WO2013139696A1 - A system and method for networking conditional access functionalities - Google Patents
A system and method for networking conditional access functionalities Download PDFInfo
- Publication number
- WO2013139696A1 WO2013139696A1 PCT/EP2013/055366 EP2013055366W WO2013139696A1 WO 2013139696 A1 WO2013139696 A1 WO 2013139696A1 EP 2013055366 W EP2013055366 W EP 2013055366W WO 2013139696 A1 WO2013139696 A1 WO 2013139696A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- conditional access
- digital content
- host device
- encrypted
- content
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 12
- 230000006855 networking Effects 0.000 title description 2
- 238000009877 rendering Methods 0.000 claims abstract description 23
- 238000004891 communication Methods 0.000 claims description 23
- 101100118004 Arabidopsis thaliana EBP1 gene Proteins 0.000 description 3
- 101150052583 CALM1 gene Proteins 0.000 description 3
- 102100025580 Calmodulin-1 Human genes 0.000 description 3
- 208000011038 Cold agglutinin disease Diseases 0.000 description 3
- 101100459256 Cyprinus carpio myca gene Proteins 0.000 description 3
- 101000898746 Streptomyces clavuligerus Clavaminate synthase 1 Proteins 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 101150091339 cam-1 gene Proteins 0.000 description 3
- 208000020345 childhood apraxia of speech Diseases 0.000 description 3
- 208000014155 speech-language disorder-1 Diseases 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 241001527806 Iti Species 0.000 description 1
- 241000287107 Passer Species 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000004020 conductor Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43607—Interfacing a plurality of external cards, e.g. through a DVB Common Interface [DVB-CI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43615—Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4363—Adapting the video stream to a specific local network, e.g. a Bluetooth® network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
Definitions
- the present invention pertains to the domain of conditional access to digital media content and is of particular use in a home network environment.
- CAM Conditional Access Modules
- a host device which includes a decoder for decoding encoded video.
- the encoded video may be received in encrypted fashion and the CAM comprises keys for decrypting the encrypted content. Thanks to these keys, the CAM may either decrypt the content itself and pass the decrypted content to the host device or it may pass the keys to the (authorised) host device for the decryption to be performed by the host device.
- Systems such as this have been widely covered in the state of the art in documents such as WO2008/055928, or US 6,443,361 , which make particular reference to a generally accepted standard for communication between the host and the CAM known as a Common Interface Standard.
- a CICAM In the state of the art, a CICAM is always associated with a single host.
- CICAM It is meant a cond itional access module which is adapted to function according to a Common Interface Standard compliant with a Common Interface Specification controlled by the Common Interface (CI) Consortium.
- a host device may be a digital TV set for example.
- the host device may receive a first content from the first operator, the first content being encrypted according to a first conditional access system, and further may receive a second content from a second operator, the second content being encrypted according to a second conditional access system, different from the first access control system.
- a particular location e.g. household
- a host device such as the type mentioned here is described in International Patent Application Publication number 97/18656, entitled “SYSTEM FOR DECRYPTING TELEVISION FROM SEVERAL SATELLITES", the host device receiving a plurality of smart cards, one corresponding to each of one from a plurality of different suppliers each operating different Conditional Access Systems.
- Figure 1 illustrates a configuration in which a plurality of host devices of the type mentioned above may be incorporated .
- the drawing shows a home environment having two television sets, each of which may receive broadcast programmes or recorded programmes from two different operators each using two different conditional access systems.
- Such a configuration therefore requires the use of four CICAMs: the first TV set having two CICAMs (a first one for decrypting content encrypted by the first operator and a second one for decrypting content encrypted by the second operator); and the second TV set having another two CICAMs (a third one for decrypting content encrypted by the first operator and a fourth one for decrypting content encrypted by the second operator).
- This is not optimal since only two of the four CICAMs will be required at any one time to decrypt content.
- a goal of the present invention is to solve some of the problems existing in the state of the art by allowing for at least one conditional access modules to be shared between a plurality of host devices via a local area network.
- a system for providing controlled access to at least a first encrypted digital content, said encryption according to a first controlled access scheme comprising: a first host device for receiving the first encrypted digital content and for rendering a corresponding first decrypted digital content; and;
- a first conditional access module configured to operate according to the first controlled access scheme
- the system characterised in that it further comprises a local area network router, the local area network router configured to provide at least a first interface between at least:
- said first interface configured to allow for the first host device to transmit the received first encrypted content to the first conditional access module for decryption and to further allow for the first conditional access module to return the corresponding first decrypted digital content for rendering by the first host device.
- controlled access means allowing an authorised user to access a decrypted version of the encrypted content, such access being denied to a non- authorised user.
- Controlled access is therefore acknowledged as being provided by any of the known conditional access systems used in the domain of Pay-TV for example, usually in a broadcast environment, and using broadcast entitlement control messages (ECM) and broadcast or otherwise delivered entitlement management messages (EMM). It is also acknowledged that the known Digital Rights Management (DRM) systems, generally deployed in controlled access systems used in the domain of content distribution, for example video on demand, also fit the present definition of controlled access.
- ECM broadcast entitlement control messages
- EMF broadcast or otherwise delivered entitlement management messages
- DRM Digital Rights Management
- a host device comprising:
- a communication interface for connecting to a local area network router
- the host device characterised in that it is configured to allow the conditional access module to connect directly to the local area network router.
- a common interface conditional access module comprising a common interface and characterised in that it comprises an adaptor to convert the common interface to a format allowing direct connection to a local area network router.
- a local area network router comprising a plurality of communication ports each for providing an interface with at least one signal from an external device, the plurality of communication ports configured to operate according to a communication network standard, the local area network router being configured to provide connectivity between any one from the plurality of communication ports to any other from the plurality of communication ports, the local area network router characterised in that it further comprises:
- a first adaptor module connected to a first from the plurality of communication ports, the first adaptor module configured to convert the signal from a first external device from a moving picture Standard to the communication network standard; and a second adaptor module connected to a second from the pl ural ity of communication ports, the second adaptor module configured to convert an internal signal from the communication network standard to the moving picture standard in order to interface with a second external device.
- a first conditional access module configured to operate according to a first conditional access scheme for providing a first decrypted digital content derived from a first encrypted digital content
- a second conditional access module configured to operate according to a second conditional access scheme for providing a second decrypted digital content derived from a second encrypted digital content
- a first host device for:
- a second host device for:
- a local area network router configured to provide connectivity between at least either of the host devices and either of the conditional access modules
- a goal of the present invention is to provide a more efficient and convenient solution to the use of multiple CICAMs in an environment where multiple CICAMs are required to decrypt content for viewing on multiple host devices.
- the CICAMs are detached from a particular host device and attached rather to a given piece of equipment within a home network where the multiple host devices are connected such that they may share resources.
- the present invention allows for conditional access module sharing to be achieved in order to render encrypted content accessible to any suitable rendering device within a home network.
- Figure 1 which shows a typical state of the art configuration for allowing decryption of content encrypted according to two different encryption schemes using two different rendering apparatus
- Figure 2 representing a system in which a first embodiment of the present invention may be deployed
- FIG. 3 representing a system in which a second embodiment of the present invention may be deployed.
- a home network may comprise a plurality of host devices (TV1 , TV2) for rendering digital media content.
- host devices are known and may comprise a reception module for receiving the media content and a rendering module to display or otherwise render the content. In other configurations the reception module and the rendering module could form separate devices instead of being housed within the host device.
- the host devices (TV1 , TV2) are connected via a local area network (LAN) to form a home network.
- LAN local area network
- the host devices are capable of rendering content received from any from a plural ity of operators as long as the host device has access to a conditional access module which allows it to decrypt the content.
- the content may be encrypted according to any from a plurality of encryption schemes employed by the plurality of operators and so an appropriate conditional access module should be available if the host is to be able to decrypt a particular content corresponding to a particular encryption scheme.
- a first content is encrypted according to a first scheme (CAS1 ).
- CAS1 first scheme
- a second content is encrypted according to a second scheme (CAS2).
- CAS2 second scheme
- a host requires to have access to decryption capabilities provided by a second CICAM (CAM2) operating according to the second scheme.
- both CICAMs are also connected to the home network, preferably via an interface complying with one of the Common Interface Standards.
- conditional access system conditional access policy
- conditional access scheme conditional access procedure
- conditional access procedure may be used interchangeably to describe a conditional access algorithm and key policy adopted by a supplier of conditional access content to render such content accessible only to authorised users.
- conditional access pol icies used are of a type used in broadcast pay TV, where rights are managed and verified using entitlement management messages (EMM) and entitlement control messages (ECM), usually broadcast to the viewer along with the content.
- EMM entitlement management messages
- ECM entitlement control messages
- a home network generally comprises a central element or device, called a router, into which computer devices, entertainment devices and other appliances within the home may be plugged .
- This provides a convenient way to allow for communication to be established between any given device in the network and any other device in the network.
- Routers generally operate according to an Ethernet Standard and so provide Ethernet sockets to which the various devices in the network may be plugged.
- Other routers known as WiFi routers provide connectivity to devices via wireless interfaces (WiFi).
- WiFi wireless interfaces
- Another type of router may be used to make a Power Line Communication Network (PLC).
- PLC Power Line Communication Network
- This type of router is known and provides connectivity to the devices of the network via a conductor wh ich is simultaneously used to provide AC electrical power to the devices in the network.
- a host device with its conditional access module instead of a host device with its conditional access module being connected to become part of the home network, one or more host devices are connected to become part of the home network and one or more conditional access modules are also connected to become part of the home network.
- a CICAM is essentially morphed into the home network.
- UUPnP Universal Plug and Play
- the particular mechanism is generally known as “Discovery”.
- the CICAM is therefore "discovered” and it presents a list of which conditional access systems or digital rights management systems it supports. The list may be displayed on a display associated with a host device on the network to allow a user to select an item from the list according to his needs. The selection can be made using a remote control device for example, which is generally known in the domain.
- morphing the CICAM into the home network it is meant either plugging the
- the CICAM into a host device having a Common Interface port for the CICAM and further having an Ethernet or a WiFi connection for connecting the host to the home network, for example a TV host device.
- the CICAM is considered by the home network to be a separately addressable device within the network, which can be used by any device in the network, just as any other resource on the network can.
- a specially designed CICAM can be made, including an adaptor module to convert its CI interface to Ethernet, WiFi or PLC format so that it can be plugged directly into the network.
- it could be the router which is mod ified to have Common Interface compatible ports especially for receiving CICAMs, with the conversion from Common Interface to Ethernet or other being done by the router.
- a host device on the network can then use the CICAM to decrypt content received from an operator, such content being encrypted according to one of the encryption systems serviced by the CICAM .
- I n order to do th is, a transport connection is set up between the host device and the CICAM via the local area network (home network), through which (transport connection) the two devices exchange content.
- the local area network home network
- Any of the known container types for content may be used, for example MPEG2-TS, ISOBMFF or any other of the known moving picture Standards.
- the encrypted content received from the operator is sent to the CICAM for decryption according to the selected encryption scheme (i.e. that which was used by the operator to encrypt the content).
- the selected encryption scheme i.e. that which was used by the operator to encrypt the content.
- a content received from a first operator is encrypted according to a first encryption scheme. This fact can be deduced from a piece of information in header within the transport stream, saying that the content is encrypted under the first conditional access scheme.
- the host then knows that it needs the first conditional access module to decrypt the content since the first conditional access module made this information known during the discovery procedure.
- a secure, authenticated channel is established between the host device and the CICAM so that the content is securely protected on its way back from the CICAM to the rendering device.
- FIG. 2 shows how two CICAMs can be connected to the network to allow two hosts to render decrypted content, each of which is encrypted according to a different encryption scheme.
- each of the CICAMs decrypts the content received via their respective transport connections according to different encryption schemes.
- the first host (TV1 ) uses the services of the first CICAM (CAM1 ), making available the first conditional access system (CAS1 ) to decrypt content received from a first operator, while the second host device (TV2) makes use of the second CICAM (CAS2) running the second conditional access system (CAS2) to decrypt content received from a second operator.
- the resulting effect is similar to a case where the first host has its own CAM working according to a first conditional access scheme and the second host has its own CAM working according to a second conditional access stream. But the advantage is that this system is more flexible. If the first host were subsequently to receive content from the second operator, encrypted according to the second scheme and the first host were to receive content from the first operator, encrypted accord ing to the first cond itional access scheme, then the system allows for the first host to use the second conditional access module and the second host to use the first conditional access module.
- a single CICAM may be configured to be able to process more than one such transport connection session with different hosts.
- the CICAM can simultaneously decrypt content for the d ifferent hosts.
- Th is can be seen in Figure 3, for example, showing another system in which an embodiment of the present invention may be deployed .
- two hosts with in the network are required to show content which has been encrypted according to a same encryption scheme.
- the content is shown to have been received by the two hosts from different operators, however the content is encrypted according to the same encryption scheme - the second scheme (CAS2). (It is also possible for the two hosts to have received the content from the same operator).
- the system can include a proximity control mechanism, whereby a proximity detector can be included in order to detect whether or not a particular host wh ich requests content to be decrypted is physically located with in a range wh ich is deemed to be with in the home.
- a proximity constraint could be placed on the CICAM. This way it is ensured that neighbours for example, or passers by, are not taking advantage of the network without authorisation.
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The present invention allows for efficient use of conditional access resources by providing a network comprising a plurality of host devices for rendering decrypted content and one or more conditional access modules to enable said decryption. The network is configured so that any of the host devices may send received content to whichever of the conditional access modules is configured to perform the decryption, depending on the scheme which was used to encrypt the received content.
Description
A SYSTEM AND METHOD FOR NETWORKING CONDITIONAL ACCESS
FUNCTIONALITIES
TECHNICAL DOMAIN
The present invention pertains to the domain of conditional access to digital media content and is of particular use in a home network environment.
STATE OF THE ART
Conditional Access Modules (CAM) for use with a television sets are known. It is usual for such a CAM to be adapted to be inserted into a slot in a TV reception apparatus, a host device, which includes a decoder for decoding encoded video. The encoded video may be received in encrypted fashion and the CAM comprises keys for decrypting the encrypted content. Thanks to these keys, the CAM may either decrypt the content itself and pass the decrypted content to the host device or it may pass the keys to the (authorised) host device for the decryption to be performed by the host device. Systems such as this have been widely covered in the state of the art in documents such as WO2008/055928, or US 6,443,361 , which make particular reference to a generally accepted standard for communication between the host and the CAM known as a Common Interface Standard.
In the state of the art, a CICAM is always associated with a single host. By CICAM It is meant a cond itional access module which is adapted to function according to a Common Interface Standard compliant with a Common Interface Specification controlled by the Common Interface (CI) Consortium. A host device may be a digital TV set for example. In a situation where a user has subscribed to two operators who supply protected content each requiring a different CICAM to descramble their respective contents, it follows that the user will need to insert two different conditional access modules (CAM) into his host device. The host device may receive a first content from the first operator, the first content being encrypted according to a first conditional access system, and further may receive a second content from a second operator, the second content being encrypted according to a second conditional access system, different from the first access control system. In a particular location, e.g. household, there may be two such host devices, each host device being adapted to receive two different conditional access modules which, like
in the first host device, are adapted to function according to the first conditional access system and the second conditional access system, respectively. A host device such as the type mentioned here is described in International Patent Application Publication number 97/18656, entitled "SYSTEM FOR DECRYPTING TELEVISION FROM SEVERAL SATELLITES", the host device receiving a plurality of smart cards, one corresponding to each of one from a plurality of different suppliers each operating different Conditional Access Systems.
Figure 1 illustrates a configuration in which a plurality of host devices of the type mentioned above may be incorporated . The drawing shows a home environment having two television sets, each of which may receive broadcast programmes or recorded programmes from two different operators each using two different conditional access systems. Such a configuration therefore requires the use of four CICAMs: the first TV set having two CICAMs (a first one for decrypting content encrypted by the first operator and a second one for decrypting content encrypted by the second operator); and the second TV set having another two CICAMs (a third one for decrypting content encrypted by the first operator and a fourth one for decrypting content encrypted by the second operator). This is not optimal since only two of the four CICAMs will be required at any one time to decrypt content.
I n U n ited States Patent Pu bl ication n u m ber 7,975,050 B2, entitled "CONDITIONAL ACCESS NETWORK", the problem of a user seeking to have access to content from different operators, each operator's content protected under a different CAS, is disclosed as having been solved by providing each user with a single conditional access unit having basic functionality common to all of the different CASs. Each of the different CASs can then be selectively enabled subject to successful acquisition of the necessary license by the user. For a plurality of users, each user still needs to have a conditional access unit plugged into his television set (or other reception unit) all of the time that he wishes to access conditional access content.
Disclosure of yet another approach to solving the problem of dealing with different conditional access systems using a single host is given in United States Patent Application Publication number 2003/012377. The solution provided in this document is to provide the conditional access module in software format and to make
the module available for download by the user. The user can then store the conditional access modules in a memory in his host device and use the appropriate conditional access module depending on which conditional access system applies to the particular content he wishes to access. This provides an adequate solution for a single user in a system comprising a single host.
BRIEF SUMMARY OF THE INVENTION
A goal of the present invention is to solve some of the problems existing in the state of the art by allowing for at least one conditional access modules to be shared between a plurality of host devices via a local area network. According to a first aspect of the present invention, there is provided a system for providing controlled access to at least a first encrypted digital content, said encryption according to a first controlled access scheme, the system comprising: a first host device for receiving the first encrypted digital content and for rendering a corresponding first decrypted digital content; and;
a first conditional access module configured to operate according to the first controlled access scheme;
the system characterised in that it further comprises a local area network router, the local area network router configured to provide at least a first interface between at least:
the first host device; and
the fist conditional access module;
said first interface configured to allow for the first host device to transmit the received first encrypted content to the first conditional access module for decryption and to further allow for the first conditional access module to return the corresponding first decrypted digital content for rendering by the first host device.
By controlled access it means allowing an authorised user to access a decrypted version of the encrypted content, such access being denied to a non- authorised user. Controlled access is therefore acknowledged as being provided by any of the known conditional access systems used in the domain of Pay-TV for example, usually in a broadcast environment, and using broadcast entitlement control messages (ECM) and broadcast or otherwise delivered entitlement
management messages (EMM). It is also acknowledged that the known Digital Rights Management (DRM) systems, generally deployed in controlled access systems used in the domain of content distribution, for example video on demand, also fit the present definition of controlled access. According to a further aspect of the present invention, there is provided a host device comprising:
a common interface for receiving a common interface conditional access module; and
a communication interface for connecting to a local area network router;
the host device characterised in that it is configured to allow the conditional access module to connect directly to the local area network router.
According to yet another aspect of the present invention, provision is made for a common interface conditional access module comprising a common interface and characterised in that it comprises an adaptor to convert the common interface to a format allowing direct connection to a local area network router.
Provision is made, according to yet a further aspect of the present invention, for a local area network router comprising a plurality of communication ports each for providing an interface with at least one signal from an external device, the plurality of communication ports configured to operate according to a communication network standard, the local area network router being configured to provide connectivity between any one from the plurality of communication ports to any other from the plurality of communication ports, the local area network router characterised in that it further comprises:
a first adaptor module connected to a first from the plurality of communication ports, the first adaptor module configured to convert the signal from a first external device from a moving picture Standard to the communication network standard; and a second adaptor module connected to a second from the pl ural ity of communication ports, the second adaptor module configured to convert an internal signal from the communication network standard to the moving picture standard in order to interface with a second external device.
According to still another aspect of the present invention, there is provided a method for rendering a decrypted digital content derived from an encrypted digital content, said encryption being made according to a conditional access scheme, the method using a system comprising:
a first conditional access module configured to operate according to a first conditional access scheme for providing a first decrypted digital content derived from a first encrypted digital content;
a second conditional access module configured to operate according to a second conditional access scheme for providing a second decrypted digital content derived from a second encrypted digital content;
a first host device for:
receiving the first encrypted digital content, said first encryption being made according to the first conditional access scheme; and
rendering the first decrypted digital content;
a second host device for:
receiving a second encrypted digital content, said second encryption being made according to a second conditional access scheme; and
rendering the second decrypted digital content;
and a local area network router configured to provide connectivity between at least either of the host devices and either of the conditional access modules;
the method comprising:
determining from the received encrypted digital content whether it is encrypted according to the first or the second conditional access schemes;
based on said determination, sending, via the local area network router, the received encrypted digital content to one selected from the two conditional access modules, said selection based on the conditional access scheme to which the selected conditional access module is configured to operate;
returning the decrypted digital content from the selected conditional access module to the host device which received the corresponding encrypted dig ital content;
rendering the decrypted digital content in the host device to which the decrypted digital content was returned.
A goal of the present invention is to provide a more efficient and convenient solution to the use of multiple CICAMs in an environment where multiple CICAMs are required to decrypt content for viewing on multiple host devices.
According to an embodiment of the present invention, the CICAMs are detached from a particular host device and attached rather to a given piece of equipment within a home network where the multiple host devices are connected such that they may share resources.
The present invention allows for conditional access module sharing to be achieved in order to render encrypted content accessible to any suitable rendering device within a home network.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will be better understood thanks to the detailed description which follows and the accompanying drawings, which are given as non- limiting examples of embodiments of the invention, namely:
Figure 1 , which shows a typical state of the art configuration for allowing decryption of content encrypted according to two different encryption schemes using two different rendering apparatus;
Figure 2, representing a system in which a first embodiment of the present invention may be deployed; and
Figure 3, representing a system in which a second embodiment of the present invention may be deployed.
DETAILED DESCRIPTION
Figure 2 shows a system in which an embodiment of the present invention may be deployed. A home network may comprise a plurality of host devices (TV1 , TV2) for rendering digital media content. Such host devices are known and may comprise a reception module for receiving the media content and a rendering module to display or otherwise render the content. In other configurations the reception module and the rendering module could form separate devices instead of being housed within the host device. The host devices (TV1 , TV2)are connected via a local area network (LAN) to form a home network. When the content is received in
encrypted format, the host devices are capable of rendering content received from any from a plural ity of operators as long as the host device has access to a conditional access module which allows it to decrypt the content. The content may be encrypted according to any from a plurality of encryption schemes employed by the plurality of operators and so an appropriate conditional access module should be available if the host is to be able to decrypt a particular content corresponding to a particular encryption scheme.
A first content, according to the example in Figure 2, is encrypted according to a first scheme (CAS1 ). For correct decryption of the first content a host therefore needs to have access to decryption capabilities provided by a first CICAM (CAM1 ) which uses the first scheme (CAS1 ). A second content is encrypted according to a second scheme (CAS2). For correct decryption of this content a host requires to have access to decryption capabil ities provided by a second CICAM (CAM2) operating according to the second scheme. According to the embodiment of the invention, both CICAMs (CAM1 , CAM2) are also connected to the home network, preferably via an interface complying with one of the Common Interface Standards.
In the context of the present invention, the terms "conditional access system", "conditional access policy", "conditional access scheme" or "conditional access procedure" may be used interchangeably to describe a conditional access algorithm and key policy adopted by a supplier of conditional access content to render such content accessible only to authorised users. It will be understood by the skilled person that the invention may be applicable in a domain wherein the conditional access pol icies used are of a type used in broadcast pay TV, where rights are managed and verified using entitlement management messages (EMM) and entitlement control messages (ECM), usually broadcast to the viewer along with the content. On the other hand it is also appl icable in a domain where content is distributed rather than broadcast (e.g. video on demand), with such content being protected using a "digital rights management" technique, where the rights are instead managed via purchasable license files which are loaded onto the viewer's equipment. A home network generally comprises a central element or device, called a router, into which computer devices, entertainment devices and other appliances within the home may be plugged . This provides a convenient way to allow for
communication to be established between any given device in the network and any other device in the network. Routers generally operate according to an Ethernet Standard and so provide Ethernet sockets to which the various devices in the network may be plugged. Other routers, known as WiFi routers provide connectivity to devices via wireless interfaces (WiFi). Another type of router may be used to make a Power Line Communication Network (PLC). This type of router is known and provides connectivity to the devices of the network via a conductor wh ich is simultaneously used to provide AC electrical power to the devices in the network. According to embodiments of the present invention, instead of a host device with its conditional access module being connected to become part of the home network, one or more host devices are connected to become part of the home network and one or more conditional access modules are also connected to become part of the home network.
According to the embodiment, a CICAM is essentially morphed into the home network. This means that when the CICAM is connected into the home network it makes its presence and preferably its capabilities known to any other device on the network which may be able to benefit from its presence. Typically this is done through state of the art technology known as Universal Plug and Play (UPnP). The particular mechanism is generally known as "Discovery". The CICAM is therefore "discovered" and it presents a list of which conditional access systems or digital rights management systems it supports. The list may be displayed on a display associated with a host device on the network to allow a user to select an item from the list according to his needs. The selection can be made using a remote control device for example, which is generally known in the domain. By morphing the CICAM into the home network it is meant either plugging the
CICAM into a host device having a Common Interface port for the CICAM and further having an Ethernet or a WiFi connection for connecting the host to the home network, for example a TV host device. Although connected to the host device via the Common Interface port, the CICAM is considered by the home network to be a separately addressable device within the network, which can be used by any device in the network, just as any other resource on the network can. Otherwise, a specially designed CICAM can be made, including an adaptor module to convert its CI interface to Ethernet, WiFi or PLC format so that it can be plugged directly into the
network. Otherwise it could be the router which is mod ified to have Common Interface compatible ports especially for receiving CICAMs, with the conversion from Common Interface to Ethernet or other being done by the router.
A host device on the network can then use the CICAM to decrypt content received from an operator, such content being encrypted according to one of the encryption systems serviced by the CICAM . I n order to do th is, a transport connection is set up between the host device and the CICAM via the local area network (home network), through which (transport connection) the two devices exchange content. Any of the known container types for content may be used, for example MPEG2-TS, ISOBMFF or any other of the known moving picture Standards.
The encrypted content received from the operator is sent to the CICAM for decryption according to the selected encryption scheme (i.e. that which was used by the operator to encrypt the content). For example, a content received from a first operator is encrypted according to a first encryption scheme. This fact can be deduced from a piece of information in header within the transport stream, saying that the content is encrypted under the first conditional access scheme. The host then knows that it needs the first conditional access module to decrypt the content since the first conditional access module made this information known during the discovery procedure. In a similar manner as is known from the CI Plus standard, a secure, authenticated channel is established between the host device and the CICAM so that the content is securely protected on its way back from the CICAM to the rendering device. This is known as a link protection within the CI+ domain (Common Interface Plus) where the content decrypted by the CAM generally is protected by the l ink protection so that it can be be intercepted in clear by an unscrupulous eavesdropper.
Figure 2 shows how two CICAMs can be connected to the network to allow two hosts to render decrypted content, each of which is encrypted according to a different encryption scheme. In this case each of the CICAMs decrypts the content received via their respective transport connections according to different encryption schemes. The first host (TV1 ) uses the services of the first CICAM (CAM1 ), making available the first conditional access system (CAS1 ) to decrypt content received from a first operator, while the second host device (TV2) makes use of the second CICAM
(CAS2) running the second conditional access system (CAS2) to decrypt content received from a second operator. The resulting effect is similar to a case where the first host has its own CAM working according to a first conditional access scheme and the second host has its own CAM working according to a second conditional access stream. But the advantage is that this system is more flexible. If the first host were subsequently to receive content from the second operator, encrypted according to the second scheme and the first host were to receive content from the first operator, encrypted accord ing to the first cond itional access scheme, then the system allows for the first host to use the second conditional access module and the second host to use the first conditional access module.
In keeping with embodiments of the present invention, a single CICAM may be configured to be able to process more than one such transport connection session with different hosts. In this manner the CICAM can simultaneously decrypt content for the d ifferent hosts. Th is can be seen in Figure 3, for example, showing another system in which an embodiment of the present invention may be deployed . In this case two hosts with in the network are required to show content which has been encrypted according to a same encryption scheme. In the Figure 3, the content is shown to have been received by the two hosts from different operators, however the content is encrypted according to the same encryption scheme - the second scheme (CAS2). (It is also possible for the two hosts to have received the content from the same operator). In this configuration, since the hosts are adapted to deal with a plurality of transport connections, sharing of the resources of the C ICAM wh ich provides decryption services for content encrypted under the second scheme can be done. The second CICAM (CAM2) is thereby solicited by both host devices to encrypt the content from the two operators.
According to another embodiment of the present invention, the system can include a proximity control mechanism, whereby a proximity detector can be included in order to detect whether or not a particular host wh ich requests content to be decrypted is physically located with in a range wh ich is deemed to be with in the home. Similarly, such a proximity constraint could be placed on the CICAM. This way it is ensured that neighbours for example, or passers by, are not taking advantage of the network without authorisation.
Claims
1 . A system for providing controlled access to at least a first encrypted digital content, encrypted accord ing to a first controlled access scheme, the system comprising:
a first host device for receiving the first encrypted digital content and for rendering a corresponding first decrypted digital content; and;
a first conditional access module configured to operate according to the first controlled access scheme;
the system characterised in that it further comprises a local area network router, the local area network router configured to provide at least a first interface between at least:
the first host device; and
the fist conditional access module;
said first interface configured to allow for the first host device to transmit the received first encrypted content to the first conditional access module for decryption and to further allow for the first conditional access module to return the corresponding first decrypted digital content for rendering by the first host device.
2. The system according to claim 1 , the system for further providing controlled access to at least one further encrypted digital content, encrypted according to a further controlled access scheme, wherein the system further comprises:
at least one further host device for receiving the further encrypted digital content and for rendering a corresponding further decrypted digital content; and
at least one further conditional access module configured to operate according to the further controlled access scheme;
the local area network further configured to further provide a plurality of further interfaces, each between any one of the host devices and any one of the access control modules;
the thus configured local area network allowing for:
each of the host devices to transmit its received content to a selected conditional access module, said selection depending on which of the conditional access modules is configured to operate according to the conditional access scheme according to which the particular host module's received content is encrypted; and further allowing for: the selected conditional access module to return the decrypted digital content to the concerned host device.
3. The system according to any of the preceding claims, wherein any of the host devices comprises a receiver for receiving the first d ig ital content and a rendering device for rendering the decrypted digital content.
4. The system according to any of the preceding claims, wherein the interface comprises at least a transport stream interface operable according to a moving picture Standard.
5. A host device for use in a system according to any of the preceding claims, the host device comprising:
a common interface for receiving a common interface conditional access module; and
a communication interface for connecting to a local area network router;
the host device characterised in that it is configured to allow the conditional access module to connect directly to the local area network router.
6. The host device according to claim 5, wherein the host device further comprises an adaptor module to convert the common interface to a format suitable for connecting to the local area network router.
7. A common interface cond itional access module for use in a system according to any of claims 1 to 4, the common interface conditional access module comprising a common interface and characterised in that it comprises an adaptor to convert the common interface to a format allowing direct connection to a local area network router.
8. A local area network router for use in a system according to any of claims 1 to 4, the local area network router comprising a plurality of communication ports each for providing an interface with at least one signal from an external device, the plurality of communication ports configured to operate according to a communication network standard, the local area network router being configured to provide connectivity between any one from the plurality of communication ports to any other from the plurality of communication ports, the local area network router characterised in that it further comprises:
a first adaptor module connected to a first from the plurality of communication ports, the first adaptor module configured to convert the signal from a first external device from a moving picture Standard to the communication network standard; and a second adaptor module connected to a second from the pl ural ity of communication ports, the second adaptor module configured to convert an internal signal from the communication network standard to the moving picture standard in order to interface with a second external device.
9. A method for rendering a decrypted digital content derived from an encrypted digital content, said encryption being made according to a conditional access scheme, the method using a system comprising:
a first conditional access module configured to operate according to a first conditional access scheme for providing a first decrypted digital content derived from a first encrypted digital content;
a second conditional access module configured to operate according to a second conditional access scheme for providing a second decrypted digital content derived from a second encrypted digital content;
a first host device for:
receiving the first encrypted digital content, said first encryption being made according to the first conditional access scheme; and
rendering the first decrypted digital content;
a second host device for:
receiving a second encrypted digital content, said second encryption being made according to a second conditional access scheme; and
rendering the second decrypted digital content;
and a local area network router configured to provide connectivity between at least either of the host devices and either of the conditional access modules;
the method comprising:
determining from the received encrypted digital content whether it is encrypted according to the first or the second conditional access schemes;
based on said determination, sending, via the local area network router, the received encrypted digital content to one selected from the two conditional access modules, said selection based on the conditional access scheme to which the selected conditional access module is configured to operate;
returning the decrypted digital content from the selected conditional access module to the host device which received the corresponding encrypted dig ital content;
rendering the decrypted digital content in the host device to which the decrypted digital content was returned.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP13710834.6A EP2829077A1 (en) | 2012-03-19 | 2013-03-15 | A system and method for networking conditional access functionalities |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201261612511P | 2012-03-19 | 2012-03-19 | |
US61/612,511 | 2012-03-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013139696A1 true WO2013139696A1 (en) | 2013-09-26 |
Family
ID=47901981
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2013/055366 WO2013139696A1 (en) | 2012-03-19 | 2013-03-15 | A system and method for networking conditional access functionalities |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP2829077A1 (en) |
WO (1) | WO2013139696A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015149834A1 (en) * | 2014-03-31 | 2015-10-08 | Arcelik Anonim Sirketi | Method for simultaneous viewing and recording of separate conditional access contents in an image display device |
EP2963932A1 (en) * | 2014-07-01 | 2016-01-06 | Rabbit Labs SAS | A standard compatible television distribution system |
FR3025390A1 (en) * | 2014-09-02 | 2016-03-04 | Neotion | TELEVISION SYSTEM AND METHOD FOR ADDITION TO AN APPARATUS OF RIGHTS FOR DECRYPTING AUDIO / VIDEO ENCRYPTED SIGNALS. |
JP2020005306A (en) * | 2017-07-07 | 2020-01-09 | 東芝映像ソリューション株式会社 | Reception method |
JP2020014229A (en) * | 2017-07-07 | 2020-01-23 | 東芝映像ソリューション株式会社 | Transmission and reception system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0905932A2 (en) * | 1997-09-30 | 1999-03-31 | Sony Corporation | Method and apparatus for receiving and processing digital broadcast signals |
WO1999057889A1 (en) * | 1998-05-06 | 1999-11-11 | Sony Electronics, Inc. | Communication network |
US20120026409A1 (en) * | 2010-07-27 | 2012-02-02 | Yasukazu Higuchi | Electronic Device and Remote-Control Method |
-
2013
- 2013-03-15 WO PCT/EP2013/055366 patent/WO2013139696A1/en active Application Filing
- 2013-03-15 EP EP13710834.6A patent/EP2829077A1/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0905932A2 (en) * | 1997-09-30 | 1999-03-31 | Sony Corporation | Method and apparatus for receiving and processing digital broadcast signals |
WO1999057889A1 (en) * | 1998-05-06 | 1999-11-11 | Sony Electronics, Inc. | Communication network |
US20120026409A1 (en) * | 2010-07-27 | 2012-02-02 | Yasukazu Higuchi | Electronic Device and Remote-Control Method |
Non-Patent Citations (1)
Title |
---|
CUTTS D J: "DVB CONDITIONAL ACCESS", ELECTRONICS AND COMMUNICATION ENGINEERING JOURNAL, INSTITUTION OF ELECTRICAL ENGINEERS, LONDON, GB, vol. 9, no. 1, 1 February 1997 (1997-02-01), pages 21 - 27, XP000722905, ISSN: 0954-0695, DOI: 10.1049/ECEJ:19970104 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015149834A1 (en) * | 2014-03-31 | 2015-10-08 | Arcelik Anonim Sirketi | Method for simultaneous viewing and recording of separate conditional access contents in an image display device |
EP2963932A1 (en) * | 2014-07-01 | 2016-01-06 | Rabbit Labs SAS | A standard compatible television distribution system |
FR3025390A1 (en) * | 2014-09-02 | 2016-03-04 | Neotion | TELEVISION SYSTEM AND METHOD FOR ADDITION TO AN APPARATUS OF RIGHTS FOR DECRYPTING AUDIO / VIDEO ENCRYPTED SIGNALS. |
JP2020005306A (en) * | 2017-07-07 | 2020-01-09 | 東芝映像ソリューション株式会社 | Reception method |
JP2020005307A (en) * | 2017-07-07 | 2020-01-09 | 東芝映像ソリューション株式会社 | Reception method |
JP2020014229A (en) * | 2017-07-07 | 2020-01-23 | 東芝映像ソリューション株式会社 | Transmission and reception system |
JP2020014230A (en) * | 2017-07-07 | 2020-01-23 | 東芝映像ソリューション株式会社 | Transmission and reception system |
Also Published As
Publication number | Publication date |
---|---|
EP2829077A1 (en) | 2015-01-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1304844B1 (en) | Content protection and copy management system for a network | |
JP4358226B2 (en) | Mechanism for remote control of client devices | |
EP1449370B1 (en) | System and method for hybrid conditional access for receivers of encrypted transmissions | |
EP1510033B1 (en) | Apparatus for entitling remote client devices | |
US7480385B2 (en) | Hierarchical encryption key system for securing digital media | |
US9479825B2 (en) | Terminal based on conditional access technology | |
EP2245853B1 (en) | Encryption system for satellite delivered television | |
CN101889440B (en) | Secure content key distribution using multiple distinct methods | |
CA2557824C (en) | Secure negotiation and encryption module | |
JP5773179B2 (en) | TV receiver apparatus having a plurality of decryption modes | |
US8610827B2 (en) | Direct IPTV distribution | |
CA2695096A1 (en) | Conditional entitlement processing for obtaining a control word | |
WO2013139696A1 (en) | A system and method for networking conditional access functionalities | |
US20180367829A1 (en) | Method for implementing digital rights management (drm)-enabled media gateway/terminal and device thereof | |
WO2008139335A1 (en) | Transferring digital data | |
US8631430B2 (en) | Enabling DRM-encrypted broadcast content through gateway into the home | |
EP3664455A1 (en) | Electronic apparatus, server and method of controlling the same | |
Fimić et al. | A proposal for secured streaming of premium content in second screen environment | |
MXPA06009708A (en) | Secure negotiation and encryption module |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13710834 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013710834 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |