Electrical computers and digital processing systems: support – Multiple computer communication using cryptography
Reexamination Certificate
1998-10-13
2003-03-11
Smithers, Matthew (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
C380S255000, C380S210000
Reexamination Certificate
active
06532539
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to a conditional access system and, more particularly, to a conditional access system for a domestic network.
BACKGROUND OF THE INVENTION
A conditional access system allows a service provider to supply his services solely to users having acquired entitlements to these services. Such is the case, for example, in paid television systems.
As is known to a person skilled in the art, the service supplied by a service provider consists of an item of information scrambled by control words. The scrambled item can be descrambled, and therefore read by the user, only with regard to the entitlements allocated to this user.
To descramble the item, the service provider supplies each user with the control words which served for scrambling the item. To keep the control words secret, they are supplied after having been encrypted with an algorithm with key K. The various encrypted control words are sent to the various users in control messages which will be denoted ECM hereinafter (ECM standing for “Entitlement Control Message”).
According to the prior art, an ECM consists of a header and a payload.
The header gives, inter alia, the type and size of the items contained in the payload of the ECM. The payload consists, inter alia, of an item containing the set of conditions for access to the service supplied by the provider, an item containing at least one control word encrypted with the algorithm with key K and an item containing a datum depending on the key K and making it possible to validate and verify the content of the ECM and, more particularly, access conditions contained in the ECM.
So as to accord access to its service solely to authorized users, the service provider supplies a smart card and a decoder to each of the users.
The smart card makes it possible, on the one hand, to validate and record the entitlements which the user has to the service delivered and, on the other hand, to decrypt, with the aid of the key K, the encrypted control words. For this purpose, the smart card contains the key K of the algorithm which allowed the encryption of the control words.
The decoder, for its part, makes it possible to descramble the scrambled item on the basis of the item consisting of the encrypted control words from the smart card.
The entitlements of each user are sent in messages for managing the user's entitlements which will subsequently be denoted EMM (the abbreviation EMM standing for “Entitlement Management Message”).
According to the prior art, a message EMM consists of a header and a payload. The payload of the EMM contains three main items:
a first item giving the address of the user's card;
a second item giving the description of the user's entitlements;
a third item making it possible to validate the EMM and to verify that the user's entitlements contained in the EMM are indeed the entitlements reserved for the user.
As mentioned previously, the encrypted control words are sent to the users by way of the ECMs.
When the decoder of a user recognizes the address of the card associated therewith among the various addresses distributed by the service provider, the EMM corresponding to the recognized address is analysed. The analysis of the EMM is performed with the aid of an analysis algorithm controlled by the encryption key K of the control words.
If the analysis of the message EMM leads to the validation of the latter, the user's entitlements are then stored in a memory.
The user card also comprises a circuit for validating the ECMs, an access control circuit and also a circuit for decrypting the encrypted control words.
The circuit for validating ECMs makes it possible to validate the access conditions. The access control circuit compares the validated access conditions with the user's validated entitlements. If the validated access conditions correspond to the user's validated entitlements, decryption is authorized. In the contrary case, decryption is not authorized.
A domestic network consists of a set of domestic terminals linked together by a domestic bus such as, for example, the IEEE 1394 bus.
The term domestic terminal should be understood to mean, by way of non-limiting examples, a receiver of television programmes, a digital decoder, a digital camcorder, a reader of digital discs commonly referred to as DVDs (the abbreviation DVD standing for “Digital Versatile Disc”), or else a terminal commonly referred to as a PC (the abbreviation PC standing for “Personal Computer”)
Within the framework of a conditional access system such as the one according to the prior art mentioned above, when a service provider subscriber desires, for example, to be able to receive the same programme on all the television receivers which form part of his domestic network, he is then obliged to take out as many subscriptions as he has television receivers. From the user's point of view, this presents a major drawback in terms of costs.
From the service provider's point of view, this also presents a major drawback. This is because it is impossible for the service provider to make his services selective with regard to the total stock of programme receivers and, more generally of domestic terminals, which the subscriber possesses.
The invention does not have these drawbacks.
SUMMARY OF THE INVENTION
The invention relates to a process making it possible to control access to at least one terminal with address AD by at least one scrambled item with the aid of at least one control word, the scrambled item being contained in a data stream comprising a first datum making it possible to identify the scrambled item, a second datum describing the entitlements possessed by a user with regard to the scrambled item, a third datum containing the control word encrypted with an algorithm with key K, the process comprising at least one step making it possible to decrypt the encrypted control word. The process comprises a step making it possible to construct at least one descrambling item containing the decrypted control word, the first datum and the address AD of the terminal.
The invention also relates to a device making it possible to control access to at least one terminal with address AD by at least one scrambled item with the aid of at least one control word, the scrambled item being contained in a data stream comprising a first datum making it possible to identify the scrambled item, a second datum describing the entitlements possessed by a user with regard to the scrambled item, a third datum containing the control word encrypted with an algorithm with key K. The device comprises means making it possible to construct a descrambling item containing the decrypted control word, the first datum and the address AD of the terminal.
The invention also relates to a decoder making it possible to descramble at least one scrambled item which it receives. The decoder comprises at least one device such as the abovementioned device according to the invention.
The invention further relates to a process for descrambling, by a device associated with a terminal with address AD, at least one scrambled item with the aid of at least one control word. The process comprises:
a step of receiving at least one descrambling item containing the control word, a datum making it possible to identify the scrambled item and an address making it possible to identify a terminal,
a step allowing the device associated with the terminal with address AD to recognize or not recognize, from among the addresses contained in the descrambling items received, the address AD, so that if the address AD is recognized the descrambling is authorized and if the address AD is not recognized, the descrambling is not authorized.
The invention further relates to a descrambling device associated with a terminal with address AD and which makes it possible to descramble at least one scrambled item with the aid of at least one control word. The descrambling device comprises means for receiving a descrambling item containing the control word, a datum making it possible
Campinos Arnaldo
Guillet Dominique
Shedd R. D.
Shoneman D. T.
Smithers Matthew
Thomson Licensing S.A.
Tripoli J. S.
LandOfFree
Process for controlling access to a domestic network and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Process for controlling access to a domestic network and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Process for controlling access to a domestic network and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3078388