point in time subsequent to the initial generation of the technically protected content. In several embodiments, the VOD operator system does not provide an ECM. Instead, the VOD operator system stores the Control Word(s] in a database that associates the Control Word(s) with the technically protected content generated by the content protection system. [0036] Although the content protection system as described with respect to a scrambling/encryption module, a code word generator, a simulcrypt synchronizer, an insert multiplexer, and an ECM aggregator as separate functional modules, content protection systems in accordance with embodiments of the invention can be implemented in ways that combine modules. For example, the ECM aggregator and insert multiplexer can be combined into a single functional module. Accordingly, the structure of a content protection system in accordance with embodiments of the invention is typically determined by the requirements of a specific application and is not limited to the structure illustrated in FIG. 2. Processes used by a variety of content protection systems in accordance with embodiments of the invention to technically protect content and to provide an output combining the technically protected content and at least one ECM are described below.

Processes for generating technically protected content

[0037] A process for generating technically protected content using a content protection system in accordance with an embodiment of the invention is illustrated in FIG. 3. The process 200 includes generating (202] a Control Word that is used in the technical protection of the content. As discussed above, the content can be technically protected using a combination of scrambling and/or encryption processes. The Control Word(s] are provided (204] to at least one CAS and to a VOD operator system and an ECM is received (206] from each of the at Least one CASs. In many embodiments, an ECM is also received from the VOD operator system. I n a number of embodiments, the received ECMs are aggregated (208] and multiplexed (210] with the technically protected content. The resulting combination of ECMs and technically protected content can then be distributed on-demand to user devices of subscribers protecting the content.

[0038] Although a specific process is illustrated in FIG. 3, other processes in accordance with embodiments of the invention can be utilized to technically protect content and provide the Control Word(s] used to technically protect the content to at least one CAS and to a VOD operator system.

Combining an additional ECM with previously generated technically protected content [0039] Referring back to the content protection system 100 illustrated in FIG. 2, a number of CASs are shown interfacing with the simulcrypt synchronizer 150 and the ECM aggregator 140. However, typically only one CAS is active at any one time. Content protection systems in accordance with embodiments of the invention enable a VOD operator to provide a new CAS provider with access to Control Word(s] used by a previous CAS provider to technically protect content and prevents the need to repeat the process of technically protecting the content upon selection of a new CAS provider. The VOD operator can provide the new CAS with access to the Control Word(s] either through a standards based ECM, or by extracting the Control Word(s] from a proprietary ECM generated by the VOD operator system, or from a database maintained by the VOD operator. Where a standards based ECM is generated and the new CAS supports the standard, the new CAS can simply utilize the standards based ECM to provide access to the technically protected content or to extract the Control Word(s] and generate a new ECM that can be combined with the technically protected content and/or used to overwrite the ECM of a previous CAS provider. I n instances where the ECM is proprietary or the Control Word(s] are stored in a database, the VOD operator can extract the Control Word(s] and provide them to the new CAS. [004-0] A process for extracting Control Word(s] from technically protected content and combining a new ECM generated using the Control Word(s] with the technically protected content is illustrated in FIG. 4. The process 300 includes accessing (302] the technically protected content and locating (304] an ECM from which the Control Word(s] can be extracted. Typically, the ECM from which the Control Word(s] can be extracted is an ECM that was generated by the VOD operator and combined with the technically protected content at the time when the technically protected content was generated. The Control Word(s] are extracted (306] and the Control Word(s] are used to generate (308] a new ECM. The new ECM is then inserted (310] into the technically protected content. Depending upon the container file format, care may be required during insertion of the new ECM to preserve internal references within the file. In a number of embodiments, the new ECM is used to overwrite one or more ECMs found within the container. However, the new ECM typically does not overwrite the ECM provided by the VOD operator. Although a specific process is illustrated in FIG. 4, a variety of processes for extracting Control Word(s] from a piece of technically protected content and inserting a new ECM enabling a new CAS to provide access to the technically protected content in a VOD system in accordance with embodiments of the invention can be utilized as necessitated by the requirements of specific applications.

Accessing technically protected content

[004-1 ] Content protection systems in accordance with embodiments of the invention can provide technically protected content incorporating multiple ECMs for use in VOD systems. When a user device requests a piece of content, the VOD system provides the technically protected content to the user device and a CAS module associated with the user device attempts to identify an ECM from which the CAS module can extract the Control Word(s] and obtain access to the content. A process utilized by user devices to request and access content in accordance with an embodiment of the invention is illustrated in FIG. 5. The process 100 includes requesting (402] content. Assuming the user device is authorized to receive the content, the VOD server provides the requested content. I n a number of embodiments, the VOD server streams the content. In many embodiments, the VOD server pushes the content to a storage device on the user device. The content received (404] by the user device is technically protected and includes a plurality of ECMs. The user device searches the technically protected content to identify (406] an ECM that it can use to extract (408] Control Word(s] (410] and access the content. Although a specific process is illustrated in FIG. 5, a variety of processes for accessing technically protected content in accordance with embodiments of the invention can be utilized depending upon the requirements of a specific VOD system and/or CAS module.

[004-2] While the above description contains many specific embodiments of the invention, these should not be construed as limitations on the scope of the invention, but rather as an example of one embodiment thereof. For example, those of skill in the art will appreciate that the various illustrative logical blocks, modules, circuits, and methods, described above can be implemented as electronic hardware, firmware, and/or software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the overall system. I n many instances, the logical blocks, modules, and methods described above can be implemented or preformed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit, a Field Programmable Gate Array, and/or other programmable logic devices, discrete gates, transistor logic, discrete components, or any combination thereof. A general purpose processor can be a microprocessor, but in the alternative, the processor can be any processor, controller, microcontroller, or state machine and the processing can be performed on a single piece of hardware or distributed across multiple servers or running multiple computers that are housed in a local area or dispersed across different geographic locations. A processor can also be implemented as a combination of computing devices, for example, a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. Accordingly, the scope of the invention should be determined not by the embodiments illustrated, but by the appended claims and their equivalents.

Claims

CLAI MS What is claimed is:
1. A VOD system, comprising: a content protection system configured to communicate with a VOD server, at Least one conditional access system and an VOD operator system; and a plurality of user devices configured to communicate with the VOD server via a shared network, where the plurality of user devices each include a conditional access system module; wherein the content protection system is configured to receive content, and to technically protect the content using at least one control word ; wherein the content protection system is configured to provide the at least one control word to the at least one conditional access system and the VOD operator system via a simulcrypt interface; wherein each conditional access system is configured to encrypt the at least one control word and provide an entitlement control message containing the at least one encrypted control word to the content protection system ; wherein the content protection system is configured to combine each entitlement control message received from the at least one conditional access system with the technically protected content to produce technically protected content that is provided to the VOD server; wherein the VOD server is configured to provide the technically protected content to a specific user device via the shared network in response to a request from the user device; and wherein a user device is configured to receive the technically protected content, identify an entitlement message from which the conditional access system module can extract the at least one control word, and access the content using the at least one control word.
U
2. The VOD system of claim 1 , wherein: the VOD operator system is configured to encrypt the at least one control word and provide an entitlement control message containing the at least one encrypted control word to the content protection system; and the content protection system is also configured to combine the entitlement control message received from the VOD operator system with the technically protected content.
3. The VOD system of claim 2, wherein the entitlement control message provided by the VOD operator system is configured to enable the extraction of the at least one encrypted control word in accordance with a standard.
4. The VOD system of claim 1 , wherein the VOD operator system is configured to store the at least one control word in a database, where the at least one control word is associated with the technically protected content in the database.
5. The VOD system of claim 1 , wherein the VOD operator system is configured to store control word identification data associated with the at least one control word in the database.
6. A content protection system, comprising: a scrambling and encryption module configured to receive content and to communicate with a control word generator and an insert multiplexer; a simulcrypt synchronizer configured to communicate with the control word generator, and at least one conditional accesses system and a VOD operator system by a simulcrypt interface; and an entitlement control message aggregator configured to communication with the at least one conditional access system, the VOD operator system, and the insert multiplexer; wherein the control word generator is configured to generate at least one control word and to provide the at least one control word to the scrambling and encryption module, and to the simulcrypt synchronizer; wherein the scrambling and encryption module is configured to perform scrambling and encryption operations utilizing the at least one control word; wherein the simulcrypt synchronizer is configured to provide the at least one control word to the at least one conditional access system and the VOD operator system via the simulcrypt interface; wherein the entitlement control message aggregator is configured to receive an entitlement control message from each of the at least one conditional access system and provide the at least one entitlement control message to the insert multiplexer; and wherein the insert multiplexer is configured to combine the scrambled and encrypted content with the at least one entitlement control message and output technically protected content.
7. The content protection system of claim 6, wherein: the entitlement control message aggregator is also configured to receive an entitlement control message from the VOD operator system and to provide the entitlement control message from the VOD operator system to the insert multiplexer; and the insert multiplexer is also configured to combine the entitlement control message from the VOD operator system with the scrambled and encrypted content.
8. The content protection system of claim 7, wherein: the entitlement control message provided by the VOD operators system contains an encrypted copy of the at least one control word; and the entitlement control message conforms with a standard entitlement control message format.
9. A method of distributing technically protecting content in a VOD system, comprising: generating at least one control word and using the control word to technically protect content using a content protection system; providing the at least one control word to at least one conditional access system and to a VOD operator system; receiving an entitlement control message from each of the at least one conditional access system at the content protection system; aggregating the at least one entitlement control message and combining the at least one entitlement control message with the technically protected content to output technically protected content from the content protection system to a VOD server; and providing the technically protected content from the VOD server to a user device upon receipt of a request from the user device by the VOD server, where the user device includes a conditional access system module that enables the user device to extract the at least one control word from one of the at least one entitlement control messages and access the content.
10. The method of claim 9, further comprising: receiving an entitlement control message from the VOD operator system; and combining the entitlement control message from the VOD operator system with the technically protected content using the content protection system.
1 1. The method of claim 10, wherein the entitlement control message from the VOD operator system conforms with a standard entitlement control message format.
12. The method of claim 9, further comprising storing the at Least one control word received by the VOD operator system in a database, where the at Least one control word is associated with the technically protected content in the database.
13. The method of claim 1 1 , further comprising storing control word index information associated with the at least one control word received by the VOD operator system in the database.
14. A method of playing back technically protected content received from a VOD server on a user device, where the technically protected content includes a plurality of entitlement control messages and the user device includes a conditional access module configured to extract control words from one of the plurality of entitlement control messages, comprising: requesting content from a VOD server using a user device; receiving the requested content from the VOD server at the user device, where the received content is technically protected and includes a plurality of entitlement control messages; identifying an entitlement control message from which at least one control word is extracted using a conditional access system module on the user device; and accessing the content received by the user device using the at least one control word.
15. A method of adding an entitlement control message to a piece of technically protected content that includes a plurality of entitlement control messages, where a conditional access system can extract at least one control word from one of the plurality of entitlement control messages, comprising: accessing technically protected content using the conditional access system; Locating an entitlement control message from which at Least one control word is extracted using the conditional access system; generating a new entitlement control message using the conditional access system; and combining the new entitlement control message with the technically protected content.
16. The method of claim 14, wherein the entitlement control message from which the control words are extracted conforms with a standard entitlement control message format.
PCT/US2009/050294 2008-07-10 2009-07-10 Video on demand simulcrypt WO2010006290A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US7971908P true 2008-07-10 2008-07-10
US61/079,719 2008-07-10

Publications (1)

Publication Number Publication Date
WO2010006290A1 true WO2010006290A1 (en) 2010-01-14

Family

ID=41507456

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2009/050294 WO2010006290A1 (en) 2008-07-10 2009-07-10 Video on demand simulcrypt

Country Status (1)

Country Link
WO (1) WO2010006290A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2472890A3 (en) * 2010-12-28 2012-08-08 Sony Corporation On-demand switched content encryption

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050097340A1 (en) * 2003-11-03 2005-05-05 Pedlow Leo M.Jr. Default encryption and decryption
US20050105732A1 (en) * 2003-11-17 2005-05-19 Hutchings George T. Systems and methods for delivering pre-encrypted content to a subscriber terminal
US6898285B1 (en) * 2000-06-02 2005-05-24 General Instrument Corporation System to deliver encrypted access control information to support interoperability between digital information processing/control equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6898285B1 (en) * 2000-06-02 2005-05-24 General Instrument Corporation System to deliver encrypted access control information to support interoperability between digital information processing/control equipment
US20050097340A1 (en) * 2003-11-03 2005-05-05 Pedlow Leo M.Jr. Default encryption and decryption
US20050105732A1 (en) * 2003-11-17 2005-05-19 Hutchings George T. Systems and methods for delivering pre-encrypted content to a subscriber terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2472890A3 (en) * 2010-12-28 2012-08-08 Sony Corporation On-demand switched content encryption

Similar Documents

Publication Publication Date Title
EP1151608B1 (en) Method and apparatus for encrypted transmission
US8533459B2 (en) Method and apparatus for protecting the transfer of data
CA2393630C (en) Intelligent transceiving method, device and system
DE69901305T3 (en) Module manager for interactive tv system
EP0950319B1 (en) Preventing replay attacks on digital information distributed by network service providers
JP4511029B2 (en) Method and apparatus for continuous control and protection of media content
US7698568B2 (en) System and method for using DRM to control conditional access to broadband digital content
JP4159116B2 (en) Smart card and receiver for use with encrypted broadcast signal receiver
US7730300B2 (en) Method and apparatus for protecting the transfer of data
US9094699B2 (en) System and method for security key transmission with strong pairing to destination client
JP4861258B2 (en) Method and apparatus for encrypting media programs for later purchase and viewing
US7278165B2 (en) Method and system for implementing digital rights management
DE60213650T2 (en) Access to encrypted round end
JP4819059B2 (en) Descrambling method and descrambling apparatus
US7590242B2 (en) Selective multimedia data encryption
US20050033700A1 (en) Method and apparatus for creating and rendering an advertisement
US8667304B2 (en) Methods and apparatuses for secondary conditional access server
US8526610B2 (en) Methods and apparatus for persistent control and protection of content
US8130952B2 (en) Methods and apparatus for persistent control and protection of content
US7233948B1 (en) Methods and apparatus for persistent control and protection of content
US7840489B2 (en) Key sharing for DRM interoperability
US20060200412A1 (en) System and method for DRM regional and timezone key management
US7508942B2 (en) Multi-process descrambler
US20060031873A1 (en) System and method for reduced hierarchy key management
EP1143722A1 (en) Data scrambling and descrambling system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09795256

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09795256

Country of ref document: EP

Kind code of ref document: A1