HK1093125A - Method of controlling communication between a head-end system and a plurality of client systems - Google Patents
Method of controlling communication between a head-end system and a plurality of client systems Download PDFInfo
- Publication number
- HK1093125A HK1093125A HK06113754.3A HK06113754A HK1093125A HK 1093125 A HK1093125 A HK 1093125A HK 06113754 A HK06113754 A HK 06113754A HK 1093125 A HK1093125 A HK 1093125A
- Authority
- HK
- Hong Kong
- Prior art keywords
- multicast
- group
- receiver
- client
- client system
- Prior art date
Links
Description
The invention relates to a method of controlling communication between a head-end system and a plurality of client systems over a network comprising a plurality of multicast router systems and receivers, each multicast router system being configured to forward multicast messages sent by the head-end and addressed to a respective multicast group to the receivers, which are capable of receiving messages addressed to any multicast group comprising the receiver for a client system, wherein, for each receiver, only the closest one of the multicast router systems is configured to forward a copy of a message addressed to the multicast group comprising the receiver directly to the receiver, the method comprising: maintaining subscriber group information, linking each registered client system of the plurality of client systems to an associated one of the plurality of subscriber groups, and assigning the registered client systems to at least one multicast group such that all client systems associated with a particular subscriber group are located within a common multicast group, a front end server configured to multicast subscriber group messages to the client systems with messages addressed to a multicast group, each subscriber group message being available to all client systems within the subscriber group.
The invention also relates to a system for controlling communication between a head-end system and a plurality of client systems over a network comprising a plurality of multicast router systems and receivers, each multicast router system being arranged to forward multicast messages sent by the head-end and addressed to a respective multicast group to the receivers, which are able to receive messages addressed to any multicast group comprising the receivers for a client system, wherein, for each receiver, only the closest one of the multicast router systems is arranged to forward a copy of a message directly to the receiver, which message is addressed to the multicast group comprising the receiver, the system comprising a database for maintaining subscriber group information, each of the plurality of client systems being linked via a registered system to an associated one of a plurality of subscriber groups, wherein the system is arranged to assign registered client systems to at least one multicast group, such that all client systems associated with a particular subscriber group are located within a common multicast group, and a front-end server is configured to multicast subscriber group messages to the client systems with messages addressed to a multicast group, each subscriber group message being available to all client systems within the subscriber group.
The invention also relates to a method of requesting a group message to be sent from a head-end system to a first client system, the head-end system communicating with a plurality of other client systems via a network comprising a plurality of multicast router systems and receivers, each multicast router system being arranged to forward multicast messages sent by the head-end and addressed to a respective multicast group to the receivers, which multicast messages are capable of receiving for a client system a message addressed to any multicast group comprising the receiver, wherein, for each receiver, only the closest one of the multicast router systems is arranged to forward a copy of the message addressed to the multicast group comprising the receiver directly to the receiver, the head-end system comprising a registration system for maintaining group information, such that each registered one of the plurality of client systems is capable of linking to an associated one of the plurality of groups, and assigning multicast addresses to the client systems such that all client systems associated with a particular group have a common multicast address, and a server is configured to multicast group messages to at least one client system using messages having multicast addresses, each group message being available to all client systems within the group.
The invention also relates to a system for requesting a group message to be sent from a head-end system to a first client system, the head-end system communicating with a plurality of other client systems via a network comprising a plurality of multicast routing systems and receivers, each multicast routing system being arranged to forward multicast messages sent by the head-end and addressed to a respective multicast group to a receiver capable of receiving for a client system a message addressed to any multicast group comprising the receiver, wherein, for each receiver, only the closest one of the multicast routing systems is arranged to forward a copy of the message addressed to the multicast group comprising the receiver directly to the receiver, the head-end system comprising a registration system for maintaining group information, such that each registered one of the plurality of client systems is capable of linking to an associated one of the plurality of groups, and assigning multicast addresses to the client systems such that all client systems associated with a particular group have a common multicast address, and a server configured to multicast group messages to at least one client system using messages having multicast addresses, each group message being available to all client systems within the group.
The invention also relates to a computer program.
An example of a method is known from publication WO 01/91465. This disclosure describes a mechanism for broadcasting digital media content to a general group of end users in a secure manner while still maintaining the desired level of specificity in view of those end users actually using or accessing the digital media content. An end user device and a head-end broadcaster communicate over at least one channel. The security features of the content are preferably obtained by encrypting the content so that only authorized users can access the media content. The access information is preferably distributed via an ECM (control message), which preferably enables the end user device to generate the correct key. Preferably, the end user device is only able to generate the key if it also receives an EMM or entitlement message from the head-end broadcaster. EMMs may be sent simultaneously to a plurality of different end user devices, i.e. broadcast or multicast, so that a group of end user devices can receive information simultaneously. A particular EMM may be designed for a group of end user devices based on a particular user plan or other type of payment structure and/or based on the network addresses of the devices in the group of end user devices.
The problem with the method of using the network address of the devices in the end user device group is that: it is not very efficient in providing information about the topology of the network. This means that end user devices on branches of the tree starting from the head-end will end up in a group, which in turn results in a large network traffic when a multicast routing system near the head-end system provides copies of the group message to multiple neighboring multicast routing systems.
It is an object of the invention to provide a method and system of the type defined in the opening literature which enables a more efficient use of the network bandwidth.
This object is achieved by the communication control method of the invention, which is characterized by obtaining information uniquely identifying the nearest multicast router system closest to the receiver of the first client system, and assigning the first client system to a subscriber group comprising at least one other client system having the same nearest multicast router system.
Because only the nearest one of the multicast routing systems is configured to send a copy of a message addressed to the multicast group containing the receiver directly to the receiver, the messages addressed to the multicast group are forwarded by the other multicast routing systems to the nearest multicast routing system via the shortest path. Because all client systems associated with a particular subscriber group are located within a common multicast group, the number of messages can be kept relatively low. Because the first client system is assigned to a subscriber group that includes at least one other client system having the same nearest multicast router system, multicast messages are sent only to the respective client systems via a "last hop" in a unicast manner (i.e., two messages) or using multicast capabilities provided by the data link layer.
In a preferred embodiment, the step of obtaining information uniquely identifying the nearest multicast router system includes receiving a registration request message from the first client system, the message including a network address unique to the nearest multicast router system nearest the receiver of the first client system.
This embodiment makes use of the fact that: i.e. receivers receiving multicast messages for client systems, have to register with the nearest multicast router system in most networks. It either has information identifying the nearest multicast router system or has the ability to obtain this identifying information. Such messages are more difficult to obtain at nodes within the network that are far from the network node formed by the nearest multicast router system.
A preferred embodiment of the method comprises receiving a registration request message from the first client system, the message including an identification of the first client system, and verifying that the first client system is authorized to receive messages for all client systems within the subscriber group, wherein the first client system is only assigned to the subscriber group if authorized.
Because the first client system's registration request message includes the first client system's identification, it may be sent through the proxy server.
A preferred variant comprises receiving a registration request message comprising a digital signature, using the identification to obtain a public key of the client system, and using the public key to verify the authenticity of the signature.
Thus, a mechanism is provided that can detect that a malicious client system pretends that the first client system issued a request.
A preferred embodiment comprises receiving a registration request message from the first client system, the message comprising a network address unique to a receiver receiving multicast messages for the first client system, and returning a registration response message to the receiver unique network address when the first client system is assigned to a subscriber group, the registration response message comprising a multicast network address of at least a common multicast group of the subscriber group to which the first client system has been assigned.
Because the registration response message is sent to the unique network address of the receiver, i.e. unicast, the receiver need not be configured to receive messages under the multicast address. The registration response message includes the multicast network address. This allows the receiver to be subsequently configured to receive messages under that address and/or one or more multicast routing systems to be configured to send group messages under multicast network addresses to the receiver.
A preferred variant comprises receiving a registration request message including verification data and forming a registration response message including data representing at least a portion of the verification data.
This prevents a "man-in-the-middle" attack and spoofs the first client system receiving messages from another service source than the front-end server. This is particularly useful in various situations where group messages are sent to client systems having the ability to decrypt encrypted messages and/or scrambled content. In this embodiment, attempts to send client system group messages to obtain the client system stored security keys are blocked.
A preferred embodiment comprises receiving a registration request message from the first client system, the message comprising a network address unique to a receiver receiving the multicast message for the first client system, and returning a registration response message to the receiver's private network address when the first client system is assigned to the subscriber group, the registration response message comprising at least one key of at least one key pair, subsequently transmitting at least one group message addressed to the public multicast group and encrypting it with the other key of the key pair.
Thus, the first client system is able to receive encrypted group messages, e.g. encrypted using a key common to the user groups. Because the registration response message is returned to the receiver's unique network address, the key message is not received by other receivers or client systems. In particular, the key or key set cannot be obtained by joining the multicast group.
A preferred embodiment, wherein the network is a packet switched network, preferably using the internet protocol, comprises transmitting the group message from the server in separate data packets having a payload and header, wherein the payload of each packet is encrypted separately.
Thus, the link between the head-end system and each receiver receiving data packets for client systems of the same user group is cryptographically protected.
A preferred embodiment comprises assigning the first client system to a subscriber group comprising only other client systems having the same nearest multicast router system.
Thus, the front-end server need only send each subscriber group message as a multicast message to all members of the subscriber group at a time.
A preferred embodiment comprises removing the first client system from the subscriber group when it is determined that a different multicast router system becomes the closest multicast router system for a receiver capable of receiving multicast messages for the first client system.
This embodiment allows the first client system to receive the group message through a different receiver during operation. While maintaining the efficiency of front-end communications.
According to another aspect, the invention resides in a system for controlling communication between a head-end system and a plurality of client systems over a network comprising a plurality of multicast router systems and receivers, characterized in that the system is configured to obtain information uniquely identifying a nearest multicast router system closest to a receiver of a first client system, and to assign the first client system to a subscriber group comprising at least one other client system having the same nearest multicast router system.
Preferably, the system is configured for implementing the method of the invention.
According to another aspect of the invention, a method of requesting the sending of a group message from a head-end system to a first client system, the head-end system communicating with a plurality of other client systems over a network, is characterized by obtaining information uniquely identifying the nearest multicast router system closest to a receiver of the first client system, and transmitting a registration request message including the obtained information to a registration system, enabling the registration system to assign the first client system to a subscriber group including at least one other client system having the same nearest multicast router system.
Thus, the system implementing the method and the front-end system together increase the efficiency of delivering group messages to the client system.
In a preferred embodiment, the information uniquely identifying the nearest multicast router system is a unique network address of the multicast router system and is obtained by message exchange according to a network protocol.
Thus, the provided mechanism is utilized to obtain the identification of the nearest multicast routing system. This makes the method easy to implement. It does not require modification of the network protocol used for multicast, but only the front-end system and the receiver and/or client system.
A preferred embodiment comprises receiving a registration response message comprising the common multicast address assigned by the subscriber group to which the first client system has been assigned, and transmitting a message informing the nearest multicast router system of the common multicast address.
It is ensured that the receiver receiving the subscriber group message for the first client system actually receives substantially all subscriber group messages.
In an embodiment wherein the receiver comprises an interface with at least one device comprising a first client system, the method comprises receiving information representing at least an identity of a user from the first client system via the interface, and transmitting a registration request message further comprising the identity of the user to the registration system.
This approach thus enables the receiver to behave as a proxy server for client systems of different characteristics. This has the advantage that this type of client system can be transferred to other network locations.
In a preferred embodiment, the first client system is comprised in a device having an interface with a receiver of the first client system, the method comprising receiving a message from the receiver over the interface that uniquely identifies the nearest multicast router system closest to the receiver, and returning a registration request message to the receiver over the interface for forwarding to the registration system.
This embodiment has the further advantage that it allows the first client system to be used in conjunction with different receivers at different locations within the network, and in addition, the registration request message is formed by the client system, allowing the use of a relatively simple receiver.
In a preferred variant, the first client system is within a tamper-proof environment of a secure device, preferably a smart card, wherein the first client system is configured to store the secure key and the registration request message is signed by at least the first client system.
This provides additional protection to ensure that the first client system is actually connected to a valid user.
A preferred embodiment comprises obtaining a unique network address of a receiver of the first client system and including the unique network address of the receiver in the registration request message.
This embodiment allows for the return of secure information to the first client system in response to the registration request message without the message being received by other receivers.
According to another aspect of the invention, a system for requesting group message delivery from a head-end system to a first client system is configured to implement a method of the invention for requesting group message delivery from a head-end system to a first client system.
According to another aspect, the invention provides a computer program enabling a computer to carry out the method of the invention when run on a computer.
The invention will now be described in further detail with reference to the accompanying drawings, in which:
fig. 1 schematically shows a network structure to which the above-described method is applied, enabling a user to receive encrypted content data,
figure 2 shows schematically a receiver system comprising a receiver/decoder and a client system in the form of a conditional access module and a smart card.
Figure 3 is a flow chart relating to a first variant of the method for client system request registration,
FIG. 4 is a flow chart relating to a second variation of a client system request registration method, an
Fig. 5 is a flow chart of several steps performed upon receipt of a registration response message.
In fig. 1, the first head-end system includes a CA system 1, a Subscriber Management System (SMS)2, a pre-encryption system 3, and a Video On Demand (VOD) server 4. The second head-end system comprises the same CA system 1 and SMS 2, as well as a scrambling system 5 and a broadcast server 6. The broadcast server 6 is configured to broadcast content data, such as video, audio or text data, via the internet, indicated by reference numeral 7 in fig. 1. In an alternative embodiment, the content data is broadcast out as a Digital Video Broadcast (DVB) service via satellite, cable or terrestrial networks or a combination thereof. A variation of the transmission of content data from the VOD server 4 using this method is also possible.
The content data is transmitted in MPEG-2 format. Each event provided by VOD server 4 on demand or broadcast by broadcast server 6 is made up of at least one elementary stream, also called a component. These events may include one or more streams of video data, audio data, text data, and the like. At least the audio and video data have a common time base. The elementary stream data is carried by so-called Packetized Elementary Stream (PES) packets. The PES stream is composed of PES packets, where all packets contain a payload composed of a single elementary stream data and a code within the header data of the PED packet, and all elementary stream data include the same stream identification.
The PES packets are carried by MPEG-2 Transport Stream (TS) packets. The PES packets may be distributed within a plurality of MPEG-2TS packets. The content data is scrambled at the PES packet layer or at the transport stream layer with a rapidly varying Control Word (CW). The CW is located within an Entitlement Control Message (ECM) within the internet 7. In this example, it is carried within a separate MPEG-2 transport stream, which composites the data streams delivered by VOD server 4 and broadcast server 6. The CWs within the ECM are encrypted with a product key that changes at a lower rate than the CWs. The receiver group that is authorized to decode a particular service obtains the product key by means of an Entitlement Management Message (EMM). These EMMs are examples of group messages that may be used for multiple users.
In the example of fig. 1, the group message is transmitted by the CA system 1 within the internet 7 in the form of multicast Internet Protocol (IP) datagrams.
As an example, five receiver systems are shown, each system including one of five Integrated Receiver Decoders (IRDs) 8-12. The IRDs 8-12 may be implemented in the form of personal computer systems with network cards or modems, so-called set-top boxes for transmitting video and audio signals to television sets, digital television sets with network cards or modems, mobile telephones with multimedia capabilities, etc.
Fig. 2 shows a detailed example of a receiver system in the form of an IRD device 13. The IRD device 13 includes a processor 14 that has access to a (volatile) main memory 15 and transfers control commands and data over a system bus 16. The computer program enables the processor 14 to participate in a process in which EMMs requested to be sent are stored in a Read Only Memory (ROM)17 and/or are accessible by the processor 14 through a controller 18 which provides access to a storage medium 19, such as a hard disk unit or an optical media reader. The storage medium 19 may also be used for loading code into the ROM 17 to provide the desired functionality for the IRD device 13 as is known in the art.
In the example shown, the receiver system also comprises a CA module 20 which communicates with the IRD device 13 via an interface 21, preferably compliant with the common interface standard. The CA module 20 in turn co-operates with an access token, in this case a smart card 22, via a smart card interface 23.
In this example, the smart card 22 has a main processor 24, memory 25 and cryptographic coprocessor 26. The smart card 22 stores user data corresponding to the data stored in the SMS 2. In one embodiment it is a multi-sector smart card for handling content data of the video on demand charging part separately from the content data provided as the charging broadcast service part.
The CA module 20 has an interface module 27 for receiving instructions from the IRD device 13 and a smart card interface module 28 for exchanging data and/or instructions with the smart card 22. It further comprises a processor 29, ROM 30 and RAM 31 for performing the various steps in the process of accessing scrambled content data.
The IRD device 13 includes a network interface device 32, preferably an ethernet card. Alternative embodiments may include a modem, a wireless interface device for communicating with an external xDSL modem, and the like. To simplify the following description, it will be assumed that the network interface device 32 is an Ethernet card.
The network interface device 32 communicates IP datagrams through a software implemented network stack. The payload in the scrambled MPEG-2TS packet format is passed to a filtering and de-scrambling module 33. This module 33 filters out the received multipath packets belonging to the service that the IRD device 13 is instructed to tune in. The ECMs and EMMs are transmitted to CA module 20. The CA module 20 provides the (encrypted) ECMs and EMMs to the smart card 22. The smart card 22 obtains the product key from the EMM and stores it in the memory 25. The product key is used to decrypt the CW, which is returned to the filtering and inverse-despreading module 33. In an alternative embodiment (not shown), the IRD itself includes at least one smart card interface, and thus the CA module 20 is not required.
The network interface device 32 is enhanced with software to enable the IRD device 13 to implement various network protocols. In a combined form enabling the IRD device 13 to receive IP packets addressed to the multicast group. That is, the IRD device 13 is able to accept IP packets including header data carrying an IP multicast address. The address is also identified by the first part, i.e. a special address prefix assigned to the multicast address. The IRD device 13 joins the multicast group using the network group management protocol (IGMP).
Turning to fig. 1, it is schematically presented that the first, second and third IRDs 8-10 are treated as nodes within a Local Area Network (LAN) 34. The function of the first multicast router 35 is to receive IP datagrams having multicast IP addresses assigned to groups comprising any of the first, second and third IRDs 8-10. The IP multicast address is translated into a link layer multicast address, in this case an ethernet multicast address. IGMP enables the first, second and third IRDs to report their multicast group membership to the first multicast router 35 closest to them.
The second, third and fourth multicast routers 36-38 are clearly shown. It should be understood that the first and second network segments 39, 40, which are only schematically shown, may contain more multicast routers of this type. The fifth and sixth routers 41, 42 are not multicast capable. The fourth multicast router 38 is the multicast router closest to the fourth and fifth IRDs. The fourth multicast router 38 converts multicast IP datagrams addressed to the group joined by the fourth and fifth IRDs 11, 12 into IP datagrams with headers carrying unicast addresses for the fourth and fifth IRDs 11, 12, respectively, in the destination address field.
The IRDs 8-12 in fig. 1 each interface with a smart card (not shown), such as the smart card 22 or more precisely, the implementation of the client systems contained in a sector of the smart card 22. The following example assumes that a client system is available to enable the IRD device 13 to receive content data from the VOD server 4.
In one embodiment shown in fig. 3, the IRD device 13 implements a method of requesting EMMs, i.e., group messages, to be sent, decrypting ECMs carrying encrypted CWs for use in reverse scrambling the requested VOD service.
In a first step 43 the IRD device 13 sends out a message to obtain the IP address of the nearest multicast router. The nearest multicast router is one of the multicast routers 35-38 that forwards one multicast message to the IRD device 13 bypassing all other multicast routers. If the IRD device 13 corresponds to one of the first, second and third IRDs 8-10, then the first multicast router 35 is closest. If the IRD device 13 corresponds to one of the fourth and fifth IRDs 11, 12, then the fourth multicast router 38 is closest. Which router is the closest router depends on the routing protocol that the routing system uses to find the shortest link to a particular destination. The first step 43 may also comprise listening for advertisement messages periodically transmitted by the nearest multicast router system.
In an alternative embodiment the first step 43 is replaced by a further step in which the IRD device 13 retrieves the network address of the nearest multicast router system from a configuration message stored in the storage medium 19. This configuration may be entered by the user when setting up the IRD device 13.
In a subsequent step 44, the IRD device 13 receives the IP address of the nearest multicast router. It is to be noted that this IP address is the IP address assigned to the interface of the router, i.e. it is unique for this router. Although step 44 is typically after the first step 43, step 44 may also comprise receiving an ICMP redirect message. This may occur if the first selected multicast router is not actually the closest router as determined by the routing protocol applied by the router.
The CA system 1 assigns each client system requesting a service to one of a plurality of user groups. To this end, the system or alternatively the SMS 2 maintains subscriber group information, linking each registry of a plurality of client systems to a group assigned to it. At the same time, the registered client systems are assigned to at least one multicast group, each multicast group corresponding to a multicast IP address. Upon receiving a message requesting EMM transmission from a particular IRD device 13 associated with a client system, the CA system assigns the client system to at least one multicast group such that all client systems associated with the subscriber group containing the client system have at least one assigned common multicast group.
EMMs for all members of a subscriber group are multicast in multicast IP datagrams under a multicast IP address corresponding to a common multicast group. These EMM carrying datagrams are multicast by a server comprised by the CA system. In an alternative embodiment, the ECM is also multicast in the same manner.
To ensure efficient use of the internet 7, the registration request message issued by the IRD device 13 includes the IP address obtained in step 44. The CA system 1 assigns the first client system to a subscriber group including at least one other client system that has reported the same IP address as the nearest multicast router. Preferably, the CA system ensures that the subscriber group assigned to the requesting client system contains only client systems having a common nearest multicast router.
Upon determining that another multicast router system becomes the closest multicast router system to the receiver receiving multicast messages for the client system, the CA system 1 preferably reassigns the client system to another different subscriber group, thereby removing the client system from the group to which the client system was originally assigned. This is an advantageous feature because the client system is only partially implemented on one sector of the smart card 22. Because the smart card 22 is portable, tamper-proof, and token-accessible, it may be used in conjunction with another of the five IRDs 8-12.
By implementing the above method, client systems that receive multicast datagrams by the first, second and third IRDs 8-10 are assigned to the first subscriber group. The client systems of the fourth and fifth IRDs 11, 12 receiving multicast IP datagrams carrying group messages are assigned to another subscriber group. Thus, multicast IP datagrams for the first subscriber group are forwarded by each routing system between the CA system 1 and the first multicast router 35 at a time. Multicast IP datagrams for the second subscriber group are forwarded once until they reach the fourth multicast router 38. Only two separate copies are sent to the fourth and fifth IRDs 11, 12. These copies are tunneled through the fifth and sixth routers 41, 42, respectively, i.e. the non-multicast capable routers. If any client system using one of the first to third IRDs 8-10 is allocated to the same group using one of the fourth and fifth IRDs 11, 12, then the individual copies are transmitted further in the upstream direction, and thus this particular way of allocating client systems to user groups saves bandwidth.
Returning to fig. 3, the IRD device 13 obtains a random number (step 45), preferably from the smart card 22. This random number corresponds to the verification data, which will be explained later. The smart card 22 or the IRD device 13 retains the information representing the random number in memory for subsequent verification. The IRD device, upon establishing the registration request message, includes the random number, which is added to the IP address obtained in step 44.
The IRD device 13 then (step 46) or currently obtains the subscriber identity stored in a sector of the smart card 22. The data is received by the CA module 20. The registration request message includes a user identification or information that enables determination of the user's identity.
The registration request message thus established is first submitted to the smart card 22 (step 47). The smart card 22 is arranged to store a key which is used to digitally sign and/or encrypt the registration request message. In this state, the IRD device 13 receives its return message from the smart card 22 (step 48).
Subsequently (step 49), a registration request message is sent to the CA system 1. The registration request message is sent over IP using UDP.
To prevent the IRD device 13 from being "suspended," a timer is started (step 50). It is expected that a registration response message is received from the CA system 1 within the time interval at. If not, step 49 is repeated and the time interval is set to randomly increase by the magnitude of Δ t.
The routine continues to run as shown in fig. 5. An alternative to the step shown in fig. 3, shown in fig. 4, is first explained. In this alternative form, the method of requesting the sending of the EMM is implemented by the smart card 22, rather than the IRD device 13. To this end, the smart card 22 executes instructions stored in the memory 25. In one embodiment, these instructions take the form of programs downloaded by the IRD device 13 through the internet 7.
The purpose of the IRD device 13 is to obtain the IP address of the nearest multicast router system using any of the methods described above in conjunction with step 43 of fig. 3. The smart card 22 receives the acquired IP address through the interface 23 with the CA module 20 (step 51). In the illustrated embodiment, it also receives the unicast IP address of the IRD device 13. It then generates a random number (step 52) and the body of the registration request message (step 53). The body includes the received IP address and random number of the nearest multicast router, and a subscriber identity. It also includes the unicast IP address of the IRD device 13 received in step 51. In one embodiment, the user identification is comprised of data representing a smart card serial number. In one embodiment, the message body includes a hash of one or more other information entries within the message body. Hashing is typically a one-way operation. The hashing function chosen ensures that it is not possible to extract the input value by analyzing the hash value generated by applying the function, and that two different inputs do not result in the same hash value.
The message body is signed (step 54). In one embodiment (not shown), the message body is encrypted. The registration request message is then transmitted to the IRD device 13 (step 55). In one embodiment, the IP address of the CA system 1 is extracted from the memory of the IRD device 13. In an alternative embodiment, the smart card 22 informs the IRD device 13 of the IP address of the server 1. The IRD device 13 generates an IP datagram carrying a registration request message with the unicast IP address of the CA system 1 included in the header data.
In the example discussed here, the CA system 1 receives the registration request message. If a message in an encrypted format is received, it is decrypted. The subscriber identity in the registration request message is extracted and submitted to SMS 2. Thereby it is checked whether the client system generating the message is authorized to receive EMMs for all client systems within the subscriber group to which the client system is to be allocated. The client system is assigned to the user group only if the authorization exists. If the message is signed, the signature is verified using a public key corresponding to the private key stored within the smart card 22. The user identification is preferably used to obtain an appropriate public key to verify the authenticity of the signature.
The hash value contained in the registration request message is regenerated from the content of the registration request message and compared with the hash value transmitted with the registration request message.
The CA system 1 further obtains the unique (i.e. unicast) IP address of the IRD device 13 that received the multicast message for the client system sending the registration request message.
It is assumed that the requesting client system is authorized to receive the requested EMM, which is assigned to a subscriber group receiving the EMM for the requested service. The selected subscriber group includes at least one registration request message indicating other client systems of the same nearest multicast router address.
The client system is able to receive EMMs by means of the registration response message generated by the CA system 1. The registration response message includes the random number within the registration request message, or unique information related to the random number. The registration response message also includes at least one key or at least one key pair. It preferably comprises one key of each of the three key pairs. The key pair is used to unicast messages to the client system. One key is used to encrypt group information addressed to a user group. One key is used to encrypt broadcast messages addressed to all client systems of more than one subscriber group. The registration response message also includes a multicast address of at least the common multicast group assigned to the user group of the requesting client system. In some embodiments it further comprises a multicast address addressing all members of a plurality of user groups. In a preferred embodiment, the registration response message includes a hash value that is based on some or all of the data of the remainder of the registration response message. In the illustrated embodiment, it includes a digital signature.
Returning to fig. 5, the IRD device 13 receives the registration response message (step 56). The signature appended to the registration response message is verified using the public key of the CA system 1 (step 57). The random number is checked against the copy retained in step 45 or 52 (step 58). The multicast address to which the common multicast group of the subscriber group to which the client system has been assigned is then obtained (step 59).
The IRD device 13 is triggered to initiate registration of the nearest multicast router. In particular it sends a message according to the internet group management protocol informing the nearest multicast router system about the multicast address obtained in step 50. Thus, the IRD device 13 joins the multicast group. It is capable of receiving IP datagrams whose header includes a multicast address in the destination address field. At least one IP datagram includes a payload encrypted with one key of a key pair. The corresponding key for decrypting the payload is retrieved from the registration response message and stored in the memory of the smart card 22. If symmetric encryption is used, the keys in the key pair are inevitably identical.
The invention is not limited to the embodiments described above, which may be varied within the scope of the appended claims. For example, the hash value and the signature within the registration request message and/or the registration response message may be combined with each other, where the signature is a ciphertext of the hash value.
Claims (23)
1. A method for controlling communication between a head-end system (1-6) and a plurality of client systems (13, 22) over a network (7) comprising a plurality of multicast router systems (35-38) and receivers (8-13),
each multicast routing system (35-38) is configured to forward multicast messages sent by the head-end system and addressed to a respective multicast group to a receiver, which is capable of receiving messages addressed to any multicast group including the receiver for the client system,
wherein for each receiver only the closest one of the multicast routing systems (35-38) is configured to forward a copy of a message directly to the receiver, the message being addressed to a multicast group containing the receiver,
the method comprises the following steps:
maintaining subscriber group information to enable each of a plurality of client systems to connect to an associated one of a plurality of subscriber groups via a registered system, an
Assigning the registered client systems to at least one multicast group, such that all client systems associated with a particular user group are located in a common multicast group,
a front-end server is configured to multicast subscriber group messages to client systems with messages addressed to the multicast group, each subscriber group message being available to all client systems within the subscriber group,
the method is characterized in that,
obtaining information uniquely identifying a nearest multicast router system of a receiver nearest to the first client system, and
the first client system is assigned to a subscriber group that includes at least one other client system having the same nearest multicast router system.
2. A method according to claim 1, wherein the step of obtaining information uniquely identifying the nearest multicast router system (35-38) comprises receiving a registration request message from the first client system, the registration request message including a network address unique to the nearest multicast router system nearest the receiver of the first client system.
3. A method according to claim 1 or 2, comprising receiving a registration request message from the first client system, the registration request message including an identification of the first client system, and
it is checked whether the first client system is authorized to receive messages for all client systems within the user group,
wherein the first client system is assigned only to the group of users if authorized.
4. A method according to claim 3, comprising receiving a registration request message including a digital signature, using said identification to obtain a public key of the client system, and using the public key to verify the authenticity of the signature.
5. A method according to any one of claims 1 to 4, comprising receiving a registration request message from the first client system, the registration request message including the unique network address of the receiver for the first client system to receive multicast messages, and when the first client system is assigned to a subscriber group, returning a registration response message to the unique network address of the receiver, the registration response message including the multicast network address of at least the common multicast group of the subscriber group to which the first client system has been assigned.
6. A method according to claim 5, comprising receiving a registration request message including the verification data, and forming a registration response message including data representing at least part of the verification data.
7. A method according to any one of claims 1 to 6 including receiving a registration request message from the first client system, the registration request message including the unique network address of the receiver for which the first client system received the multicast message, and returning a registration response message to the unique network address of the receiver when the first client system is assigned to the subscriber group, the registration response message including at least one key of the at least one key pair, and subsequently transmitting the at least one group message addressed to the common multicast group and encrypting it with the other key of the key pair.
8. A method according to claim 7, wherein said network is a packet switched network, preferably using the Internet protocol, comprising transmitting the group message from the server in separate packets having a payload and header, wherein each packet payload is encrypted separately.
9. A method according to any preceding claim, comprising assigning the first client system to a subscriber group comprising only other client systems having the same nearest multicast router system.
10. A method according to any one of the preceding claims, comprising removing the first client system from the group of users when it is determined that a different multicast router system (35-38) becomes the closest multicast router system to a receiver capable of receiving multicast messages for the first client system.
11. A system for controlling communication between a head-end system (1-6) and a plurality of client systems (13, 22) over a network (7) comprising a plurality of multicast router systems (35-38) and receivers (8-13),
each multicast routing system (35-38) is configured to forward multicast messages sent by the head-end and addressed to a respective multicast group to a receiver (8-13), which is capable of receiving messages addressed to any multicast group including the receiver for a client system,
wherein for each receiver only the closest one of the multicast routing systems (35-38) is configured to forward a copy of a message addressed to a multicast group containing the receiver directly to the receiver (8-13),
the system comprises:
a database (2) for maintaining subscriber group information, each registered one of the plurality of client systems being linked to an associated one of the plurality of subscriber groups,
wherein the system is configured to assign registered client systems to at least one multicast group such that all client systems (13, 22) associated with a particular user group are located in a common multicast group,
a front-end server configured to multicast subscriber group messages to client systems (13, 22) with messages addressed to the multicast group, each subscriber group message being available to all client systems within the subscriber group,
the system is characterized in that it is provided with,
the system is configured to obtain information uniquely identifying a nearest multicast routing system (35-38) nearest a receiver of the first client system (13, 22), and
the first client system is assigned to a subscriber group that includes at least one other client system having the same nearest multicast router system.
12. The system of claim 11, configured for performing the method of any one of claims 1-10.
13. A method of requesting a group message to be sent from a head-end system (1-6) to a first client system, the head-end system communicating with a plurality of other client systems (13, 22) via a network (7) comprising a plurality of multicast router systems (35-38) and receivers (8-13),
each multicast routing system (35-38) is configured to forward multicast messages sent by the head-end and addressed to a respective multicast group to a receiver (8-13) capable of receiving for a client system messages addressed to any multicast group comprising the receiver (8-13),
wherein for each receiver only the closest one of the multicast routing systems is configured to forward a copy of a message directly to the receiver, the message being addressed to a multicast group containing the receiver,
the front-end system comprises
A registration system (1, 2) for maintaining group information, linking each registered one of the plurality of client systems to an associated one of the plurality of groups, assigning multicast addresses to the client systems such that all client systems associated with a particular group have a common multicast address, and
a server (1) configured to multicast group messages to at least one client system with messages having multicast addresses, each group message being available to all client systems within the group,
it is characterized in that the preparation method is characterized in that,
information uniquely identifying a nearest multicast router system nearest a receiver of the first client system is obtained, and a registration request message including the obtained information is transmitted to the registration system, enabling the registration system to assign the first client system to a subscriber group including at least one other client system having the same nearest multicast router system.
14. The method of claim 13, wherein the information uniquely identifying the nearest multicast routing system is a unique network address of the multicast routing system and is obtained through message exchange pursuant to a network protocol.
15. A method according to claim 13 or 14, comprising receiving a registration response message including the common multicast address allocated by the subscriber group to which the first client system has been allocated, and
a message informing of the common multicast address is transmitted to the nearest multicast routing system.
16. A method according to any of claims 13-15, wherein the receiver comprises an interface (21) with at least one device (22) comprising the first client system, the method comprising receiving information representing at least an identity of the user from the first client system via said interface, and
a registration request message further comprising the user identification is transmitted to the registration system (1, 2).
17. A method according to any one of claims 13 to 15, wherein the first client system is comprised in a device (22) having an interface (23, 28) with a receiver of the first client system, the method comprising:
receiving information from the receiver over said interface (23, 28) uniquely identifying the nearest multicast routing system closest to the receiver (13),
a registration request message is returned to the receiver (13) via the interface for forwarding to the registration system (1, 2).
18. A method according to claim 16 or 17, wherein the first client system is within a tamper-proof environment of a security device, preferably a smart card, wherein the first client system is arranged to store the security key and the registration request message signed by at least the first client system.
19. A method according to any one of claims 13 to 18, including obtaining a unique network address of the receiver (13) of the first client system and including the unique network address of the receiver in the registration request message.
20. The method of claim 19, comprising receiving a registration response message including at least one key of at least one key pair in a message at a network address unique to the receiver,
subsequently receiving at least one encrypted group message addressed to the common multicast group, an
The encrypted group message is decrypted using the other key of the appropriate key pair.
21. A method according to any one of claims 13 to 20, comprising
Transmitting a registration request message including verification data to the registration system,
receiving a registration response message including the public multicast address and response data assigned by the subscriber group to which the first client system has been assigned, and
it is checked whether the response data comprises information representing at least part of the check data.
22. System for requesting a group message to be sent from a head-end system (1-6) to a first client system, the head-end system communicating with a plurality of other client systems (13, 22) via a network (7) comprising a plurality of multicast router systems (35-38) and receivers (8-13),
each multicast routing system (35-38) is configured to forward multicast messages sent by the head-end and addressed to a respective multicast group to a receiver, which is capable of receiving messages addressed to any multicast group including the receiver for the client system,
wherein for each receiver only the closest one of the multicast routing systems (35-38) is configured to forward a copy of a message directly to the receiver, the message being addressed to a multicast group containing the receiver,
the front-end system includes:
a registration system (1, 2) for maintaining group information, linking each registered one of the plurality of client systems to an associated one of the plurality of groups, assigning multicast addresses to the client systems such that all client systems associated with a particular group have a common multicast address, and
a server (1) configured to multicast group messages to at least one client system using messages having a multicast address, each group message being available to all client systems within the group, the system being arranged to implement the method of any one of claims 13 to 21.
23. A computer program enabling a computer to carry out the method of any one of claims 1-10 or 13-21 when run on the computer (1; 13; 20).
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| EP05101087.4 | 2005-02-14 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| HK1093125A true HK1093125A (en) | 2007-02-23 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1691507B1 (en) | Method of controlling communication between a head-end system and a plurality of client systems | |
| US6594758B1 (en) | System, method, and medium for broadcasting service contents | |
| CN1209904C (en) | A system to deliver encrypted access control information | |
| US11350277B2 (en) | Lattice mesh | |
| EP1487168B1 (en) | Secure multicast flow | |
| CN100346605C (en) | A method and system for multicast source control | |
| CN101032147A (en) | Method for updating a table of correspondence between a logical address and an identification number | |
| CN1523824A (en) | System and method for translating requests between different multicast protocols in a communication network | |
| CN1890920A (en) | Secure transport of multicast traffic | |
| CN1756234A (en) | Server, VPN client, VPN system, and software | |
| US7643478B2 (en) | Secure and personalized broadcasting of audiovisual streams by a hybrid unicast/multicast system | |
| WO2007076652A1 (en) | User authorization method for use in digital television conditional access system | |
| CN102368707B (en) | Method, equipment and system for multicast control | |
| CN110719247B (en) | Terminal network access method and device | |
| CN101924641B (en) | Method, device and system for processing multicast source information | |
| HK1093125A (en) | Method of controlling communication between a head-end system and a plurality of client systems | |
| CN1653777A (en) | Method for data distribution with access control | |
| US20090019512A1 (en) | System Method and Computer Readable Medium for Multicasting Control Messages to a Set Top Box | |
| CN1604534A (en) | Method for acquiring key by user through service data carried key information | |
| Lee et al. | Internet group management protocol for IPTV services in passive optical network | |
| CN103312514A (en) | Multicast receiver verification method based on unicast forwarding mode | |
| CN1784899A (en) | Security method for broadcasting service in mobile communication system | |
| JP4970012B2 (en) | Digital broadcast distribution method and digital broadcast receiver | |
| Epstein | Using multi-protocol encapsulation technology to develop optimum data broadcast systems | |
| JP2008136108A (en) | Digital broadcast distribution system and its transmission / reception device |