WO2000067483A1 - Method and apparatus for access control of pre-encrypted on-demand television services - Google Patents

Method and apparatus for access control of pre-encrypted on-demand television services Download PDF

Info

Publication number
WO2000067483A1
WO2000067483A1 PCT/US2000/009800 US0009800W WO0067483A1 WO 2000067483 A1 WO2000067483 A1 WO 2000067483A1 US 0009800 W US0009800 W US 0009800W WO 0067483 A1 WO0067483 A1 WO 0067483A1
Authority
WO
WIPO (PCT)
Prior art keywords
odb
accordance
content
encrypted content
user terminal
Prior art date
Application number
PCT/US2000/009800
Other languages
French (fr)
Inventor
Reem Safadi
Lawrence D. Vince
Original Assignee
General Instrument Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by General Instrument Corporation filed Critical General Instrument Corporation
Priority to CA002372810A priority Critical patent/CA2372810A1/en
Priority to EP00922124A priority patent/EP1175781A1/en
Priority to MXPA01010808A priority patent/MXPA01010808A/en
Priority to AU42359/00A priority patent/AU4235900A/en
Publication of WO2000067483A1 publication Critical patent/WO2000067483A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/167Systems rendering the television signal unintelligible and subsequently intelligible
    • H04N7/1675Providing digital key or authorisation information for generation or regeneration of the scrambling sequence
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption
    • H04N21/23473Processing of video elementary streams, e.g. splicing of video streams, manipulating MPEG-4 scene graphs involving video stream encryption by pre-encrypting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/47End-user applications
    • H04N21/472End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content
    • H04N21/47202End-user interface for requesting content, additional data or services; End-user interface for interacting with content, e.g. for content reservation or setting reminders, for requesting event notification, for manipulating displayed content for requesting content on demand, e.g. video on demand
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/64Addressing
    • H04N21/6405Multicasting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/165Centralised control of user terminal ; Registering at central
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17309Transmission or handling of upstream communications
    • H04N7/17318Direct or substantially direct transmission and handling of requests

Definitions

  • the present invention relates to the communication of information services over a communication network, and more particularly to providing access control for signals containing audiovisual content and services, such as on-demand television programming.
  • signals containing audiovisual content and services such as on-demand television programming.
  • systems In order to render subscription programming services and the like commercially viable, systems must be provided for preventing non-paying individuals from obtaining the services.
  • Such "access control" systems can take various forms, but generally include some type of modification (e.g., scrambling) or encryption of the signals that carry the services. Only authorized subscribers have access to the elements (e.g., cryptographic keys) necessary to satisfactorily receive the signals.
  • Pre-encryption is inherently not as secure as real-time encryption.
  • on-demand content security requirements are less stringent than those of broadcast content. For example, there is no a priori knowledge of when certain content will be requested in the on-demand case. In the broadcast case, the content is always being sent and the schedules are known ahead of time .
  • MPAA Motion Picture Association of America
  • Entitlement control should be upgradeable without impacting content providers or server vendors. Stronger solutions should be able to be incorporated gradually as the need dictates.
  • the present invention can be adapted for use with different types of provider networks, e.g. satellite and Internet based networks.
  • the present invention provides a system having these and other advantages.
  • the invention disclosed herein extends existing encryption capability, such as that provided by the Digicipher II (DCII) system available from General Instrument Corporation of Horsham, Pennsylvania, USA, the assignee of the present invention, to handle pre-encrypted content that is requested on demand by a viewer or is sent to a group of viewers.
  • DCII Digicipher II
  • the method of the invention is also upgradeable to facilitate implementations of entitlement control algorithms that vary in sophistication as the need dictates.
  • the method is extensible to enable encryption control that is independent of the transport protocol used. Such protocols include, for example, MPEG-2 and Internet Protocol (IP) .
  • IP Internet Protocol
  • a method and apparatus are provided for access control of pre-encrypted on-demand content.
  • the content is pre-encrypted by an encryption device controlled by a pre-encryption controller.
  • the pre-encrypted content is forwarded from the encryption device to a server.
  • the server may be a main server or a local distribution server.
  • the pre-encryption controller provides a first tag to the user terminal and a second tag to the server. Said first tag being associated with said second tag and said second tag acts as a reference to the pre- encrypted content and associated first tag, wherein said first and second tags are unique to the pre- encrypted content and are tracked by the pre- encryption controller.
  • the pre-encrypted content is communicated from the server to a user terminal via a first communication path.
  • An entitlement authorization associated with the encrypted content is communicated to a user terminal (e.g., a "client device" such as a set-top box) via a second communication path independent of said first communication path.
  • Authorization to access the pre-encrypted content is determined based on said entitlement authorization and said first tag upon demand of said content by a user.
  • the user terminal may be a set-top box, a digital television or a host with point-of- deployment (POD) capability, or a personal computer (PC) or the like that provides the functionality of a set-top box.
  • the pre-encryption controller acts to set up the encryption device for pre-encrypting the content.
  • the set up of the encryption device is outside the scope of this invention. For background purposes, it will suffice to state that the pre- encryption controller, through bi-directional communication with the encryption device, configures the encryption device with appropriate parametric values and commands to enable the encryption device appropriately to encrypt the content.
  • the server is a main server (e.g., a head-end server) which communicates the pre-encrypted content and first tag to the user terminal via a local distribution server.
  • the pre-encryption controller is in communication with a local distribution controller (e.g., a head-end controller in a cable television implementation) , which local distribution controller communicates the entitlement authorization to the user terminal.
  • the first tag is an opaque data block (ODB) and the second tag is a unique reference handle (URH) .
  • ODB opaque data block
  • UURH unique reference handle
  • the ODB and URH are both forwarded to both the local distribution controller and the server from the pre-encryption controller. In an alternate embodiment, only the URH is forwarded to the main server and the ODB is communicated from the local distribution controller to the local distribution server.
  • the ODB or the URH may be stored as an attribute of the encrypted content.
  • both the URH and the ODB are stored as an attribute of the encrypted content.
  • the ODB may be processed at the local distribution controller to generate a second ODB, which second ODB is forwarded from the local distribution controller to the local distribution server.
  • This processing at the local distribution controller may include algorithmically modifying the ODB.
  • Such reprocessing of the ODB at the local distribution controller provides an added level of security since the post-processing ODBs are no longer the same across multiple local distribution controllers .
  • the ODB itself may be coded in a manner that is not readily discernable by third parties.
  • the ODB content may include an encryption key to be used for decryption or used to derive the key for decryption.
  • the ODB may also include a hierarchy of encryption keys whose ultimate use is the derivation of the relevant key for decryption but with added levels of security. In this manner the ODB content is securable as deemed necessary without burdening the content providers or service vendors.
  • the ODB itself may also be encrypted, using, for example, the recipient's public key.
  • the pre-encrypted content may be broadcast, multicast, or singlecast such that only a user terminal with appropriate entitlement authorization will be able to decrypt the broadcast, multicast, or singlecast content.
  • the pre-encrypted content may be accessed via the Internet.
  • the entitlement authorization may comprise at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
  • a client application (typically software residing in a user terminal such as a set-top box) then requests specific content from the server, such as a video on demand (VOD) movie or any other interactive content.
  • the ODB is forwarded from a server application to the client application software that typically resides in a central processor (CPU) of the user terminal.
  • the server starts sending the pre-encrypted content to the user terminal.
  • the ODB is then forwarded from the client application via an application program interface in the CPU to a kernel located in the user terminal.
  • the ODB is then processed in the user terminal in conjunction with the received entitlement authorization to determine whether to decrypt the received pre-encrypted content . Processing may be provided by a secure processor located in the user terminal or a software task included in the user terminal CPU.
  • the pre- encrypted content is received by the user terminal and decrypted when authorization is granted. Upon authorization, the content will be processed for display.
  • the pre-encrypted content may be received by the secure processor via a conventional receiver circuit.
  • the pre-encrypted content may be received by the secure processor via direct memory access from device memory.
  • Figure 1 is a block diagram of the functional components of the flexible pre-encryption architecture of the invention
  • Figure 2 is a block diagram of another embodiment of the functional components of the flexible pre-encryption architecture of the invention.
  • FIG. 3 is a block diagram of the relevant components of a user terminal in accordance with the invention.
  • Figure 1 illustrates the main components of an on-demand content communication system in accordance with the present invention.
  • a method and apparatus are provided for access control of pre-encrypted on-demand content.
  • the video encoder and post encoding processors are not shown, since they are well known in the art.
  • any type of post processing to be done on the content file/data stream is performed prior to encryption.
  • a pre-encryption controller 10 sets up an encryption device 14 for encryption of the content 15.
  • a server 12 forwards the content file/stream to the encryption device 14 for encryption of the content prior to distribution ("pre-encryption").
  • the encryption device encrypts the content file and forwards the pre-encrypted content back to the main server 12.
  • the pre-encryption controller 10 acts to set up the encryption device 14 for pre-encrypting the content.
  • the set up of the encryption device 14 is outside the scope of this invention. For background purposes, it will suffice to state that the pre- encryption controller 10, through bi-directional communication with the encryption device 14, configures the encryption device 14 with appropriate parametric values and commands to enable the encryption device 14 appropriately to encrypt the content .
  • the pre-encrypted content is forwarded from the encryption device 14 to a server 12.
  • the server may be a main server or a local distribution server.
  • the pre-encryption controller provides a first tag and a second tag to the server 12 via line 17.
  • the first tag is also provided to a user terminal 20 via line 19 or 21 depending upon the particular implementation, the first tag being associated with said second tag.
  • the second tag acts as a reference to the pre-encrypted content and associated first tag, wherein the first and second tags are unique to the pre-encrypted content and are tracked by the pre-encryption controller 10.
  • the pre-encrypted content is communicated from the server 12 to a user terminal 20 (e.g., a "client device" such as a set- top box) via a first communication path 21.
  • a user terminal 20 e.g., a "client device” such as a set- top box
  • An entitlement authorization associated with the encrypted content is communicated to the user terminal 20 via a second communication path 19 independent of the first communication path.
  • Authorization to access the pre-encrypted content is determined at the user terminal 20 based on said entitlement authorization and the first tag upon demand of the content by a user.
  • Communication from the user terminal 20 back to the server 12 is provided on line 23.
  • the user terminal 20 may be a set-top box, a digital television or a host with point-of- deployment (POD) capability, or a personal computer (PC) or the like that provides the functionality of a set-top box.
  • POD point-of- deployment
  • PC personal computer
  • the server is a main server 12' (e.g., a head-end server) which communicates the pre-encrypted content and first tag to the user terminal 20 via lines 25 and 27 and a local distribution server 18.
  • the main server 12' can distribute the encrypted content to various local distribution servers (at various service provider locations, e.g., head-ends).
  • the pre-encryption controller 10 is in communication with a local distribution controller 16, which controls, e.g., a cable television system or the like in a well known manner (e.g., a head-end controller in a cable television implementation) .
  • the local distribution controller 16 communicates the entitlement authorization to the user terminal 20 via line 29.
  • the first tag is an opaque data block (ODB) and the second tag is a unique reference handle (URH) .
  • the URH may be generated as a function of the ODB.
  • the ODB and URH are both forwarded to both the local distribution controller 16 (via line 11) and the main server 12' (via line 13) from the pre-encryption controller 10.
  • only the URH is forwarded to the main server 12' and the ODB is communicated from the local distribution controller 16 to the local distribution server 18 via line 22.
  • Either the ODB or the URH may be stored as an attribute of the encrypted content.
  • both the URH and the ODB may be stored as an attribute of the encrypted content.
  • the ODB may be processed at the local distribution controller 16 to generate a modified, second ODB, which second ODB is forwarded from the local distribution controller 16 to the local distribution server 18.
  • This processing at the local distribution controller 16 may include algorithmically modifying the ODB. This may be done as an offline process. Such reprocessing of the ODB at the local distribution controller 16 provides an added level of security since the post-processing ODBs are no longer the same across multiple local distribution controllers.
  • the system manufacturer specifies the ODB content and, for security reasons, the ODB itself may be coded in a manner that is not readily discernable by third parties.
  • the ODB content may include an encryption key to be used for decryption or used to derive the key for decryption.
  • the ODB may also include a hierarchy of encryption keys whose ultimate use is the derivation of the relevant key for decryption but with added levels of security.
  • the ODB itself may also be encrypted (with an additional level of implementation complexity) using, for example, the recipient's public key.
  • the ODB may be made available in advance since it is associated with the event or content to be viewed or received.
  • Encryption of the ODB using the user' s public key is extremely useful for the IP transport case where the system administrator has to the option to make known what events are available when, e.g. via an Electronic Programming Guide (EPG) .
  • EPG Electronic Programming Guide
  • the ODB content is securable as deemed necessary without burdening the content providers or service vendors.
  • the entitlement control is upgradeable without impacting the content providers or service vendors .
  • the pre-encrypted content may be broadcast, multicast, or singlecast such that only a user terminal 20 with appropriate entitlement authorization will be able to decrypt the broadcast, multicast, or singlecast content.
  • the pre-encrypted content may be accessed via the Internet .
  • the entitlement authorization may comprise at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
  • Figure 3 depicts the processing that takes place at the user terminal 20.
  • the client application 40 (typically residing in a user terminal 20 such as a set-top box) then requests specific content from the server (either the server 12 of Figure 1 or local distribution server 18 of Figure 2), such as a video on demand (VOD) movie or any other interactive content.
  • the server then sends the ODB to the client application device 40.
  • the server 18 starts sending the pre-encrypted content to the user terminal 20.
  • the client application 40 (e.g. software) running in the user terminal processor (CPU) 36 receives the ODB from a server application in the server 12 or local distribution server 18, as described in connection with Figures 1 and 2, and forwards it via an application program interface (API) 42 to the user terminal processor kernel 44.
  • the ODB may be made available ahead of time, before the actual broadcast or multicast event commences. In this case the ODB may be requested by and sent to the user by the local distribution controller (16) .
  • the ODB is then processed in the user terminal 20 in conjunction with the received entitlement authorization (as described in connection with Figures 1 and 2) to determine whether to decrypt the received pre-encrypted content. Processing may be provided by a secure processor 32 located in the user terminal 20 or a software task included in the CPU 36.
  • the pre- encrypted content is received by the user terminal 20 and decrypted when authorization is granted. Upon authorization, the content will be processed for display.
  • the pre-encrypted content may be received by the secure processor 32 via a conventional receiver circuit (i.e. receiver output of Figure 3).
  • the pre-encrypted content may be received by the secure processor 32 via direct memory access from device memory 30.
  • the decrypted output from the secure processor 32 is written back to memory 30 for further use by the CPU 36, or is forwarded to a demultiplexer/decoder 34 for further processing in a conventional manner.
  • the present invention provides an improved method and apparatus for the delivery and access of pre-encrypted on- demand television services.
  • the present invention provides a content pre-encryption method and apparatus that enables entitlement control to be effectively implemented independent of the transport protocol, e.g., MPEG-2 or Internet Protocol (IP), and to some extent independent of transmission mode (i.e., singlecast (e.g., on- demand) , multicast, or broadcast) .
  • the present invention provides encryption and access control capability that can be offered as a separate service to content providers, server vendors, cable system operators, and/or Internet service providers, or the like.
  • the present invention enables entitlement authorization that can vary in sophistication as deemed necessary without burdening the content providers or service vendors.
  • the entitlement control is upgradeable without impacting the content providers or service vendors.

Abstract

A method and apparatus for providing access control of pre-encrypted on-demand television content. Existing encryption capability for cable television services or the like is extended to handle pre-encrypted content from a server (12) that is requested on demand by a viewer at a user terminal (20). Alternatively, the pre-encrypted content (provided, e.g. by an encryption device (14) can be broadcast or multicast from the server (12) to a group of viewers. The invention is upgradeable to facilitate implementations of entitlement control algorithms that vary in sophistication as the need dictates. Additionally, the method is extensible to enable access control of pre-encrypted content that is independent of the transport protocol used. Such protocols include, for example, MPEG-2 and Internet Protocol (IP) which may also utilize Public Key Cryptography.

Description

METHOD AND APPARATUS FOR ACCESS CONTROL OF PRE-ENCRYPTED ON-DEMAND TELEVISION SERVICES
This application claims the benefit of U.S. provisional patent application no.60/132, 366 filed May 4, 1999.
BACKGROUND OF THE INVENTION
The present invention relates to the communication of information services over a communication network, and more particularly to providing access control for signals containing audiovisual content and services, such as on-demand television programming. In order to render subscription programming services and the like commercially viable, systems must be provided for preventing non-paying individuals from obtaining the services. Such "access control" systems can take various forms, but generally include some type of modification (e.g., scrambling) or encryption of the signals that carry the services. Only authorized subscribers have access to the elements (e.g., cryptographic keys) necessary to satisfactorily receive the signals.
Current techniques for decryption of signals such as on-demand services may be based on real time hardware based encryption solutions or based on pre- encryption methods. Some configurations allow for cost effective real time encryption at the transport level but are not as effective at a service level. Such problems, together with the following additional factors, require a new solution that provides a reliable and cost-effective means for access control of on-demand services:
1. Current real-time encryption does not meet the cost model for on-demand services, in that it is expensive to implement. 2. In some configurations real time encryption requires too much real-estate at service provider sites (currently, for example, various video-on-demand (VOD) vendors are consolidating their servers and signal modulators (e.g., QAM modulators) in space efficient packaging which bypasses a realtime encryption stage) .
3. Pre-encryption is inherently not as secure as real-time encryption. At the same time, on-demand content security requirements are less stringent than those of broadcast content. For example, there is no a priori knowledge of when certain content will be requested in the on-demand case. In the broadcast case, the content is always being sent and the schedules are known ahead of time .
4. MPAA (Motion Picture Association of America) has issues with clear (i.e., unencrypted) content, such as movies, and expects such content to be protected.
5. Entitlement control should be upgradeable without impacting content providers or server vendors. Stronger solutions should be able to be incorporated gradually as the need dictates.
6. Secure content delivery of MPEG-2 (Motion Picture Experts Group) using Internet Protocol (IP) for point to point on demand services or multicast services must be facilitated.
7. Transport independent entitlement control
(e.g., MPEG-2 or IP) must be provided.
It would be advantageous to provide a method and apparatus for access control of on-demand services that addresses the above-noted issues. In particular, it would be advantageous to provide a content pre-encryption method that enables entitlement control to be effectively implemented independent of the transport protocol, e.g., MPEG-2 or IP.
It would be still further advantageous to provide such a capability that can be offered as a separate service to content providers, server vendors, and cable system operators. The present invention can be adapted for use with different types of provider networks, e.g. satellite and Internet based networks.
The present invention provides a system having these and other advantages. In particular, the invention disclosed herein extends existing encryption capability, such as that provided by the Digicipher II (DCII) system available from General Instrument Corporation of Horsham, Pennsylvania, USA, the assignee of the present invention, to handle pre-encrypted content that is requested on demand by a viewer or is sent to a group of viewers. The method of the invention is also upgradeable to facilitate implementations of entitlement control algorithms that vary in sophistication as the need dictates. Additionally, the method is extensible to enable encryption control that is independent of the transport protocol used. Such protocols include, for example, MPEG-2 and Internet Protocol (IP) .
SUMMARY OF THE INVENTION
In accordance with the present invention, a method and apparatus are provided for access control of pre-encrypted on-demand content. In a simplified embodiment, the content is pre-encrypted by an encryption device controlled by a pre-encryption controller. The pre-encrypted content is forwarded from the encryption device to a server. The server may be a main server or a local distribution server. The pre-encryption controller provides a first tag to the user terminal and a second tag to the server. Said first tag being associated with said second tag and said second tag acts as a reference to the pre- encrypted content and associated first tag, wherein said first and second tags are unique to the pre- encrypted content and are tracked by the pre- encryption controller. The pre-encrypted content is communicated from the server to a user terminal via a first communication path. An entitlement authorization associated with the encrypted content is communicated to a user terminal (e.g., a "client device" such as a set-top box) via a second communication path independent of said first communication path. Authorization to access the pre-encrypted content is determined based on said entitlement authorization and said first tag upon demand of said content by a user.
The user terminal may be a set-top box, a digital television or a host with point-of- deployment (POD) capability, or a personal computer (PC) or the like that provides the functionality of a set-top box. The pre-encryption controller acts to set up the encryption device for pre-encrypting the content. The set up of the encryption device is outside the scope of this invention. For background purposes, it will suffice to state that the pre- encryption controller, through bi-directional communication with the encryption device, configures the encryption device with appropriate parametric values and commands to enable the encryption device appropriately to encrypt the content. In an alternate embodiment, the server is a main server (e.g., a head-end server) which communicates the pre-encrypted content and first tag to the user terminal via a local distribution server. The pre-encryption controller is in communication with a local distribution controller (e.g., a head-end controller in a cable television implementation) , which local distribution controller communicates the entitlement authorization to the user terminal. In a preferred embodiment, the first tag is an opaque data block (ODB) and the second tag is a unique reference handle (URH) . The URH may be generated as a function of the ODB.
In one embodiment, the ODB and URH are both forwarded to both the local distribution controller and the server from the pre-encryption controller. In an alternate embodiment, only the URH is forwarded to the main server and the ODB is communicated from the local distribution controller to the local distribution server.
In one embodiment the ODB or the URH may be stored as an attribute of the encrypted content. Alternatively, both the URH and the ODB are stored as an attribute of the encrypted content. The ODB may be processed at the local distribution controller to generate a second ODB, which second ODB is forwarded from the local distribution controller to the local distribution server. This processing at the local distribution controller may include algorithmically modifying the ODB. Such reprocessing of the ODB at the local distribution controller provides an added level of security since the post-processing ODBs are no longer the same across multiple local distribution controllers .
The ODB itself may be coded in a manner that is not readily discernable by third parties. Alternatively, the ODB content may include an encryption key to be used for decryption or used to derive the key for decryption. The ODB may also include a hierarchy of encryption keys whose ultimate use is the derivation of the relevant key for decryption but with added levels of security. In this manner the ODB content is securable as deemed necessary without burdening the content providers or service vendors. In the on-demand case, the ODB itself may also be encrypted, using, for example, the recipient's public key.
The pre-encrypted content may be broadcast, multicast, or singlecast such that only a user terminal with appropriate entitlement authorization will be able to decrypt the broadcast, multicast, or singlecast content. Alternatively, the pre-encrypted content may be accessed via the Internet.
The entitlement authorization may comprise at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
In a preferred embodiment, a client application (typically software residing in a user terminal such as a set-top box) then requests specific content from the server, such as a video on demand (VOD) movie or any other interactive content. The ODB is forwarded from a server application to the client application software that typically resides in a central processor (CPU) of the user terminal. After this set-up is completed, the server starts sending the pre-encrypted content to the user terminal. The ODB is then forwarded from the client application via an application program interface in the CPU to a kernel located in the user terminal. The ODB is then processed in the user terminal in conjunction with the received entitlement authorization to determine whether to decrypt the received pre-encrypted content . Processing may be provided by a secure processor located in the user terminal or a software task included in the user terminal CPU. The pre- encrypted content is received by the user terminal and decrypted when authorization is granted. Upon authorization, the content will be processed for display.
The pre-encrypted content may be received by the secure processor via a conventional receiver circuit. Alternatively, the pre-encrypted content may be received by the secure processor via direct memory access from device memory.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 is a block diagram of the functional components of the flexible pre-encryption architecture of the invention; Figure 2 is a block diagram of another embodiment of the functional components of the flexible pre-encryption architecture of the invention; and
Figure 3 is a block diagram of the relevant components of a user terminal in accordance with the invention.
DETAILED DESCRIPTION OF THE INVENTION
Figure 1 illustrates the main components of an on-demand content communication system in accordance with the present invention. In particular, a method and apparatus are provided for access control of pre-encrypted on-demand content. The video encoder and post encoding processors are not shown, since they are well known in the art. As will be appreciated by those skilled in the art, any type of post processing to be done on the content file/data stream is performed prior to encryption.
Referring to Figure 1, a pre-encryption controller 10 sets up an encryption device 14 for encryption of the content 15. A server 12 forwards the content file/stream to the encryption device 14 for encryption of the content prior to distribution ("pre-encryption"). The encryption device encrypts the content file and forwards the pre-encrypted content back to the main server 12. The pre-encryption controller 10 acts to set up the encryption device 14 for pre-encrypting the content. The set up of the encryption device 14 is outside the scope of this invention. For background purposes, it will suffice to state that the pre- encryption controller 10, through bi-directional communication with the encryption device 14, configures the encryption device 14 with appropriate parametric values and commands to enable the encryption device 14 appropriately to encrypt the content .
In one embodiment as shown in Figure 1, the pre-encrypted content is forwarded from the encryption device 14 to a server 12. The server may be a main server or a local distribution server. The pre-encryption controller provides a first tag and a second tag to the server 12 via line 17. The first tag is also provided to a user terminal 20 via line 19 or 21 depending upon the particular implementation, the first tag being associated with said second tag. The second tag acts as a reference to the pre-encrypted content and associated first tag, wherein the first and second tags are unique to the pre-encrypted content and are tracked by the pre-encryption controller 10. The pre-encrypted content is communicated from the server 12 to a user terminal 20 (e.g., a "client device" such as a set- top box) via a first communication path 21. An entitlement authorization associated with the encrypted content is communicated to the user terminal 20 via a second communication path 19 independent of the first communication path. Authorization to access the pre-encrypted content is determined at the user terminal 20 based on said entitlement authorization and the first tag upon demand of the content by a user. Communication from the user terminal 20 back to the server 12 is provided on line 23. The user terminal 20 may be a set-top box, a digital television or a host with point-of- deployment (POD) capability, or a personal computer (PC) or the like that provides the functionality of a set-top box.
In an alternate embodiment shown in Figure 2, the server is a main server 12' (e.g., a head-end server) which communicates the pre-encrypted content and first tag to the user terminal 20 via lines 25 and 27 and a local distribution server 18. The main server 12' can distribute the encrypted content to various local distribution servers (at various service provider locations, e.g., head-ends). The pre-encryption controller 10 is in communication with a local distribution controller 16, which controls, e.g., a cable television system or the like in a well known manner (e.g., a head-end controller in a cable television implementation) . The local distribution controller 16 communicates the entitlement authorization to the user terminal 20 via line 29.
In a preferred embodiment, the first tag is an opaque data block (ODB) and the second tag is a unique reference handle (URH) . The URH may be generated as a function of the ODB.
In one embodiment, the ODB and URH are both forwarded to both the local distribution controller 16 (via line 11) and the main server 12' (via line 13) from the pre-encryption controller 10. In an alternate embodiment, only the URH is forwarded to the main server 12' and the ODB is communicated from the local distribution controller 16 to the local distribution server 18 via line 22. Either the ODB or the URH may be stored as an attribute of the encrypted content. Alternatively, both the URH and the ODB may be stored as an attribute of the encrypted content.
The ODB may be processed at the local distribution controller 16 to generate a modified, second ODB, which second ODB is forwarded from the local distribution controller 16 to the local distribution server 18. This processing at the local distribution controller 16 may include algorithmically modifying the ODB. This may be done as an offline process. Such reprocessing of the ODB at the local distribution controller 16 provides an added level of security since the post-processing ODBs are no longer the same across multiple local distribution controllers.
The system manufacturer specifies the ODB content and, for security reasons, the ODB itself may be coded in a manner that is not readily discernable by third parties. Alternatively, the ODB content may include an encryption key to be used for decryption or used to derive the key for decryption. The ODB may also include a hierarchy of encryption keys whose ultimate use is the derivation of the relevant key for decryption but with added levels of security. In the on-demand case, the ODB itself may also be encrypted (with an additional level of implementation complexity) using, for example, the recipient's public key. In the case of broadcast or multicast content, the ODB may be made available in advance since it is associated with the event or content to be viewed or received. Encryption of the ODB using the user' s public key is extremely useful for the IP transport case where the system administrator has to the option to make known what events are available when, e.g. via an Electronic Programming Guide (EPG) . In this manner the ODB content is securable as deemed necessary without burdening the content providers or service vendors. In addition, the entitlement control is upgradeable without impacting the content providers or service vendors .
The pre-encrypted content may be broadcast, multicast, or singlecast such that only a user terminal 20 with appropriate entitlement authorization will be able to decrypt the broadcast, multicast, or singlecast content. Alternatively, the pre-encrypted content may be accessed via the Internet . The entitlement authorization may comprise at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB. Figure 3 depicts the processing that takes place at the user terminal 20. The client application 40 (typically residing in a user terminal 20 such as a set-top box) then requests specific content from the server (either the server 12 of Figure 1 or local distribution server 18 of Figure 2), such as a video on demand (VOD) movie or any other interactive content. The server then sends the ODB to the client application device 40. After this set-up is completed, the server 18 starts sending the pre-encrypted content to the user terminal 20.
The client application 40 (e.g. software) running in the user terminal processor (CPU) 36 receives the ODB from a server application in the server 12 or local distribution server 18, as described in connection with Figures 1 and 2, and forwards it via an application program interface (API) 42 to the user terminal processor kernel 44. In the broadcast and multicast modes, the ODB may be made available ahead of time, before the actual broadcast or multicast event commences. In this case the ODB may be requested by and sent to the user by the local distribution controller (16) . The ODB is then processed in the user terminal 20 in conjunction with the received entitlement authorization (as described in connection with Figures 1 and 2) to determine whether to decrypt the received pre-encrypted content. Processing may be provided by a secure processor 32 located in the user terminal 20 or a software task included in the CPU 36. The pre- encrypted content is received by the user terminal 20 and decrypted when authorization is granted. Upon authorization, the content will be processed for display.
The pre-encrypted content may be received by the secure processor 32 via a conventional receiver circuit (i.e. receiver output of Figure 3).
Alternatively, the pre-encrypted content may be received by the secure processor 32 via direct memory access from device memory 30. The decrypted output from the secure processor 32 is written back to memory 30 for further use by the CPU 36, or is forwarded to a demultiplexer/decoder 34 for further processing in a conventional manner.
It should now be appreciated that the present invention provides an improved method and apparatus for the delivery and access of pre-encrypted on- demand television services. In particular, the present invention provides a content pre-encryption method and apparatus that enables entitlement control to be effectively implemented independent of the transport protocol, e.g., MPEG-2 or Internet Protocol (IP), and to some extent independent of transmission mode (i.e., singlecast (e.g., on- demand) , multicast, or broadcast) . Additionally, the present invention provides encryption and access control capability that can be offered as a separate service to content providers, server vendors, cable system operators, and/or Internet service providers, or the like. The present invention enables entitlement authorization that can vary in sophistication as deemed necessary without burdening the content providers or service vendors. In addition, the entitlement control is upgradeable without impacting the content providers or service vendors.
Although the invention has been described in connection with certain preferred embodiments, it should be appreciated that numerous adaptations and modifications may be made thereto without departing from the scope of the invention as set forth in the claims .

Claims

What is claimed is:
1. A method of providing access control for pre-encrypted on-demand content, comprising the steps of: pre-encrypting the content; forwarding the pre-encrypted content to a server; providing a first tag to a user terminal, said first tag being associated with a second tag; said second tag acting as a reference to the pre-encrypted content and associated first tag, wherein said first and second tags are unique to the pre-encrypted content and are tracked by a pre- encryption controller; providing at least said second tag to said server; communicating the pre-encrypted content from said server to said user terminal via a first communication path; communicating an entitlement authorization associated with the pre-encrypted content to said user terminal via a second communication path independent of said first communication path; and determining whether said user terminal is authorized to access said pre-encrypted content based on said entitlement authorization and said first tag upon demand of said content by a user.
2. A method in accordance with claim 1, wherein; the server is a main server; the main server communicates the pre-encrypted content and first tag to the user terminal via a local distribution server; and the pre-encryption controller is in communication with a local distribution controller, which local distribution controller communicates the entitlement authorization to the user terminal.
3. A method in accordance with claim 2, wherein: the first tag is an opaque data block (ODB) ; and the second tag is a unique reference handle (URH) .
4. A method in accordance with claim 3, comprising the further step of forwarding the ODB and associated URH to the local distribution controller.
5. A method in accordance with claim 3, wherein only the URH is forwarded to the main server, further comprising the steps of: communicating the ODB from the local distribution controller to the local distribution server .
6. A method in accordance with claim 5, wherein the ODB is processed at the local distribution controller to generate a second ODB, which second ODB is forwarded from the local distribution controller to the local distribution server.
7. A method in accordance with claim 3, wherein; the pre-encrypted content is broadcast; the ODB is broadcast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the broadcast content .
8. A method in accordance with claim 3, wherein: the pre-encrypted content is multicast; the ODB is multicast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the multicast content.
9. A method in accordance with claim 3, wherein: the pre-encrypted content is singlecast; the ODB is singlecast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the singlecast content.
10. A method in accordance with claim 3, wherein the entitlement authorization comprises at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
11. A method in accordance with claim 3, further comprising the steps of: forwarding the ODB from a server application via an application program interface in the user terminal to a kernel located in the user terminal; processing the ODB in conjunction with the received entitlement authorization such that the processor determines whether to decrypt the received pre-encrypted content; receiving the pre-encrypted content; decrypting the pre-encrypted content when authorization is granted; and processing the decrypted content for display.
12. A method in accordance with claim 11, wherein the pre-encrypted content is received by the secure processor via a receiver circuit.
13. A method in accordance with claim 11, wherein the pre-encrypted content is received by the secure processor via direct memory access from device memory.
14. A method in accordance with claim 3, wherein the ODB is coded in a manner that is not readily discernable by third parties.
15. A method in accordance with claim 3, wherein the ODB content includes one of an encryption key or a hierarchy of encryption keys.
16. A method in accordance with claim 3, wherein the ODB itself is encrypted.
17. A method in accordance with claim 16, wherein the ODB is encrypted using the user' s public key.
18. A method in accordance with claim 3, wherein the user terminal is one of a set-top box, a digital television or a host with point-of- deployment capability, or a personal computer.
19. A method in accordance with claim 3, wherein one of the URH and the ODB is stored as an attribute of the pre-encrypted content.
20. A method in accordance with claim 3, wherein each of the URH and the ODB are stored as an attribute of the pre-encrypted content.
21. A method in accordance with claim 3, wherein the pre-encrypted content is accessed via the Internet.
22. An apparatus for providing access control for pre-encrypted on-demand content, comprising: an encryption device for encrypting the content; a server for receiving the pre-encrypted content from the encryption device; a pre-encryption controller for generating a first tag and an associated second tag, said second tag acting as a reference to the pre-encrypted content and associated first tag, wherein said first tag and second tag are unique to the pre-encrypted content and are tracked by the pre-encryption controller; a user terminal for receiving entitlement authorization associated with the pre-encrypted content; said first tag being communicated to a user terminal and said second tag being communicated to the server; wherein the user terminal determines whether it is authorized to access said pre-encrypted content based on said entitlement authorization and said first tag upon demand of said content by a user.
23. An apparatus in accordance with claim 22, wherein; the server is a main server; the main server communicates the pre-encrypted content and first tag to the user terminal via a local distribution server; and the pre-encryption controller is in communication with a local distribution controller, which local distribution controller communicates the entitlement authorization to the user terminal.
24. An apparatus in accordance with claim 23, wherein: the first tag is an opaque data block (ODB) ; and the second tag is a unique reference handle (URH) .
25. An apparatus in accordance with claim 24, wherein the local distribution controller receives the ODB and associated URH from the pre-encryption controller.
26. An apparatus in accordance with claim 24, wherein: the main server receives only the URH from the pre-encryption controller; and the local distribution controller communicates the ODB to the local distribution server.
27. An apparatus in accordance with claim 26, wherein the ODB is processed at the local distribution controller to generate a second ODB, which second ODB is forwarded from the local distribution controller to the local distribution server.
28. An apparatus in accordance with claim 24, wherein; the pre-encrypted content is broadcast; the ODB is broadcast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the broadcast content.
29. An apparatus in accordance with claim 24, wherein: the pre-encrypted content is multicast; the ODB is multicast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the multicast content.
30. An apparatus in accordance with claim 24, wherein: the pre-encrypted content is singlecast; the ODB is singlecast; and only a user terminal with appropriate entitlement authorization will be able to decrypt the singlecast content.
31. An apparatus in accordance with claim 24, wherein the entitlement authorization comprises at least one of (i) an entitlement authorization for a service carrying the content, (ii) an entitlement authorization for the content itself, and (iii) an entitlement authorization for using ODB.
32. An apparatus in accordance with claim 24, wherein the user terminal comprises: a client application using a program interface for forwarding the ODB from the local distribution server to a kernel said kernel receiving the ODB the application program interface and the entitlement authorization from the local distribution controller; and a secure processor for receiving the ODB and entitlement authorization from the kernel and receiving the pre-encrypted content from the local distribution server, wherein the processor processes the ODB in conjunction with entitlement authorization such that the processor determines whether to decrypt the received pre-encrypted content .
33. An apparatus in accordance with claim 32, wherein the secure processor receives the pre- encrypted content via a receiver circuit.
34. An apparatus in accordance with claim 32, wherein the secure processor receives the pre- encrypted content via direct memory access from device memory.
35. An apparatus in accordance with claim 24, wherein the ODB is coded in a manner that is not readily discernable by third parties.
36. An apparatus in accordance with claim 24, wherein the ODB content includes one of an encryption key or a hierarchy of encryption keys.
37. An apparatus in accordance with claim 24, wherein the ODB itself is encrypted.
38. An apparatus in accordance with claim 37, wherein the ODB is encrypted using the user' s public key.
39. An apparatus in accordance with claim 24, wherein the user terminal is one of a set-top box, a digital television or a host with point-of- deployment capability, or a personal computer.
40. An apparatus in accordance with claim 24, wherein one of the URH and the ODB is stored as an attribute of the pre-encrypted content.
41. An apparatus in accordance with claim 24, wherein each of the URH and the ODB are stored as an attribute of the pre-encrypted content.
42. An apparatus in accordance with claim 24, wherein the pre-encrypted content is accessed via the Internet.
PCT/US2000/009800 1999-05-04 2000-04-12 Method and apparatus for access control of pre-encrypted on-demand television services WO2000067483A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CA002372810A CA2372810A1 (en) 1999-05-04 2000-04-12 Method and apparatus for access control of pre-encrypted on-demand television services
EP00922124A EP1175781A1 (en) 1999-05-04 2000-04-12 Method and apparatus for access control of pre-encrypted on-demand television services
MXPA01010808A MXPA01010808A (en) 1999-05-04 2000-04-12 Method and apparatus for access control of pre-encrypted on-demand television services.
AU42359/00A AU4235900A (en) 1999-05-04 2000-04-12 Method and apparatus for access control of pre-encrypted on-demand television services

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13236699P 1999-05-04 1999-05-04
US60/132,366 1999-05-04

Publications (1)

Publication Number Publication Date
WO2000067483A1 true WO2000067483A1 (en) 2000-11-09

Family

ID=22453686

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/009800 WO2000067483A1 (en) 1999-05-04 2000-04-12 Method and apparatus for access control of pre-encrypted on-demand television services

Country Status (6)

Country Link
EP (1) EP1175781A1 (en)
AU (1) AU4235900A (en)
CA (1) CA2372810A1 (en)
MX (1) MXPA01010808A (en)
TW (1) TW511377B (en)
WO (1) WO2000067483A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002058398A2 (en) * 2001-01-18 2002-07-25 General Instrument Corporation System for securely delivering pre-encrypted content on demand with access control
WO2002093502A1 (en) * 2001-05-17 2002-11-21 Nokia Corporation Remotely granting access to a smart environment
EP1274243A2 (en) * 2001-07-03 2003-01-08 General Instrument Corporation System for securing encryption renewal system and for registration and remote activation of encryption device
WO2003005724A2 (en) * 2001-07-03 2003-01-16 General Instrument Corporation Communication protocol for content on demand system with callback time
US7257227B2 (en) * 2000-10-26 2007-08-14 General Instrument Corporation System for denying access to content generated by a compromised off line encryption device and for conveying cryptographic keys from multiple conditional access systems
US7333610B2 (en) 2000-08-11 2008-02-19 Nds Ltd System and method for pre-encryption of transmitted content

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0793366A2 (en) * 1996-02-28 1997-09-03 Hitachi, Ltd. Method and apparatus for encrypting data
WO1998043426A1 (en) * 1997-03-21 1998-10-01 Canal+ Societe Anonyme Broadcast and reception system, and conditional access system therefor
WO1999014953A1 (en) * 1997-09-15 1999-03-25 Worldgate Service, Inc. Access system and method for providing interactive access to an information source through a networked distribution system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0793366A2 (en) * 1996-02-28 1997-09-03 Hitachi, Ltd. Method and apparatus for encrypting data
WO1998043426A1 (en) * 1997-03-21 1998-10-01 Canal+ Societe Anonyme Broadcast and reception system, and conditional access system therefor
WO1999014953A1 (en) * 1997-09-15 1999-03-25 Worldgate Service, Inc. Access system and method for providing interactive access to an information source through a networked distribution system

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7333610B2 (en) 2000-08-11 2008-02-19 Nds Ltd System and method for pre-encryption of transmitted content
US6978022B2 (en) 2000-10-26 2005-12-20 General Instrument Corporation System for securing encryption renewal system and for registration and remote activation of encryption device
US7080397B2 (en) 2000-10-26 2006-07-18 General Instrument Corporation Communication protocol for content on demand system with callback time
US7257227B2 (en) * 2000-10-26 2007-08-14 General Instrument Corporation System for denying access to content generated by a compromised off line encryption device and for conveying cryptographic keys from multiple conditional access systems
WO2002058398A2 (en) * 2001-01-18 2002-07-25 General Instrument Corporation System for securely delivering pre-encrypted content on demand with access control
WO2002058398A3 (en) * 2001-01-18 2003-02-27 Gen Instrument Corp System for securely delivering pre-encrypted content on demand with access control
WO2002093502A1 (en) * 2001-05-17 2002-11-21 Nokia Corporation Remotely granting access to a smart environment
US7493651B2 (en) 2001-05-17 2009-02-17 Nokia Corporation Remotely granting access to a smart environment
EP1274243A2 (en) * 2001-07-03 2003-01-08 General Instrument Corporation System for securing encryption renewal system and for registration and remote activation of encryption device
WO2003005724A2 (en) * 2001-07-03 2003-01-16 General Instrument Corporation Communication protocol for content on demand system with callback time
EP1274243A3 (en) * 2001-07-03 2003-09-10 General Instrument Corporation System for securing encryption renewal system and for registration and remote activation of encryption device
WO2003005724A3 (en) * 2001-07-03 2004-02-19 Gen Instrument Corp Communication protocol for content on demand system with callback time

Also Published As

Publication number Publication date
MXPA01010808A (en) 2002-05-14
EP1175781A1 (en) 2002-01-30
TW511377B (en) 2002-11-21
AU4235900A (en) 2000-11-17
CA2372810A1 (en) 2000-11-09

Similar Documents

Publication Publication Date Title
US7383561B2 (en) Conditional access system
EP2465262B1 (en) Digital rights management protection for content identified using a social tv service
US8312265B2 (en) Encrypting received content
US8667304B2 (en) Methods and apparatuses for secondary conditional access server
US6978022B2 (en) System for securing encryption renewal system and for registration and remote activation of encryption device
US5627892A (en) Data security scheme for point-to-point communication sessions
KR100917720B1 (en) Method for secure distribution of digital data representing a multimedia content
US20040083177A1 (en) Method and apparatus for pre-encrypting VOD material with a changing cryptographic key
US20060200412A1 (en) System and method for DRM regional and timezone key management
US20060190403A1 (en) Method and Apparatus for Content Protection and Copyright Management in Digital Video Distribution
US20060069645A1 (en) Method and apparatus for providing secured content distribution
KR20050103516A (en) Conditional access personal video recorder
EP1206877B1 (en) System and method for securing on-demand delivery of pre-encrypted content using ecm suppression
EP1175781A1 (en) Method and apparatus for access control of pre-encrypted on-demand television services
WO2016189105A1 (en) Management of broadcast encrypted digital multimedia data receivers
KR101980928B1 (en) Method, cryptographic system and security module for descrambling content packets of a digital transport stream
US20080101614A1 (en) Method and Apparatus for Providing Secured Content Distribution
Tunstall et al. Inhibiting card sharing attacks
KR20020043564A (en) System and method for securing on-demand delivery of pre-encrypted content using ecm suppression

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 09937790

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: PA/a/2001/010808

Country of ref document: MX

ENP Entry into the national phase

Ref document number: 2372810

Country of ref document: CA

Ref country code: CA

Ref document number: 2372810

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 2000922124

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000922124

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2000922124

Country of ref document: EP