CA2199526C - Conditional access system - Google Patents
Conditional access system Download PDFInfo
- Publication number
- CA2199526C CA2199526C CA002199526A CA2199526A CA2199526C CA 2199526 C CA2199526 C CA 2199526C CA 002199526 A CA002199526 A CA 002199526A CA 2199526 A CA2199526 A CA 2199526A CA 2199526 C CA2199526 C CA 2199526C
- Authority
- CA
- Canada
- Prior art keywords
- information
- conditional access
- encrypted
- decryptor
- accordance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43607—Interfacing a plurality of external cards, e.g. through a DVB Common Interface [DVB-CI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/44—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs
- H04N21/4405—Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream, rendering scenes according to MPEG-4 scene graphs involving video stream decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/167—Systems rendering the television signal unintelligible and subsequently intelligible
- H04N7/1675—Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
Abstract
An access control processor (30) for a conditional access system in which encrypted information segments provided by a plurality of information service providers (10-10b) are encrypted of transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments. The processor includes a decryptor (31) in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of the conditional access processes, and a conditional access controller (32) in the information receiver for selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of the different conditional access processes by providing to the decryptor cryptographic information for defining the algorithm utilized in the one of the different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with the algorithm.
processes for use by the decryptor to decrypt the received information segment encrypted in accordance with the algorithm.
processes for use by the decryptor to decrypt the received information segment encrypted in accordance with the algorithm.
Description
CONDITIONAL ACCESS SYSTEM
s BACKGROLND OF THE INVENTION
The present invention pertains to systems and methods for securely controlling access to information segments distributed to information receivers tn a point-to-point or point-to-multi-point network. Such systems are known as conditional access systems.
The information may include video, audio, text, data and any/or other type of information to that may be subject to conditional access. An information segment is a given block of information, such as a television program, a given block of text or a given block of data, that typically is transmitted over a relatively short duration.
There is a need for competitiveness and open standards for customer information receivers used in conditional access systems. However. equipment vendors are motivated 15 to maintain prop~etary standards, whereby conditional access service providers often have been dependent upon a single source of equipment. Nevertheless, information network service providers, such as telephone companies, desire to maintain at least two sources for the equipment installed in conditional access systems included within information distribution networks.
2o In the prior an, encrypted information segments respectively provided by a plurality of different conditional access information service providers are respectively encrypted for transmission in accordance with diff erent conditional access processes, which may respectively utilize different algorithms for encrypting the information segments; and the differently encrypted information segments are respectively decrypted 25 by differently configured information receivers respectively containing access control processors adapted for enabling decryption of only encrypted information segments encrypted in accordance with one of the different conditional access .processes. An encryption algorithm is a process by which a given signal is processed with a key (signal) to transform the given signal into an encrypted signal that is unintelligible or by which the 3o given signal can be recovered by corresponding processing of the encrypted signal with a 2 4 '~ ~ 5 ~ ~CT/US95110571 corresponding key. The parameters of an encryption algorithm determine the order of selection for processing of bits in the given signal. the l:ey and intermediate signals produced by such processing, and the sequence of such processing An exemplary prior art conditional access system is described in United States ' Parent Vo 4.631.901 to Klein S Gilhousen_ Charles F ~ewbs and Karl E Vloerder and Cinited States Patent ~o. 4,712,238 to Klem S Gilhousen. Jerrold A. Heller.
Wchael ~' Harding and Robert D. Blakeney. In such conditional access system. an intormat~on segment is encnpted for transnussion by scrambling the irttbrmation segment with a kevstream that is produced by processing a secure session key m accordance with a 1o predetermined encryption algorithm, such as the DES encryption algorithm.
In an information receiver of such a conditional access system, the encrypted information signal is decrypted by descrambling the encrypted information segment with a keystream that is produced by processing the secure session key in accordance w-~th the predetermined encryption algorithm. The session key is a key that is processed to produce the keystream that is used to scramble an information segment for a given transrrussion of the encrypted information segment. Typically the session key ~s processed with another key and~or a data signal to produce the keystream. In the two above-cited patents, the session key is referred to as a channel key.
An object of the present invention is to enhance the scope and utility of conditional 2o access systems by providing a conditional access system and method that allows an information receiver of an information distribution network to be configured on an open standard basis for use with different proprietary systems of a plurality of different conditional access service providers over a common information distribution network, in which each conditional access service provider determines only the parameters of the 2s cryptographic system design required to enable conditional access to the information provided by such conditional access service provider.
The prior art has suggested a conditional access system that would enable encrypted information segments respectively encrypted for transmission in accordance with different conditional access processes to be descrambled through use of a standard 3o information receiver having a standard interface common to all present and future conditional access systems and a plurality of detachable conditional access modules respectively provided by the different conditional access information sen~tce providers for enabling a common descrambler in the information receiver to descramble received ' V6'O 96/08912 Q ~ ~ 9 g 5 information segments encn~pted in accordance with any of the different conditional access processes. In such a system the use of a common descrambler to decrypt encrypted information segments provided by any of a plurahtv of different mformat~on service providers that respectively encrypt information segments for transmission in accordance with any of a plurality of. different conditional access processes respectively utilizing different algorithms for encrypting the information segments would make it necessary that to each of the detachable conditional access modules respectively provided by the different conditional access information service providers include the portion of the decryptor that generates the common descrambling keystream by processing the secure session key used for encrypting the information signal in accordance with the predetermined encryption algorithm respectively utilized in the conditional access process used by the respective information service provider.
SCMMARY OF THE INVENTION
The present invention provides an access control processor for a conditional access system in which encrypted information segments provided by a plurality of information service providers are encrypted for transmission in accordance mth different conditional 2o access processes respectively utilizing different algorithms for encrypting the information segments, the processor comprising a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes: and a conditional access controller in the information receiver for selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received 3o information segment encrypted in accordance with said algorithm. The cryptographic information for defining the encryption algorithm may define various bit selection and/or processing parameters of a predetermined algorithm, such as the DES algonthm, or such cryptographic information may define the entire predetermined algorithm.
The access control processor of the present invention is ideally suited for use in an information receiver of an information distribution network that is configured on an open standard basis for use with different proprietary systems of a plurality of different WO 96/08912 ~ 2 '~ 9 g 5 2 6 PCT~S95/10571 conditional access service providers over a common information distribution network, in . which each conditional access service provider determines only the parameters of the cryptographic design uniquely required to enable conditional access to the information provided by such conditional access service provider. Only those portions of the s conditional access controller that control conditional access parameters that are not ' common to all of the service providers need be contained m a detachable conditional access module that would be interfaced with the intormauon receiver for enabling decryption of encrypted information segments provided by such service provider, thereby reducing the cost of the detachable conditional access modules, which are replaced from to time to time in order to enhance the security of the conditional access system of the respective information service provider.
The present invention also provides a conditional access system including the above-described access control processor in combination with encryption means for encrypting information segments for transmission in accordance with different conditional 1s access processes respectively utilizing different algorithms for encrypting the information segments.
In another aspect, the present invention provides an access control processor for a conditional access system in which an encrypted information segment provided by an information service provider is encrypted for transmission in accordance with a conditional 2o access process utilizing an algorithm for encrypting the information segment, the processor comprising a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in said conditional access process; and a 2s conditional access controller in the information receiver for enabling the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segments encrypted in accordance with said algorithm, wherein 3o the conditional access controller includes means for detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information se'ments in accordance with sand conditional access process: and means for downloading the detected cryptographic rntbrmanon from sand information stream. ' 7 2 0 4 6 - 6 ~ CA 02199526 2004-O1-09 In another aspect of the invention, there is provided a conditional access system in which encrypted information is provided by a plurality of information service providers in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information, comprising encryption means for encrypting information segments for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments; a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and a conditional access controller in the information receiver for selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the alforithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
In a further aspect of the invention, there is provided a conditional access system in which encrypted information is provided by an information service provider in accordance with a given conditional access process, comprising encryption means for encrypting an information segment for transmission in accordance with a given conditional access process; a decryptor in an information 4a 7 2 0 4 6 - 6 ~ CA 02199526 2004-O1-09 receiver for decrypting encrypted information segments received by the information receiver; a conditional access controller in the information receiver for enabling the decryptor to decrypt received information segments encrypted in accordance with the given conditional access process, wherein the conditional access controller includes means for requesting transmission to the information receiver of cryptographic information for enabling the conditional access controller to enable the decryptor to decrypt a selected information segment; and means for downloading cryptographic information transmitted to the receiver in response to said request; and the system further comprising means for responding to said request by providing the requested cryptographic information for transmission to the information receiver; wherein the requested cryptographic information includes cryptographic data for defining an algorithm used by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and wherein the downloading means includes means for detecting the transmitted cryptographic data for defining the algorithm within an information stream received by the information receiver and means for downloading the detected cryptographic data from said information stream.
In a further aspect of the invention, there is provided a computer readable storage medium for use in an access control processor included in an information receiver of a conditional access system in which encrypted information segments provided by a plurality of information service providers are encrypted for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting 4b 72 04 6 - 6~ CA 02199526 2004-O1-09 the information segments, and including a decryptor for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and a conditional access controller, wherein the storage medium is configured so as the cause the conditional access controller to selectively enable the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes, by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
In a further aspect of the invention, there is provided a computer readable storage medium for use in an access control processor included in an information receiver of a conditional access system in which encrypted information segments provided by an information service provider are encrypted for transmission in accordance with a conditional access process utilizing an algorithm for encrypting the information segments, and including a decryptor for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with the algorithm utilized in said conditional access process; and a conditional access controller, wherein the storage medium is configured so as the cause the 4c 7 2 0 4 6 - 6 ~ CA 02199526 2004-O1-09 conditional access controller to enable the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm, by causing the conditional access controller to detect within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said conditional access process and to download the detected cryptographic information from said information stream.
In a further aspect of the invention, there is provided a conditional access method in which encrypted information is provided by a plurality of information service providers in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information, comprising the steps of:
(a) encrypting information segments for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments; (b) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and (c) in the information receiver, selectively enabling the decryptor to decrypt received information segments encrypted in accordance with 4d 7 2 0 4 6 - 6 ~ CA 02199526 2004-O1-09 any of said different conditional access processes by providing to the decryptor cyprographic information for defining the~algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
In a further aspect of the invention, there is provided a conditional access method in which encrypted information is provided by an information service provider in accordance with a conditional access processes utilizing an algorithm for encrypting the information, comprising the steps of: (a) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with the algorithm utilized in said conditional access process; and (b) in the information receiver, enabling the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm, wherein step (b) comprises the steps of: (c) detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said conditional access process; and (d) downloading the detected cryptographic information from said information stream.
4e In a further aspect of the invention, there is provided a conditional access method in which encrypted information is provided by an information service provider in accordance with a given conditional access process, comprising the steps of: (a) encrypting an information segment for transmission in accordance with a given conditional access process; (b) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver; (c) in the information receiver, enabling the decryptor to decrypt the received information segments encrypted in accordance with the given conditional access process; wherein step (c) includes the steps of: (d) requesting transmission to the information receiver of cryptographic information for enabling decryption of a selected information segment; and (e) in the information receiver, downloading cryptographic information transmitted to the receiver in response to said request; and the method further comprising the step of: (f) responding to said request by providing the requested cryptographic information for transmission to the information receiver; wherein the requested cryptographic information includes cryptographic data for defining an algorithm used by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and wherein step (e) includes the steps of:
(g) detecting the transmitted cryptographic data within an information stream received by the information receiver; and (h) downloading the detected cryptographic data from said information stream.
4f WO 96/08912 ~ ~ 1 g 9 5 2 6 pCT/US95/10571 In a further aspect. the present im ennon provides an access control processor for a conditional access system in which an encrypted information segment provided by an information service provider ~s encrypted for transmission rn accordance with a green ' conditional access process. the processor comprising a decryptor in an information receiver for decrypting encrypted information segments received by the information ' receiver; and a conditional access controller in the information receiver for enabling the decryptor to decwpt received information segments encrypted m accordance with the giv en conditional access process; wfierein the conditional access controller includes means for requesting transmission to the information receiver of cryptographic information for 1o enabling the conditional access controller to enable the decryptor to decrypt a selected information segment; and means for downloading cryptographic information trari_smitted to the receiver in response to said request.
The present invention further provides a conditional access system including the immediately-above-described access control processor in combination with encnption 15 means for encrypting an information segment for transmtsston tn accordance with a given conditional access process; and means for responding to the request for transmission of cryptographic information by providing the requested cryptographic information for transmission to the information receiver.
In still another aspect, the present invention provides an access control processor 2o for providing for display of a message related to an authorization status of an information receiver rrr a conditional access system for receiving an information segment, the processor comprising means for processing an authorization signal related to the information segment to determine which of a plurality of different possible authorization statures is applicable to the intbrmation segment: means for retrieving from a pluraliyr of different 2s possible authorization status messages within an information stream received by the information receiver a message applicable to the status determined by said processing; and means for providing the retrieved message for display.
In still an additional aspect, the present invention provides an access control processor for selecting an applicable authorization status of an information receiver for ' 3o receiving an information segment when the information segment is provided separately by each of a plurality of different service providers in a conditional access system. the ' processor comprising means for processing a plurality of authorization signals respectively WO 9610~9i2 ~ ~ g ~ 5 2 ~ PCT/LTS95110571 related to' the information segment provided separately by the plurality of different seance providers: means for determining which of a plurality of different possible authorization statuses is applicable for the received information segment for each of the respective authorization signals related to the different service providers: and means for selecting one of the determined statuses in accordance with a predetermined priority.
The present invention also provides computer readable storage media for use in an access control processor. which storage media are respectively so configured as to cause the access control processors to perform various functions of the above-described access control processors of the present invention.
i.o The present im~ent~on further provides the methods that are carried out by the above-described access control processors and conditional access systems.
Additional features of the present invention are described with reference to the detailed description of the preferred embodiments.
BRIEF DESCRIPTION OF THE DRAWING
FIG. I is a block diagram of a preferred embodiment of a conditional access system according to the present invention. -FIG. ~ is a block diagram of an information sewer in the system of FIG. 1.
FIG. 3 is a block diagram of an alternative preferred embodiment of the information receiver in the system of FIG. 1.
2o FIG. 4 is block diagram of one preferred embodiment of the conditional access controller in the systems of FIGS. l and 3.
FIG. S is a block diagram of another preferred embodiment of the conditional access controller in the systems of FIGS. 1 and 3.
WO 96/08912 1 - 6 ~'CT/L1S95/10571 DETALLED DESCRIPTION
Referring to FIG. l, a preferred embodiment of a conditional access system according to the present invention includes a plurality of information servers I Oa, IOb and one preferred embodiment of an information receiver 12. The information servers IOa, s lOb may be separately located or they may be included in a distribution hub that receives uttormatron segments 1-ta. 14b transmrtted tiom different sources and encrypts the information segments for tiirther transmissvon The ml~ormanon recener 1. may be an end-user information receiver or included in a distribution hub that receives information segments 14a, 14b transmitted from different sources and encrypts the information to segments for fizrther transmission.
A first information server l0a encrypts clear irii~ormation segments 14a provided by a first information service provider A for transmission in accordance with a first conditional access processes utilizing a first algorithm A for encwpting information se~:ments 14a; and a second information server IOb encrypts clear iritormation segments ~s 14b provided by a second information service provider B for transmission in accordance with a second conditional access processes utilizing a second algorithm B for encrypting the information segments 14b. The first conditional access process is different from the second conditional access process and the first algorithm A is different from the second algorithm B. As indicated by the dashed line 15. the clear information segments 14a may 2o be the same as the clear information segments 14b; but usually- the clear information segments 14a are different from the clear information segments 14b Referring to FIG. 2, a preferred embodiment of the information server l0a includes an encryptor 18, an entitlement message generator 20, a signal encoder 22 and an authorization processor 28.
25 The encryptor 18 encrypts the clear information segments 14a by processing the information segments 14a with a session key K in accordance with the first algorithm A
utilized in the first conditional access process to provide encrypted information segments 23. The session key K is included in cryptographic information 24 that is processed by the entitlement message generator 20 with entitlement information 25 to provide entitlement ' 3o messages 26. The encoder 22 combines the encrypted information segments 23 and entitlement messages 26 to provide a combined signal 27 for transmrssion.
Examples of entitlement information are described in the aforementioned C.'.S. Patent No.
4,71,238 as WO 96/08912 0 2 1 9 9 ~ 2 6 PCT/US9511057I
the program mask. the program cost. the credit signal and the authorization word.
Examples of cn~ptograph~c information as described in said patent. include the channel key ( session key), the category key and the subscriber key generation number Examples of entitlement messages, as described in said patent include the channel rekey message and s the category rekey message. Transmission of the combined signal 27 mac be accomplished by communication satellite, microwave, cable, telephone and~or land lines.
The operation of the authorization processor 28 and the entitlement message generator 20 in response to a request for cryptographic inforniation signal 29 is described below with reference to an alternative embodiment feature of the conditional access 1o controller shown in FIG. 4.
Referring again to FIG. 1, one preferred embodiment of an information recemer for use in a conditional access system according to the present invention includes an access control processor 30 including a decryptor 31 and a conditional access controller 32. a demultiplexer 33, a user interface processor 34. an iri>ormation processor 3~ and an ~s information output device 36, such as a television set. having a video monitor 37 and~or an audio speaker (not shown). Alternatively, or additionally, the information output device 36 may include such other components as a personal computer. a punter, and or a video cassette recorder. The decryptor 31. or a portion thereof: may be embodied in a replaceable security element, such as a smart card (not shown).
2o The demultiplexer 33 demultiplexes a received combined signal 38 containing encrypted information segments and entitlement messages and provides the received encrypted ini'onnation segments 23 to the decryptor 31 and the received entitlement messages 26 to the conditional access controller 32.
The user interface processor 34 responds to inputs (not shown) initiated by a user 25 of the information receiver 12 by providing either an service request signal 40 or an authorization request signal 41 to the conditional access controller 32.
The conditional access controller 32 processes the entitlement messages 26 to determine whether the decryptor 3 I in the information receiver 12 is authorized to decrypt encrypted information segments 23 identified by the service request signal 40.
Upon ' 3o determining that the decryptor 31 and thereby the information receiver 12 is so authorized, the conditional access controller 32 provides appropriate cryptographic information 42 to WO 96!08912 ~ L 1 9 9 5 2 6 PCT/LJS9SI10571 the decryptor 31 to thereby enable the decryptor 3 I to decwpt the recev zd eniwpted information segments 23 The cryptographic mtormanon 42 includes the session kev It and cryptographic data for defirtmg the algorithm A or B utilizedm the conditional access process used to produce the encrypted information segments 23 identified by the service s request signal 40.
The decryptor 31 then decrypts the recemed encrypted irttormation segments 23 by processing the recewed encrypted information segments '_'~ wnh the session kev K used for encrypting the information segments m accordance with the algorithm A or B
utilized in the conditional access process used to produce the encrypted information segments 23, io to thereby reproduce the clear information segments 14, which are provided to the information processor 35.
Upon determining the authorization status of the information recewer 12. the conditional access controller 32 causes a status message 43 applicable to the determined authorization status to be provided to the information processor 35 for display by the is video monitor 37 of the information output device 36.
The information processor 35 processes the clear information segments 14 to cause the output device 36 to provide an output to the user of the information receiver 12.
When the clear infbrmation segments 14 represent a television signal, the output device 36 causes a picture to be provided on a video monitor 37 and also pro~~des an audio output 2o signal to the speaker in the infbrmation output device 36. Vfhen the clear ini'brmation segments 14 represent text andior data, the information processor 35 causes the text and/or data to be displayed on the video monitor 37 and may also cause such text and/or data to be printed out by a printer (not shown) coupled to the information processor 35.
Such clear information 14 representing text and/or data may be stored initially in a 25 memory (not shown) for later processing by the information processor 35.
The information processor 35 processes the status message 43 to cause the output device 36 to display the message 45 to the user of the information receiver 12 on the video monitor 37. The information processor 35 may process the status message 43 together with the clear information segments 14 in such a manner as to cause the displayed message ' 30 45 to be superimposed over a picture provided on the video monitor ~n response to processing of the clear information segments 14. ~rlternauvely. the mtormation processor 35 may give priority to processing of the status message ~13 and supersede any display of WO 96/08912 a 9 ~ P~T/US95/1~571 a picture in response to -processing of the clear information segments 1.1 by causing only the displayed message 45 to be displayed on the video monitor 37 for a short duranon.
Referring to FIG. 3, an alternative embodiment of an information receiver 49 for use in the conditional access system of the present invention includes an access control processor 50 including a decryptor 51 and a condnuonal access controller 52, a demulriplexer 53, a user interface processor 54. an infbranation processor 55 and an information output devnce 56. such as a television set, having a video monitor ~ 7 and or an audio speaker (not shown) The decryptor 51. or a portion thereof. may be embodied in a replaceable security element. such as a smart card (not shown).
to The decryptor 51 receives a combined signal 58 containing encrypted information segments and entitlement messages.
The demultiplexer 53 is coupled to the decrytor 51 and demultiplexes the combined signal 59 from the decryptor 51 containing information segments and entitlement messages and provides the received information segments l4 to the information processor 55 and the received entitlement messages 60 to the conditional access controller 52.
Until the decryptor 51 is enabled for decryption. the combined siinal 59 provided from the decryptor 51 to the demultiplexer 53 includes encrypted information segments.
The user interface processor 54 responds to inputs (not shown) initiated by a user of the inforination receiver 49 by providing either an service request signal 62 or an authorization request signal 63 to the conditional access controller 52.
The conditional access controller 52 processes the entitlement messages 60 to determine whether the decryptor 51 in the information receiver 49 is authorized to decrypt encrypted information segments identified by the service request signal 62.
Upon determining that the decryptor 51 and thereby the information receiver 49 is so authorized, the conditional access controller 52 provides appropriate cryptographic information 64 to the decryptor 51 to thereby enable the decryptor 51 to decrypt the received encrypted information segments included in the received combined signs! 58. The cryptographic information 64 includes the session key K and cryptographic data for defining the 3o algorithm A or B utilized in the conditional access process used to produce the encrypted information segments identified by the service request signal 62. Since the combined WO 96/08912 ~ G ~ 9 9 5 2 6 PCT/US95/10571 signals 27a provided by the information server 1 Oa of information service provider A may incorporate the encwpted information segments into the combined signal r7a m a different format than the format used for such purpose by the intormatron sen.~er I Ob of inhorlnanon sen7ce provider B, the cryptographic rntormation 64 provided to the decryptor 51 by the conditional access controller 52 further includes format data that enables the decrvptor 51 to decrypt only the encrypted information segments included in the combined signal 58.
After the decryptor 51 has been enabled for decryption. the combined signal 59 provided from the decryptor 51 to the demulnplexer 53 includes clear information segments rather than encrypted information segments.
1o The decryptor 51 decrypts the received encrypted information segments in the combined signal 58 by processing the received encrypted information segments with the session key K used for encrypting the information segments m accordance with the algorithm A or B utilized in the conditional access process used to produce the encnpted information segments, to thereby reproduce the clear information segments 14.
which are provided by the multiplexer 53 to the information processor 55.
Upon determining the authorization status of the information receiver 49, the conditional access controller 52 causes a status message 66 applicable to the determined authorization status to be provided to the information processor 55 for display by the video monitor 57 of the information output device 56.
2o The information processor 55 processes the clear information segments I-I
and the status message 66 to cause the output deuce 56 to provide an output to the user of the information receiver 49 in the same manner as described above with reference to the information processor 35 and the output display device 36 of the information receiver 12 shown in FIG. 1.
Referring to FIG. 4, the conditional access controiIer 32, 52 of either the information receiver 12 shown in FIG. 1 or the information receiver 49 shown m FIG. 3 includes a control processor 70, an authorization processor 71, a cryptographic information generator 72, a memory 74 preferably including one or more smart cards 75, and a message display driver 76. The cryptographic information generator 72, or a 3o portion thereof, may be embodied in a replaceable security element, such as a smart card . (not shown). In one embodiment, a portion of the memory 74, a portion of the WO 96/08912 - 0 2 1 9 g 5 2 6 PCT/iJS95/10571 cryptographic information generator 72 and a portion of the decrvptor 31 are embodied in a common replaceable security element, such as a smart card (not shown). In describing the conditional access controller shown in FIG. 4, only the reference numerals shown in FIG. 1 are used to refer to the various signals and components that are shown tit both FIGS. 1 and 3, although the corresponding reference numerals shown in FIG. 3 for such signals and components also are applicable.
The control processor 70 processes the entitlement messages 26 to provide authorization messages 79 to the authorization processor 71 and cyptographic messages 80 to the cryptographic information generator 72.
to The authorization processor 71 responds to an service request signal 40 by processing the authorization messages 79 with authorization data 82 stored in the memory 74 to determine whether the decryptor 31 in the information receiver is authorized to decrypt encrypted information segments identified by the ser~.ice request signal 40. Upon determining that the decryptor 31 and thereby the information recemer is so authorized, the authorization processor 71 provides an appropriate status signal 84 to the cwptographic information generator 72. An example of an authorization processor is described in the aforementioned U.S. Patent No. 4,712,238 with reference to FIG. 1. In the conditional access controller of FIG. 4, the status signal 84 includes both an enable signal and data identifying either conditional access process A or conditional access 2o process B as the conditional access process used for encrypting the information segment identified in the service request signal 40.
The cryptographic information generator 72 responds to the status signal 84 by processing the cryptographic messages 80 together with cryptographic data 86 retrieved from the memory 74 to thereby provide to the decryptor 31 the cryptographic information z5 42 that enables the decryptor 31 to decrypt the received encrypted information segments 23 identified by the service request signal 40. As indicated above, the cryptographic information 42 includes the session key K and cryptographic information for defining the algorithm A or B utilized in the conditional access process used to produce the encrypted information segments identified by the service request signal 40.
3o The data for defining algorithm A or B included in the ctlptographic information -12 is retrieved t'rom the memory 74 as part of the crypto,~~..raphic data 86 utilized in accordance w7th the conditional access process A or B identified tit the status signal 84 as Wa 96/08912 PCT/LTS95/10571 the conditional access process used for encn-pting the information segment identified in the seance request signal ~10. In one embodiment, the memory.- 74 stores the cryptographic intonnation for defining the diY~erent algonthms A and B respectively used in the different conditional access processes. In another embodiment the cryptographic irii-brmauon for s defining each algorithm A. B is stored in a separate replaceable secunm element. such as the smart card 7~ and is provided therefrom to the cryptographic intonnation generator 72 The memory 74 may include a plurality of such smart cards 75 respectively provided by the different conditional access intonnation serr-tce providers and respectively storing the cryptographic information for defining the different algorithms ~, B
utilized for to decrypting the received encrypted information segments 23 in accordance with the different conditional access processes A and B.
When the service request signal 40 identifies a selected information segment that is provided by each of a plurality of different service providers, the authorization processor 71 processes authorization signals in the authorization messages 79 related to the selected 15 information segment provided by each of the plurality of the different service providers to determine which of a plurality of different possible authorization statuses is applicable to the selected iril;ormation segment provided by each of the service providers;
and selects for decryption in accordance with a predetermined priority based upon such status determinations the encryted information ~egrrtent provided by one of the service 2o providers. Examples of different statuses include, in order or priority:
"blacked-out", "locked-out". "authorized", "available for pay-for-view" and "not presently authorized".
The conditional access process A or B used by the service prouder for encrypting the information segment selected in accordance wth such predetermined priority is identified in the status signal 84 provided to the cryptographic information generator 72 so as to 25 cause the cryptographic generator 72 to include in the cryptographic inl'onnation 42 the cryptographic information for defining the algorithm used for encrypting the selected information segment prodded by such service provider. Such predetertnined priority tray be changed from time to time by downloading new priority data from the infortttarion stream received by the information receiver 12. 49 or from a new smart card inserted into 3o the memory 74.
The status determined by the authorization processor 71 is indicated by a status signal 88 provided by the authorization processor 71 to the message display driver 76, which in turn retrieves a status message 43 corresponding to the indicated status from the memory 74 and provides the status message 43 to the information processor 35.
The user V6~0 96/08912 ~ ~ ~ ~ ~ pCT/LJS95I10571 of the informanon receiver is irtfbrmed of the determined status by the status messaVe display ~5 on the video monitor 37 The status signals 84, 88 and the display ~5 of the status are provided in response to each service request signal 40 notwithstanding whether the selected information segment is provided by one or more different service providers.
When the status is "not presently authorized". the user may operate the user interface processor 34 to provide an authonzatton request signal -I1 to the authorization processor 71. The authorization processor 71 responds to the authonzauon request synal ~II by generating a request for crytographic information synal 29 that is transrtutted to the information server -IOa. IOb of the service provider that provides the selected to information segment identified in the service request signal 40. The request for cryptographic information signal 29 is a request for transmission to the information receiver of cryptographic intormatton for enabling the conditional access controller 3~ to enable the decn~ptor 31 to decrypt the selected information segment identified in the service request signal 40.
The authorization processor 28 in the information server IOa receives and processes the request for cryptographic information signal 29 to determine whether or not the information receiver from which the request signal 29 originated should be authorized to decrypt the selected information segment. Upon determining that such information receiver should be so authorized, the authorization processor 28 causes the requested 2o cryptographic information 90 to be included in entitlement messages 26 provided by the entitlement message generator 20 that are addressed to the irti;ormauon receiver from which the request signal 29 originated. together with authorization messages 79 that will cause the authorization processor 71 in the information receiver to determine that the decryptor 31 in the information receiver is authorized to decrypt the selected encrypted information segment. If the cryptographic information generator 72 is of the type described in the aforementioned U.S. Patent No. 4,712,238, at least some of the key seeds) stored in the memory 74 of the information receiver would have to be known to the information service provider providing such authorization.
In the conditional access controller 32 of the information receiver, the control 3o processor 70 downloads cryptographic information transmitted to the information receiver tn response to the request for cryptographic information signal '_9 by detecting the transmitted cryptographic information within an information stream of entitlement CVO 96/08912 ~ 2 ~ 9 g 5 2 6 pCT~S95/10571 messajes 26 received by the information receiver and by downloading the detected cryptographic information from such information stream.
. The transmitted cryptographic information downloaded by the control processor 70 includes cryptographic data 92 for defining the algorithm that is used in the conditional access process utilized by the information server 10a, lOb that encrypts the selected encrypted information segment and cryptographic data for use in generating a session key for use by the decryptor 32 for decrypting informarion segments encnpted in accordance with the given conditional access process. including data for defining an algorithm for generating the session key and cryptographic information of the type that typically is 1o provided to information receivers in the rekey messages. The transmitted cryptographic information may be encrypted for transmission in order to enhance security. in which case the control processor 70 includes a decryptor (not shown) for decc~~pnng the transmitted cryptographic information. Also data for defining a new encrvpnon algorithm as well as other cryptographic information may be transmitted at the instigation of the conditional access information service provider rather than in response to a request signal 29 whenever it is desired to change the encryption algorithm or such other cryptographic information.
The downloaded algorithm-detimng data 92 is stored in the memor~~ 74 for retrieval by the cryptographic information generator 72 when the authorization processor 2o provides a status signal 84 identifying the conditional access process that utilizes the downloaded algorithm-defining data 92. The remainder of the downloaded cryptographic information is included in the cryptographic messages 80 provided by the control processor 70 to the cryptographic information generator 72 and processed by the cryptographic information generator 72 to generate the session key K included in the cryptographic information 42 provided to the decryptor 3 I .
Alternatively, the cryptographic information, including the algorithm-defining data required for decrypting encrypted information signals encrypted in accordance with a conditional access process of a given information server can be downloaded into the memory 74 from a smart card 75 sent to the user of the information receiver.
This 3o technique of downloading the required algorithm-defining data can be used whenever the algorithm utilized by a given information server 10a, lOb is changed or when a user of an information receiver newly becomes a subscriber to information services provided by the WO 96!08912 ~ 2 '~ ; g 5 2 6 pCT~S95/10571 information sewice provider that operates the intbrmauon server that utilizes the al'orithm defined by such downloaded algorithm-defining data.
Referring to FIG. 5, an alternative preferred embodiment of the conditional access controller 32, 52 is provided for a conditional access system tn which the combined signal ' 27a 27b, transmitted to the information receiver 12, 49 includes all of the possible status messages 94 in addition to the entitlement messages 26 and the encrypted information ' se~nents 23. In this embodiment, the conditional access controller 32, 52 includes a control processor 95, an authorization processor 96, a cryptographic information generator 97, a memory 98 preferably including one or more smart cards 99, and a 1o message display driver 100.
The control processor 95 processes the entitlement messages 26 to provide authorization messages 102 to the authorization processor 95 and cryptographic messages 103 to the cryptographic information generator 97.
The authorization processor 96 responds to an service request signal 40 identifying a selected information segment by processing an authorization signal within the authorization messages 102 that is related to the selected information segment with authorization data 105 stored in the memory 98 to determine whether or not the decryptor 31 is enabled to decrypt the selected information segment and to determine which of a plurality of different possible authorization statuses is applicable to the selected 2o information segment. Upon determining the authorization status of the information receiver, the authorization processor 96 provides a first status signal 106 to the cnptographic information generator 97 and a second status signal 107 to the control processor 95.
The control processor 95 responds to the status signal 107 by retrieving from a 2s plurality of different possible authorization status messages 94 within an information stream received by the information receiver a message 108 applicable to the status determined by the authorization processor 96, as indicated by the status signal 107. The control processor 95 retrieves the applicable status message from the information steam by detecting the applicable status message 108 within the different possible authorization 3o status messages 9~1 and by downloading the detected applicable status message 108 from ' said information stream. The control processor 9~ provides the downloaded retneved status message 108 to the message display driver 100, which in turn provides the WO 96/08912 - ~ ~ ~ ~ 9 5 2 6 pCTlL1S95/10571 downloaded status message I ( 0 to the information processor 3; for display by the information output demce 36.
The cryptographic information generator 97 responds to the status signal 106 by processing the cnptographic messages 103 together with cryptographic data 1 12 retrie~~ed from the memory 98 to thereby provide to the decryptor 31 the cnptographic information 42 that enables the decryptor 31 to decn-pt the recewed encrypted mtormat~on sesnnents _'3 identttied by the sennce request signal 40.
Except for the downloading and provision of the status message 108 that is to be displayed, the functions of the components of the conditional access controller of FIG. 5 to are the same as the functions of the like components in the conditional access controller of FIG. 4, including the downloading of the cryptographic information from the information stream.
The memory 74, 98 includes computer readable storage media (or medium) that are configured so as the cause the access control processor 30, s0 to perform its various 1s functions described above.
The information segments 14a, 14b that are encrypted may include an '~iPEG-2 video signal. MPEG-2 is an ISO (International Standards Organization) standard provided by Moving Picture Expert Group Number ~ for tele~7sion compression and decompression equipment. The information processor 35, 5~ may be a hIPEG
2o decompressor.
The present invention affords availability to a set-top. such as a digital entertainment terminal, of a network interface module that can through a conditional access/encryption algorithm-defining data downloading process from the information distribution network gateway equipment, accommodate and run the decryption algorithms 25 of the conditional access system service provider selected by the information provider.
Hence each conditional access service provider can customize its own conditional access algorithms, including the information segment encryption algorithm.
Accordingly the required integrated circuit sets in a present day proprietary network interface module are replaced by the access control processor of the present invention. A network interface 3o module including the access control processor of the present im~ennon does not depend ' upon a fixed access control process or a fixed security algorithm architecture for the WO 96108912 ø ~ 2 1 g 9 5 2 ~ PCT/US95/10571 security provided to the information provider, such as a programmer. but instead provides a fle.~cible crypto-system architecture that through ns use of tlexibie al~_onthm mformauon stream encryption equipment, flexible message protocol standard. and~~or a high-security yet low-cost smart card, responds economically to any security breach. since algorithms are easily changed to offset gains pirates may have made by breaking the code of a particular encryption algorithm.
The present invention also provides mobiliy to a subscriber owning an ~rttormauon receiver in that the subscriber's entitlements can be carried from set-top to set-top through the simple issuance of a new smart card, one that is matched to the information provider in 1o the information provider's new service area.
The use of a smart card, in addition to the provision of mobility and an enhanced level of flexibility to the marketing of services, special programming. ease of maintenance.
ease of update, etc, also provides an enhanced level of security through the umed elements of validity and the personalization of the cards upon a subscriber subscribing for the 15 services.
The present invention also will allow the ser~lce providers to have maximum fle.~cibility for purchase of mufti-vendor equipment and mule-vendor encryption systems with lower prices derived from open competition.
The advantages specifically stated herein do not necessarily apply to every 2o conceivable embodiment of the present invention. Further. such stated advantages of the present invention are only examples and should not be construed as the only advantages of the present invention. While the above description contains many specificities, these should not be construed as limitations on the scope of the present invention, but rather as examples of the preferred embodiments described herein. Other vanauons are possible 25 and the scope of the present invention should be determined not by the embodiments described herein but rather by the claims and their legal equivalents.
s BACKGROLND OF THE INVENTION
The present invention pertains to systems and methods for securely controlling access to information segments distributed to information receivers tn a point-to-point or point-to-multi-point network. Such systems are known as conditional access systems.
The information may include video, audio, text, data and any/or other type of information to that may be subject to conditional access. An information segment is a given block of information, such as a television program, a given block of text or a given block of data, that typically is transmitted over a relatively short duration.
There is a need for competitiveness and open standards for customer information receivers used in conditional access systems. However. equipment vendors are motivated 15 to maintain prop~etary standards, whereby conditional access service providers often have been dependent upon a single source of equipment. Nevertheless, information network service providers, such as telephone companies, desire to maintain at least two sources for the equipment installed in conditional access systems included within information distribution networks.
2o In the prior an, encrypted information segments respectively provided by a plurality of different conditional access information service providers are respectively encrypted for transmission in accordance with diff erent conditional access processes, which may respectively utilize different algorithms for encrypting the information segments; and the differently encrypted information segments are respectively decrypted 25 by differently configured information receivers respectively containing access control processors adapted for enabling decryption of only encrypted information segments encrypted in accordance with one of the different conditional access .processes. An encryption algorithm is a process by which a given signal is processed with a key (signal) to transform the given signal into an encrypted signal that is unintelligible or by which the 3o given signal can be recovered by corresponding processing of the encrypted signal with a 2 4 '~ ~ 5 ~ ~CT/US95110571 corresponding key. The parameters of an encryption algorithm determine the order of selection for processing of bits in the given signal. the l:ey and intermediate signals produced by such processing, and the sequence of such processing An exemplary prior art conditional access system is described in United States ' Parent Vo 4.631.901 to Klein S Gilhousen_ Charles F ~ewbs and Karl E Vloerder and Cinited States Patent ~o. 4,712,238 to Klem S Gilhousen. Jerrold A. Heller.
Wchael ~' Harding and Robert D. Blakeney. In such conditional access system. an intormat~on segment is encnpted for transnussion by scrambling the irttbrmation segment with a kevstream that is produced by processing a secure session key m accordance with a 1o predetermined encryption algorithm, such as the DES encryption algorithm.
In an information receiver of such a conditional access system, the encrypted information signal is decrypted by descrambling the encrypted information segment with a keystream that is produced by processing the secure session key in accordance w-~th the predetermined encryption algorithm. The session key is a key that is processed to produce the keystream that is used to scramble an information segment for a given transrrussion of the encrypted information segment. Typically the session key ~s processed with another key and~or a data signal to produce the keystream. In the two above-cited patents, the session key is referred to as a channel key.
An object of the present invention is to enhance the scope and utility of conditional 2o access systems by providing a conditional access system and method that allows an information receiver of an information distribution network to be configured on an open standard basis for use with different proprietary systems of a plurality of different conditional access service providers over a common information distribution network, in which each conditional access service provider determines only the parameters of the 2s cryptographic system design required to enable conditional access to the information provided by such conditional access service provider.
The prior art has suggested a conditional access system that would enable encrypted information segments respectively encrypted for transmission in accordance with different conditional access processes to be descrambled through use of a standard 3o information receiver having a standard interface common to all present and future conditional access systems and a plurality of detachable conditional access modules respectively provided by the different conditional access information sen~tce providers for enabling a common descrambler in the information receiver to descramble received ' V6'O 96/08912 Q ~ ~ 9 g 5 information segments encn~pted in accordance with any of the different conditional access processes. In such a system the use of a common descrambler to decrypt encrypted information segments provided by any of a plurahtv of different mformat~on service providers that respectively encrypt information segments for transmission in accordance with any of a plurality of. different conditional access processes respectively utilizing different algorithms for encrypting the information segments would make it necessary that to each of the detachable conditional access modules respectively provided by the different conditional access information service providers include the portion of the decryptor that generates the common descrambling keystream by processing the secure session key used for encrypting the information signal in accordance with the predetermined encryption algorithm respectively utilized in the conditional access process used by the respective information service provider.
SCMMARY OF THE INVENTION
The present invention provides an access control processor for a conditional access system in which encrypted information segments provided by a plurality of information service providers are encrypted for transmission in accordance mth different conditional 2o access processes respectively utilizing different algorithms for encrypting the information segments, the processor comprising a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes: and a conditional access controller in the information receiver for selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received 3o information segment encrypted in accordance with said algorithm. The cryptographic information for defining the encryption algorithm may define various bit selection and/or processing parameters of a predetermined algorithm, such as the DES algonthm, or such cryptographic information may define the entire predetermined algorithm.
The access control processor of the present invention is ideally suited for use in an information receiver of an information distribution network that is configured on an open standard basis for use with different proprietary systems of a plurality of different WO 96/08912 ~ 2 '~ 9 g 5 2 6 PCT~S95/10571 conditional access service providers over a common information distribution network, in . which each conditional access service provider determines only the parameters of the cryptographic design uniquely required to enable conditional access to the information provided by such conditional access service provider. Only those portions of the s conditional access controller that control conditional access parameters that are not ' common to all of the service providers need be contained m a detachable conditional access module that would be interfaced with the intormauon receiver for enabling decryption of encrypted information segments provided by such service provider, thereby reducing the cost of the detachable conditional access modules, which are replaced from to time to time in order to enhance the security of the conditional access system of the respective information service provider.
The present invention also provides a conditional access system including the above-described access control processor in combination with encryption means for encrypting information segments for transmission in accordance with different conditional 1s access processes respectively utilizing different algorithms for encrypting the information segments.
In another aspect, the present invention provides an access control processor for a conditional access system in which an encrypted information segment provided by an information service provider is encrypted for transmission in accordance with a conditional 2o access process utilizing an algorithm for encrypting the information segment, the processor comprising a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in said conditional access process; and a 2s conditional access controller in the information receiver for enabling the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segments encrypted in accordance with said algorithm, wherein 3o the conditional access controller includes means for detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information se'ments in accordance with sand conditional access process: and means for downloading the detected cryptographic rntbrmanon from sand information stream. ' 7 2 0 4 6 - 6 ~ CA 02199526 2004-O1-09 In another aspect of the invention, there is provided a conditional access system in which encrypted information is provided by a plurality of information service providers in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information, comprising encryption means for encrypting information segments for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments; a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and a conditional access controller in the information receiver for selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the alforithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
In a further aspect of the invention, there is provided a conditional access system in which encrypted information is provided by an information service provider in accordance with a given conditional access process, comprising encryption means for encrypting an information segment for transmission in accordance with a given conditional access process; a decryptor in an information 4a 7 2 0 4 6 - 6 ~ CA 02199526 2004-O1-09 receiver for decrypting encrypted information segments received by the information receiver; a conditional access controller in the information receiver for enabling the decryptor to decrypt received information segments encrypted in accordance with the given conditional access process, wherein the conditional access controller includes means for requesting transmission to the information receiver of cryptographic information for enabling the conditional access controller to enable the decryptor to decrypt a selected information segment; and means for downloading cryptographic information transmitted to the receiver in response to said request; and the system further comprising means for responding to said request by providing the requested cryptographic information for transmission to the information receiver; wherein the requested cryptographic information includes cryptographic data for defining an algorithm used by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and wherein the downloading means includes means for detecting the transmitted cryptographic data for defining the algorithm within an information stream received by the information receiver and means for downloading the detected cryptographic data from said information stream.
In a further aspect of the invention, there is provided a computer readable storage medium for use in an access control processor included in an information receiver of a conditional access system in which encrypted information segments provided by a plurality of information service providers are encrypted for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting 4b 72 04 6 - 6~ CA 02199526 2004-O1-09 the information segments, and including a decryptor for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and a conditional access controller, wherein the storage medium is configured so as the cause the conditional access controller to selectively enable the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes, by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
In a further aspect of the invention, there is provided a computer readable storage medium for use in an access control processor included in an information receiver of a conditional access system in which encrypted information segments provided by an information service provider are encrypted for transmission in accordance with a conditional access process utilizing an algorithm for encrypting the information segments, and including a decryptor for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with the algorithm utilized in said conditional access process; and a conditional access controller, wherein the storage medium is configured so as the cause the 4c 7 2 0 4 6 - 6 ~ CA 02199526 2004-O1-09 conditional access controller to enable the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm, by causing the conditional access controller to detect within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said conditional access process and to download the detected cryptographic information from said information stream.
In a further aspect of the invention, there is provided a conditional access method in which encrypted information is provided by a plurality of information service providers in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information, comprising the steps of:
(a) encrypting information segments for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments; (b) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and (c) in the information receiver, selectively enabling the decryptor to decrypt received information segments encrypted in accordance with 4d 7 2 0 4 6 - 6 ~ CA 02199526 2004-O1-09 any of said different conditional access processes by providing to the decryptor cyprographic information for defining the~algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
In a further aspect of the invention, there is provided a conditional access method in which encrypted information is provided by an information service provider in accordance with a conditional access processes utilizing an algorithm for encrypting the information, comprising the steps of: (a) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with the algorithm utilized in said conditional access process; and (b) in the information receiver, enabling the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm, wherein step (b) comprises the steps of: (c) detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said conditional access process; and (d) downloading the detected cryptographic information from said information stream.
4e In a further aspect of the invention, there is provided a conditional access method in which encrypted information is provided by an information service provider in accordance with a given conditional access process, comprising the steps of: (a) encrypting an information segment for transmission in accordance with a given conditional access process; (b) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver; (c) in the information receiver, enabling the decryptor to decrypt the received information segments encrypted in accordance with the given conditional access process; wherein step (c) includes the steps of: (d) requesting transmission to the information receiver of cryptographic information for enabling decryption of a selected information segment; and (e) in the information receiver, downloading cryptographic information transmitted to the receiver in response to said request; and the method further comprising the step of: (f) responding to said request by providing the requested cryptographic information for transmission to the information receiver; wherein the requested cryptographic information includes cryptographic data for defining an algorithm used by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and wherein step (e) includes the steps of:
(g) detecting the transmitted cryptographic data within an information stream received by the information receiver; and (h) downloading the detected cryptographic data from said information stream.
4f WO 96/08912 ~ ~ 1 g 9 5 2 6 pCT/US95/10571 In a further aspect. the present im ennon provides an access control processor for a conditional access system in which an encrypted information segment provided by an information service provider ~s encrypted for transmission rn accordance with a green ' conditional access process. the processor comprising a decryptor in an information receiver for decrypting encrypted information segments received by the information ' receiver; and a conditional access controller in the information receiver for enabling the decryptor to decwpt received information segments encrypted m accordance with the giv en conditional access process; wfierein the conditional access controller includes means for requesting transmission to the information receiver of cryptographic information for 1o enabling the conditional access controller to enable the decryptor to decrypt a selected information segment; and means for downloading cryptographic information trari_smitted to the receiver in response to said request.
The present invention further provides a conditional access system including the immediately-above-described access control processor in combination with encnption 15 means for encrypting an information segment for transmtsston tn accordance with a given conditional access process; and means for responding to the request for transmission of cryptographic information by providing the requested cryptographic information for transmission to the information receiver.
In still another aspect, the present invention provides an access control processor 2o for providing for display of a message related to an authorization status of an information receiver rrr a conditional access system for receiving an information segment, the processor comprising means for processing an authorization signal related to the information segment to determine which of a plurality of different possible authorization statures is applicable to the intbrmation segment: means for retrieving from a pluraliyr of different 2s possible authorization status messages within an information stream received by the information receiver a message applicable to the status determined by said processing; and means for providing the retrieved message for display.
In still an additional aspect, the present invention provides an access control processor for selecting an applicable authorization status of an information receiver for ' 3o receiving an information segment when the information segment is provided separately by each of a plurality of different service providers in a conditional access system. the ' processor comprising means for processing a plurality of authorization signals respectively WO 9610~9i2 ~ ~ g ~ 5 2 ~ PCT/LTS95110571 related to' the information segment provided separately by the plurality of different seance providers: means for determining which of a plurality of different possible authorization statuses is applicable for the received information segment for each of the respective authorization signals related to the different service providers: and means for selecting one of the determined statuses in accordance with a predetermined priority.
The present invention also provides computer readable storage media for use in an access control processor. which storage media are respectively so configured as to cause the access control processors to perform various functions of the above-described access control processors of the present invention.
i.o The present im~ent~on further provides the methods that are carried out by the above-described access control processors and conditional access systems.
Additional features of the present invention are described with reference to the detailed description of the preferred embodiments.
BRIEF DESCRIPTION OF THE DRAWING
FIG. I is a block diagram of a preferred embodiment of a conditional access system according to the present invention. -FIG. ~ is a block diagram of an information sewer in the system of FIG. 1.
FIG. 3 is a block diagram of an alternative preferred embodiment of the information receiver in the system of FIG. 1.
2o FIG. 4 is block diagram of one preferred embodiment of the conditional access controller in the systems of FIGS. l and 3.
FIG. S is a block diagram of another preferred embodiment of the conditional access controller in the systems of FIGS. 1 and 3.
WO 96/08912 1 - 6 ~'CT/L1S95/10571 DETALLED DESCRIPTION
Referring to FIG. l, a preferred embodiment of a conditional access system according to the present invention includes a plurality of information servers I Oa, IOb and one preferred embodiment of an information receiver 12. The information servers IOa, s lOb may be separately located or they may be included in a distribution hub that receives uttormatron segments 1-ta. 14b transmrtted tiom different sources and encrypts the information segments for tiirther transmissvon The ml~ormanon recener 1. may be an end-user information receiver or included in a distribution hub that receives information segments 14a, 14b transmitted from different sources and encrypts the information to segments for fizrther transmission.
A first information server l0a encrypts clear irii~ormation segments 14a provided by a first information service provider A for transmission in accordance with a first conditional access processes utilizing a first algorithm A for encwpting information se~:ments 14a; and a second information server IOb encrypts clear iritormation segments ~s 14b provided by a second information service provider B for transmission in accordance with a second conditional access processes utilizing a second algorithm B for encrypting the information segments 14b. The first conditional access process is different from the second conditional access process and the first algorithm A is different from the second algorithm B. As indicated by the dashed line 15. the clear information segments 14a may 2o be the same as the clear information segments 14b; but usually- the clear information segments 14a are different from the clear information segments 14b Referring to FIG. 2, a preferred embodiment of the information server l0a includes an encryptor 18, an entitlement message generator 20, a signal encoder 22 and an authorization processor 28.
25 The encryptor 18 encrypts the clear information segments 14a by processing the information segments 14a with a session key K in accordance with the first algorithm A
utilized in the first conditional access process to provide encrypted information segments 23. The session key K is included in cryptographic information 24 that is processed by the entitlement message generator 20 with entitlement information 25 to provide entitlement ' 3o messages 26. The encoder 22 combines the encrypted information segments 23 and entitlement messages 26 to provide a combined signal 27 for transmrssion.
Examples of entitlement information are described in the aforementioned C.'.S. Patent No.
4,71,238 as WO 96/08912 0 2 1 9 9 ~ 2 6 PCT/US9511057I
the program mask. the program cost. the credit signal and the authorization word.
Examples of cn~ptograph~c information as described in said patent. include the channel key ( session key), the category key and the subscriber key generation number Examples of entitlement messages, as described in said patent include the channel rekey message and s the category rekey message. Transmission of the combined signal 27 mac be accomplished by communication satellite, microwave, cable, telephone and~or land lines.
The operation of the authorization processor 28 and the entitlement message generator 20 in response to a request for cryptographic inforniation signal 29 is described below with reference to an alternative embodiment feature of the conditional access 1o controller shown in FIG. 4.
Referring again to FIG. 1, one preferred embodiment of an information recemer for use in a conditional access system according to the present invention includes an access control processor 30 including a decryptor 31 and a conditional access controller 32. a demultiplexer 33, a user interface processor 34. an iri>ormation processor 3~ and an ~s information output device 36, such as a television set. having a video monitor 37 and~or an audio speaker (not shown). Alternatively, or additionally, the information output device 36 may include such other components as a personal computer. a punter, and or a video cassette recorder. The decryptor 31. or a portion thereof: may be embodied in a replaceable security element, such as a smart card (not shown).
2o The demultiplexer 33 demultiplexes a received combined signal 38 containing encrypted information segments and entitlement messages and provides the received encrypted ini'onnation segments 23 to the decryptor 31 and the received entitlement messages 26 to the conditional access controller 32.
The user interface processor 34 responds to inputs (not shown) initiated by a user 25 of the information receiver 12 by providing either an service request signal 40 or an authorization request signal 41 to the conditional access controller 32.
The conditional access controller 32 processes the entitlement messages 26 to determine whether the decryptor 3 I in the information receiver 12 is authorized to decrypt encrypted information segments 23 identified by the service request signal 40.
Upon ' 3o determining that the decryptor 31 and thereby the information receiver 12 is so authorized, the conditional access controller 32 provides appropriate cryptographic information 42 to WO 96!08912 ~ L 1 9 9 5 2 6 PCT/LJS9SI10571 the decryptor 31 to thereby enable the decryptor 3 I to decwpt the recev zd eniwpted information segments 23 The cryptographic mtormanon 42 includes the session kev It and cryptographic data for defirtmg the algorithm A or B utilizedm the conditional access process used to produce the encrypted information segments 23 identified by the service s request signal 40.
The decryptor 31 then decrypts the recemed encrypted irttormation segments 23 by processing the recewed encrypted information segments '_'~ wnh the session kev K used for encrypting the information segments m accordance with the algorithm A or B
utilized in the conditional access process used to produce the encrypted information segments 23, io to thereby reproduce the clear information segments 14, which are provided to the information processor 35.
Upon determining the authorization status of the information recewer 12. the conditional access controller 32 causes a status message 43 applicable to the determined authorization status to be provided to the information processor 35 for display by the is video monitor 37 of the information output device 36.
The information processor 35 processes the clear information segments 14 to cause the output device 36 to provide an output to the user of the information receiver 12.
When the clear infbrmation segments 14 represent a television signal, the output device 36 causes a picture to be provided on a video monitor 37 and also pro~~des an audio output 2o signal to the speaker in the infbrmation output device 36. Vfhen the clear ini'brmation segments 14 represent text andior data, the information processor 35 causes the text and/or data to be displayed on the video monitor 37 and may also cause such text and/or data to be printed out by a printer (not shown) coupled to the information processor 35.
Such clear information 14 representing text and/or data may be stored initially in a 25 memory (not shown) for later processing by the information processor 35.
The information processor 35 processes the status message 43 to cause the output device 36 to display the message 45 to the user of the information receiver 12 on the video monitor 37. The information processor 35 may process the status message 43 together with the clear information segments 14 in such a manner as to cause the displayed message ' 30 45 to be superimposed over a picture provided on the video monitor ~n response to processing of the clear information segments 14. ~rlternauvely. the mtormation processor 35 may give priority to processing of the status message ~13 and supersede any display of WO 96/08912 a 9 ~ P~T/US95/1~571 a picture in response to -processing of the clear information segments 1.1 by causing only the displayed message 45 to be displayed on the video monitor 37 for a short duranon.
Referring to FIG. 3, an alternative embodiment of an information receiver 49 for use in the conditional access system of the present invention includes an access control processor 50 including a decryptor 51 and a condnuonal access controller 52, a demulriplexer 53, a user interface processor 54. an infbranation processor 55 and an information output devnce 56. such as a television set, having a video monitor ~ 7 and or an audio speaker (not shown) The decryptor 51. or a portion thereof. may be embodied in a replaceable security element. such as a smart card (not shown).
to The decryptor 51 receives a combined signal 58 containing encrypted information segments and entitlement messages.
The demultiplexer 53 is coupled to the decrytor 51 and demultiplexes the combined signal 59 from the decryptor 51 containing information segments and entitlement messages and provides the received information segments l4 to the information processor 55 and the received entitlement messages 60 to the conditional access controller 52.
Until the decryptor 51 is enabled for decryption. the combined siinal 59 provided from the decryptor 51 to the demultiplexer 53 includes encrypted information segments.
The user interface processor 54 responds to inputs (not shown) initiated by a user of the inforination receiver 49 by providing either an service request signal 62 or an authorization request signal 63 to the conditional access controller 52.
The conditional access controller 52 processes the entitlement messages 60 to determine whether the decryptor 51 in the information receiver 49 is authorized to decrypt encrypted information segments identified by the service request signal 62.
Upon determining that the decryptor 51 and thereby the information receiver 49 is so authorized, the conditional access controller 52 provides appropriate cryptographic information 64 to the decryptor 51 to thereby enable the decryptor 51 to decrypt the received encrypted information segments included in the received combined signs! 58. The cryptographic information 64 includes the session key K and cryptographic data for defining the 3o algorithm A or B utilized in the conditional access process used to produce the encrypted information segments identified by the service request signal 62. Since the combined WO 96/08912 ~ G ~ 9 9 5 2 6 PCT/US95/10571 signals 27a provided by the information server 1 Oa of information service provider A may incorporate the encwpted information segments into the combined signal r7a m a different format than the format used for such purpose by the intormatron sen.~er I Ob of inhorlnanon sen7ce provider B, the cryptographic rntormation 64 provided to the decryptor 51 by the conditional access controller 52 further includes format data that enables the decrvptor 51 to decrypt only the encrypted information segments included in the combined signal 58.
After the decryptor 51 has been enabled for decryption. the combined signal 59 provided from the decryptor 51 to the demulnplexer 53 includes clear information segments rather than encrypted information segments.
1o The decryptor 51 decrypts the received encrypted information segments in the combined signal 58 by processing the received encrypted information segments with the session key K used for encrypting the information segments m accordance with the algorithm A or B utilized in the conditional access process used to produce the encnpted information segments, to thereby reproduce the clear information segments 14.
which are provided by the multiplexer 53 to the information processor 55.
Upon determining the authorization status of the information receiver 49, the conditional access controller 52 causes a status message 66 applicable to the determined authorization status to be provided to the information processor 55 for display by the video monitor 57 of the information output device 56.
2o The information processor 55 processes the clear information segments I-I
and the status message 66 to cause the output deuce 56 to provide an output to the user of the information receiver 49 in the same manner as described above with reference to the information processor 35 and the output display device 36 of the information receiver 12 shown in FIG. 1.
Referring to FIG. 4, the conditional access controiIer 32, 52 of either the information receiver 12 shown in FIG. 1 or the information receiver 49 shown m FIG. 3 includes a control processor 70, an authorization processor 71, a cryptographic information generator 72, a memory 74 preferably including one or more smart cards 75, and a message display driver 76. The cryptographic information generator 72, or a 3o portion thereof, may be embodied in a replaceable security element, such as a smart card . (not shown). In one embodiment, a portion of the memory 74, a portion of the WO 96/08912 - 0 2 1 9 g 5 2 6 PCT/iJS95/10571 cryptographic information generator 72 and a portion of the decrvptor 31 are embodied in a common replaceable security element, such as a smart card (not shown). In describing the conditional access controller shown in FIG. 4, only the reference numerals shown in FIG. 1 are used to refer to the various signals and components that are shown tit both FIGS. 1 and 3, although the corresponding reference numerals shown in FIG. 3 for such signals and components also are applicable.
The control processor 70 processes the entitlement messages 26 to provide authorization messages 79 to the authorization processor 71 and cyptographic messages 80 to the cryptographic information generator 72.
to The authorization processor 71 responds to an service request signal 40 by processing the authorization messages 79 with authorization data 82 stored in the memory 74 to determine whether the decryptor 31 in the information receiver is authorized to decrypt encrypted information segments identified by the ser~.ice request signal 40. Upon determining that the decryptor 31 and thereby the information recemer is so authorized, the authorization processor 71 provides an appropriate status signal 84 to the cwptographic information generator 72. An example of an authorization processor is described in the aforementioned U.S. Patent No. 4,712,238 with reference to FIG. 1. In the conditional access controller of FIG. 4, the status signal 84 includes both an enable signal and data identifying either conditional access process A or conditional access 2o process B as the conditional access process used for encrypting the information segment identified in the service request signal 40.
The cryptographic information generator 72 responds to the status signal 84 by processing the cryptographic messages 80 together with cryptographic data 86 retrieved from the memory 74 to thereby provide to the decryptor 31 the cryptographic information z5 42 that enables the decryptor 31 to decrypt the received encrypted information segments 23 identified by the service request signal 40. As indicated above, the cryptographic information 42 includes the session key K and cryptographic information for defining the algorithm A or B utilized in the conditional access process used to produce the encrypted information segments identified by the service request signal 40.
3o The data for defining algorithm A or B included in the ctlptographic information -12 is retrieved t'rom the memory 74 as part of the crypto,~~..raphic data 86 utilized in accordance w7th the conditional access process A or B identified tit the status signal 84 as Wa 96/08912 PCT/LTS95/10571 the conditional access process used for encn-pting the information segment identified in the seance request signal ~10. In one embodiment, the memory.- 74 stores the cryptographic intonnation for defining the diY~erent algonthms A and B respectively used in the different conditional access processes. In another embodiment the cryptographic irii-brmauon for s defining each algorithm A. B is stored in a separate replaceable secunm element. such as the smart card 7~ and is provided therefrom to the cryptographic intonnation generator 72 The memory 74 may include a plurality of such smart cards 75 respectively provided by the different conditional access intonnation serr-tce providers and respectively storing the cryptographic information for defining the different algorithms ~, B
utilized for to decrypting the received encrypted information segments 23 in accordance with the different conditional access processes A and B.
When the service request signal 40 identifies a selected information segment that is provided by each of a plurality of different service providers, the authorization processor 71 processes authorization signals in the authorization messages 79 related to the selected 15 information segment provided by each of the plurality of the different service providers to determine which of a plurality of different possible authorization statuses is applicable to the selected iril;ormation segment provided by each of the service providers;
and selects for decryption in accordance with a predetermined priority based upon such status determinations the encryted information ~egrrtent provided by one of the service 2o providers. Examples of different statuses include, in order or priority:
"blacked-out", "locked-out". "authorized", "available for pay-for-view" and "not presently authorized".
The conditional access process A or B used by the service prouder for encrypting the information segment selected in accordance wth such predetermined priority is identified in the status signal 84 provided to the cryptographic information generator 72 so as to 25 cause the cryptographic generator 72 to include in the cryptographic inl'onnation 42 the cryptographic information for defining the algorithm used for encrypting the selected information segment prodded by such service provider. Such predetertnined priority tray be changed from time to time by downloading new priority data from the infortttarion stream received by the information receiver 12. 49 or from a new smart card inserted into 3o the memory 74.
The status determined by the authorization processor 71 is indicated by a status signal 88 provided by the authorization processor 71 to the message display driver 76, which in turn retrieves a status message 43 corresponding to the indicated status from the memory 74 and provides the status message 43 to the information processor 35.
The user V6~0 96/08912 ~ ~ ~ ~ ~ pCT/LJS95I10571 of the informanon receiver is irtfbrmed of the determined status by the status messaVe display ~5 on the video monitor 37 The status signals 84, 88 and the display ~5 of the status are provided in response to each service request signal 40 notwithstanding whether the selected information segment is provided by one or more different service providers.
When the status is "not presently authorized". the user may operate the user interface processor 34 to provide an authonzatton request signal -I1 to the authorization processor 71. The authorization processor 71 responds to the authonzauon request synal ~II by generating a request for crytographic information synal 29 that is transrtutted to the information server -IOa. IOb of the service provider that provides the selected to information segment identified in the service request signal 40. The request for cryptographic information signal 29 is a request for transmission to the information receiver of cryptographic intormatton for enabling the conditional access controller 3~ to enable the decn~ptor 31 to decrypt the selected information segment identified in the service request signal 40.
The authorization processor 28 in the information server IOa receives and processes the request for cryptographic information signal 29 to determine whether or not the information receiver from which the request signal 29 originated should be authorized to decrypt the selected information segment. Upon determining that such information receiver should be so authorized, the authorization processor 28 causes the requested 2o cryptographic information 90 to be included in entitlement messages 26 provided by the entitlement message generator 20 that are addressed to the irti;ormauon receiver from which the request signal 29 originated. together with authorization messages 79 that will cause the authorization processor 71 in the information receiver to determine that the decryptor 31 in the information receiver is authorized to decrypt the selected encrypted information segment. If the cryptographic information generator 72 is of the type described in the aforementioned U.S. Patent No. 4,712,238, at least some of the key seeds) stored in the memory 74 of the information receiver would have to be known to the information service provider providing such authorization.
In the conditional access controller 32 of the information receiver, the control 3o processor 70 downloads cryptographic information transmitted to the information receiver tn response to the request for cryptographic information signal '_9 by detecting the transmitted cryptographic information within an information stream of entitlement CVO 96/08912 ~ 2 ~ 9 g 5 2 6 pCT~S95/10571 messajes 26 received by the information receiver and by downloading the detected cryptographic information from such information stream.
. The transmitted cryptographic information downloaded by the control processor 70 includes cryptographic data 92 for defining the algorithm that is used in the conditional access process utilized by the information server 10a, lOb that encrypts the selected encrypted information segment and cryptographic data for use in generating a session key for use by the decryptor 32 for decrypting informarion segments encnpted in accordance with the given conditional access process. including data for defining an algorithm for generating the session key and cryptographic information of the type that typically is 1o provided to information receivers in the rekey messages. The transmitted cryptographic information may be encrypted for transmission in order to enhance security. in which case the control processor 70 includes a decryptor (not shown) for decc~~pnng the transmitted cryptographic information. Also data for defining a new encrvpnon algorithm as well as other cryptographic information may be transmitted at the instigation of the conditional access information service provider rather than in response to a request signal 29 whenever it is desired to change the encryption algorithm or such other cryptographic information.
The downloaded algorithm-detimng data 92 is stored in the memor~~ 74 for retrieval by the cryptographic information generator 72 when the authorization processor 2o provides a status signal 84 identifying the conditional access process that utilizes the downloaded algorithm-defining data 92. The remainder of the downloaded cryptographic information is included in the cryptographic messages 80 provided by the control processor 70 to the cryptographic information generator 72 and processed by the cryptographic information generator 72 to generate the session key K included in the cryptographic information 42 provided to the decryptor 3 I .
Alternatively, the cryptographic information, including the algorithm-defining data required for decrypting encrypted information signals encrypted in accordance with a conditional access process of a given information server can be downloaded into the memory 74 from a smart card 75 sent to the user of the information receiver.
This 3o technique of downloading the required algorithm-defining data can be used whenever the algorithm utilized by a given information server 10a, lOb is changed or when a user of an information receiver newly becomes a subscriber to information services provided by the WO 96!08912 ~ 2 '~ ; g 5 2 6 pCT~S95/10571 information sewice provider that operates the intbrmauon server that utilizes the al'orithm defined by such downloaded algorithm-defining data.
Referring to FIG. 5, an alternative preferred embodiment of the conditional access controller 32, 52 is provided for a conditional access system tn which the combined signal ' 27a 27b, transmitted to the information receiver 12, 49 includes all of the possible status messages 94 in addition to the entitlement messages 26 and the encrypted information ' se~nents 23. In this embodiment, the conditional access controller 32, 52 includes a control processor 95, an authorization processor 96, a cryptographic information generator 97, a memory 98 preferably including one or more smart cards 99, and a 1o message display driver 100.
The control processor 95 processes the entitlement messages 26 to provide authorization messages 102 to the authorization processor 95 and cryptographic messages 103 to the cryptographic information generator 97.
The authorization processor 96 responds to an service request signal 40 identifying a selected information segment by processing an authorization signal within the authorization messages 102 that is related to the selected information segment with authorization data 105 stored in the memory 98 to determine whether or not the decryptor 31 is enabled to decrypt the selected information segment and to determine which of a plurality of different possible authorization statuses is applicable to the selected 2o information segment. Upon determining the authorization status of the information receiver, the authorization processor 96 provides a first status signal 106 to the cnptographic information generator 97 and a second status signal 107 to the control processor 95.
The control processor 95 responds to the status signal 107 by retrieving from a 2s plurality of different possible authorization status messages 94 within an information stream received by the information receiver a message 108 applicable to the status determined by the authorization processor 96, as indicated by the status signal 107. The control processor 95 retrieves the applicable status message from the information steam by detecting the applicable status message 108 within the different possible authorization 3o status messages 9~1 and by downloading the detected applicable status message 108 from ' said information stream. The control processor 9~ provides the downloaded retneved status message 108 to the message display driver 100, which in turn provides the WO 96/08912 - ~ ~ ~ ~ 9 5 2 6 pCTlL1S95/10571 downloaded status message I ( 0 to the information processor 3; for display by the information output demce 36.
The cryptographic information generator 97 responds to the status signal 106 by processing the cnptographic messages 103 together with cryptographic data 1 12 retrie~~ed from the memory 98 to thereby provide to the decryptor 31 the cnptographic information 42 that enables the decryptor 31 to decn-pt the recewed encrypted mtormat~on sesnnents _'3 identttied by the sennce request signal 40.
Except for the downloading and provision of the status message 108 that is to be displayed, the functions of the components of the conditional access controller of FIG. 5 to are the same as the functions of the like components in the conditional access controller of FIG. 4, including the downloading of the cryptographic information from the information stream.
The memory 74, 98 includes computer readable storage media (or medium) that are configured so as the cause the access control processor 30, s0 to perform its various 1s functions described above.
The information segments 14a, 14b that are encrypted may include an '~iPEG-2 video signal. MPEG-2 is an ISO (International Standards Organization) standard provided by Moving Picture Expert Group Number ~ for tele~7sion compression and decompression equipment. The information processor 35, 5~ may be a hIPEG
2o decompressor.
The present invention affords availability to a set-top. such as a digital entertainment terminal, of a network interface module that can through a conditional access/encryption algorithm-defining data downloading process from the information distribution network gateway equipment, accommodate and run the decryption algorithms 25 of the conditional access system service provider selected by the information provider.
Hence each conditional access service provider can customize its own conditional access algorithms, including the information segment encryption algorithm.
Accordingly the required integrated circuit sets in a present day proprietary network interface module are replaced by the access control processor of the present invention. A network interface 3o module including the access control processor of the present im~ennon does not depend ' upon a fixed access control process or a fixed security algorithm architecture for the WO 96108912 ø ~ 2 1 g 9 5 2 ~ PCT/US95/10571 security provided to the information provider, such as a programmer. but instead provides a fle.~cible crypto-system architecture that through ns use of tlexibie al~_onthm mformauon stream encryption equipment, flexible message protocol standard. and~~or a high-security yet low-cost smart card, responds economically to any security breach. since algorithms are easily changed to offset gains pirates may have made by breaking the code of a particular encryption algorithm.
The present invention also provides mobiliy to a subscriber owning an ~rttormauon receiver in that the subscriber's entitlements can be carried from set-top to set-top through the simple issuance of a new smart card, one that is matched to the information provider in 1o the information provider's new service area.
The use of a smart card, in addition to the provision of mobility and an enhanced level of flexibility to the marketing of services, special programming. ease of maintenance.
ease of update, etc, also provides an enhanced level of security through the umed elements of validity and the personalization of the cards upon a subscriber subscribing for the 15 services.
The present invention also will allow the ser~lce providers to have maximum fle.~cibility for purchase of mufti-vendor equipment and mule-vendor encryption systems with lower prices derived from open competition.
The advantages specifically stated herein do not necessarily apply to every 2o conceivable embodiment of the present invention. Further. such stated advantages of the present invention are only examples and should not be construed as the only advantages of the present invention. While the above description contains many specificities, these should not be construed as limitations on the scope of the present invention, but rather as examples of the preferred embodiments described herein. Other vanauons are possible 25 and the scope of the present invention should be determined not by the embodiments described herein but rather by the claims and their legal equivalents.
Claims (42)
1. An access control processor for a conditional access system in which encrypted information segments provided by a plurality of information service providers are encrypted for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments, the processor comprising a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and a conditional access controller in the information receiver for selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
2. A processor according to Claim 1, wherein the conditional access controller includes means for detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said one of said different conditional access processes; and means for downloading the detected cryptographic information from said information stream.
3. A processor according to Claim 1, wherein the conditional access controller includes a replaceable security element, such as a smart card, for providing cryptographic information for defining the algorithm.
4. A processor according to Claim 1, wherein the conditional access controller includes a memory in the information receiver storing cryptographic information for defining said different algorithms respectively utilized in said different conditional access processes.
5. A processor according to Claim 1, wherein the conditional access controller selectively provides the cryptographic information for defining the algorithm utilized in said one conditional access process to the decryptor in accordance with a signal identifying said one conditional access process as the conditional access process used for encrypting the received information segments.
6. A processor according to Claim 1, wherein the conditional access controller comprises means for processing an authorization signal related to a selected information segment provided by each of a plurality of said service providers to determine which of a plurality of different possible authorization statuses is applicable to the selected information segment provided by each of the service providers; and means for selecting for decryption in accordance with a predetermined priority based upon said status determinations the encrypted information segment provided by one of said service providers.
7. A processor according to Claim 6, wherein the cryptographic information for defining the algorithm provided by the conditional access controller to the decryptor is provided in accordance with said selection of the selected encrypted information segment provided by said one service provider.
8. A processor according to Claim 1, in combination with a demultiplexer in the information receiver, wherein the demultiplexer is adapted for demultiplexing a received combined signal containing encrypted information segments and entitlement messages.
wherein the decryptor is coupled to the demultiplexer for receiving the demultiplexed encrypted information segments for said decryption, and wherein the conditional access controller is coupled to the demultiplexer for receiving the demultiplexed entitlement messages for processing in order to so enable the decryptor.
wherein the decryptor is coupled to the demultiplexer for receiving the demultiplexed encrypted information segments for said decryption, and wherein the conditional access controller is coupled to the demultiplexer for receiving the demultiplexed entitlement messages for processing in order to so enable the decryptor.
9. A processor according to Claim 1 in combination with a demultiplexer in the information receiver, wherein the decryptor is adapted for decrypting encrypted information segments in a received combined signal containing encrypted information segments and entitlement messages, wherein the demultiplexer is coupled to the decryptor for demultiplexing the combined signal following said decryption of the encrypted information segments by the decryptor: and wherein the conditional access controller is coupled to the demultiplexer for receiving the demultiplexed entitlement messages for processing in order to so enable the decryptor.
10. An access control processor for a conditional access system in which an encrypted information segment provided by an information service provider is encrypted for transmission in accordance with a conditional access process utilizing an algorithm for encrypting the information segment, the processor comprising a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with the algorithm utilized in said conditional access process; and a conditional access controller in the information receiver for enabling the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segments encrypted in accordance with said algorithm, wherein the conditional access controller includes means for detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used~
for encrypting information segments in accordance with said conditional access process; and means for downloading the detected cryptographic information from said information stream.
for encrypting information segments in accordance with said conditional access process; and means for downloading the detected cryptographic information from said information stream.
11. A processor according to Claim 10, wherein the requested cryptographic information includes data for use in generating a session key for use by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and the conditional access controller includes means for processing the downloaded session key generation data to generate said session key.
12. A processor according to Claim 11, wherein the downloading means includes means for detecting the transmitted session key generation data within an information stream received by the information receiver and means for downloading the detected session key generation data from said information stream.
13. A processor according to Claim 10, wherein the conditional access controller includes means for processing an authorization signal related to the selected information segment to determine whether or nat the decryptor is enabled to decrypt the selected information segment and to determine which of a plurality of different possible authorization statuses is applicable to the selected information segment;
means for retrieving from a plurality of different possible authorization status messages within an information stream received by the information receiver a message applicable to the status determined by said processing; and means for providing the retrieved message for display.
means for retrieving from a plurality of different possible authorization status messages within an information stream received by the information receiver a message applicable to the status determined by said processing; and means for providing the retrieved message for display.
14. A conditional access system in which encrypted information is provided by a plurality of information service providers in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information, comprising encryption means for encrypting information segments for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments;
a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and a conditional access controller in the information receiver for selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and a conditional access controller in the information receiver for selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
15. A system according to Claim 14, further comprising means for requesting transmission to the information receiver of cryptographic information for defining the algorithm utilized in said one of said different conditional access processes;
means for responding to said request by transmitting the requested cryptographic information; and means in the information receiver for downloading the transmitted cryptographic information.
means for responding to said request by transmitting the requested cryptographic information; and means in the information receiver for downloading the transmitted cryptographic information.
16. A system according to Claim 15, wherein the conditional access controller includes the means for downloading the transmitted cryptographic information, to wit:
means for detecting the transmitted cryptographic information within an information stream received by the information receiver and means for downloading the detected cryptographic information from said information stream.
means for detecting the transmitted cryptographic information within an information stream received by the information receiver and means for downloading the detected cryptographic information from said information stream.
17. A system according to Claim 14, further comprising means for requesting transmission to the information receiver of other cryptographic information used by the conditional access controller for enabling the decryptor to decrypt the information encrypted in accordance with one of said different conditional access processes;
means for responding to said request by transmitting the requested other cryptographic information; and means in the information receiver for downloading the transmitted other cryptographic information.
means for responding to said request by transmitting the requested other cryptographic information; and means in the information receiver for downloading the transmitted other cryptographic information.
18. A system according to Claim 17, wherein the conditional access controller includes the means for downloading the transmitted other cryptographic information, to wit: means for detecting the transmitted other cryptographic information within an information stream received by the information receiver and means for downloading the detected other cryptographic information from said information stream.
19. A system according to Claim 17, wherein the other cryptographic information includes data for use in generating a session key for use by the decryptor for decrypting information segments encrypted in accordance with the algorithm utilized in said one of said different conditional access processes; and the conditional access controller includes means for processing the downloaded session key generation data to generate said session key.
20. A conditional access system in which encrypted information is provided by a an information service provider in accordance with a given conditional access process, comprising encryption means for encrypting an information segment for transmission in accordance with a given conditional access process;
a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver;
a conditional access controller in the information receiver for enabling the decryptor to decrypt received information segments encrypted in accordance with the given conditional access process, wherein the conditional access controller includes means for requesting transmission to the information receiver of cryptographic information for enabling the conditional access controller to enable the decryptor to decrypt a selected information segment; and means for downloading cryptographic information transmitted to the receiver in response to said request; and the system further comprising means for responding to said request by providing the requested cryptographic information for transmission to the information receiver;
wherein the requested cryptographic information includes cryptographic data for defining an algorithm used by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and wherein the downloading means includes means for detecting the transmitted cryptographic data for defining the algorithm within an information stream received by the information receiver and means for downloading the detected cryptographic data from said information stream.
a decryptor in an information receiver for decrypting encrypted information segments received by the information receiver;
a conditional access controller in the information receiver for enabling the decryptor to decrypt received information segments encrypted in accordance with the given conditional access process, wherein the conditional access controller includes means for requesting transmission to the information receiver of cryptographic information for enabling the conditional access controller to enable the decryptor to decrypt a selected information segment; and means for downloading cryptographic information transmitted to the receiver in response to said request; and the system further comprising means for responding to said request by providing the requested cryptographic information for transmission to the information receiver;
wherein the requested cryptographic information includes cryptographic data for defining an algorithm used by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and wherein the downloading means includes means for detecting the transmitted cryptographic data for defining the algorithm within an information stream received by the information receiver and means for downloading the detected cryptographic data from said information stream.
21. A system according to Claim 20, wherein the requested cryptographic information includes data for use in generating a session key for use by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and the conditional access controller includes means for processing the downloaded session key generation data to generate said session key.
22. A system according to Claim 21, wherein the downloading means includes means for detecting the transmitted session key generation data within an information stream received by the information receiver and means for downloading the detected session key generation data from said information stream.
23. A system according to Claim 20, wherein the conditional access controller includes means for processing an authorization signal related to the selected information segment to determine whether or not the decryptor is enabled to decrypt the selected information segment and to determine which of a plurality of different possible authorization statuses is applicable to the selected information segment;
means for retrieving from a plurality of different possible authorization status messages within an information stream received by the information receiver a message applicable to the status determined by said processing; and means for providing the retrieved message for display.
means for retrieving from a plurality of different possible authorization status messages within an information stream received by the information receiver a message applicable to the status determined by said processing; and means for providing the retrieved message for display.
24. A computer readable storage medium for use in an access control processor included in an information receiver of a conditional access system in which encrypted information segments provided by a plurality of information service providers are encrypted for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments, and including a decryptor for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and a conditional access controller, wherein the storage medium is configured so as the cause the conditional access controller to selectively enable the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes, by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
25. A storage medium according to Claim 24, further configured so as to cause the conditional access controller to detect within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said one of said different conditional access processes and to download the detected cryptographic information from said information stream.
26. A computer readable storage medium for use in an access control processor included in an information receiver of a conditional access system in which encrypted information segments provided by an information service provider are encrypted for transmission in accordance with a conditional access process utilizing an algorithm for encrypting the information segments, and including a decryptor for decrypting encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with the algorithm utilized in said conditional access process;
and a conditional access controller, wherein the storage medium is configured so as the cause the conditional access controller to enable the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm, by causing the conditional access controller to detect within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said conditional access process and to download the detected cryptographic information from said information stream.
and a conditional access controller, wherein the storage medium is configured so as the cause the conditional access controller to enable the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm, by causing the conditional access controller to detect within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said conditional access process and to download the detected cryptographic information from said information stream.
27. A conditional access method in which encrypted information is provided by a plurality of information service providers in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information, comprising the steps of:
(a) encrypting information segments for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments;
(b) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and (c) in the information receiver, selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
(a) encrypting information segments for transmission in accordance with different conditional access processes respectively utilizing different algorithms for encrypting the information segments;
(b) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with an algorithm utilized in one of said conditional access processes; and (c) in the information receiver, selectively enabling the decryptor to decrypt received information segments encrypted in accordance with any of said different conditional access processes by providing to the decryptor cryptographic information for defining the algorithm utilized in said one of said different conditional access processes for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm.
28. A method according to Claim 27, wherein step (c) comprises the steps of:
(d) detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said one of said different conditional access processes; and (e) downloading the detected cryptographic information from said information stream.
(d) detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said one of said different conditional access processes; and (e) downloading the detected cryptographic information from said information stream.
29. A method according to Claim 27, wherein step (c) comprises the step of:
(d) providing the cryptographic information for defining the algorithm in accordance with a signal identifying said one conditional access process as the conditional access process used for encrypting the received information segments.
(d) providing the cryptographic information for defining the algorithm in accordance with a signal identifying said one conditional access process as the conditional access process used for encrypting the received information segments.
30. A method according to Claim 27, wherein step (c) comprises the step of:
(d) providing the cryptographic information from a memory in the information receiver storing cryptographic information for defining said different algorithms respectively utilized in said different conditional access processes.
(d) providing the cryptographic information from a memory in the information receiver storing cryptographic information for defining said different algorithms respectively utilized in said different conditional access processes.
31. A method according to Claim 27, further comprising the steps of:
(d) processing an authorization signal related to a selected information segment provided by each of a plurality of said service providers to determine which of a plurality of different possible authorization statuses is applicable to the selected information segment provided by each of the service providers; and (e) selecting for decryption in accordance with a predetermined priority based upon said status determinations the encrypted information segment provided by one of said service providers.
(d) processing an authorization signal related to a selected information segment provided by each of a plurality of said service providers to determine which of a plurality of different possible authorization statuses is applicable to the selected information segment provided by each of the service providers; and (e) selecting for decryption in accordance with a predetermined priority based upon said status determinations the encrypted information segment provided by one of said service providers.
32. A method according to Claim 31, wherein step (c) comprises the step of:
(f) providing the cryptographic information for defining the algorithm to the decryptor in accordance with said selection of the encrypted information segment provided by said one service provider.
(f) providing the cryptographic information for defining the algorithm to the decryptor in accordance with said selection of the encrypted information segment provided by said one service provider.
33. A method according to Claim 27, further comprising the steps of:
(d) requesting transmission to the information receiver of cryptographic information for defining the algorithm utilized in said one of said different conditional access processes;
(e) responding to said request by transmitting the requested cryptographic information; and (f) in the information receiver, downloading the transmitted cryptographic information.
(d) requesting transmission to the information receiver of cryptographic information for defining the algorithm utilized in said one of said different conditional access processes;
(e) responding to said request by transmitting the requested cryptographic information; and (f) in the information receiver, downloading the transmitted cryptographic information.
34. A method according to Claim 33, wherein step (f) includes the steps of (g) detecting the transmitted cryptographic information within an information stream received by the information receiver; and (h) downloading the detected cryptographic information from said information stream.
35. A method according to Claim 27, further comprising the steps of:
(d) requesting transmission to the information receiver of cryptographic information used for enabling decryption of the information encrypted in one of said different conditional access processes;
(e) responding to said request by transmitting the requested cryptographic information; and (f) in the information receiver, downloading the transmitted cryptographic information.
(d) requesting transmission to the information receiver of cryptographic information used for enabling decryption of the information encrypted in one of said different conditional access processes;
(e) responding to said request by transmitting the requested cryptographic information; and (f) in the information receiver, downloading the transmitted cryptographic information.
36. A method according to Claim 35, wherein step (f) includes the steps of;
(g) detecting the transmitted cryptographic information within an information stream received by the information receiver; and (h) downloading the detected cryptographic information from said information stream.
(g) detecting the transmitted cryptographic information within an information stream received by the information receiver; and (h) downloading the detected cryptographic information from said information stream.
37. A method according to Claim 35, wherein the cryptographic information includes data for use in generating a session key for use by the decryptor for decrypting information segments encrypted in accordance with said one conditional access process.
38. A conditional access method in which encrypted information is provided by an information service provider in accordance with a conditional access processes utilizing an algorithm for encrypting the information, comprising the steps of:
(a) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with the algorithm utilized in said conditional access process; and (b) in the information receiver, enabling the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm, wherein step (b) comprises the steps of:
(c) detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said conditional access process; and (d) downloading the detected cryptographic information from said information stream.
(a) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver by processing the received encrypted information segments with a session key used for encrypting the information segments in accordance with the algorithm utilized in said conditional access process; and (b) in the information receiver, enabling the decryptor to decrypt received information segments encrypted in accordance with said conditional access process by providing to the decryptor cryptographic information for defining the algorithm utilized in said conditional access process for use by the decryptor to decrypt the received information segment encrypted in accordance with said algorithm, wherein step (b) comprises the steps of:
(c) detecting within an information stream received by the information receiver cryptographic information for defining the algorithm used for encrypting information segments in accordance with said conditional access process; and (d) downloading the detected cryptographic information from said information stream.
39. A conditional access method in which encrypted information is provided by a an information service provider in accordance with a given conditional access process, comprising the steps of:
(a) encrypting an information segment for transmission in accordance with a given conditional access process;
(b) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver;
(c) in the information receiver, enabling the decryptor to decrypt the received information segments encrypted in accordance with the given conditional access process;
wherein step (c) includes the steps of:
(d) requesting transmission to the information receiver of cryptographic information for enabling decryption of a selected information segment; and (e) in the information receiver, downloading cryptographic information transmitted to the receiver in response to said request; and the method further comprising the step of:
(f) responding to said request by providing the requested cryptographic information for transmission to the information receiver;
wherein the requested cryptographic information includes cryptographic data for defining an algorithm used by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and wherein step (e) includes the steps of:
(g) detecting the transmitted cryptographic data within an information stream received by the information receiver; and (h) downloading the detected cryptographic data from said information stream.
(a) encrypting an information segment for transmission in accordance with a given conditional access process;
(b) using a decryptor in an information receiver to decrypt encrypted information segments received by the information receiver;
(c) in the information receiver, enabling the decryptor to decrypt the received information segments encrypted in accordance with the given conditional access process;
wherein step (c) includes the steps of:
(d) requesting transmission to the information receiver of cryptographic information for enabling decryption of a selected information segment; and (e) in the information receiver, downloading cryptographic information transmitted to the receiver in response to said request; and the method further comprising the step of:
(f) responding to said request by providing the requested cryptographic information for transmission to the information receiver;
wherein the requested cryptographic information includes cryptographic data for defining an algorithm used by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process; and wherein step (e) includes the steps of:
(g) detecting the transmitted cryptographic data within an information stream received by the information receiver; and (h) downloading the detected cryptographic data from said information stream.
40. A method according to Claim 39, wherein the requested cryptographic information includes data for use in generating a session key for use by the decryptor for decrypting information segments encrypted in accordance with the given conditional access process.
41. A method according to Claim 40, wherein step (e) includes the steps of:
(g) detecting the transmitted session key generation data within an information stream received by the information receiver; and (h) downloading the detected session key generation data from said information stream.
(g) detecting the transmitted session key generation data within an information stream received by the information receiver; and (h) downloading the detected session key generation data from said information stream.
42. A method according to Claim 39, further comprising the steps of:
(g) processing an authorization signal related to the selected information segment to determine whether or not decryption of the selected information segment is enabled and to determine which of a plurality of different possible authorization statuses is applicable to the selected information segment;
(h) retrieving from a plurality of different possible authorization status messages within an information stream received by the information receiver a message applicable to the status determined by said processing; and (i) providing the retrieved message for display.
(g) processing an authorization signal related to the selected information segment to determine whether or not decryption of the selected information segment is enabled and to determine which of a plurality of different possible authorization statuses is applicable to the selected information segment;
(h) retrieving from a plurality of different possible authorization status messages within an information stream received by the information receiver a message applicable to the status determined by said processing; and (i) providing the retrieved message for display.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US30340994A | 1994-09-09 | 1994-09-09 | |
US08/303,409 | 1994-09-09 | ||
PCT/US1995/010571 WO1996008912A2 (en) | 1994-09-09 | 1995-08-17 | Conditional access system |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2199526A1 CA2199526A1 (en) | 1996-03-21 |
CA2199526C true CA2199526C (en) | 2005-04-12 |
Family
ID=23171941
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA002199526A Expired - Fee Related CA2199526C (en) | 1994-09-09 | 1995-08-17 | Conditional access system |
Country Status (7)
Country | Link |
---|---|
US (3) | US5796829A (en) |
EP (1) | EP0787391B1 (en) |
AU (1) | AU4461996A (en) |
CA (1) | CA2199526C (en) |
DE (1) | DE69525170T2 (en) |
ES (1) | ES2171568T3 (en) |
WO (1) | WO1996008912A2 (en) |
Families Citing this family (155)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5796829A (en) * | 1994-09-09 | 1998-08-18 | The Titan Corporation | Conditional access system |
US6289314B1 (en) * | 1996-09-18 | 2001-09-11 | Matsushita Electric Industrial Co., Ltd. | Pay information providing system for descrambling information from plural sources and rescrambling the information before sending to a terminal or terminals |
JP3591753B2 (en) * | 1997-01-30 | 2004-11-24 | 富士通株式会社 | Firewall method and method |
US6438693B1 (en) * | 1997-09-30 | 2002-08-20 | Sony Corporation | Modular broadcast receiver system and memo |
GB2332345B (en) * | 1997-12-09 | 2002-12-11 | Sony Uk Ltd | A digital video receiver a conditional access module and a method of transmitting data therebetween |
US7809138B2 (en) | 1999-03-16 | 2010-10-05 | Intertrust Technologies Corporation | Methods and apparatus for persistent control and protection of content |
GB9809685D0 (en) * | 1998-05-06 | 1998-07-01 | Sony Uk Ltd | Ncam AV/C CTS subunit proposal |
US8584255B2 (en) * | 1999-05-05 | 2013-11-12 | Sony United Kingdom Limited | Networked conditional access module |
US8813137B2 (en) * | 1998-05-08 | 2014-08-19 | Qualcomm Incorporated | Apparatus and method for decoding digital image and audio signals |
EP0964573A1 (en) * | 1998-06-11 | 1999-12-15 | THOMSON multimedia | Method and apparatus for enlarging DVB-CI functionality by enabling a direct access to the Conditional Access Module |
EP0969665B1 (en) * | 1998-06-22 | 2002-05-29 | Alcatel | In-home network for distributing data |
CN1146235C (en) * | 1998-07-17 | 2004-04-14 | 汤姆森许可公司 | Conditional access system for broadcast digital TV. |
US6690797B1 (en) | 1998-07-28 | 2004-02-10 | Thomson Licensing S.A. | Descrambling device for the use of several conditional access sub-systems |
US6442607B1 (en) * | 1998-08-06 | 2002-08-27 | Intel Corporation | Controlling data transmissions from a computer |
IT1303242B1 (en) * | 1998-08-11 | 2000-11-02 | Cselt Ct Studi E Lab T | PROCEDURE AND SYSTEM FOR THE CONTROLLED DELIVERY OF NUMERICAL SERVICES SUCH AS, FOR EXAMPLE, MULTIMEDIA TELEMATIC SERVICES. |
US6519700B1 (en) | 1998-10-23 | 2003-02-11 | Contentguard Holdings, Inc. | Self-protecting documents |
JP3724962B2 (en) * | 1998-11-13 | 2005-12-07 | 株式会社東芝 | Information processing apparatus with access control function and storage medium |
US6859799B1 (en) | 1998-11-30 | 2005-02-22 | Gemstar Development Corporation | Search engine for video and graphics |
FR2786635B1 (en) * | 1998-12-01 | 2001-10-26 | Gemplus Card Int | LOADABLE CHIP CARD WITH COMPRESSED DATA |
WO2000041392A1 (en) * | 1999-01-06 | 2000-07-13 | Digital Video Express, L.P. | Content packet distribution system |
US7162642B2 (en) * | 1999-01-06 | 2007-01-09 | Digital Video Express, L.P. | Digital content distribution system and method |
CA2787789C (en) * | 1999-01-20 | 2014-09-30 | Certicom Corp. | A resilient cryptograhic scheme |
US6507907B1 (en) | 1999-02-26 | 2003-01-14 | Intel Corporation | Protecting information in a system |
US6550008B1 (en) | 1999-02-26 | 2003-04-15 | Intel Corporation | Protection of information transmitted over communications channels |
US6516414B1 (en) | 1999-02-26 | 2003-02-04 | Intel Corporation | Secure communication over a link |
EP1161811B1 (en) | 1999-03-22 | 2007-08-29 | Agency for Science, Technology and Research | Method and apparatus for encrypting and decrypting data |
AU4025900A (en) * | 1999-03-24 | 2000-10-09 | Microsoft Corporation | Enhancing smart card usage for associating media content with households |
US7124938B1 (en) | 1999-03-24 | 2006-10-24 | Microsoft Corporation | Enhancing smart card usage for associating media content with households |
US7730300B2 (en) | 1999-03-30 | 2010-06-01 | Sony Corporation | Method and apparatus for protecting the transfer of data |
AU3631000A (en) * | 1999-03-30 | 2000-10-16 | Sony Electronics Inc. | System for interfacing multiple conditional access devices |
US6697489B1 (en) | 1999-03-30 | 2004-02-24 | Sony Corporation | Method and apparatus for securing control words |
US6832323B1 (en) * | 1999-10-22 | 2004-12-14 | General Instrument Corporation | Object and feature authorization for digital communication terminals |
US6912513B1 (en) | 1999-10-29 | 2005-06-28 | Sony Corporation | Copy-protecting management using a user scrambling key |
US7039614B1 (en) | 1999-11-09 | 2006-05-02 | Sony Corporation | Method for simulcrypting scrambled data to a plurality of conditional access devices |
FR2803160B1 (en) * | 1999-12-22 | 2002-12-13 | Scm Schneider Microsysteme | INTERFACING MODULE FOR A HOST SUCH AS A DECODER, DECODER INCORPORATING THE SAME, AND INFORMATION PROCESSING METHOD FOR A HOST |
AU2001298116A1 (en) * | 2000-01-18 | 2009-07-29 | Telcordia Technologies, Inc. | Method and systems for identifying the existence of one or more unknown programs in a system |
US7225164B1 (en) | 2000-02-15 | 2007-05-29 | Sony Corporation | Method and apparatus for implementing revocation in broadcast networks |
US7080039B1 (en) | 2000-03-23 | 2006-07-18 | David J Marsh | Associating content with households using smart cards |
US6898285B1 (en) | 2000-06-02 | 2005-05-24 | General Instrument Corporation | System to deliver encrypted access control information to support interoperability between digital information processing/control equipment |
ES2227243T3 (en) * | 2000-06-15 | 2005-04-01 | France Telecom | PROVISION OF VIDEO INTERFACE, DISTRIBUTION SYSTEM AND METHOD TO TRANSFER PROGRAMS AND SEQUENCES OF CODED VIDEOS ON A LARGE AREA NETWORK. |
US20030206631A1 (en) * | 2000-06-22 | 2003-11-06 | Candelore Brant L. | Method and apparatus for scrambling program data for furture viewing |
US7688803B1 (en) | 2000-09-01 | 2010-03-30 | Young Steven J | System and method for coordinating between multiple telephony channels |
DE10044386A1 (en) * | 2000-09-08 | 2002-04-04 | Scm Microsystems Gmbh | Adapter device for DVB |
KR20190096450A (en) | 2000-10-11 | 2019-08-19 | 로비 가이드스, 인크. | Systems and methods for delivering media content |
US20020048371A1 (en) * | 2000-10-24 | 2002-04-25 | Ryuichi Iwamura | Method and system for secure digital decoder with secure key distribution |
US7200859B1 (en) | 2000-11-22 | 2007-04-03 | Digeo, Inc. | Apparatus and method for intelligent multimedia compression and distribution |
US6407680B1 (en) * | 2000-12-22 | 2002-06-18 | Generic Media, Inc. | Distributed on-demand media transcoding system and method |
US7242324B2 (en) * | 2000-12-22 | 2007-07-10 | Sony Corporation | Distributed on-demand media transcoding system and method |
US20020080827A1 (en) * | 2000-12-22 | 2002-06-27 | Lee Steven K. | Buried data stream in a wireless home network |
DE10104442A1 (en) * | 2001-02-01 | 2002-08-08 | Grundig Ag | Device for receiving digital radio signals with an interface processor |
US20020114360A1 (en) * | 2001-02-20 | 2002-08-22 | Perlman Stephen G. | System and method for processing multiple broadcast multimedia streams |
US7236204B2 (en) | 2001-02-20 | 2007-06-26 | Digeo, Inc. | System and method for rendering graphics and video on a display |
US20020116705A1 (en) | 2001-02-20 | 2002-08-22 | Perlman Stephen G. | System and method for processing conditional access data |
EP1235432A1 (en) * | 2001-02-27 | 2002-08-28 | Koninklijke Philips Electronics N.V. | Receiver for multi-operator encrypted signals with reduced congestion and lower costs |
ITMO20010038A1 (en) * | 2001-03-06 | 2002-09-06 | Elopak Systems | APPARATUS AND METHOD FOR THE PROCESSING OF PLASTIC MATERIAL AND CONTAINER OF FLUID PRODUCT |
US8098820B2 (en) * | 2001-03-14 | 2012-01-17 | Thomson Licensing | Conditional access system for broadcast digital television |
US20020146125A1 (en) * | 2001-03-14 | 2002-10-10 | Ahmet Eskicioglu | CA system for broadcast DTV using multiple keys for different service providers and service areas |
US7046805B2 (en) * | 2001-03-20 | 2006-05-16 | Digeo, Inc. | System and method for efficiently storing and processing multimedia content |
IL157854A0 (en) * | 2001-03-28 | 2004-03-28 | Digital rights management system and method | |
US7693508B2 (en) * | 2001-03-28 | 2010-04-06 | Qualcomm Incorporated | Method and apparatus for broadcast signaling in a wireless communication system |
US8077679B2 (en) | 2001-03-28 | 2011-12-13 | Qualcomm Incorporated | Method and apparatus for providing protocol options in a wireless communication system |
US8121296B2 (en) * | 2001-03-28 | 2012-02-21 | Qualcomm Incorporated | Method and apparatus for security in a data processing system |
US9100457B2 (en) | 2001-03-28 | 2015-08-04 | Qualcomm Incorporated | Method and apparatus for transmission framing in a wireless communication system |
US7093277B2 (en) * | 2001-05-30 | 2006-08-15 | Digeo, Inc. | System and method for improved multi-stream multimedia transmission and processing |
US7386129B2 (en) * | 2001-05-30 | 2008-06-10 | Digeo, Inc. | System and method for multimedia content simulcast |
US7895616B2 (en) | 2001-06-06 | 2011-02-22 | Sony Corporation | Reconstitution of program streams split across multiple packet identifiers |
US7747853B2 (en) | 2001-06-06 | 2010-06-29 | Sony Corporation | IP delivery of secure digital content |
US7124303B2 (en) | 2001-06-06 | 2006-10-17 | Sony Corporation | Elementary stream partial encryption |
FR2826811B1 (en) * | 2001-06-27 | 2003-11-07 | France Telecom | CRYPTOGRAPHIC AUTHENTICATION PROCESS |
EP1292144A1 (en) * | 2001-08-14 | 2003-03-12 | IP-Control GmbH | System, method and software for delivering content from a server to a customer |
US7463737B2 (en) * | 2001-08-15 | 2008-12-09 | Digeo, Inc. | System and method for conditional access key encryption |
US7352868B2 (en) | 2001-10-09 | 2008-04-01 | Philip Hawkes | Method and apparatus for security in a data processing system |
US7649829B2 (en) | 2001-10-12 | 2010-01-19 | Qualcomm Incorporated | Method and system for reduction of decoding complexity in a communication system |
CN100352172C (en) * | 2001-10-24 | 2007-11-28 | 中兴通讯股份有限公司 | Method of implementing two kind hand set compatible right discrimination mode in personal hand set system |
US7730165B2 (en) * | 2001-11-09 | 2010-06-01 | Sony Corporation | System, method, and computer program product for remotely determining the configuration of a multi-media content user |
US7356575B1 (en) | 2001-11-09 | 2008-04-08 | Sony Corporation | System, method, and computer program product for remotely determining the configuration of a multi-media content user |
US7480703B2 (en) * | 2001-11-09 | 2009-01-20 | Sony Corporation | System, method, and computer program product for remotely determining the configuration of a multi-media content user based on response of the user |
US7292690B2 (en) * | 2002-01-02 | 2007-11-06 | Sony Corporation | Video scene change detection |
US7292691B2 (en) * | 2002-01-02 | 2007-11-06 | Sony Corporation | Progressive video refresh slice detection |
MXPA04006400A (en) | 2002-01-02 | 2004-10-04 | Sony Electronics Inc | Elementary stream partial encryption. |
US7242773B2 (en) | 2002-09-09 | 2007-07-10 | Sony Corporation | Multiple partial encryption using retuning |
US7765567B2 (en) | 2002-01-02 | 2010-07-27 | Sony Corporation | Content replacement by PID mapping |
US7218738B2 (en) | 2002-01-02 | 2007-05-15 | Sony Corporation | Encryption and content control in a digital broadcast system |
US7039938B2 (en) | 2002-01-02 | 2006-05-02 | Sony Corporation | Selective encryption for video on demand |
US7823174B2 (en) | 2002-01-02 | 2010-10-26 | Sony Corporation | Macro-block based content replacement by PID mapping |
US7155475B2 (en) * | 2002-02-15 | 2006-12-26 | Sony Corporation | System, method, and computer program product for media publishing request processing |
DE10216384A1 (en) | 2002-04-12 | 2003-10-30 | Scm Microsystems Gmbh | Access control network |
US7464400B2 (en) * | 2002-04-24 | 2008-12-09 | International Business Machines Corporation | Distributed environment controlled access facility |
US6748080B2 (en) * | 2002-05-24 | 2004-06-08 | Scientific-Atlanta, Inc. | Apparatus for entitling remote client devices |
US7181010B2 (en) | 2002-05-24 | 2007-02-20 | Scientific-Atlanta, Inc. | Apparatus for entitling remote client devices |
US7861082B2 (en) * | 2002-05-24 | 2010-12-28 | Pinder Howard G | Validating client-receivers |
JP2005527913A (en) * | 2002-05-28 | 2005-09-15 | クリムゾンロジック ピーティーイー リミテッド | Computer system for automating the controlled distribution of documents |
US7191342B1 (en) * | 2002-06-04 | 2007-03-13 | Xilinx, Inc. | Methods and circuits for allowing encrypted and unencrypted configuration data to share configuration frames |
KR100474490B1 (en) * | 2002-08-29 | 2005-03-10 | 삼성전자주식회사 | Apparatus for output of audig/video signal, and method thereof |
US20040043819A1 (en) * | 2002-09-03 | 2004-03-04 | Daniel Willis | Gaming system emulating a set top box |
US8818896B2 (en) | 2002-09-09 | 2014-08-26 | Sony Corporation | Selective encryption with coverage encryption |
US20040083177A1 (en) * | 2002-10-29 | 2004-04-29 | General Instrument Corporation | Method and apparatus for pre-encrypting VOD material with a changing cryptographic key |
US8572408B2 (en) | 2002-11-05 | 2013-10-29 | Sony Corporation | Digital rights management of a digital device |
US7724907B2 (en) | 2002-11-05 | 2010-05-25 | Sony Corporation | Mechanism for protecting the transfer of digital content |
US7787622B2 (en) | 2002-11-13 | 2010-08-31 | General Instrument Corporation | Efficient distribution of encrypted content for multiple content access systems |
US8667525B2 (en) | 2002-12-13 | 2014-03-04 | Sony Corporation | Targeted advertisement selection from a digital stream |
US8645988B2 (en) | 2002-12-13 | 2014-02-04 | Sony Corporation | Content personalization for digital content |
US7599655B2 (en) | 2003-01-02 | 2009-10-06 | Qualcomm Incorporated | Method and apparatus for broadcast services in a communication system |
US7703128B2 (en) | 2003-02-13 | 2010-04-20 | Microsoft Corporation | Digital identity management |
US20040165586A1 (en) * | 2003-02-24 | 2004-08-26 | Read Christopher Jensen | PID filters based network routing |
GB2399724B (en) * | 2003-03-15 | 2005-04-27 | Hewlett Packard Development Co | Method and system for regulating access to a service |
US7398544B2 (en) * | 2003-05-12 | 2008-07-08 | Sony Corporation | Configurable cableCARD |
US8098818B2 (en) | 2003-07-07 | 2012-01-17 | Qualcomm Incorporated | Secure registration for a multicast-broadcast-multimedia system (MBMS) |
US8718279B2 (en) | 2003-07-08 | 2014-05-06 | Qualcomm Incorporated | Apparatus and method for a secure broadcast system |
US8724803B2 (en) | 2003-09-02 | 2014-05-13 | Qualcomm Incorporated | Method and apparatus for providing authenticated challenges for broadcast-multicast communications in a communication system |
EP1536306A1 (en) * | 2003-09-30 | 2005-06-01 | Broadcom Corporation | Proximity authentication system |
US8332910B2 (en) * | 2003-10-13 | 2012-12-11 | General Electric Company | Method and apparatus for selective data control |
US7281274B2 (en) | 2003-10-16 | 2007-10-09 | Lmp Media Llc | Electronic media distribution system |
US7853980B2 (en) | 2003-10-31 | 2010-12-14 | Sony Corporation | Bi-directional indices for trick mode video-on-demand |
US8472792B2 (en) | 2003-12-08 | 2013-06-25 | Divx, Llc | Multimedia distribution system |
US7519274B2 (en) | 2003-12-08 | 2009-04-14 | Divx, Inc. | File format for multiple track digital data |
JP2005227874A (en) * | 2004-02-10 | 2005-08-25 | Sony Corp | System, device, and method for information processing, program, and storage medium |
US8832434B2 (en) * | 2004-02-13 | 2014-09-09 | Hewlett-Packard Development Company, L.P. | Methods for generating data for describing scalable media |
US7984488B2 (en) | 2004-04-09 | 2011-07-19 | Microsoft Corporation | Credential roaming in electronic computing systems |
EP1638331A1 (en) * | 2004-09-17 | 2006-03-22 | Nagravision S.A. | Method to manage access means to conditional access data |
US7895617B2 (en) | 2004-12-15 | 2011-02-22 | Sony Corporation | Content substitution editor |
US8041190B2 (en) | 2004-12-15 | 2011-10-18 | Sony Corporation | System and method for the creation, synchronization and delivery of alternate content |
US20060136717A1 (en) | 2004-12-20 | 2006-06-22 | Mark Buer | System and method for authentication via a proximate device |
US20060269056A1 (en) * | 2005-05-19 | 2006-11-30 | Bruce Montag | Messaging interface for protected digital outputs |
US8706082B2 (en) * | 2005-07-26 | 2014-04-22 | At&T Intellectual Property I, L.P. | Media services with access control |
US8185921B2 (en) | 2006-02-28 | 2012-05-22 | Sony Corporation | Parental control of displayed content using closed captioning |
US7515710B2 (en) | 2006-03-14 | 2009-04-07 | Divx, Inc. | Federated digital rights management scheme including trusted systems |
US20070261090A1 (en) * | 2006-03-24 | 2007-11-08 | Miller Eric B | Interactive television application distribution, control, and communication system and methods |
US8208796B2 (en) * | 2006-04-17 | 2012-06-26 | Prus Bohdan S | Systems and methods for prioritizing the storage location of media data |
US9277295B2 (en) | 2006-06-16 | 2016-03-01 | Cisco Technology, Inc. | Securing media content using interchangeable encryption key |
US20080022304A1 (en) * | 2006-06-30 | 2008-01-24 | Scientific-Atlanta, Inc. | Digital Media Device Having Selectable Media Content Storage Locations |
US7978720B2 (en) * | 2006-06-30 | 2011-07-12 | Russ Samuel H | Digital media device having media content transfer capability |
US9137480B2 (en) | 2006-06-30 | 2015-09-15 | Cisco Technology, Inc. | Secure escrow and recovery of media device content keys |
CN103561278B (en) | 2007-01-05 | 2017-04-12 | 索尼克知识产权股份有限公司 | Video distribution system including progressive playback |
US8381268B2 (en) * | 2007-05-11 | 2013-02-19 | Cisco Technology, Inc. | Network authorization status notification |
JP2008310270A (en) * | 2007-06-18 | 2008-12-25 | Panasonic Corp | Cryptographic equipment and cryptography operation method |
WO2009065137A1 (en) | 2007-11-16 | 2009-05-22 | Divx, Inc. | Hierarchical and reduced index structures for multimedia files |
US7974411B2 (en) * | 2008-01-31 | 2011-07-05 | International Business Machines Corporation | Method for protecting audio content |
US7978853B2 (en) * | 2008-01-31 | 2011-07-12 | International Business Machines Corporation | System and computer program product for protecting audio content |
ES2727014T3 (en) * | 2008-05-29 | 2019-10-11 | Nagravision Sa | Method of updating security data in a security module and security module for the execution of this method |
US8365248B2 (en) * | 2008-05-30 | 2013-01-29 | Sharp Kabushiki Kaisha | Data providing device, operation device, and data processing device |
US20100027796A1 (en) * | 2008-08-01 | 2010-02-04 | Disney Enterprises, Inc. | Multi-encryption |
JP2011008701A (en) * | 2009-06-29 | 2011-01-13 | Sony Corp | Information processing server, information processing apparatus, and information processing method |
EP2507995A4 (en) | 2009-12-04 | 2014-07-09 | Sonic Ip Inc | Elementary bitstream cryptographic material transport systems and methods |
US8914534B2 (en) | 2011-01-05 | 2014-12-16 | Sonic Ip, Inc. | Systems and methods for adaptive bitrate streaming of media stored in matroska container files using hypertext transfer protocol |
US9467708B2 (en) | 2011-08-30 | 2016-10-11 | Sonic Ip, Inc. | Selection of resolutions for seamless resolution switching of multimedia content |
US8806188B2 (en) | 2011-08-31 | 2014-08-12 | Sonic Ip, Inc. | Systems and methods for performing adaptive bitrate streaming using automatically generated top level index files |
US8909922B2 (en) | 2011-09-01 | 2014-12-09 | Sonic Ip, Inc. | Systems and methods for playing back alternative streams of protected content protected using common cryptographic information |
KR101892634B1 (en) * | 2011-12-22 | 2018-08-29 | 삼성전자주식회사 | Electronic apparatus, CAS system and control method thereof |
US8805418B2 (en) | 2011-12-23 | 2014-08-12 | United Video Properties, Inc. | Methods and systems for performing actions based on location-based rules |
US9191457B2 (en) | 2012-12-31 | 2015-11-17 | Sonic Ip, Inc. | Systems, methods, and media for controlling delivery of content |
US9521176B2 (en) | 2014-05-21 | 2016-12-13 | Sony Corporation | System, method, and computer program product for media publishing request processing |
CN105338158B (en) | 2014-06-09 | 2019-11-19 | 阿里巴巴集团控股有限公司 | A kind of method and device of information processing |
EP3910904A1 (en) | 2015-01-06 | 2021-11-17 | DivX, LLC | Systems and methods for encoding and sharing content between devices |
US10277934B2 (en) * | 2015-03-13 | 2019-04-30 | Qualcomm Incorporated | Permissions management for watermarked data in a broadcast environment |
Family Cites Families (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE3003998A1 (en) * | 1980-02-04 | 1981-09-24 | Licentia Patent-Verwaltungs-Gmbh, 6000 Frankfurt | DATA ENCRYPTION AND DECRYLING SYSTEM |
US4613901A (en) * | 1983-05-27 | 1986-09-23 | M/A-Com Linkabit, Inc. | Signal encryption and distribution system for controlling scrambling and selective remote descrambling of television signals |
US4712238A (en) * | 1984-06-08 | 1987-12-08 | M/A-Com Government Systems, Inc. | Selective-subscription descrambling |
US4885775A (en) * | 1984-09-21 | 1989-12-05 | Scientific-Atlanta, Inc. | Information display scheme for subscribers of a subscription television system |
US5321750A (en) * | 1989-02-07 | 1994-06-14 | Market Data Corporation | Restricted information distribution system apparatus and methods |
US5144662A (en) * | 1989-02-08 | 1992-09-01 | U.S. Philips Corporation | Public communication system comprising distributed stations, and station and sub-station for use in such a communication system |
US5191611A (en) * | 1989-04-03 | 1993-03-02 | Lang Gerald S | Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients |
US5111504A (en) * | 1990-08-17 | 1992-05-05 | General Instrument Corporation | Information processing apparatus with replaceable security element |
US5144664A (en) * | 1990-11-16 | 1992-09-01 | General Instrument Corporation | Apparatus and method for upgrading terminals to maintain a secure communication network |
US5138659A (en) * | 1991-05-02 | 1992-08-11 | General Instrument Corporation | Conversion of television signal formats with retention of common control data stream |
US5291554A (en) * | 1992-05-28 | 1994-03-01 | Tv Answer, Inc. | Shared-price custom video rentals via interactive TV |
US5715515A (en) * | 1992-12-02 | 1998-02-03 | Scientific-Atlanta, Inc. | Method and apparatus for downloading on-screen graphics and captions to a television terminal |
US5497420A (en) * | 1994-02-07 | 1996-03-05 | Le Groupe Vide/ otron Lte/ e | Cable TV system using passwords |
US5661799A (en) * | 1994-02-18 | 1997-08-26 | Infosafe Systems, Inc. | Apparatus and storage medium for decrypting information |
US5491748A (en) * | 1994-03-01 | 1996-02-13 | Zenith Electronics Corporation | Enhanced security for a cable system |
US5539822A (en) * | 1994-04-19 | 1996-07-23 | Scientific-Atlanta, Inc. | System and method for subscriber interactivity in a television system |
US5796829A (en) * | 1994-09-09 | 1998-08-18 | The Titan Corporation | Conditional access system |
US5652795A (en) * | 1994-11-14 | 1997-07-29 | Hughes Electronics | Method and apparatus for an adapter card providing conditional access in a communication system |
US5694472A (en) * | 1995-02-13 | 1997-12-02 | Eta Technologies Corporation | Personal access management system |
US5930471A (en) * | 1996-12-26 | 1999-07-27 | At&T Corp | Communications system and method of operation for electronic messaging using structured response objects and virtual mailboxes |
-
1995
- 1995-08-17 US US08/646,251 patent/US5796829A/en not_active Expired - Fee Related
- 1995-08-17 ES ES95943323T patent/ES2171568T3/en not_active Expired - Lifetime
- 1995-08-17 DE DE69525170T patent/DE69525170T2/en not_active Expired - Fee Related
- 1995-08-17 CA CA002199526A patent/CA2199526C/en not_active Expired - Fee Related
- 1995-08-17 WO PCT/US1995/010571 patent/WO1996008912A2/en active IP Right Grant
- 1995-08-17 EP EP95943323A patent/EP0787391B1/en not_active Expired - Lifetime
- 1995-08-17 AU AU44619/96A patent/AU4461996A/en not_active Abandoned
-
1998
- 1998-06-24 US US09/103,749 patent/US6115821A/en not_active Expired - Fee Related
- 1998-06-24 US US09/103,912 patent/US6108422A/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
ES2171568T3 (en) | 2002-09-16 |
US6108422A (en) | 2000-08-22 |
EP0787391A4 (en) | 1998-04-08 |
US6115821A (en) | 2000-09-05 |
EP0787391A1 (en) | 1997-08-06 |
WO1996008912A2 (en) | 1996-03-21 |
AU4461996A (en) | 1996-03-29 |
DE69525170D1 (en) | 2002-03-14 |
DE69525170T2 (en) | 2002-10-10 |
US5796829A (en) | 1998-08-18 |
WO1996008912A3 (en) | 1996-06-06 |
EP0787391B1 (en) | 2002-01-23 |
CA2199526A1 (en) | 1996-03-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2199526C (en) | Conditional access system | |
KR100898437B1 (en) | Process of symmetric key management in a communication network, communication device and device for processing data in a communication network | |
EP0485887B1 (en) | System for maintaining scrambling security in a communication network | |
US5381481A (en) | Method and apparatus for uniquely encrypting a plurality of services at a transmission site | |
EP0891670B2 (en) | Method for providing a secure communication between two devices and application of this method | |
CN100499799C (en) | Transmission system of supplying conditional access for transmitted data | |
US8666072B2 (en) | Method and a system for receiving a multimedia signal, a cryptograophic entity for said reception method and system, and a method and a black box for producing said cryptographic entity | |
EP0739135A1 (en) | Data security scheme for point-to-point communication sessions | |
JP4628509B2 (en) | A system for broadcasting data signals in a secure manner | |
KR20100092902A (en) | Securely providing a control word from a smartcard to a conditional access module | |
KR20050021468A (en) | Method and electronic module for secure data transmission | |
US6766024B1 (en) | Data communication system | |
KR100936458B1 (en) | Device for processing and method for transmitting data encrypted for a first domain in a network belonging to a second domain | |
US7836300B2 (en) | Security integrated circuit | |
EP1671485B1 (en) | Portable security module pairing | |
JP4521392B2 (en) | Pay television systems associated with decoders and smart cards, rights revocation methods in such systems, and messages sent to such decoders | |
JP2000295202A (en) | Limited reception system | |
KR970064233A (en) | How messages are handled for conditional conditional access services | |
EP1467565A1 (en) | Integrated circuit for decryption of broadcast signals | |
KR101980928B1 (en) | Method, cryptographic system and security module for descrambling content packets of a digital transport stream | |
JP4620865B2 (en) | How to manage access to signals that represent service provider events | |
KR101270086B1 (en) | Method for transmitting of a message containing a description of an action to be executed in a receiver equipment | |
JP2005191847A (en) | Broadcast equipment and receiver |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKLA | Lapsed | ||
MKLA | Lapsed |
Effective date: 20060817 |