DE19941550A1 - Procedure for the activation of customer-relevant authorizations on security modules in conditional access for pay services - Google Patents
Procedure for the activation of customer-relevant authorizations on security modules in conditional access for pay servicesInfo
- Publication number
- DE19941550A1 DE19941550A1 DE1999141550 DE19941550A DE19941550A1 DE 19941550 A1 DE19941550 A1 DE 19941550A1 DE 1999141550 DE1999141550 DE 1999141550 DE 19941550 A DE19941550 A DE 19941550A DE 19941550 A1 DE19941550 A1 DE 19941550A1
- Authority
- DE
- Germany
- Prior art keywords
- customer
- service
- emm
- activation
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/355—Personalisation of cards for use
- G06Q20/3552—Downloading or loading of personalisation data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/235—Processing of additional data, e.g. scrambling of additional data or processing content descriptors
- H04N21/2351—Processing of additional data, e.g. scrambling of additional data or processing content descriptors involving encryption of additional data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26606—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4623—Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/61—Network physical structure; Signal processing
- H04N21/6106—Network physical structure; Signal processing specially adapted to the downstream path of the transmission network
- H04N21/6131—Network physical structure; Signal processing specially adapted to the downstream path of the transmission network involving transmission via a mobile phone network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/81—Monomedia components thereof
- H04N21/8166—Monomedia components thereof involving executable data, e.g. software
- H04N21/8193—Monomedia components thereof involving executable data, e.g. software dedicated tools, e.g. video decoder software or IPMP tool
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/163—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
Abstract
Description
Die Erfindung betrifft ein Verfahren zur Freischaltung von kundenrelevanten Zugangsberechtigungen in Conditional Access-Systemen zum Empfang gebührenpflichtiger Dienste, wie Pay-TV, digitale Rundfunkdatendienste im DAB, DVB, Swift, Video-on-Demand sowie beliebiger digitaler Dienste, die über Rundfunksysteme ausgestrahlt werden, unter Benutzung von Sicherheitsmodulen, wie Smart Cards, auf welchen Sicherheitsalgorithmen und/oder kundenspezifische Berechtigungen in Form von Softwareprogrammen und Daten gespeichert sind, gemäß dem Oberbegriff des Anspruchs 1.The invention relates to a method for the activation of customer-relevant Access authorizations in conditional access systems for reception fee-based services such as pay TV, digital broadcast data services in DAB, DVB, Swift, video-on-demand as well as any digital services via Broadcasting systems are broadcast using security modules, such as smart cards, on which security algorithms and / or customer-specific Permissions in the form of software programs and data are stored, according to the preamble of claim 1.
Sicherheitsmodule in Form von Smart Cards werden heute bereits in vielen Bereichen eingesetzt, in denen es gilt, Personen oder auch Maschinen einen berechtigungs- oder bedingungsabhängigen Zugriff [Conditional Access (CA- Systeme)] auf Daten oder Programme oder weitere Maschinen zu gewähren, wenn die gesetzten Bedingungen oder Berechtigungen erfüllt sind (z. B. Pay-TV). Andere typische Einsatzbereiche für Smart Cards sind elektronische Zahlungsmittel, GSM-Telefonie oder digitale Rundfunkdatendienste im DAB, DVB, Swift wie auch künftig Video-on-Demand.Security modules in the form of smart cards are already used in many Areas used in which it is important to combine people or machines authorization or conditional access [Conditional Access (CA- Systems)] on data or programs or other machines, if the set conditions or authorizations are fulfilled (e.g. Pay TV). Other typical uses for smart cards are electronic Means of payment, GSM telephony or digital radio data services in DAB, DVB, Swift continues to have video-on-demand.
Die Zugriffssteuerung erfolgt in modernen Conditional Access-Systemen fast ausschließlich auf der Basis von Smart Cards in Chipkarten-Technologie. Diese Smart Cards enthalten einen gespeicherten Sicherheitsalgorithmus und kun denspezifische Berechtigungen zum Empfang kostenpflichtiger Datendienste. Access control is almost done in modern conditional access systems exclusively on the basis of smart cards in chip card technology. This Smart cards contain a stored security algorithm and kun specific permissions to receive paid data services.
Die Problemstellung für Conditional Access-Systeme besteht darin, daß ein Anbieter von Diensten, ein Content Provider, sicher mehr als einen Kunden, wiederum aber auch nicht alle erreichen möchte. Zum Empfang eines Dienstes sollen nur dazu autorisierte Kunden in der Lage sein. Dies sind solche Kunden, die bestimmte definierte Bedingungen durch den Kauf von Berechtigungen erfüllen, zum Beispiel, dass sie die monatliche Abonnementsgebühr bezahlt haben. Zur Übermittlung derartiger Berechtigungen werden Rundfunksysteme benutzt. Somit stellt sich das Problem, dass der Zugriff auf bestimmte über Rundfunksysteme verbreitete Informationen kontrolliert werden soll, die aber im Prinzip von jedermann empfangen werden können.The problem for conditional access systems is that a Service provider, a content provider, certainly more than one customer, but again does not want to reach everyone. To receive a service Only authorized customers should be able to do this. These are those customers who fulfill certain defined conditions by purchasing authorizations, for example, that they paid the monthly subscription fee. For Broadcasting systems are used to transmit such authorizations. Consequently The problem arises that access to certain broadcasting systems widespread information should be controlled, but which in principle by anyone can be received.
Die Zugriffssicherung derartiger Informationen, wie z. B. Pay-TV, mittels Conditional Access-Systemen geschieht durch Scrambling, das ist Verschlüs selung der Programminhalte, durch Speicherung von Empfangsberechtigungen im Sicherheitsmodul des Endgerätes, und durch Hinzufügen von Empfangsbedingungen zum Programm. Endgeräte zum Empfang eines Pay-TV- Programmes sind meist die sogenannten Set-Top-Boxen oder Dekoder. Es sind aber auch andere Endgeräte möglich, z. B. mobile Empfangsgeräte, PC-Karten oder PCMCIA-Module, oder das Endgerät kann in den Fernseher integriert sein. In vielen Fällen ist jedoch die Freischaltung von Smart Cards in Rundfunk systemen, besonders beim Einsatz in Geräten zum Mobilempfang von Diensten ohne Punkt zu Punkt-Verbindung wie beim Telefon, wegen der fehlenden Empfangsgarantie problematisch. Erst die Freischaltung ermöglicht es, dass ein Kunde direkt nach dem Erwerb einer Karte einen von ihm gewünschten Dienst nutzen kann. Der Absender einer Freischaltung hat jedoch meist keine Information darüber, ob seine Freischaltung auch tatsächlich beim Kunden angekommen ist. Eine Freischaltung kommt dann nicht zustande, wenn ein Rundfunkempfang für das benutzte Gerät unmöglich ist, z. B. durch Gebäudeabschirmung in Tiefgaragen oder z. B. in Fällen, in denen ein zum Aussenden von Berechtigungen erforderliches Funknetz noch nicht so weit ausgebaut ist, daß ein Empfang von Berechtigungen durch eine sogenannte EMM-Nachricht (Entitlement Management Messages) nicht flächendeckend möglich ist. Dem gegenüber ist eine kontrollierte Erstfreischaltung mit Rückmeldung sehr sicher und ermöglicht zudem ein augen blickliches Inkasso für den freigeschalteten Dienst zum Zeitpunkt seines Erwerbs.Securing access to such information as e.g. B. Pay TV, by means of Conditional access systems are done by scrambling, which is encrypted selection of the program contents by storing reception authorizations in the Security module of the terminal, and by adding Conditions of reception for the program. Devices for receiving a pay TV Programs are usually the so-called set-top boxes or decoders. There are but other devices are also possible, e.g. B. mobile receivers, PC cards or PCMCIA modules, or the end device can be integrated into the television. In many cases, however, the activation of smart cards in broadcasting systems, especially when used in devices for mobile reception of services without point-to-point connection as with the telephone, because of the missing Guaranteed receipt problematic. Only the activation enables a Customer receives a service of his choice immediately after purchasing a card can use. However, the sender of an activation usually has no information whether his activation has actually reached the customer. An activation does not take place if a radio reception for the device used is impossible, e.g. B. by building shielding in underground garages or z. B. in cases where a to send permissions required radio network has not yet been expanded so far that reception of Authorizations through a so-called EMM message (Entitlement Management Messages) is not possible across the board. In contrast, it is a controlled one Initial activation with feedback is very safe and also enables eyes Obvious collection for the activated service at the time of its acquisition.
Programminhalte werden gescrambelt, indem die Daten von einem Verschlüs selungsalgorithmus unter Kontrolle eines sogenannten Kontrollwortes CW verschlüsselt werden. Als Algorithmus kommt im digitalen, auf dem MPEG-2- Standard basierenden Fernsehen, in Europa hauptsächlich der DVB Common Scrambling Algorithmus zum Einsatz. Es sind aber auch andere Algorithmen möglich, wie zum Beispiel DES oder Triplle DES u. a. (vgl. Bruce Schneier, Angewandte Kryptographie, Wiley, 1996).Program content is scrambled by encrypting the data selection algorithm under the control of a so-called control word CW be encrypted. The algorithm comes in digital, on the MPEG-2 Standard-based television, mainly DVB Common in Europe Scrambling algorithm used. But there are also other algorithms possible, such as DES or Triplle DES u. a. (cf. Bruce Schneier, Applied Cryptography, Wiley, 1996).
In sog. Entitlement Controll Messages (ECM) werden einem Dekoder oder sonstigem Empfangsmodul außer neuen Kontrollwörtern (CW) auch die Bedingungen mitgeteilt, unter denen ein Programm empfangen werden darf. Da sowohl das CW als auch die Empfangsbedingungen vom jeweiligen Service abhängen, werden ECM jedem Service zugeordnet. Nach dem Empfang einer ECM wird diese direkt an das Sicherheitsmodul weitergeleitet. Das Kontrollwort CW muß vertraulich übertragen werden. Zum Schutz der ECM werden kryptographische Methoden eingesetzt. Da die ECM an alle Kunden gesendet werden, müssen alle autorisierten Kunden den gleichen Schlüssel zum Entschlüsseln des Kontrollwort-Kryptogramms besitzen. Dieser wird Serviceschlüssel, SK, genannt. Das Kontrollwort CW sollte in relativ kurzen Abständen ausgetauscht werden, um das Erkennen von Scrambling-Mustern unmöglich zu machen.In so-called Entitlement Controll Messages (ECM) a decoder or other receiving module in addition to new control words (CW) also the Conditions communicated under which a program can be received. There Both the CW and the conditions of receipt from the respective service depend, ECM are assigned to each service. After receiving one ECM is forwarded directly to the security module. The control word CW must be transmitted confidentially. To protect the ECM cryptographic methods used. Because the ECM is sent to all customers all authorized customers must have the same key to the Decrypt the control word cryptogram. This will Service key, SK, called. The control word CW should be in relatively short Intervals are exchanged to detect scrambling patterns impossible to make.
Zum Setzen und zur Änderung von Empfangsberechtigungen, die im Dekoder bzw. im Sicherheitsmodul gespeichet sind, werden Entitlement Management Messages (EMM) eingesetzt. EMM-Nachrichten müssen an die individuelle Adresse des Kunden (bzw. des Dekoders oder des Sicherheitsmoduls) gesendet werden. Kundenadresse und EMM-Nachrichten müssen gegen Veränderung geschützt werden; es muß sichergestellt sein, dass nur der Programmanbieter EMM-Nachrichten erzeugen kann. Individuelle Adressen tauchen in den EMM- Nachrichten immer unverschlüsselt auf; einen Vervielfältigungsschutz kann man nur über eine ergänzende Information erreichen, die für den Kunden unauslesbar gespeichert ist. Dies ist der persönliche Schlüssel (PK), der mit der Kundenadresse verknüpft ist. EMM-Nachrichten werden über das gleiche Rundfunksystem wie die Nutzdaten versendet. EMM-Nachrichten sind nicht fest mit dem Programminhalt verknüpft, sondern mit der logischen Adresse des Endgerätes des Kunden bzw. mit der des Sicherheitsmoduls, so dass EMM an einzelne Kunden oder an Gruppen von Kunden adressiert werden können. Für die Nutzung bestimmter Dienste wie z. B. mobil empfangene Services oder Pay-per- View kann darüber hinaus ein Rückkanal zur Verfügung stehen der entweder manuell (Anruf bei einem Service-Center) oder automatisch (z. B. Verbindung vom Dekoder zum Sendezentrum über TCP/IP) realisiert wird.For setting and changing receive authorizations in the decoder or are stored in the security module, Entitlement Management Messages (EMM) used. EMM messages must be sent to the individual Address of the customer (or the decoder or the security module) sent become. Customer address and EMM messages have to be changed to be protected; it must be ensured that only the program provider Can generate EMM messages. Individual addresses appear in the EMM Messages always unencrypted; one can protect against reproduction can only be achieved through additional information that is unreadable for the customer is saved. This is the personal key (PK) that comes with the Customer address is linked. EMM messages are about the same Broadcasting system as the user data sent. EMM messages are not fixed linked with the program content, but with the logical address of the Terminal of the customer or with that of the security module, so that EMM on individual customers or groups of customers can be addressed. For the Use of certain services such as B. Mobile received services or pay per View can also have a back channel available either manually (call a service center) or automatically (e.g. connection from Decoder to the transmission center via TCP / IP).
Berechtigungen können sich ändern, wenn z. B. die Gebührenkonten von Kunden nicht ausgeglichen werden, was zum Beispiel die Sperrung einer Empfangs berechtigung zur Folge haben kann. EMMs können jedoch auch dazu dienen, Dienste auf Smart Cards erstmals oder neu zu aktivieren. In diesen Fällen müssen die Berechtigungen im Sicherheitsmodul, wie Smart Card, neu gesetzt werden. Heute werden als Sicherheitsmodule meist Chipkarten verwendet, die nicht fest mit dem Endgerät verbunden sind, sondern auch aus diesem entfernt und ausgetauscht werden können.Permissions can change if e.g. B. customer fee accounts cannot be compensated for, for example, blocking a reception may result in authorization. However, EMMs can also serve To activate services on smart cards for the first time or to reactivate them. In these cases the authorizations in the security module, such as smart cards, are reset. Today, chip cards that are not fixed are mostly used as security modules are connected to the terminal, but also removed from it and can be exchanged.
Zum Stand der Technik wird auf die Veröffentlichung in Bernd Seiler (Hrsg.): taschenbuch der telekom praxis 1996, Schiele & Schön Berlin 1996, Jörg Schwenk: "Conditional Access" oder "Wie kann man den Zugriff auf Rundfunksendungen kontrollieren?" verwiesen.The state of the art is based on the publication in Bernd Seiler (ed.): paperback of the telekom praxis 1996, Schiele & Schön Berlin 1996, Jörg Pan: "Conditional Access" or "How to Access Control broadcasts? "
Darüber hinaus werden mit der Einführung neuer Übertragungsmedien wie DAB
und DVB-T, Pay-Dienste mit zunehmendem Maße auch für mobile Kunden, die
z. B. ein entsprechendes Endgerät in ihrem Kfz mitführen, interessant. Hier stellen
sich jedoch folgende Probleme:
In addition, with the introduction of new transmission media such as DAB and DVB-T, pay services are increasingly also available to mobile customers who, for. B. carry a corresponding device in your vehicle, interesting. However, the following problems arise here:
- - Die Datenkapazität der Dienste ist beschränkt (z. B. DAB, Swift u. a.),- The data capacity of the services is limited (e.g. DAB, Swift and others),
- - die Empfangssituation ist schwierig (z. B. durch noch nicht voll ausgebaute Rundfunknetze oder Kfz in Tiefgarage)) oder- The reception situation is difficult (e.g. due to not yet fully developed Radio networks or vehicles in underground parking)) or
- - ein Rückkanal ist in der Regel nicht vorhanden.- A return channel is usually not available.
Der Erfindung liegt deshalb die Aufgabe zugrunde, ein Verfahren anzugeben, mit welchem eine Chipkarte eines autorisierten Kunden zur Änderung für Pay-Dienste individuell adressierbar gemacht werden kann, wobei die Pay-Dienste auch für mobile Kunden dienstbar gemacht werden sollen.The invention is therefore based on the object of specifying a method with which is a chip card from an authorized customer for changing for pay services can be made individually addressable, the pay services also for mobile customers should be made available.
Offenbarung der Erfindung und deren Vorteile:
Die Lösung der Aufgabe besteht darin, dass auf Anforderung eines Service-
Providers, also eine zur Ausgabe bzw. zum Verkauf von Sicherheitsmodulen
berechtigte Institution, wie z. B. ein T-Punkt, an ein für die Berechtigungskontrolle
zuständiges Service-Center, z. B. Daten-Service-Center im DAB, das Service-
Center bei indirekter Freischaltung entweder mittels Telefon oder Datenfernüber
tragungssystem ein diesem Sicherheitsmodul spezifisch zugeteiltes EMM-
Freischaltsignal zum Service-Provider sendet und dort dieses EMM-Freischalt
signal für den betreffenden Service in ein Kontrollgerät des Service-Providers
einspeist und auf den Sicherheitsmodul aufgegeben und über das Kontrollgerät
der Sicherheitsmodul mit diesem EMM-Freischaltsignal aktiviert wird oder bei
direkter Freischaltung das Service-Center unter Zuhilfenahme eines Daten
übermittlungsdienstes in einem digitalen Rundfunkdienst wie das DAB-Gleich
wellennetz das spezifisch zugeteilte EMM-Freischaltsignal an den Sicherheits
modul des nachfragenden Kunden sendet und diesen freischaltet. Der Erfindung
liegt der Vorteil zugrunde, dass die Freischaltung eines Dienstes auf einem
Sicherheitsmodul wie einer Smart Card mittels des jeweiligen Sendesystems, wie
zum Beispiel durch Nutzung handelsüblicher DAB- oder DVB-Empfänger selbst,
bei direkter Freischaltung, oder unter Zuhilfenahme eines anderen als des
sendenden Dienstes möglich ist bei indirekter Freischaltung. Das Service-Center
vergibt die Berechtigung nach Zahlung der entsprechenden Datendienstgebühr
mittels o. g. direkter oder indirekter Freischaltung über die Smart-Card-spezifische
EMM. Ein beim Service Provider aufgestelltes Kontrollgerät bestätigt die
Aktivierung des Sicherheitsmoduls, etwa einer Smart Card, für den betreffenden
Dienst.Disclosure of the invention and its advantages:
The solution to the problem is that at the request of a service provider, i.e. an institution authorized to issue or sell security modules, such as. B. a T point to a service center responsible for authorization control, e.g. B. Data service center in the DAB, the service center with indirect activation either by telephone or remote data transmission system sends a security module specifically assigned EMM activation signal to the service provider and there this EMM activation signal for the relevant service in a control device the service provider feeds in and transferred to the security module and the security module is activated with this EMM activation signal via the control device or, if it is activated directly, the service center with the aid of a data transmission service in a digital broadcasting service such as the DAB single-wave network, the specifically assigned EMM -Sends the activation signal to the security module of the customer making the request and enables it. The invention is based on the advantage that the activation of a service on a security module such as a smart card by means of the respective transmission system, such as, for example, by using commercially available DAB or DVB receivers themselves, with direct activation, or with the aid of someone other than the sender Service is possible with indirect activation. The service center grants the authorization after payment of the corresponding data service fee by means of the above-mentioned direct or indirect activation via the smart card-specific EMM. A control device installed at the service provider confirms the activation of the security module, such as a smart card, for the service in question.
Bei direkter und indirekter Freischaltung kann vorteilhaft eine Zuweisung eines elektronisch gespeicherten, dienstespezifischen Guthabens, Token, in Geldeinheiten auf den Sicherheitsmodul aufgegeben werden.With direct and indirect activation, an assignment of a electronically stored, service-specific credit, token, in Monetary units are given up on the security module.
Bei indirekter Freischaltung des Sicherheitsmoduls der nachfragenden Kunden kann vorteilhaft der Datenübermittlungsdienst z. B. über ein festnetzgebundenes Modem, über ein GSM-Modem oder über GSM-SMS-Dienste erfolgen.With indirect activation of the security module of the inquiring customers can advantageously the data transmission service z. B. via a landline Modem, via a GSM modem or via GSM SMS services.
In vorteilhafter Weise kann des Weiteren bei direkter Freischaltung des Sicherheitsmoduls des nachfragenden Kunden dieser mit Hilfe des von ihm benutzten Mobilfunknetzes, beispielsweise dem GSM-Netz, ungefähr lokalisiert werden und das spezifische EMM-Freischaltsignal zur Freischaltung des Kunden nur in das DAB-Gleichwellennetz geroutat werden, in der sich der Kunde zur Zeit des Anrufs und orderns des EMM-Freischaltsignals aufhält.Advantageously, the direct activation of the Security module of the inquiring customer with the help of the customer used mobile network, for example the GSM network, approximately localized and the specific EMM activation signal to activate the customer only be routed into the DAB single-wave network in which the customer is currently of the call and ordering the EMM activation signal.
Dadurch werden die oben genannten Probleme durch die Realisierung eines
Rückkanals mittels GSM gelöst. Der Ablauf hierzu sei am Beispiel DAB
beschrieben:
This solves the problems mentioned above by realizing a return channel using GSM. The procedure for this is described using the example of DAB:
- 1. Der Kunde meldet sich z. B. per GSM aus seinem Kfz beim Daten-Service- Center im DAB, um eine Freischaltung, zum Beispiel für einen einzelnen Datendienst oder für ein Abonnement oder bei Nichtempfang einer Freischaltung oder eine Zuweisung von elektronischem, dienste-spezifischem Guthaben, Token, auf der Smart Card zu verlangen.1. The customer reports z. B. via GSM from his car at the data service Center in the DAB to get an activation, for example for an individual Data service or for a subscription or if one is not received Activation or assignment of electronic, service-specific Demand credit, token, on the smart card.
- 2. Im Daten-Service-Center im DAB wird in Zusammenarbeit z. B. mit einem GSM-Betreiber (z. B. T-Mobil) die GSM-Zelle (bzw. über diesen Weg das flächenmäßig größere DAB-Gleichwellennetz) ermittelt, in der sich der Anrufer gerade aufhält.2. In the data service center in the DAB, for example, B. with a GSM operator (e.g. T-Mobil) the GSM cell (or in this way the larger DAB single-wave network) in which the caller is located just stopping.
- 3. Die entsprechende EMM mit der Freischaltung wird zu dem DAB- Gleichwellennetz geroutet, in dem sich der Teilnehmer aufhält.3. The corresponding EMM with the activation becomes the DAB Routed single-frequency network in which the participant is located.
Die Vorteile des erfindungsgemäßen Verfahrens sind somit insbesondere darin zu sehen: EMMs müssen nicht mehr bundesweit ausgestrahlt werden, sondern nur noch lokal in den DAB-Versorgungsgebieten, in denen sich der Teilnehmer auch aufhält. Dadurch wird die für EMMs benötigte Datenrate erheblich geringer. Bei einem Anruf ist sichergestellt, daß der Anrufer die EMM auch empfangen kann, da man aus der Tatsache des Aufbaus einer GSM-Verbindung auf die Möglichkeit des DAB-Empfangs schließen kann. Ein weiterer wichtiger Vorteil besteht darin, dass ein Rückkanal für neue Dienste vorhanden ist.The advantages of the method according to the invention are thus particularly in it see: EMMs no longer have to be broadcast nationwide, just still locally in the DAB coverage areas in which the subscriber is also stops. This significantly reduces the data rate required for EMMs. At a call ensures that the caller can also receive the EMM because the possibility of establishing a GSM connection of DAB reception can close. Another important advantage is that there is a return channel for new services.
Dabei werden die EMMs z. B. nicht über einen GSM-Kanal gesendet, da dies eine Datenverbindung zwischen dem Handy und dem DAB-Empfänger voraussetzen würde, was allerdings theoretisch denkbar ist.The EMMs z. B. not sent over a GSM channel, as this is a Require data connection between the mobile phone and the DAB receiver would, which is theoretically conceivable.
Das erfindungsgemäße Verfahren ist insbesondere zur Freigabe von kunden relevanten Zugangsberechtigungen in Conditional Access Systemen zum Empfang von gebührenpflichtigen Media-Diensten gewerblich anwendbar.The method according to the invention is particularly for the release of customers relevant access authorizations in conditional access systems for Reception of fee-based media services commercially applicable.
Claims (4)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE1999141550 DE19941550A1 (en) | 1999-09-01 | 1999-09-01 | Procedure for the activation of customer-relevant authorizations on security modules in conditional access for pay services |
EP00960512A EP1234449A1 (en) | 1999-09-01 | 2000-08-24 | Method for releasing customer-specific authorisations using security modules in conditional-access systems for chargeable services |
PCT/EP2000/008263 WO2001017249A1 (en) | 1999-09-01 | 2000-08-24 | Method for releasing customer-specific authorisations using security modules in conditional-access systems for chargeable services |
AU28084/01A AU765278B2 (en) | 1999-09-01 | 2000-08-24 | Method for clearing customer-specific entitlements on security modules in conditional access systems for pay services |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE1999141550 DE19941550A1 (en) | 1999-09-01 | 1999-09-01 | Procedure for the activation of customer-relevant authorizations on security modules in conditional access for pay services |
Publications (1)
Publication Number | Publication Date |
---|---|
DE19941550A1 true DE19941550A1 (en) | 2001-03-08 |
Family
ID=7920362
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
DE1999141550 Withdrawn DE19941550A1 (en) | 1999-09-01 | 1999-09-01 | Procedure for the activation of customer-relevant authorizations on security modules in conditional access for pay services |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP1234449A1 (en) |
AU (1) | AU765278B2 (en) |
DE (1) | DE19941550A1 (en) |
WO (1) | WO2001017249A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10246987A1 (en) * | 2002-10-02 | 2004-04-15 | Deutsche Telekom Ag | Method and system for receiving and paying for content |
DE10248544A1 (en) * | 2002-10-14 | 2004-04-22 | Deutsche Telekom Ag | Method for preparing a restricted access service e.g. for pay-TV via mobilephone terminal, involves decoding message for testing reception validity in terminal device |
WO2004079672A1 (en) * | 2003-03-03 | 2004-09-16 | Nagracard Sa | Method for deactivating and reactivating security modules |
EP1450503A3 (en) * | 2003-02-19 | 2009-12-23 | Vodafone Holding GmbH | System and method for electronic transmission and billing of information data |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1248221A3 (en) * | 2001-04-04 | 2003-04-02 | RITTER, Rudolf | System and method for portfolio management by means of DAB |
EP1427208A1 (en) * | 2002-12-02 | 2004-06-09 | Canal + Technologies | Messaging over mobile phone network for digital multimedia network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5850430A (en) * | 1994-02-16 | 1998-12-15 | Telecom Finland Oy | Method to identify clients and method for using a teleterminal device |
DE19738707A1 (en) * | 1997-08-29 | 1999-03-04 | Mannesmann Ag | Method for allocating temporary access authorization to mobile radio network |
WO1999039477A1 (en) * | 1998-01-30 | 1999-08-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Managing group ip addresses in mobile end stations |
DE19839266A1 (en) * | 1998-08-28 | 2000-03-02 | Alcatel Sa | Accessing software modules using enable module and personal computer connected to service provider and network |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE3590072T1 (en) * | 1984-02-23 | 1986-05-15 | American Telephone And Telegraph Co., New York, N.Y. | Method and device for the distribution of signals to subscribers |
JPH06141004A (en) * | 1992-10-27 | 1994-05-20 | Mitsubishi Corp | Charging system |
IT1272090B (en) * | 1993-12-20 | 1997-06-11 | Urmet Sud Costr Elett Telefon | ENABLING SYSTEM FOR DECODING OF TELEVISION PROGRAMS. |
US5497420A (en) * | 1994-02-07 | 1996-03-05 | Le Groupe Vide/ otron Lte/ e | Cable TV system using passwords |
MY125706A (en) * | 1994-08-19 | 2006-08-30 | Thomson Consumer Electronics | High speed signal processing smart card |
NZ500194A (en) * | 1997-03-21 | 2000-12-22 | Canal Plus Sa | Broadcasting randomized subscriber entitlement management messages for digital television |
SE509582C2 (en) * | 1997-06-05 | 1999-02-08 | Telia Ab | Systems at telecommunication networks |
JP3924847B2 (en) * | 1997-06-19 | 2007-06-06 | ソニー株式会社 | Information receiving apparatus and method, and recording medium |
EP0936774A1 (en) * | 1998-02-13 | 1999-08-18 | CANAL+ Société Anonyme | Recording of scrambled digital data |
-
1999
- 1999-09-01 DE DE1999141550 patent/DE19941550A1/en not_active Withdrawn
-
2000
- 2000-08-24 WO PCT/EP2000/008263 patent/WO2001017249A1/en active Application Filing
- 2000-08-24 EP EP00960512A patent/EP1234449A1/en not_active Ceased
- 2000-08-24 AU AU28084/01A patent/AU765278B2/en not_active Ceased
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5850430A (en) * | 1994-02-16 | 1998-12-15 | Telecom Finland Oy | Method to identify clients and method for using a teleterminal device |
DE19738707A1 (en) * | 1997-08-29 | 1999-03-04 | Mannesmann Ag | Method for allocating temporary access authorization to mobile radio network |
WO1999039477A1 (en) * | 1998-01-30 | 1999-08-05 | Telefonaktiebolaget Lm Ericsson (Publ) | Managing group ip addresses in mobile end stations |
DE19839266A1 (en) * | 1998-08-28 | 2000-03-02 | Alcatel Sa | Accessing software modules using enable module and personal computer connected to service provider and network |
Non-Patent Citations (1)
Title |
---|
JP 10-164052 A.,In: Patent Abstracts of Japan * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10246987A1 (en) * | 2002-10-02 | 2004-04-15 | Deutsche Telekom Ag | Method and system for receiving and paying for content |
DE10248544A1 (en) * | 2002-10-14 | 2004-04-22 | Deutsche Telekom Ag | Method for preparing a restricted access service e.g. for pay-TV via mobilephone terminal, involves decoding message for testing reception validity in terminal device |
EP1450503A3 (en) * | 2003-02-19 | 2009-12-23 | Vodafone Holding GmbH | System and method for electronic transmission and billing of information data |
WO2004079672A1 (en) * | 2003-03-03 | 2004-09-16 | Nagracard Sa | Method for deactivating and reactivating security modules |
CN100350799C (en) * | 2003-03-03 | 2007-11-21 | 纳格拉卡德股份有限公司 | Method for deactivating and reactivating security modules. |
US7890770B2 (en) | 2003-03-03 | 2011-02-15 | Nagravision S.A. | Method for deactivating and reactivating security modules |
Also Published As
Publication number | Publication date |
---|---|
AU2808401A (en) | 2001-03-26 |
WO2001017249A1 (en) | 2001-03-08 |
EP1234449A1 (en) | 2002-08-28 |
AU765278B2 (en) | 2003-09-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE3524472C2 (en) | ||
DE69825443T2 (en) | DEVICE IN TELECOMMUNICATIONS NETWORKS | |
DE60004480T2 (en) | METHOD AND DEVICE FOR ENCRYPTED TRANSMISSION | |
DE69702310T3 (en) | METHOD FOR THE SECURED TRANSMISSION BETWEEN TWO DEVICES AND THEIR APPLICATION | |
DE69825611T2 (en) | Method and apparatus for use in scrambled or scrambled transmission such as scrambled television broadcasting | |
DE60222012T2 (en) | SYSTEM AND METHOD FOR HYBRID CONDITIONAL ACCESS TO RECEIVERS OF ENCRYPTED TRANSMISSIONS | |
DE69914306T2 (en) | RECORDING ENCRYPTED DIGITAL DATA | |
DE69838890T2 (en) | Sending and receiving data | |
DE69530955T2 (en) | Cryptosystem with key | |
DE3590072T1 (en) | Method and device for the distribution of signals to subscribers | |
EP1264480A1 (en) | Method, communication system and receiver device for the billing of access controlled programmes and/or data from broadcast transmitters | |
DE60020245T2 (en) | SYSTEM AND METHOD FOR SECURING ON-REQUEST DELIVERY OF PRE-CLOSED CONTENTS WITH ECM SUPPRESSION | |
EP1642458B1 (en) | Method and device for transmitting decryption codes of freely transmitted, encrypted program contents to clearly identifiable receivers | |
DE60208247T2 (en) | Internet service provider callback for satellite systems | |
DE19941550A1 (en) | Procedure for the activation of customer-relevant authorizations on security modules in conditional access for pay services | |
DE60113306T2 (en) | PROCESS AND DEVICE IS APPROVED IN THE UNAUTHORIZED TIME OF TIME IN AN ADDRESSABLE PAYMENT SYSTEM | |
DE60225721T2 (en) | PROCEDURE FOR ACCESS CONTROL OF SPECIFIC SERVICES BY A DISTRIBUTOR | |
DE602004003346T2 (en) | PAY TELEVISION, METHOD FOR REMOVING RIGHTS IN SUCH A SYSTEM, ASSOCIATED DECODER AND CHIP CARD, AND MESSAGE TRANSMITTED TO SUCH A DECODER | |
EP0822719B1 (en) | Methods and arrangements for preventing unauthorised use of distribution networks | |
DE10029643A1 (en) | Interception-secure provision of internet protocol services via radio medium e.g. satellite by combining target address with unique identification number | |
DE60005021T2 (en) | Access authorization system for spontaneous purchase on pay TV | |
DE4414953C2 (en) | Device for processing electrical signals | |
DE10248544A1 (en) | Method for preparing a restricted access service e.g. for pay-TV via mobilephone terminal, involves decoding message for testing reception validity in terminal device | |
DE10244079A1 (en) | Method for preparing an encoded IP-based group service e.g. multi-cast service, involves sending safety data file at given times via IP-group address to subscribers | |
EP1023806B1 (en) | Method and device for relaying specific data, especially receiving rights, to a pay television terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
OM8 | Search report available as to paragraph 43 lit. 1 sentence 1 patent law | ||
8141 | Disposal/no request for examination |