[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2001004727A1 - Generalized certificate processing for deployment module based copy protection systems - Google Patents

Generalized certificate processing for deployment module based copy protection systems Download PDF

Info

Publication number
WO2001004727A1
WO2001004727A1 PCT/EP2000/006371 EP0006371W WO0104727A1 WO 2001004727 A1 WO2001004727 A1 WO 2001004727A1 EP 0006371 W EP0006371 W EP 0006371W WO 0104727 A1 WO0104727 A1 WO 0104727A1
Authority
WO
WIPO (PCT)
Prior art keywords
deployment module
certificate
appliance
consumer appliance
transmission point
Prior art date
Application number
PCT/EP2000/006371
Other languages
French (fr)
Inventor
Martin Freeman
Jin Lu
Original Assignee
Koninklijke Philips Electronics N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Koninklijke Philips Electronics N.V. filed Critical Koninklijke Philips Electronics N.V.
Priority to EP00949268A priority Critical patent/EP1110134A1/en
Priority to JP2001510070A priority patent/JP2003504949A/en
Publication of WO2001004727A1 publication Critical patent/WO2001004727A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/83Generation or processing of protective or descriptive data associated with content; Content structuring
    • H04N21/835Generation of protective data, e.g. certificates
    • H04N21/8355Generation of protective data, e.g. certificates involving usage data, e.g. number of copies or viewings allowed

Definitions

  • This invention relates to a communication system and, more particularly, to certificate processing relating to a copy protection system for information transmitted between a deployment module, such as a point of deployment (POD) module, and a consumer appliance, such as a set-top box.
  • a deployment module such as a point of deployment (POD) module
  • POD point of deployment
  • Digital transmission is used to receive and conduct numerous services and transactions, for example, to receive video, audio and data streams from a (cable television) service provider, such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per- View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services, hereinafter collectively known as "content”.
  • a service provider such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per- View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services, hereinafter collectively known as "content”.
  • some authority has the means of identifying pirate or illegal appliances, and when queried during an authentication process will evaluate the certificate and give instructions as to whether the appliance will be allowed to view copy protected content, or even, perhaps, be isolated from other authenticated appliances.
  • This card is part of a conditional access system, with another part residing at the transmission point of the content.
  • a transmission point of the content is also called a head-end.
  • Content is scrambled at the transmission point, and then de-scrambled at the POD and then passed on to the consumer appliance itself.
  • the conditional access system ensures that the consumer appliance only receives content for which the consumer has previously paid. It is at the interface between the POD and its associated consumer appliance that a copy protection system must be used, otherwise even paid-for content can be copied for illegal distribution.
  • This copy protection system also uses a scrambling/de-scrambling scheme between the POD and the consumer appliance.
  • a certificate embedded in the consumer appliance must be authenticated. If this certificate either cannot be authenticated or does not pass an authentication process, the conditional access system in the POD will be instructed not to de-scramble any content, even paid-for content.
  • the transmission point can receive the certificate from a given consumer appliance for authentication and then provide instructions to the POD.
  • any suitable digital certificate can be used, with the transmission point detecting the type of certificate and then performing the indicated computation.
  • the POD in the case of a one-way transmission system where data can only be transmitted from the transmission point to the POD, the POD must play a greater role in the authentication process. Since the POD has fewer resources than the transmission point, heretofore it could only accommodate one certificate scheme.
  • the POD requests the certificate from the associated consumer appliance, and obtains a consumer appliance authentication number from the received certificate. Combining this number with a certificate authentication code, which is embedded in its conditional access system, the POD causes a version of this information to be displayed on the display associated with the consumer appliance.
  • the consumer then telephones an operator at the transmission point and relates the information displayed on the display appliance.
  • the operator enters the information into the transmission point's computer system, and the information is used to authenticate the information supplied from the certificate.
  • the transmission point sends a message to the consumer appliance's POD with authentication instructions.
  • the POD validates the certificate, and, if both the authentication and validation processes yield a positive result, the copy protection scheme is initialized. If there is not a positive result, the copy protection scheme is not initialized and the POD conditional access system will not de-scramble paid-for content. Accordingly, known practices are limited such that in one-way transmission systems the POD is only able to validate one type of certificate. Thus, there is a clear and present need for an effective means to provide copy protection of content in one-way transmission systems that provides greater flexibility with regard to processing certificates, while minimizing additional cost and complexity.
  • a certificate authentication code is transmitted to a deployment module on demand from a transmission point.
  • This allows the deployment module to accommodate multiple types of certificates.
  • the deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number.
  • the transmission point selects an appropriate certificate authentication code and sends it to the deployment module.
  • the authentication code includes, for example, a software program that takes a certificate as input and validates it. This transmission is protected by the existing conditional access system.
  • the deployment module displays the authentication information on a display associated with the consumer appliance, which includes the type of certificate and information relating to the type of the deployment module. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
  • the transmission point When the transmission point receives the above-mentioned authentication information, it decides on the authentication code that must be downloaded to the corresponding deployment module so that the deployment module can carry on the process of validating the particular certificate on the consumer appliance.
  • the transmission of the authentication code is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized.
  • FIG. 1 illustrates an exemplary system in accordance with the principles of the present invention
  • FIG. 2 illustrates the authentication component of the exemplary system in
  • FIG. 1 is an exemplary system according to the principles of the present invention in which generalized certificate processing for deployment module based copy protection systems is implemented. It will be recognized that FIG. 1 is simplified for explanation purposes and that the full system environment for the invention will comprise, for example, a cable, fiber or satellite service provider network or provisions for network reliability through redundancy, all of which need not be shown here.
  • the system illustratively includes a consumer appliance 10, such as a set-top box, and a deployment module 12, such as a point of deployment (POD) module, a transmission point 14, such as a cable service provider, which communicate with each other through communication mediums 16 and 18 respectively.
  • the communication mediums are, for example, wireless communications, electromagnetic card interfaces, optical communications, coax cables, telephone lines and the like.
  • Deployment module 12 includes a processor 20 that has a conditional access module 22, a copy protection module 24 and a certificate authentication module 26. Deployment module 12 communicates with consumer appliance 10 via communication medium 18. Although deployment module 12 is described as a POD module, this arrangement is merely for convenience and it is to be understood that deployment modules are not limited to POD modules, per se. As used herein, the term “deployment module” refers to any type of (1) point of deployment module, (2) wireless, cellular or radio data interface appliance, (3) smartcard (4) personal computer, and (5) internet interface appliance, which facilitates the transfer of data, access remote services or engage in transactions and in which privacy and/or security is desired.
  • Consumer appliance 10 includes a processor 22 that has a copy protection module 30. Alternatively, the copy protection module may be a separate unit coupled to processor 22. Consumer appliance 10 communicates with transmission point 14 via communication medium 16 .
  • the display 32 associated with consumer appliance 10 is any displaying means such as a television, computer monitor, laptop computer, personal organizer (such as a PalmpilotTM) and the like. Communication also occurs between display 32 and the transmission point 14, for example, when a user views what's on the display and relays the information to an operator at the transmission point via a telephone call.
  • consumer appliance 10 is not limited to any particular type device and its description as a set-top box is merely for convenience.
  • the term “consumer appliance” refers to any type of (1) so-called “set-top box”, (2) wireless, cellular or radio data interface appliance, (3) personal computer, and (4) internet interface appliance, which: enables reception of data, allows access to remote services and facilitates remote transactions.
  • Transmission point 14 includes a -processor 34 that has a conditional access module 36.
  • the transmission point is any transmission facility such as a cable television service provider, Internet service/content provider, satellite service provider, television broadcast provider and the like.
  • the processor can be any of a number of commercially available processors, for example that may include dedicated digital signal processors (DSPs), a central processing unit (CPU) and memory chips.
  • DSPs digital signal processors
  • CPU central processing unit
  • FIG. 1 The embodiment shown in FIG. 1 is particularly useful for generalized certificate processing of POD-based copy protection systems, wherein a POD module and a set-top box are used in a service provider communications network, such as a cable television network.
  • a conditional access system includes both conditional access modules 36 and 22, while a copy protection system includes both copy protection modules 30 and 24.
  • Figure 2 shows an exemplary deployment module's authentication module for use in the embodiment of FIG.
  • This authentication module includes a central processing unit (CPU) 20, a random access memory (RAM) 22, a non-volatile RAM 24, and an interconnecting bus 26.
  • the non- volatile RAM contains the instructions for most of the authentication process as well as the serial number for the embedded conditional access system.
  • the module's CPU executes these instructions.
  • the authentication module obtains the consumer appliance's certificate, placing it in the module's RAM.
  • the consumer appliance's serial number is extracted from the certificate along with the certificate type and sent along with the serial number for the local conditional access system and the type of the deployment module's CPU to the display controlled by the consumer appliance.
  • the deployment module's authentication module 26 verifies a certificate obtained from consumer appliance 10.
  • the deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number.
  • the transmission point selects an appropriate authentication code and sends it to the deployment module.
  • the authentication information is sent to the transmission point in any conventional manner, for example, the deployment module displays the authentication information on a display associated with the consumer appliance. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
  • the transmission point If the transmission point has positively authenticated the consumer appliance, it transmits a piece of authentication program code (e.g. a software program), along with other conventional authentication information, to the deployment module where the code is used by the POD to validate the certificate.. This transmission is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized. Specifically, content or data scrambled by conditional access module 36 in transmission point 14 is transmitted to consumer appliance 10 and from there to the deployment module 12. Within the deployment module it is de-scrambled by the deployment module conditional access module 22. Thereafter it is scrambled again by the deployment module's copy protection module 24. The scrambled data is transmitted back to the consumer appliance 10 where its copy protection module 30 de-scrambles it.
  • a piece of authentication program code e.g. a software program
  • the deployment module is able to operate with multiple types of certificates.
  • processors may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software.
  • the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared.
  • processor or “controller” should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, read-only memory (ROM) for storing software, random access memory (RAM), and non-volatile storage. Other hardware, conventional and/or custom, may also be included.
  • DSP digital signal processor
  • ROM read-only memory
  • RAM random access memory
  • non-volatile storage Other hardware, conventional and/or custom, may also be included.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

Method and system for generalized digital certificate processing in a one-way transmission systems related to the copy protection of content transmitted between a deployment module, such as a POD module, and a consumer appliance, such as a set-top box, are disclosed by an arrangement in which a certificate authentication program code is transmitted to a deployment module on demand from a transmission point. This allows the deployment module to accommodate multiple types of certificates. In particular, the deployment module requests a digital certificate from the associated consumer appliance to retrieve a consumer appliance authentication number. Using the certificate along with information relating to the type of deployment module used, the transmission point selects an appropriate certificate authentication code and sends it to the deployment module. This authentication information is then used to complete the copy protection validation process.

Description

Generalized certificate processing for deployment module based copy protection systems
FIELD OF THE INVENTION
This invention relates to a communication system and, more particularly, to certificate processing relating to a copy protection system for information transmitted between a deployment module, such as a point of deployment (POD) module, and a consumer appliance, such as a set-top box.
BACKGROUND OF THE INVENTION
Digital transmission is used to receive and conduct numerous services and transactions, for example, to receive video, audio and data streams from a (cable television) service provider, such as Emergency Alerting, Interactive Program Guides, Impulse Pay-Per- View (IPPV), Video On Demand (VOD), General Messaging, and Interactive Services, hereinafter collectively known as "content".
Consequently, the digital transmission of content has generated the need for the copy protection of content. Recent proposed schemes for protecting digital content require appliances that receive digital content to possess digital certificates, so that these appliances may be authenticated.
Typically, some authority has the means of identifying pirate or illegal appliances, and when queried during an authentication process will evaluate the certificate and give instructions as to whether the appliance will be allowed to view copy protected content, or even, perhaps, be isolated from other authenticated appliances.
Recently, consumer appliances have become available for receiving digital content that have a separate security function embedded in a removable PC card also known a Point of Deployment (POD) Module (For additional details on POD modules, see SOCIETY OF CABLE TELECOMMUNICATIONS ENGINEERS, INC. (SCTE) Document: SCTE DVS 131 Rev. 7, entitled "Draft Point-of-Deployment (POD) Module
Interface Proposal" dated December 3, 1998, (hereinafter known as "DVS131r7"). This card is part of a conditional access system, with another part residing at the transmission point of the content. A transmission point of the content is also called a head-end. Content is scrambled at the transmission point, and then de-scrambled at the POD and then passed on to the consumer appliance itself. The conditional access system ensures that the consumer appliance only receives content for which the consumer has previously paid. It is at the interface between the POD and its associated consumer appliance that a copy protection system must be used, otherwise even paid-for content can be copied for illegal distribution. This copy protection system also uses a scrambling/de-scrambling scheme between the POD and the consumer appliance.
In order for the copy protection scheme to be initialized, a certificate embedded in the consumer appliance must be authenticated. If this certificate either cannot be authenticated or does not pass an authentication process, the conditional access system in the POD will be instructed not to de-scramble any content, even paid-for content.
In the case of a two-way transmission system where data can be transmitted and received between a content transmission point and a POD, the transmission point can receive the certificate from a given consumer appliance for authentication and then provide instructions to the POD. In this case, any suitable digital certificate can be used, with the transmission point detecting the type of certificate and then performing the indicated computation.
However, in the case of a one-way transmission system where data can only be transmitted from the transmission point to the POD, the POD must play a greater role in the authentication process. Since the POD has fewer resources than the transmission point, heretofore it could only accommodate one certificate scheme.
In one-way transmission systems, the POD requests the certificate from the associated consumer appliance, and obtains a consumer appliance authentication number from the received certificate. Combining this number with a certificate authentication code, which is embedded in its conditional access system, the POD causes a version of this information to be displayed on the display associated with the consumer appliance.
The consumer then telephones an operator at the transmission point and relates the information displayed on the display appliance. The operator enters the information into the transmission point's computer system, and the information is used to authenticate the information supplied from the certificate.
Sometime later the transmission point sends a message to the consumer appliance's POD with authentication instructions. The POD then validates the certificate, and, if both the authentication and validation processes yield a positive result, the copy protection scheme is initialized. If there is not a positive result, the copy protection scheme is not initialized and the POD conditional access system will not de-scramble paid-for content. Accordingly, known practices are limited such that in one-way transmission systems the POD is only able to validate one type of certificate. Thus, there is a clear and present need for an effective means to provide copy protection of content in one-way transmission systems that provides greater flexibility with regard to processing certificates, while minimizing additional cost and complexity.
SUMMARY OF THE INVENTION It is an object of the present invention to generalize deployment module processing in one-way transmission systems to accommodate multiple certificate schemes with only a modest amount of cost and extra processing.
The problems associated with certificate processing in one-way transmission systems related to copy protection of content transmitted between a deployment module, such as a POD module, and a consumer appliance, such as a set-top box, are reduced or overcome by an arrangement in accordance with the principles of the present invention in which a certificate authentication code is transmitted to a deployment module on demand from a transmission point. This allows the deployment module to accommodate multiple types of certificates. Specifically, the deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number. Using the certificate along with information relating to the type of deployment module used, the transmission point selects an appropriate certificate authentication code and sends it to the deployment module. The authentication code includes, for example, a software program that takes a certificate as input and validates it. This transmission is protected by the existing conditional access system.
In one illustrative embodiment, the deployment module displays the authentication information on a display associated with the consumer appliance, which includes the type of certificate and information relating to the type of the deployment module. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
When the transmission point receives the above-mentioned authentication information, it decides on the authentication code that must be downloaded to the corresponding deployment module so that the deployment module can carry on the process of validating the particular certificate on the consumer appliance. The transmission of the authentication code is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized.
BRIEF DESCRIPTION OF THE DRAWING
The invention will be more readily understood after reading the following detailed description taken in conjunction with the accompanying drawing, in which:
FIG. 1 illustrates an exemplary system in accordance with the principles of the present invention; and FIG. 2 illustrates the authentication component of the exemplary system in
FIG.l.
DETAILED DESCRIPTION
FIG. 1 is an exemplary system according to the principles of the present invention in which generalized certificate processing for deployment module based copy protection systems is implemented. It will be recognized that FIG. 1 is simplified for explanation purposes and that the full system environment for the invention will comprise, for example, a cable, fiber or satellite service provider network or provisions for network reliability through redundancy, all of which need not be shown here. The system illustratively includes a consumer appliance 10, such as a set-top box, and a deployment module 12, such as a point of deployment (POD) module, a transmission point 14, such as a cable service provider, which communicate with each other through communication mediums 16 and 18 respectively. The communication mediums are, for example, wireless communications, electromagnetic card interfaces, optical communications, coax cables, telephone lines and the like.
Deployment module 12 includes a processor 20 that has a conditional access module 22, a copy protection module 24 and a certificate authentication module 26. Deployment module 12 communicates with consumer appliance 10 via communication medium 18. Although deployment module 12 is described as a POD module, this arrangement is merely for convenience and it is to be understood that deployment modules are not limited to POD modules, per se. As used herein, the term "deployment module" refers to any type of (1) point of deployment module, (2) wireless, cellular or radio data interface appliance, (3) smartcard (4) personal computer, and (5) internet interface appliance, which facilitates the transfer of data, access remote services or engage in transactions and in which privacy and/or security is desired.
Consumer appliance 10 includes a processor 22 that has a copy protection module 30. Alternatively, the copy protection module may be a separate unit coupled to processor 22. Consumer appliance 10 communicates with transmission point 14 via communication medium 16 . The display 32 associated with consumer appliance 10 is any displaying means such as a television, computer monitor, laptop computer, personal organizer (such as a Palmpilot™) and the like. Communication also occurs between display 32 and the transmission point 14, for example, when a user views what's on the display and relays the information to an operator at the transmission point via a telephone call.
As with the deployment module 12, consumer appliance 10 is not limited to any particular type device and its description as a set-top box is merely for convenience. As used herein, the term "consumer appliance" refers to any type of (1) so-called "set-top box", (2) wireless, cellular or radio data interface appliance, (3) personal computer, and (4) internet interface appliance, which: enables reception of data, allows access to remote services and facilitates remote transactions.
Transmission point 14 includes a -processor 34 that has a conditional access module 36.The transmission point is any transmission facility such as a cable television service provider, Internet service/content provider, satellite service provider, television broadcast provider and the like.
The majority of logic, control, supervisory, translation functions required for the operation of deployment module 12, consumer appliance 10 and transmission point 14 is performed by their respective processors, each of which also includes programs to allow generalized certificate processing. The processor can be any of a number of commercially available processors, for example that may include dedicated digital signal processors (DSPs), a central processing unit (CPU) and memory chips.
The embodiment shown in FIG. 1 is particularly useful for generalized certificate processing of POD-based copy protection systems, wherein a POD module and a set-top box are used in a service provider communications network, such as a cable television network. In this embodiment, a conditional access system includes both conditional access modules 36 and 22, while a copy protection system includes both copy protection modules 30 and 24. However, it is to be understood that other conditional access systems and copy protection systems are equally applicable to the devices described above. Figure 2 shows an exemplary deployment module's authentication module for use in the embodiment of FIG. This authentication module includes a central processing unit (CPU) 20, a random access memory (RAM) 22, a non-volatile RAM 24, and an interconnecting bus 26. The non- volatile RAM contains the instructions for most of the authentication process as well as the serial number for the embedded conditional access system. The module's CPU executes these instructions.
During the authentication process, the authentication module obtains the consumer appliance's certificate, placing it in the module's RAM. The consumer appliance's serial number is extracted from the certificate along with the certificate type and sent along with the serial number for the local conditional access system and the type of the deployment module's CPU to the display controlled by the consumer appliance.
Returning now to FIG. 1 , in operation, once the copy protection system has been initialized, as part of this initialization process, the deployment module's authentication module 26 verifies a certificate obtained from consumer appliance 10. The deployment module requests a certificate from the associated consumer appliance to retrieve a consumer appliance authentication number. Using the authentication information (e.g. the certificate along with information relating to the type of deployment module used), the transmission point selects an appropriate authentication code and sends it to the deployment module. The authentication information is sent to the transmission point in any conventional manner, for example, the deployment module displays the authentication information on a display associated with the consumer appliance. Thereafter, a user or consumer relates this authentication information to the transmission point, for example via telephone to an operator.
If the transmission point has positively authenticated the consumer appliance, it transmits a piece of authentication program code (e.g. a software program), along with other conventional authentication information, to the deployment module where the code is used by the POD to validate the certificate.. This transmission is protected by the existing operational conditional access system. If the certificate is valid, then the copy protection system can be initialized. Specifically, content or data scrambled by conditional access module 36 in transmission point 14 is transmitted to consumer appliance 10 and from there to the deployment module 12. Within the deployment module it is de-scrambled by the deployment module conditional access module 22. Thereafter it is scrambled again by the deployment module's copy protection module 24. The scrambled data is transmitted back to the consumer appliance 10 where its copy protection module 30 de-scrambles it.
Advantageously, by downloading the certificate authentication program code on demand from the transmission point (and not embedding the certificate authentication program code in the deployment module), the deployment module is able to operate with multiple types of certificates.
Finally, it is to be understood that although the invention is disclosed herein in the context of particular illustrative embodiments, those skilled in the art will be able to devise numerous alternative arrangements. In particular, the functions of the various elements shown in the FIGS 1 and 2, including functional blocks labeled as "processors" may be provided through the use of dedicated hardware as well as hardware capable of executing software in association with appropriate software. When provided by a processor, the functions may be provided by a single dedicated processor, by a single shared processor, or by a plurality of individual processors, some of which may be shared. Moreover, explicit use of the term "processor" or "controller" should not be construed to refer exclusively to hardware capable of executing software, and may implicitly include, without limitation, digital signal processor (DSP) hardware, read-only memory (ROM) for storing software, random access memory (RAM), and non-volatile storage. Other hardware, conventional and/or custom, may also be included. Such alternative arrangements, although not explicitly shown or described herein, embody the principles of the present invention and are thus within its spirit and scope.

Claims

CLAIMS:
1. A one-way transmission system for certificate processing relating to copy protecting, the system comprising: a deployment module (12); a consumer appliance (10) connected to the deployment module (12); a transmission point (14) connected to the consumer appliance; and wherein the deployment module (12) transmits a request to the consumer appliance (10) for a certificate, a portion of the information contained in the certificate and information relating to the type of deployment module (12) is sent to the transmission point (14), using the portion of the information contained in the certificate and information relating to the type of deployment module (12) the transmission point (14) selects a certificate authentication code and transmits it to the deployment module (12), the authentication code is used to complete a copy protection validation process.
2. The system of claim 1 wherein the authentication code includes a program for validating the certificate.
3. The system of claim 1 further including a display (32) for displaying the portion of the information contained in the certificate and information relating to the type of deployment module (12).
4. A method of processing a certificate in a one-way transmission system relating to copy protecting, the method comprising the step of:
(a) transmitting a request for a certificate from a deployment module (14) to a consumer appliance (10); (b) sending a portion of the certificate and information relating to the type of deployment module to a transmission point (14);
(c) selecting an authentication program code using the portion of the certificate and the information relating to the type of deployment module; (d) transmitting the authentication program code from the transmission point (14) to the deployment module (12); and
5. The method of claim 4 further including the step of (e) completing a copy protection validation process using the authentication program code.
6. The method of claim 4 further including the step of displaying the portion of the certificate and information relating to the type of deployment module on a display device connected to the consumer appliance (10).
7. The method of claim 6 wherein the displaying step is used to facilitate sending the portion of the certificate and information relating to the type of deployment module to the transmission point (14) in the sending step.
8. A deployment module (12) for use in a one-way transmission system with a consumer appliance (10) and a transmission point (14), the deployment module (12) comprising: means for communicating (20) with the consumer appliance (10); and a processor (20) for requesting a certificate from the consumer appliance (10), and in response to the receipt of the certificate transmitting a portion of the certificate and information relating to the type of deployment module to the consumer appliance, and receiving an authentication code from the transmission point (14) selected using the portion of the certificate and the information relating to the type of deployment module.
9. The deployment module (12) of claim 8 wherein the authentication code includes a program for validating the certificate.
10. The deployment module (12) of claim 8, wherein the deployment module (12) is selected from the group consisting of a point of deployment module, wireless data interface appliance, smartcard, personal computer or internet interface appliance.
11. The deployment module (12) of claim 10, wherein the consumer appliance (10) is selected from the group consisting of a set-top box, wireless, interface appliance, cellular interface appliance, radio interface appliance, personal computer, or internet interface appliance.
12. A consumer appliance (10) for use one-way transmission with a deployment module (12) and a transmission point (10), the consumer appliance (10) comprising: means for communicating (20) with the deployment module; and a processor for (20), in response to a request of a certificate, transmitting the certificate to the deployment module (12), receiving a portion of the certificate and information relating to the type of deployment module, facilitating the transfer of the portion of the certificate and information relating to the type of deployment module to a transmission point (14).
13. The consumer appliance (10) of claim 12, wherein the consumer appliance (10) is selected from the group consisting of a set-top box, wireless, interface appliance, cellular interface appliance, radio interface appliance, personal computer, or internet interface appliance.
14. The consumer appliance (10) of claim 14, further including a display (32) for displaying portion of the certificate and information relating to the type of deployment module.
PCT/EP2000/006371 1999-07-09 2000-07-05 Generalized certificate processing for deployment module based copy protection systems WO2001004727A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP00949268A EP1110134A1 (en) 1999-07-09 2000-07-05 Generalized certificate processing for deployment module based copy protection systems
JP2001510070A JP2003504949A (en) 1999-07-09 2000-07-05 Generalized certificate handling for deployment module based copy protection systems

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US14350099P 1999-07-09 1999-07-09
US60/143,500 1999-07-09
US55759900A 2000-04-25 2000-04-25
US09/557,599 2000-04-25

Publications (1)

Publication Number Publication Date
WO2001004727A1 true WO2001004727A1 (en) 2001-01-18

Family

ID=26841090

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2000/006371 WO2001004727A1 (en) 1999-07-09 2000-07-05 Generalized certificate processing for deployment module based copy protection systems

Country Status (3)

Country Link
EP (1) EP1110134A1 (en)
JP (1) JP2003504949A (en)
WO (1) WO2001004727A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1110399A1 (en) * 1999-07-09 2001-06-27 Koninklijke Philips Electronics N.V. System and method for copy protecting transmitted information
WO2002101524A2 (en) * 2001-06-11 2002-12-19 Matsushita Electric Industrial Co., Ltd. License management server, license management system and usage restriction method
WO2003009112A1 (en) * 2001-07-17 2003-01-30 Matsushita Electric Industrial Co., Ltd. Content usage device and network system, and license information acquisition method
EP1434119A2 (en) * 2002-12-25 2004-06-30 Victor Company Of Japan, Limited License management method and license management system
GB2489672A (en) * 2011-03-28 2012-10-10 Sony Corp Authentication certificate distribution to set top boxes
US10769275B2 (en) 2017-10-06 2020-09-08 Ca, Inc. Systems and methods for monitoring bait to protect users from security threats

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0714204A2 (en) * 1994-11-26 1996-05-29 Lg Electronics Inc. Illegal view and copy protection method in digital video system and controlling method thereof
WO1999012088A1 (en) * 1997-09-02 1999-03-11 Siemens Aktiengesellschaft Method for controlling distribution and use of software products with network-connected computers

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS62276648A (en) * 1986-05-26 1987-12-01 Toshiba Corp Copy prevention system for floppy disk
KR0166923B1 (en) * 1995-09-18 1999-03-20 구자홍 Method and apparatus of preventing an illegal watching and copying in a digital broadcasting system
ES2150243T3 (en) * 1996-04-01 2000-11-16 Macrovision Corp A METHOD AND APPARATUS TO PROVIDE PROTECTION AGAINST COPIES OF SIGNAL MATERIAL TRANSMITTED THROUGH DIGITAL DELIVERY NETWORKS TO A CONSUMER DECODER TERMINAL.
US7336785B1 (en) * 1999-07-09 2008-02-26 Koninklijke Philips Electronics N.V. System and method for copy protecting transmitted information

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0714204A2 (en) * 1994-11-26 1996-05-29 Lg Electronics Inc. Illegal view and copy protection method in digital video system and controlling method thereof
WO1999012088A1 (en) * 1997-09-02 1999-03-11 Siemens Aktiengesellschaft Method for controlling distribution and use of software products with network-connected computers

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1110399A1 (en) * 1999-07-09 2001-06-27 Koninklijke Philips Electronics N.V. System and method for copy protecting transmitted information
EP1110399B1 (en) * 1999-07-09 2018-09-12 Koninklijke Philips N.V. System and method for copy protecting transmitted information
WO2002101524A2 (en) * 2001-06-11 2002-12-19 Matsushita Electric Industrial Co., Ltd. License management server, license management system and usage restriction method
WO2002101524A3 (en) * 2001-06-11 2004-04-22 Matsushita Electric Ind Co Ltd License management server, license management system and usage restriction method
US7103663B2 (en) 2001-06-11 2006-09-05 Matsushita Electric Industrial Co., Ltd. License management server, license management system and usage restriction method
WO2003009112A1 (en) * 2001-07-17 2003-01-30 Matsushita Electric Industrial Co., Ltd. Content usage device and network system, and license information acquisition method
CN100419616C (en) * 2001-07-17 2008-09-17 松下电器产业株式会社 Content usage device and network system, and license information acquisition method
US7725399B2 (en) 2001-07-17 2010-05-25 Panasonic Corporation Content usage device and network system, and license information acquisition method
EP1434119A2 (en) * 2002-12-25 2004-06-30 Victor Company Of Japan, Limited License management method and license management system
EP1434119A3 (en) * 2002-12-25 2005-01-12 Victor Company Of Japan, Limited License management method and license management system
GB2489672A (en) * 2011-03-28 2012-10-10 Sony Corp Authentication certificate distribution to set top boxes
US10769275B2 (en) 2017-10-06 2020-09-08 Ca, Inc. Systems and methods for monitoring bait to protect users from security threats

Also Published As

Publication number Publication date
JP2003504949A (en) 2003-02-04
EP1110134A1 (en) 2001-06-27

Similar Documents

Publication Publication Date Title
EP1110399B1 (en) System and method for copy protecting transmitted information
US6975725B1 (en) Method for standardizing the use of ISO 7816 smart cards in conditional access systems
EP1825678B1 (en) System and method for secure conditional access download and reconfiguration
TW296526B (en)
EP1441525B1 (en) System for receiving broadcast digital data comprising a master digital terminal, and at least one slave digital terminal
EP2699014A1 (en) Terminal based on conditional access technology
WO2001022724A1 (en) Multimedia digital terminal and detachable module cooperating with the terminal comprising an interface protected against copying
US20120230435A1 (en) Media Codec Devices Providing Universality for Encoded Signal Origination and Decided Signal Distribution
US20100262988A1 (en) Cable Television Secure Communication System for One Way Restricted Access
KR20040066901A (en) Method and system for conditional access
US8782417B2 (en) Method and processing unit for secure processing of access controlled audio/video data
CN1265806A (en) Transcoder for decoding encoded TV programs
CN100372379C (en) Conditional access control
FI94008C (en) Decoder system for a video signal
US10075770B2 (en) Method for protecting decryption keys in a decoder and decoder for implementing said method
WO2001004727A1 (en) Generalized certificate processing for deployment module based copy protection systems
JP5127109B2 (en) Method and apparatus for allowing unconfirmed viewing time on addressable pay television
EP2514215B1 (en) Method and processing unit for secure processing of access controlled audio/video data
US9210137B2 (en) Local digital network, methods for installing new devices and data broadcast and reception methods in such a network
US8584255B2 (en) Networked conditional access module
CN1476724A (en) Encryption system for cable television network
JPH09212457A (en) Ciphering and deciphering device of digital bidirectional communication terminal
US20050198502A1 (en) Digital broadcasting system and contents protection method using the same
KR102078454B1 (en) Method for preventing copying of a multimedia device through an authentication server
You et al. Design and implementation of DCAS user terminal

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

WWE Wipo information: entry into national phase

Ref document number: 2000949268

Country of ref document: EP

ENP Entry into the national phase

Ref country code: JP

Ref document number: 2001 510070

Kind code of ref document: A

Format of ref document f/p: F

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWP Wipo information: published in national office

Ref document number: 2000949268

Country of ref document: EP

WWR Wipo information: refused in national office

Ref document number: 2000949268

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 2000949268

Country of ref document: EP