WO2001004727A1 - Generalized certificate processing for deployment module based copy protection systems - Google Patents
Generalized certificate processing for deployment module based copy protection systems Download PDFInfo
- Publication number
- WO2001004727A1 WO2001004727A1 PCT/EP2000/006371 EP0006371W WO0104727A1 WO 2001004727 A1 WO2001004727 A1 WO 2001004727A1 EP 0006371 W EP0006371 W EP 0006371W WO 0104727 A1 WO0104727 A1 WO 0104727A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- deployment module
- certificate
- appliance
- consumer appliance
- transmission point
- Prior art date
Links
- 238000012545 processing Methods 0.000 title claims abstract description 15
- 230000005540 biological transmission Effects 0.000 claims abstract description 58
- 238000000034 method Methods 0.000 claims abstract description 13
- 238000010200 validation analysis Methods 0.000 claims abstract description 4
- 230000001413 cellular effect Effects 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 4
- 101001091379 Homo sapiens Kallikrein-5 Proteins 0.000 description 2
- 102100034868 Kallikrein-5 Human genes 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000000835 fiber Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/418—External card to be used in combination with the client device, e.g. for conditional access
- H04N21/4181—External card to be used in combination with the client device, e.g. for conditional access for conditional access
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/45—Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
- H04N21/462—Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
- H04N21/4627—Rights management associated to the content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/80—Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
- H04N21/83—Generation or processing of protective or descriptive data associated with content; Content structuring
- H04N21/835—Generation of protective data, e.g. certificates
- H04N21/8355—Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed
Definitions
- This invention relates to a communication system and, more particularly, to certificate processing relating to a copy protection system for information transmitted between a deployment module, such as a point of deployment (POD) module, and a consumer appliance, such as a set-top box.
- a deployment module such as a point of deployment (POD) module
- POD point of deployment
- Digital transmission is used to receive and conduct numerous services and transactions, for example, to receive video, audio and data streams from a (cable television) service provider, such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per- View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services, hereinafter collectively known as "content”.
- a service provider such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per- View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services, hereinafter collectively known as "content”.
- some authority has the means of identifying pirate or illegal appliances, and when queried during an authentication process will evaluate the certificate and give instructions as to whether the appliance will be allowed to view copy protected content, or even, perhaps, be isolated from other authenticated appliances.
- This card is part of a conditional access system, with another part residing at the transmission point of the content.
- a transmission point of the content is also called a head-end.
- Content is scrambled at the transmission point, and then de-scrambled at the POD and then passed on to the consumer appliance itself.
- the conditional access system ensures that the consumer appliance only receives content for which the consumer has previously paid. It is at the interface between the POD and its associated consumer appliance that a copy protection system must be used, otherwise even paid-for content can be copied for illegal distribution.
- This copy protection system also uses a scrambling/de-scrambling scheme between the POD and the consumer appliance.
- a certificate embedded in the consumer appliance must be authenticated. If this certificate either cannot be authenticated or does not pass an authentication process, the conditional access system in the POD will be instructed not to de-scramble any content, even paid-for content.
- the transmission point can receive the certificate from a given consumer appliance for authentication and then provide instructions to the POD.
- any suitable digital certificate can be used, with the transmission point detecting the type of certificate and then performing the indicated computation.
- the POD in the case of a one-way transmission system where data can only be transmitted from the transmission point to the POD, the POD must play a greater role in the authentication process. Since the POD has fewer resources than the transmission point, heretofore it could only accommodate one certificate scheme.
- the POD requests the certificate from the associated consumer appliance, and obtains a consumer appliance authentication number from the received certificate. Combining this number with a certificate authentication code, which is embedded in its conditional access system, the POD causes a version of this information to be displayed on the display associated with the consumer appliance.
- the consumer then telephones an operator at the transmission point and relates the information displayed on the display appliance.
- the operator enters the information into the transmission point's computer system, and the information is used to authenticate the information supplied from the certificate.
- the transmission point sends a message to the consumer appliance's POD with authentication instructions.
- the POD validates the certificate, and, if both the authentication and validation processes yield a positive result, the copy protection scheme is initialized. If there is not a positive result, the copy protection scheme is not initialized and the POD conditional access system will not de-scramble paid-for content. Accordingly, known practices are limited such that in one-way transmission systems the POD is only able to validate one type of certificate. Thus, there is a clear and present need for an effective means to provide copy protection of content in one-way transmission systems that provides greater flexibility with regard to processing certificates, while minimizing additional cost and complexity.
- a certificate authentication code is transmitted to a deployment module on demand from a transmission point.
- This allows the deployment module to accommodate multiple types of certificates.
- the deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number.
- the transmission point selects an appropriate certificate authentication code and sends it to the deployment module.
- the authentication code includes, for example, a software program that takes a certificate as input and validates it. This transmission is protected by the existing conditional access system.
- the deployment module displays the authentication information on a display associated with the consumer appliance, which includes the type of certificate and information relating to the type of the deployment module. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
- the transmission point When the transmission point receives the above-mentioned authentication information, it decides on the authentication code that must be downloaded to the corresponding deployment module so that the deployment module can carry on the process of validating the particular certificate on the consumer appliance.
- the transmission of the authentication code is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized.
- FIG. 1 illustrates an exemplary system in accordance with the principles of the present invention
- FIG. 2 illustrates the authentication component of the exemplary system in
- FIG. 1 is an exemplary system according to the principles of the present invention in which generalized certificate processing for deployment module based copy protection systems is implemented. It will be recognized that FIG. 1 is simplified for explanation purposes and that the full system environment for the invention will comprise, for example, a cable, fiber or satellite service provider network or provisions for network reliability through redundancy, all of which need not be shown here.
- the system illustratively includes a consumer appliance 10, such as a set-top box, and a deployment module 12, such as a point of deployment (POD) module, a transmission point 14, such as a cable service provider, which communicate with each other through communication mediums 16 and 18 respectively.
- the communication mediums are, for example, wireless communications, electromagnetic card interfaces, optical communications, coax cables, telephone lines and the like.
- Deployment module 12 includes a processor 20 that has a conditional access module 22, a copy protection module 24 and a certificate authentication module 26. Deployment module 12 communicates with consumer appliance 10 via communication medium 18. Although deployment module 12 is described as a POD module, this arrangement is merely for convenience and it is to be understood that deployment modules are not limited to POD modules, per se. As used herein, the term “deployment module” refers to any type of (1) point of deployment module, (2) wireless, cellular or radio data interface appliance, (3) smartcard (4) personal computer, and (5) internet interface appliance, which facilitates the transfer of data, access remote services or engage in transactions and in which privacy and/or security is desired.
- Consumer appliance 10 includes a processor 22 that has a copy protection module 30. Alternatively, the copy protection module may be a separate unit coupled to processor 22. Consumer appliance 10 communicates with transmission point 14 via communication medium 16 .
- the display 32 associated with consumer appliance 10 is any displaying means such as a television, computer monitor, laptop computer, personal organizer (such as a PalmpilotTM) and the like. Communication also occurs between display 32 and the transmission point 14, for example, when a user views what's on the display and relays the information to an operator at the transmission point via a telephone call.
- consumer appliance 10 is not limited to any particular type device and its description as a set-top box is merely for convenience.
- the term “consumer appliance” refers to any type of (1) so-called “set-top box”, (2) wireless, cellular or radio data interface appliance, (3) personal computer, and (4) internet interface appliance, which: enables reception of data, allows access to remote services and facilitates remote transactions.
- Transmission point 14 includes a -processor 34 that has a conditional access module 36.
- the transmission point is any transmission facility such as a cable television service provider, Internet service/content provider, satellite service provider, television broadcast provider and the like.
- the processor can be any of a number of commercially available processors, for example that may include dedicated digital signal processors (DSPs), a central processing unit (CPU) and memory chips.
- DSPs digital signal processors
- CPU central processing unit
- FIG. 1 The embodiment shown in FIG. 1 is particularly useful for generalized certificate processing of POD-based copy protection systems, wherein a POD module and a set-top box are used in a service provider communications network, such as a cable television network.
- a conditional access system includes both conditional access modules 36 and 22, while a copy protection system includes both copy protection modules 30 and 24.
- Figure 2 shows an exemplary deployment module's authentication module for use in the embodiment of FIG.
- This authentication module includes a central processing unit (CPU) 20, a random access memory (RAM) 22, a non-volatile RAM 24, and an interconnecting bus 26.
- the non- volatile RAM contains the instructions for most of the authentication process as well as the serial number for the embedded conditional access system.
- the module's CPU executes these instructions.
- the authentication module obtains the consumer appliance's certificate, placing it in the module's RAM.
- the consumer appliance's serial number is extracted from the certificate along with the certificate type and sent along with the serial number for the local conditional access system and the type of the deployment module's CPU to the display controlled by the consumer appliance.
- the deployment module's authentication module 26 verifies a certificate obtained from consumer appliance 10.
- the deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number.
- the transmission point selects an appropriate authentication code and sends it to the deployment module.
- the authentication information is sent to the transmission point in any conventional manner, for example, the deployment module displays the authentication information on a display associated with the consumer appliance. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
- the transmission point If the transmission point has positively authenticated the consumer appliance, it transmits a piece of authentication program code (e.g. a software program), along with other conventional authentication information, to the deployment module where the code is used by the POD to validate the certificate.. This transmission is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized. Specifically, content or data scrambled by conditional access module 36 in transmission point 14 is transmitted to consumer appliance 10 and from there to the deployment module 12. Within the deployment module it is de-scrambled by the deployment module conditional access module 22. Thereafter it is scrambled again by the deployment module's copy protection module 24. The scrambled data is transmitted back to the consumer appliance 10 where its copy protection module 30 de-scrambles it.
- a piece of authentication program code e.g. a software program
- the deployment module is able to operate with multiple types of certificates.
- processors may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software.
- the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared.
- processor or “controller” should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, read-only memory (ROM) for storing software, random access memory (RAM), and non-volatile storage. Other hardware, conventional and/or custom, may also be included.
- DSP digital signal processor
- ROM read-only memory
- RAM random access memory
- non-volatile storage Other hardware, conventional and/or custom, may also be included.
Landscapes
- Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP00949268A EP1110134A1 (en) | 1999-07-09 | 2000-07-05 | Generalized certificate processing for deployment module based copy protection systems |
JP2001510070A JP2003504949A (en) | 1999-07-09 | 2000-07-05 | Generalized certificate handling for deployment module based copy protection systems |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14350099P | 1999-07-09 | 1999-07-09 | |
US60/143,500 | 1999-07-09 | ||
US55759900A | 2000-04-25 | 2000-04-25 | |
US09/557,599 | 2000-04-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2001004727A1 true WO2001004727A1 (en) | 2001-01-18 |
Family
ID=26841090
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2000/006371 WO2001004727A1 (en) | 1999-07-09 | 2000-07-05 | Generalized certificate processing for deployment module based copy protection systems |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1110134A1 (en) |
JP (1) | JP2003504949A (en) |
WO (1) | WO2001004727A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1110399A1 (en) * | 1999-07-09 | 2001-06-27 | Koninklijke Philips Electronics N.V. | System and method for copy protecting transmitted information |
WO2002101524A2 (en) * | 2001-06-11 | 2002-12-19 | Matsushita Electric Industrial Co., Ltd. | License management server, license management system and usage restriction method |
WO2003009112A1 (en) * | 2001-07-17 | 2003-01-30 | Matsushita Electric Industrial Co., Ltd. | Content usage device and network system, and license information acquisition method |
EP1434119A2 (en) * | 2002-12-25 | 2004-06-30 | Victor Company Of Japan, Limited | License management method and license management system |
GB2489672A (en) * | 2011-03-28 | 2012-10-10 | Sony Corp | Authentication certificate distribution to set top boxes |
US10769275B2 (en) | 2017-10-06 | 2020-09-08 | Ca, Inc. | Systems and methods for monitoring bait to protect users from security threats |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0714204A2 (en) * | 1994-11-26 | 1996-05-29 | Lg Electronics Inc. | Illegal view and copy protection method in digital video system and controlling method thereof |
WO1999012088A1 (en) * | 1997-09-02 | 1999-03-11 | Siemens Aktiengesellschaft | Method for controlling distribution and use of software products with network-connected computers |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS62276648A (en) * | 1986-05-26 | 1987-12-01 | Toshiba Corp | Copy prevention system for floppy disk |
KR0166923B1 (en) * | 1995-09-18 | 1999-03-20 | 구자홍 | Method and apparatus of preventing an illegal watching and copying in a digital broadcasting system |
ES2150243T3 (en) * | 1996-04-01 | 2000-11-16 | Macrovision Corp | A METHOD AND APPARATUS TO PROVIDE PROTECTION AGAINST COPIES OF SIGNAL MATERIAL TRANSMITTED THROUGH DIGITAL DELIVERY NETWORKS TO A CONSUMER DECODER TERMINAL. |
US7336785B1 (en) * | 1999-07-09 | 2008-02-26 | Koninklijke Philips Electronics N.V. | System and method for copy protecting transmitted information |
-
2000
- 2000-07-05 WO PCT/EP2000/006371 patent/WO2001004727A1/en not_active Application Discontinuation
- 2000-07-05 JP JP2001510070A patent/JP2003504949A/en not_active Ceased
- 2000-07-05 EP EP00949268A patent/EP1110134A1/en not_active Ceased
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0714204A2 (en) * | 1994-11-26 | 1996-05-29 | Lg Electronics Inc. | Illegal view and copy protection method in digital video system and controlling method thereof |
WO1999012088A1 (en) * | 1997-09-02 | 1999-03-11 | Siemens Aktiengesellschaft | Method for controlling distribution and use of software products with network-connected computers |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1110399A1 (en) * | 1999-07-09 | 2001-06-27 | Koninklijke Philips Electronics N.V. | System and method for copy protecting transmitted information |
EP1110399B1 (en) * | 1999-07-09 | 2018-09-12 | Koninklijke Philips N.V. | System and method for copy protecting transmitted information |
WO2002101524A2 (en) * | 2001-06-11 | 2002-12-19 | Matsushita Electric Industrial Co., Ltd. | License management server, license management system and usage restriction method |
WO2002101524A3 (en) * | 2001-06-11 | 2004-04-22 | Matsushita Electric Ind Co Ltd | License management server, license management system and usage restriction method |
US7103663B2 (en) | 2001-06-11 | 2006-09-05 | Matsushita Electric Industrial Co., Ltd. | License management server, license management system and usage restriction method |
WO2003009112A1 (en) * | 2001-07-17 | 2003-01-30 | Matsushita Electric Industrial Co., Ltd. | Content usage device and network system, and license information acquisition method |
CN100419616C (en) * | 2001-07-17 | 2008-09-17 | 松下电器产业株式会社 | Content usage device and network system, and license information acquisition method |
US7725399B2 (en) | 2001-07-17 | 2010-05-25 | Panasonic Corporation | Content usage device and network system, and license information acquisition method |
EP1434119A2 (en) * | 2002-12-25 | 2004-06-30 | Victor Company Of Japan, Limited | License management method and license management system |
EP1434119A3 (en) * | 2002-12-25 | 2005-01-12 | Victor Company Of Japan, Limited | License management method and license management system |
GB2489672A (en) * | 2011-03-28 | 2012-10-10 | Sony Corp | Authentication certificate distribution to set top boxes |
US10769275B2 (en) | 2017-10-06 | 2020-09-08 | Ca, Inc. | Systems and methods for monitoring bait to protect users from security threats |
Also Published As
Publication number | Publication date |
---|---|
JP2003504949A (en) | 2003-02-04 |
EP1110134A1 (en) | 2001-06-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1110399B1 (en) | System and method for copy protecting transmitted information | |
US6975725B1 (en) | Method for standardizing the use of ISO 7816 smart cards in conditional access systems | |
EP1825678B1 (en) | System and method for secure conditional access download and reconfiguration | |
TW296526B (en) | ||
EP1441525B1 (en) | System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal | |
EP2699014A1 (en) | Terminal based on conditional access technology | |
WO2001022724A1 (en) | Multimedia digital terminal and detachable module cooperating with the terminal comprising an interface protected against copying | |
US20120230435A1 (en) | Media Codec Devices Providing Universality for Encoded Signal Origination and Decided Signal Distribution | |
US20100262988A1 (en) | Cable Television Secure Communication System for One Way Restricted Access | |
KR20040066901A (en) | Method and system for conditional access | |
US8782417B2 (en) | Method and processing unit for secure processing of access controlled audio/video data | |
CN1265806A (en) | Transcoder for decoding encoded TV programs | |
CN100372379C (en) | Conditional access control | |
FI94008C (en) | Decoder system for a video signal | |
US10075770B2 (en) | Method for protecting decryption keys in a decoder and decoder for implementing said method | |
WO2001004727A1 (en) | Generalized certificate processing for deployment module based copy protection systems | |
JP5127109B2 (en) | Method and apparatus for allowing unconfirmed viewing time on addressable pay television | |
EP2514215B1 (en) | Method and processing unit for secure processing of access controlled audio/video data | |
US9210137B2 (en) | Local digital network, methods for installing new devices and data broadcast and reception methods in such a network | |
US8584255B2 (en) | Networked conditional access module | |
CN1476724A (en) | Encryption system for cable television network | |
JPH09212457A (en) | Ciphering and deciphering device of digital bidirectional communication terminal | |
US20050198502A1 (en) | Digital broadcasting system and contents protection method using the same | |
KR102078454B1 (en) | Method for preventing copying of a multimedia device through an authentication server | |
You et al. | Design and implementation of DCAS user terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): JP |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2000949268 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref country code: JP Ref document number: 2001 510070 Kind code of ref document: A Format of ref document f/p: F |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWP | Wipo information: published in national office |
Ref document number: 2000949268 Country of ref document: EP |
|
WWR | Wipo information: refused in national office |
Ref document number: 2000949268 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2000949268 Country of ref document: EP |