[go: up one dir, main page]

WO2004112385A1 - Adapter arrangement, method, system and user terminal for conditional access - Google Patents

Adapter arrangement, method, system and user terminal for conditional access Download PDF

Info

Publication number
WO2004112385A1
WO2004112385A1 PCT/SE2004/000931 SE2004000931W WO2004112385A1 WO 2004112385 A1 WO2004112385 A1 WO 2004112385A1 SE 2004000931 W SE2004000931 W SE 2004000931W WO 2004112385 A1 WO2004112385 A1 WO 2004112385A1
Authority
WO
WIPO (PCT)
Prior art keywords
virtual
module
user terminal
adapter arrangement
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/SE2004/000931
Other languages
French (fr)
Other versions
WO2004112385A9 (en
Inventor
Ted Olsson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TELEVISION AND WIRELESS APPLICATIONS EUROPE AB
Original Assignee
TELEVISION AND WIRELESS APPLICATIONS EUROPE AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TELEVISION AND WIRELESS APPLICATIONS EUROPE AB filed Critical TELEVISION AND WIRELESS APPLICATIONS EUROPE AB
Priority to EP04748990A priority Critical patent/EP1639812A1/en
Publication of WO2004112385A1 publication Critical patent/WO2004112385A1/en
Publication of WO2004112385A9 publication Critical patent/WO2004112385A9/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/41Structure of client; Structure of client peripherals
    • H04N21/418External card to be used in combination with the client device, e.g. for conditional access
    • H04N21/4181External card to be used in combination with the client device, e.g. for conditional access for conditional access
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4405Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving video stream decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/162Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
    • H04N7/163Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing by receiver means only
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/16Analogue secrecy systems; Analogue subscription systems
    • H04N7/173Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
    • H04N7/17309Transmission or handling of upstream communications
    • H04N7/17318Direct or substantially direct transmission and handling of requests

Definitions

  • the present invention is related to an adapter arrangement, a method, a system and a user terminal for enabling access to a system distributing different services via a distribution network, and in which a user terminal is used to decode these services, in accordance with the preamble of claims 1, 19, 31 and 40 respectively.
  • a user of a pay-TV system is equipped with a decoder that is connected between a TV tap and a TV set at the user's premises.
  • a main part in the system transmits encoded and uncoded signals that the decoder receives via the TV tap.
  • the encoded and uncoded signals may represent analogue or digitally encoded and uncoded TV programmes/channels, and the decoder may then decrypt parts of, or all of the encoded signals in dependence of the access rights of the user, and thereby the access rights of the decoder, i.e. which channels/programmes the user pays to gain access to.
  • Recent systems are often digital, i.e. the system broadcasts digital signals that are decoded by a digital decoder.
  • An advantage with digital systems versus analogue systems is that a considerably larger amount of data may be transmitted, and thereby a considerably larger .number of TV channels.
  • the larger capacity in the digital systems also enables space for other services, for example interactive services such as games and surfing the Internet, where a user via a return channel in the system may affect and interact with what is shown on the TV set.
  • Common for both analogue and digital pay-TV systems is that a user has to authenticate himself to the system, and from the system receive authorization information in order to gain access to the services.
  • CA card Consumer Access
  • program card also called program card
  • the CA card is a so called smart card that the user ob- tains from the pay-TV system operator. The user inserts his CA card into a card reader in his decoder and may then start to use the decoder.
  • the safety functions of the decoder reads the CA card and the authorization information received by the decoder from the CA card may include a key to a certain service that the user has ordered, and an indication of for example which channels the user has paid for and thus should have ac- ⁇ cess to. If the authorization information indicates that the user has the right to watch a certain channel, the decoder decrypts this channel.
  • a problem with current decoders is that they have to be manufactured for a particular digital TV system. This also leads to a second problem with current systems, which is that a decoder that is intended for use in a particular digital TV system generally can not be used in another, and a user that wishes to get access to various digital TV systems must therefore obtain a plurality of decoders. This is both costly and inconvenient .
  • Another object of the present invention is to provide a method for enabling access to a distribution system. This object is achieved by a method as defined in the characterising portion of claim 20.
  • Another object of the present invention is to provide a system that distributes different services via a distribution network. This object is achieved by a system as defined in the characterising portion of claim 31.
  • Another object of the present invention is to provide a user terminal for use with an adapter arrangement. This object is achieved by a user terminal as defined in the characterising . portion of claim 40.
  • the present invention provides an adapter arrangement that comprises means for enabling download of a virtual CA (Conditional Access) module to a user terminal via a distribution network.
  • the virtual CA module may substantially include functions corresponding to the functions of a conventional CA module. This has the advantage that a user terminal does not have to be provided with distribution network specific functionality for a particular distribution network during the manufac- turing process.
  • the adapter arrangement may further enable download of a virtual CA card, which substantially includes functions corresponding to functions of a conventional CA card.
  • a virtual CA card which substantially includes functions corresponding to functions of a conventional CA card.
  • the virtual CA module and/or virtual CA card may be downloaded via the distribution network via an extra data stream from a system unit, a decoder data injector.
  • This has the advantage that existing infrastructure may be maintained and the new functionality may be implemented as an extra data stream that is parallel to the existing data streams. Further, a system unit is provided that is easily adapted to a plurality of dif- ferent systems .
  • the adapter arrangement may be arranged to be capable of receiving CA modules and/or CA cards from a plurality of distribution networks. This has the advantage that the adapter arrangement may enable download of a virtual CA module and/or a virtual CA card from an arbitrary distribution system.
  • a user terminal may thus be manufactured as system independent and may be moved between various distribution networks. A user may thus change service supplier as desired without the need for purchasing or otherwise obtain a new user terminal at the change.
  • the adapter arrangement may be arranged to be adapted to a plurality of user terminals. This has the advantage that a plurality of different user terminals may be arranged to operate in a plurality of different distribution networks, which results in that a user may take any user terminal provided with an adapter arrangement according to the invention and use it in any suitable distribution network.
  • the adapter arrangement may be arranged to enable contemporary storage of two or more CA modules and/or CA cards, whereupon the user terminal receives contemporaneous access to two or more distribution systems. This has the advantage that a user terminal may be used for contemporaneous reception of services from a plurality of distribution systems .
  • a downloaded CA module and/or a downloaded CA card may be dis- carded from the user terminal and replaced with a new downloaded CA module and/or CA card.
  • the virtual CA module and/or the virtual CA card may be stored in a memory in the user terminal .
  • the memory may consist of a flash memory or a RAM memory (Random Access Memory) .
  • the use of a flash memory or any other non-volatile memory has the ad- vantage that the virtual CA module and/or the virtual CA card will remain in the memory even when the user terminal is turned off.
  • the download of the virtual CA module and/or the virtual CA card does thus not have to be repeated each time a user wishes to use his terminal.
  • the memory may however con- sist of a RAM memory. This results in a cheaper terminal since RAM memories generally are less expensive than for example flash memories .
  • the disadvantage is however that the virtual card needs to be downloaded each time the terminal is turned on.
  • the adapter arrangement may include means for secured transfer during the download of the virtual CA module and/or virtual CA card. This has the advantage that fraud by means of interception of sent out virtual CA modules or virtual CA cards is made more difficult.
  • the means for secured transfer may comprise asymmetric and/or symmetric encryption of at least part of the information to be transmitted. This has the advantage that a strong security against fraud is accomplished.
  • the adapter arrangement may be arranged to use built-in security functions of the user terminal, e.g. at download of the virtual CA module and/or virtual CA card, when generating a new set of keys or whenever use of the built-in security functions of the user terminal may be advantageous .
  • This has the advantage that then manufacturer of the user terminal may provide the user terminal with security functions that the adapter arrangement is adapted to use.
  • the download of a CA module an/or a CA card may be ordered by a user through the use of his mobile terminal, whereupon a server arrangement connected to a mobile communication network sends an order to a system unit to create the CA module and/or CA card and transmit this to the user terminal via the distribution network.
  • the user terminal may be a set-top-box, part o'f a TV set or a computer.
  • the functionality of the user terminal may advantageously be integrated in a TV set since it according to the invention is possible to obtain a distribution network independent user terminal.
  • the present invention may be practised in a digital TV network, giving all of the above stated advantages compared to current digital TV networks .
  • the services may comprise at least one of the following: TV channels, TV programmes, movies, games or any kind of encrypted data.
  • the adapter arrangement may be composed of a computer program product stored on a computer readable memory. This has the ad- vantage that the adapter arrangement easily can be made as an integrated part of the user terminal.
  • Fig. 1 schematically shows the different parts of a conventional pay-TV system in accordance with the SimulCrypt architecture defined by DVB.
  • Fig. 2 shows the present invention in a conventional pay-TV system.
  • Fig. 3 shows an alternative embodiment of the present invention in a conventional pay-TV system.
  • Fig. 4 shows another embodiment of the present invention.
  • Fig. 5a and 5b shows STB priming and initialisation flow diagrams .
  • Fig. 6 shows how a virtual CA module and a virtual CA card in accordance with the present invention can be downloaded to a user .
  • set-top-box refers to a terminal at a user's premises having a built-in decoder in order to decode incoming encrypted signals into a format suited for displaying on a TV-set.
  • SimulCrypt architec- ture which is the architecture that CA-systems (Conditional Access) of today utilize, a person skilled in the art realises that the invention may be used in other systems as well.
  • the SimulCrypt architecture comprises four constituent parts: Sub- scriber Authorisation System (SAS) 14, EMM-injector 13 generating authorisation information, ECM-injector 11 generating control word messages, and finally a decoder module at a user' s premises .
  • SAS Sub- scriber Authorisation System
  • EMM-injector 13 generating authorisation information
  • ECM-injector 11 generating control word messages
  • decoder module at a user' s premises
  • Fig. 1 shows a conventional pay-TV system 1, in which a preferred embodiment of the present invention may be applied.
  • the system 1 comprises a TV-set 2 and a set-top-box (STB) 3 connected to the TV-set 2.
  • STB 3 and/or the TV-set 2 is/are connected to a distribution network 4, which may con- sist of a terrestrial TV distribution network, a satellite TV distribution network or a cable TV network.
  • the distribution network 4 is today often a digital distribution network, in which standards developed by DVB (Digital Video Broadcasting) are used for information transfer.
  • DVB Digital Video Broadcasting
  • the described system is es- sentially a unidirectional system, in which there is no return channel on which a supplier can receive a verification from a client, and nor is there a way to verify that a receiver is an authorized receiver.
  • a unidirectional distribution network lacks the possibility to a handshake procedure in the return channel.
  • a multiplexer 5 is also connected to the distribution network 4, combining the information 6, 7, 8, 9, 10 to be sent via the distribution network 4 and attends to that the information 6, 7, 8, 9, 10 is broadcasted.
  • the information 6, 7, 8, 9, 10 comprises partly the TV channels and TV programmes or other video information 6 to be broadcasted via the distribution network 4, partly radio and other audio information (for exam- pie the sound of the TV programmes) 7, partly for example games and other information or data 8 such as for example betting information, teletext and subtitling, and partly control information 9, 10, which will be described in detail below.
  • Each provider of pay-TV services has its own pay-TV system and in order to enable coexistance of several pay-TV systems in one and the same distribution network a standard called Simul- Crypt has been developed in order to enable control information from several service providers to be broadcasted via the same distribution network.
  • a first control information 9 consists in control word messages, ECM messages (Entitlement Control Message) 9, generated in a ECM message injector 11.
  • the ECM messages 9 include information (keys for example) in order to enable decrypting of different broadcasts (TV channels for example) .
  • a certain ECM message 9 can be broadcast often, for example several times each second, in order to be immediately available to a new viewer.
  • a security module 12 in the STB 3 reads the ECM messages 9 together with the EMM messages 10 in order to receive authorisation and keys to decrypt the different broadcasts.
  • the security module 12, also called CA module, may constitute an integrated part of the STB 3 or constitute a separate module to be inserted into a so called common interface port in the STB 3.
  • the identity of the user is stored on a smart card, a CA card or program card, that the user today obtains from an operator and inserts into the STB 3, and that is connected to the security module 12 via a card reader.
  • Authorisation information used in a specific STB 3 is received from one or more EMM mes- sages 10 (Entitlement Management Message) constituting the second control information 10 and thus used in order to convey the authorities of the user to the STB.
  • the EMM messages 10 are generated by an EMM injector 13 and contain information about a receiver' s identity and which services the receiver should decrypt.
  • the security module 12 in the STB 3 reads the EMM messages 10 in order to know what the STB 3 should decrypt and make available for the user, and then uses the ECM messages 9 as decrypting keys in order to be able to decrypt the chosen services.
  • the authorities that a user should have, i.e. which EMM mes- sages 10 should be sent to a user's STB 3 is controlled by a subscriber Authorisation System, SAS 14, which is a system acting on commands from an subscriber Management System, SMS 15.
  • the SMS 15 is a system managing user information and sending requests for activation of services to the SAS 14 that translates the information from the SMS 15 to EMM messages 10 and sees to it that the security module 12 at the user' s premises receives correct authorisation in order for correct service to be decoded.
  • the SMS 15 is more or less unique to each service provider and can be designed such that it is an opera- tor that manually enters which users should have which services .
  • fig. 2 is shown a conventional CA system according to fig. 1, which has a new system node added.
  • This system node is a decoder data injector, in this embodiment called a VCAM injector 17 (Virtual Conditional Access Module) that has as its task to create virtual CA modules.
  • VCAM injector 17 Virtual Conditional Access Module
  • These virtual CA modules contain the same information and functions as in current physical CA modules of today or corresponding functionality that is integrated in STBs of today, that is, the parts that e.g. handle CA card reading and management keys that are used to decrypt EMM's, and out of which EMM' s the operational keys are extracted and used to decrypt ECM' s to recover the control word.
  • the control word is sent to the descrambler to descram- ble the video signal.
  • a user that wishes to get access to a particular CA system may according to the invention, instead of purchasing a STB that is manufactured for the particular CA system operator, purchase or otherwise obtain a more general STB that does not comprise CA module functionality of a particular system, .
  • a new virtual CA module is created and put in a so called carrousel, being a circular list containing items, into which the program codes for the different virtual CA modules are entered. The items remain in the list during a predetermined time period before they are removed. This time period should correspond to the time period needed for a STB 3 to be able to download the virtual CA module.
  • the STB After download of the virtual CA module the STB is adapted to operate in the particular CA system the virtual CA module has been downloaded for.
  • the STB now has the same functionality as a conventional STB, the STB may comprise a card reader into which a conventional CA card for the CA system may be inserted. The user may then use the STB in the same way as a conventional STB with a conventional CA card. It is not important for the invention which CA system that is used, the VCAM injector 17 may easily be adapted to different systems.
  • VCAM data stream 18 Virtual Conditional Access Module
  • the CA module for a particular CA system may be discarded and replaced by a new virtual CA module for enabling access to another CA system if a user later decides that he wishes to change to another CA system.
  • the present invention thus also solves the problem with current systems that a STB that is intended for use in one CA system generally may not be used in another CA system.
  • a function in the STB 3 determines whether the received information is to be decoded or not, i.e. whether the user has authorization to access certain information, as was explained above.
  • a certain STB 3 listens to the information stream, now also containing the extra VCAM data stream 18, and receives the virtual CA module intended for that specific STB 3.
  • the received virtual module is stored in a memory 19 in the STB 3, preferably a flash memory in the decoder chip.
  • the advantage of having a flash memory is that the virtual CA module remains in the memory even if the STB 3 is turned off.
  • An alternative is to use an ordinary RAM memory, but then it is required that the virtual CA module is downloaded each time the STB 3 is turned on, which may be perceived as time-consuming by " a user.
  • VCAM data stream 18 In order to avoid interception and download of a VCAM data stream 18 by an unauthorised user, it can be protected in different ways.
  • One way to make it more difficult for a potential eavesdropper is to encrypt the information, which will be more described below in connection with fig. 4.
  • a user may also enter a code to his/her STB 3 in order to further enhance the security.
  • the user terminal includes a unique identity.
  • the processor in a STB 3 has for example its own unique serial number, which serial number may be used as the unique identity of the STB 3.
  • the hardware has in other words a unique identity.
  • the user may have knowledge of this identity and state it to the CA system supplier during the ordering procedure.
  • the VCAM data stream 18 will then include also this unique identity and thereby the virtual CA module intended for a certain user will only be downloaded to that particular user terminal. This pro- vides a secure way to convey the virtual CA module, and fraud by means of downloading to unauthorized user terminals is made more difficult or avoided entirely.
  • Fig. 3 shows another embodiment of the present invention.
  • the system has another system node, a VCD in- jector (Virtual Conditional Access Download) 20, the task of which is to create virtual CA cards.
  • VCD in- jector Virtual Conditional Access Download
  • handling of CA cards constitutes a large cost for a digital TV operator.
  • WO 03/069911 Al handles this problem by eliminating the physical CA cards. Instead of having a digital TV operator providing a physical CA card to each user, the system creates virtual CA cards instead which are downloaded to the STBs.
  • a CA card may be downloaded as well according to the functionality described in WO 03/069911 Al. After download of the CA card, preferably also this is stored in a flash-memory in the decoder chip, the STB is both arranged for use in a particular CA system and allows the user to get access to free channels that do not require a subscription or other payment. The user may then in a conventional manner order services or subscriptions in the CA system.
  • the units for transmitting VCAM modules and VCD cards are shown as separate units. These units may however consist of one single decoder data injector. This decoder data injector may also be used to transmit other data to the decoder. Also, in the embodiment in fig. 3 the VCD card may con- stitute an integrated part of the VCAM module and the VCAM module and the VCD card may thus be transmitted to the STB as one singe unit according to the method described with reference to fig. 2.
  • a preferred embodiment of the present invention which enables secure transportation of software regarding conditional access properties, in particular CA modules and virtual CA cards, and which solves the problem with current systems that an STB that is intended for use in a particular distribution network cannot be used in another, and that a user that wishes to get ac- cess to several distribution networks have to purchase several different STBs will now be described with reference to fig 4.
  • Fig. 4 shows a conditional access system, which, as the system described in figs. 1-3, on the head end side comprises a subscriber management system (SMS) 30 connected to a subscriber authorization system (SAS) 31, which in turn is connected to an EMM encrypter 32 and an ECM encry ' pter 33, both connected to a multiplexer 34.
  • SMS subscriber management system
  • SAS subscriber authorization system
  • EMM encrypter 32 and an ECM encry ' pter 33 both connected to a multiplexer 34.
  • the services are represented as TV 35, audio 36 and data 37.
  • the multiplexer output is connected to a modulator 38 and a scrambler 39.
  • the modulator modulates the data that is to be transmitted to a suitable transmission format and the scrambler adds a scrambling signal to the data based on control words that are generated by a control word (CW) generator 40.
  • the control words generated by the CW generator are also used to generate ECM messages.
  • the modulated and scrambled signal is broadcasted by a transmitter 41, such as a satellite or an antenna and is received at a user's premises by a receiver 42 such as a satellite dish, an antenna, or via a cable for further processing by a user terminal 43 at the users premises.
  • the user terminal comprises a tuner 44 for tuning to various frequencies in the received signal, where the frequencies correspond to different services such as TV programmes, radio channels or other services.
  • the frequency tuned to is then demodulated by a demodulator 45 and demultiplexed and descram- bled so that e.g. a TV programme may be displayed on a TV set 50.
  • the SAS 31 is further connected to a Conditional Access Crypto Module (CACM) 46, which acts as an adapter between a specific operator's SAS 31 and a Soft Security Services function (SSS) 47 and enables data communication between an operator's SAS and the SSS.
  • CACM Conditional Access Crypto Module
  • SSS Soft Security Services function
  • CACMs 48, 49 connected to the SSS, where each CACM 48, 49 constitute an adapter between a CA system (the SAS in a CA system) and the SSS 47. This enables that only one SSS is needed, irrespective of the number of CA systems present.
  • the CACMs according to the present invention have the advantage that the technology of the present invention may be utilised in different CA systems irrespective of the particular technology used in these systems.
  • TV broadcasting is uni-directional . This complicates achievement of sufficient security since there often is no return channel from a STB in use.
  • the present embodiment utilises a PGP (Pretty Good Privacy) alike technique and PKI (Public Key Infrastructure) .
  • a user wishing to get access to a CA system first obtains a STB 43.
  • this STB does not have to be adapted to a particular CA system.
  • the STB comprises standardised functions for handling the incoming signal and data such as tuner 44, demodulator 45, demultiplexer and descrambler.
  • a decoder chip may include security functions that may be used by the present invention, such as ability to store private keys, a root certificate, service provider certificate, a unique chip ID, bus encryption functionality, tam- per resistance and integrity protection.
  • the decoder chip manufacturer fetches a CSP (Certificate Signing Provider) signed root certificate (action 1) and generates a public/private key pair.
  • the decoder chip ID is sent (action 2) to the CSP together with the public key (action 3) , the decoder chip model & version (action 4) and the date and time (action 5) .
  • the CSP is an external PKI instance. In this way the CSP delivers trust between the decoder chip manufacturer and TV broadcasters.
  • the decoder chip is then provided with the CSP root certificate (action 6) together with the generated private key (ac- tion 7) .
  • the primed decoder chip is then sent to the decoder manufacturer (action 8) together with an adapter arrangement 51 (action 9) .
  • the adapter arrangement 51 consists of software that is capable of utilising the security functions provided for in the decoder chip.
  • the adapter arrangement handles e.g. asymmetric and/or symmetric decryption, digital certificates, upgrades, virtual CA modules and virtual smart cards.
  • the adapter arrangement further has a function corresponding to the CACM, i.e. to enable decoder chips from multiple decoder chip manufacturers to work in the system.
  • STBs provided with the adapter arrangement will have a common interface towards the system and a user is thus free to obtain an STB from any manufacturer as long as it is provided with an adapter arrangement 51.
  • the STB is then sent to a retailer for sale (action 10) .
  • the STB When the user has obtained the STB (fig. 5b), by e.g. purchasing it from a retailer, the STB must be adapted to the specific CA system prior to use.
  • This initialisation process may be started by putting the STB into initialisation mode (fig. 5b, action 1) .
  • the STB displays the decoder chip ID (ac- tion 2) .
  • the user then makes a phone call, enters a webpage or sends a mail or a SMS to the CA system operator to provide his user identity, such as name and address (action 3), and STB identity (the chip ID) (action 4) .
  • the CA operator then sends this data (action 5 & 6) along with an ID of the CA operator (action 7), a validity of the future digital certificate (action 8) and subsidy information (action 9) to the CSP 60 via the SAS 31, CACM 46 and SSS 47.
  • the CSP then creates a digital certificate with the information received from the CA system operator and the information previously received from the de- coder chip manufacturer, and sends the digital certificate to the CA system operator (action 10) .
  • the digital certificate is stored in a data base in the CA system together with other certificates of the CA system operator's customers.
  • a certificate for the operator, operator's certificate, signed by the CSP is at the end of the initialisation sequence transmitted to the STB via the CACM, SSS, DDg 52 and DDi 53 (action 11) together with a session key encrypted with the public key of the STB (action 12) .
  • the DDg 52 (Decoder Data generator) encrypts the session key with the STB' s public key so that only the intended recipient STB is able to decrypt the session key using its private key.
  • the data encrypted by the DDg 52 is then injected into the play-out carousel by a DDi 53 (Decoder Data injector) .
  • the carousel is a circular list containing items into which the program codes representing the data to be transmitted are entered.
  • the session key remains in the list during a predetermined time period before it is removed. This time period should correspond to the time period needed for the STB to be able to download the session key.
  • VCAM virtual conditional access module
  • a virtual CA card is encrypted in the same manner by the session key and transmitted to the STB (action 14), which stores the virtual CA card in the secure memory in the STB.
  • the virtual CA card contains the STB assigned network address, management keys for EMM decryption, first free EMM' s enabling free initial free viewing and other CA data.
  • the user may repeat the initialisation procedure for the next CA system.
  • the number of CA systems that simultaneous access may be obtained can be pre programmed and controlled in the decoder chip.
  • the stored VCAM and virtual card may be discarded and replaced by a new VCAM and virtual card for the new CA operator.
  • the VCAM and virtual card may also be discarded and replaced in order to prevent and make fraud difficult, for example at regular intervals .
  • the present invention thus has the advantage that it allows the use of a single STB in a plurality of systems, and a user that wishes to get access to various distribution systems therefore must not purchase or otherwise obtain a plurality of decoders, which, as stated above is both costly and inconven- ient.
  • a special server arrangement 70 de- scribed in WO 03/056830 Al, same applicant, a user is able to create a temporary connection between his/her mobile terminal and an optional STB 3 in the system 1.
  • the server arrangement 70 is used in order to enable a user to download a virtual CA module and or a vir- tual card by means of his/her mobile phone.
  • This server arrangement 70 has the task of opening a parallel way to create EMM messages through the SAS 31 and with the aid of the DDg 52 create virtual CA modules or virtual CA cards to a certain STB 50.
  • the server arrangement also handles the debiting of ordered services.
  • This identification includes for example that the user first identifies himself through a PIN code towards his SIM card (Subscriber Identity Module) when activating the mobile terminal, after which the SIM card is identified in the mobile communication network via the IMSI number (International Mo- bile Subscriber Identity) of the SIM card.
  • SIM card Subscriber Identity Module
  • IMSI number International Mo- bile Subscriber Identity
  • the mobile communication network know who the user is, and a unique user identity, for example in the form of the phone number of the user, is sent together with the set up request to the server arrangement 70, which then uses the information as an identification and debiting basis.
  • the server arrangement 70 When the user has established contact with the server arrangement 70, the user states that he/she wishes to receive a virtual CA module and/or a virtual CA card and an identity of the STB 50 to which the user wishes to have the virtual CA module and/or card delivered. Thereafter the server arrangement 70 sends information to the SAS 31 about the user and which STB 50 that is to receive the virtual module and/or virtual card. The SAS then sends information to the DDg 52 via the CACM 46, which translates the information from the SAS 31 into a vir- tual CA module and/or a virtual CA card and sends an encrypted data stream according to the method described above.
  • the user may order a service (a TV programme for example) .
  • An EMM message representing the service is then generated via the SAS 31, and this authorisation may be temporary, an EMM message may for example be valid for only one service.
  • the server arrangement 70 may connected to the CACM, SSS or DDg 52 directly.
  • the STB has in the above description been described as a sepa- rate unit.
  • the STB functionality may however advantageously constitute an integrated part of a TV set or a computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to an adapter arrangement for enabling access to a distribution network, intended for a user terminal, which user terminal is arranged for reception and/or decoding of services that are distributed via a distribution network. The adapter arrangement comprises means for enabling download of a virtual CA (Conditional Access) module to the user terminal via the distribution network. The invention further relates to a method, a system and a user terminal.

Description

Adapter arrangement, method, system and user terminal for conditional access
Field of the invention
The present invention is related to an adapter arrangement, a method, a system and a user terminal for enabling access to a system distributing different services via a distribution network, and in which a user terminal is used to decode these services, in accordance with the preamble of claims 1, 19, 31 and 40 respectively.
Background of the invention
A user of a pay-TV system is equipped with a decoder that is connected between a TV tap and a TV set at the user's premises. A main part in the system transmits encoded and uncoded signals that the decoder receives via the TV tap. The encoded and uncoded signals may represent analogue or digitally encoded and uncoded TV programmes/channels, and the decoder may then decrypt parts of, or all of the encoded signals in dependence of the access rights of the user, and thereby the access rights of the decoder, i.e. which channels/programmes the user pays to gain access to.
Recent systems are often digital, i.e. the system broadcasts digital signals that are decoded by a digital decoder. An advantage with digital systems versus analogue systems is that a considerably larger amount of data may be transmitted, and thereby a considerably larger .number of TV channels. The larger capacity in the digital systems also enables space for other services, for example interactive services such as games and surfing the Internet, where a user via a return channel in the system may affect and interact with what is shown on the TV set. Common for both analogue and digital pay-TV systems is that a user has to authenticate himself to the system, and from the system receive authorization information in order to gain access to the services. This authorization to the system is in the digital pay-TV systems of today performed by means of a so called CA card (Conditional Access) , also called program card, containing a user' s identity and code keys to give access to the program selection that the user has access to (has paid for) . The CA card is a so called smart card that the user ob- tains from the pay-TV system operator. The user inserts his CA card into a card reader in his decoder and may then start to use the decoder. The safety functions of the decoder reads the CA card and the authorization information received by the decoder from the CA card may include a key to a certain service that the user has ordered, and an indication of for example which channels the user has paid for and thus should have ac- ■ cess to. If the authorization information indicates that the user has the right to watch a certain channel, the decoder decrypts this channel.
A problem with current decoders is that they have to be manufactured for a particular digital TV system. This also leads to a second problem with current systems, which is that a decoder that is intended for use in a particular digital TV system generally can not be used in another, and a user that wishes to get access to various digital TV systems must therefore obtain a plurality of decoders. This is both costly and inconvenient .
Summary of the invention
It is an object of the present invention to provide an adapter arrangement, for enabling access to a distribution system, in- tended for a user terminal and by which adapter arrangement the above problems are solved.
This object is achieved by an adaptor arrangement as defined in the characterising portion of claim 1.
Another object of the present invention is to provide a method for enabling access to a distribution system. This object is achieved by a method as defined in the characterising portion of claim 20.
Another object of the present invention is to provide a system that distributes different services via a distribution network. This object is achieved by a system as defined in the characterising portion of claim 31.
Another object of the present invention is to provide a user terminal for use with an adapter arrangement. This object is achieved by a user terminal as defined in the characterising . portion of claim 40.
The present invention provides an adapter arrangement that comprises means for enabling download of a virtual CA (Conditional Access) module to a user terminal via a distribution network. The virtual CA module may substantially include functions corresponding to the functions of a conventional CA module. This has the advantage that a user terminal does not have to be provided with distribution network specific functionality for a particular distribution network during the manufac- turing process.
The adapter arrangement may further enable download of a virtual CA card, which substantially includes functions corresponding to functions of a conventional CA card. This has the advantage that the user terminal in the purchasing stage nei- ther has to- include the CA module functionality nor a card reader. This results in a considerably simplified and thereby cheaper user terminal.
The virtual CA module and/or virtual CA card may be downloaded via the distribution network via an extra data stream from a system unit, a decoder data injector. This has the advantage that existing infrastructure may be maintained and the new functionality may be implemented as an extra data stream that is parallel to the existing data streams. Further, a system unit is provided that is easily adapted to a plurality of dif- ferent systems .
The adapter arrangement may be arranged to be capable of receiving CA modules and/or CA cards from a plurality of distribution networks. This has the advantage that the adapter arrangement may enable download of a virtual CA module and/or a virtual CA card from an arbitrary distribution system. A user terminal may thus be manufactured as system independent and may be moved between various distribution networks. A user may thus change service supplier as desired without the need for purchasing or otherwise obtain a new user terminal at the change.
The adapter arrangement may be arranged to be adapted to a plurality of user terminals. This has the advantage that a plurality of different user terminals may be arranged to operate in a plurality of different distribution networks, which results in that a user may take any user terminal provided with an adapter arrangement according to the invention and use it in any suitable distribution network.
The adapter arrangement may be arranged to enable contemporary storage of two or more CA modules and/or CA cards, whereupon the user terminal receives contemporaneous access to two or more distribution systems. This has the advantage that a user terminal may be used for contemporaneous reception of services from a plurality of distribution systems .
A downloaded CA module and/or a downloaded CA card may be dis- carded from the user terminal and replaced with a new downloaded CA module and/or CA card. This has the advantage that CA modules and/or CA cards may be replaced at e.g. certain time intervals or upon request, which has the advantage that security in the system is strengthened. Further, this may be done when a user changes service supplier.
The virtual CA module and/or the virtual CA card may be stored in a memory in the user terminal . The memory may consist of a flash memory or a RAM memory (Random Access Memory) . The use of a flash memory or any other non-volatile memory has the ad- vantage that the virtual CA module and/or the virtual CA card will remain in the memory even when the user terminal is turned off. The download of the virtual CA module and/or the virtual CA card does thus not have to be repeated each time a user wishes to use his terminal. The memory may however con- sist of a RAM memory. This results in a cheaper terminal since RAM memories generally are less expensive than for example flash memories . The disadvantage is however that the virtual card needs to be downloaded each time the terminal is turned on.
The adapter arrangement may include means for secured transfer during the download of the virtual CA module and/or virtual CA card. This has the advantage that fraud by means of interception of sent out virtual CA modules or virtual CA cards is made more difficult.
The means for secured transfer may comprise asymmetric and/or symmetric encryption of at least part of the information to be transmitted. This has the advantage that a strong security against fraud is accomplished.
The adapter arrangement may be arranged to use built-in security functions of the user terminal, e.g. at download of the virtual CA module and/or virtual CA card, when generating a new set of keys or whenever use of the built-in security functions of the user terminal may be advantageous . This has the advantage that then manufacturer of the user terminal may provide the user terminal with security functions that the adapter arrangement is adapted to use.
The download of a CA module an/or a CA card may be ordered by a user through the use of his mobile terminal, whereupon a server arrangement connected to a mobile communication network sends an order to a system unit to create the CA module and/or CA card and transmit this to the user terminal via the distribution network.
The user terminal may be a set-top-box, part o'f a TV set or a computer. The functionality of the user terminal may advantageously be integrated in a TV set since it according to the invention is possible to obtain a distribution network independent user terminal.
The present invention may be practised in a digital TV network, giving all of the above stated advantages compared to current digital TV networks .
The services may comprise at least one of the following: TV channels, TV programmes, movies, games or any kind of encrypted data.
The adapter arrangement may be composed of a computer program product stored on a computer readable memory. This has the ad- vantage that the adapter arrangement easily can be made as an integrated part of the user terminal.
Further advantages are accomplished in different aspects of the invention and will become apparent by the following de- tailed description.
Brief description of the drawings
Fig. 1 schematically shows the different parts of a conventional pay-TV system in accordance with the SimulCrypt architecture defined by DVB.
Fig. 2 shows the present invention in a conventional pay-TV system.
Fig. 3 shows an alternative embodiment of the present invention in a conventional pay-TV system.
Fig. 4 shows another embodiment of the present invention.
Fig. 5a and 5b shows STB priming and initialisation flow diagrams .
Fig. 6 shows how a virtual CA module and a virtual CA card in accordance with the present invention can be downloaded to a user .
Detailed description of preferred embodiments
The in the description used designation set-top-box (STB) refers to a terminal at a user's premises having a built-in decoder in order to decode incoming encrypted signals into a format suited for displaying on a TV-set.
In order to explain the use of the present invention, relevant parts of an existing pay-TV system, in which the invention may be applied, is first described. Although the present invention, will be described in connection with the SimulCrypt architec- ture, which is the architecture that CA-systems (Conditional Access) of today utilize, a person skilled in the art realises that the invention may be used in other systems as well. The SimulCrypt architecture comprises four constituent parts: Sub- scriber Authorisation System (SAS) 14, EMM-injector 13 generating authorisation information, ECM-injector 11 generating control word messages, and finally a decoder module at a user' s premises . These constituent parts will now be described briefly.
Fig. 1 shows a conventional pay-TV system 1, in which a preferred embodiment of the present invention may be applied. The system 1 comprises a TV-set 2 and a set-top-box (STB) 3 connected to the TV-set 2. Further, the STB 3 and/or the TV-set 2 is/are connected to a distribution network 4, which may con- sist of a terrestrial TV distribution network, a satellite TV distribution network or a cable TV network. The distribution network 4 is today often a digital distribution network, in which standards developed by DVB (Digital Video Broadcasting) are used for information transfer. The described system is es- sentially a unidirectional system, in which there is no return channel on which a supplier can receive a verification from a client, and nor is there a way to verify that a receiver is an authorized receiver. A unidirectional distribution network lacks the possibility to a handshake procedure in the return channel.
A multiplexer 5 is also connected to the distribution network 4, combining the information 6, 7, 8, 9, 10 to be sent via the distribution network 4 and attends to that the information 6, 7, 8, 9, 10 is broadcasted. The information 6, 7, 8, 9, 10 comprises partly the TV channels and TV programmes or other video information 6 to be broadcasted via the distribution network 4, partly radio and other audio information (for exam- pie the sound of the TV programmes) 7, partly for example games and other information or data 8 such as for example betting information, teletext and subtitling, and partly control information 9, 10, which will be described in detail below.
Each provider of pay-TV services has its own pay-TV system and in order to enable coexistance of several pay-TV systems in one and the same distribution network a standard called Simul- Crypt has been developed in order to enable control information from several service providers to be broadcasted via the same distribution network.
A first control information 9 consists in control word messages, ECM messages (Entitlement Control Message) 9, generated in a ECM message injector 11. The ECM messages 9 include information (keys for example) in order to enable decrypting of different broadcasts (TV channels for example) . A certain ECM message 9 can be broadcast often, for example several times each second, in order to be immediately available to a new viewer. A security module 12 in the STB 3 reads the ECM messages 9 together with the EMM messages 10 in order to receive authorisation and keys to decrypt the different broadcasts.
The security module 12, also called CA module, may constitute an integrated part of the STB 3 or constitute a separate module to be inserted into a so called common interface port in the STB 3.
The identity of the user is stored on a smart card, a CA card or program card, that the user today obtains from an operator and inserts into the STB 3, and that is connected to the security module 12 via a card reader. Authorisation information used in a specific STB 3 is received from one or more EMM mes- sages 10 (Entitlement Management Message) constituting the second control information 10 and thus used in order to convey the authorities of the user to the STB. The EMM messages 10 are generated by an EMM injector 13 and contain information about a receiver' s identity and which services the receiver should decrypt. The security module 12 in the STB 3 reads the EMM messages 10 in order to know what the STB 3 should decrypt and make available for the user, and then uses the ECM messages 9 as decrypting keys in order to be able to decrypt the chosen services.
The authorities that a user should have, i.e. which EMM mes- sages 10 should be sent to a user's STB 3 is controlled by a subscriber Authorisation System, SAS 14, which is a system acting on commands from an subscriber Management System, SMS 15. The SMS 15 is a system managing user information and sending requests for activation of services to the SAS 14 that translates the information from the SMS 15 to EMM messages 10 and sees to it that the security module 12 at the user' s premises receives correct authorisation in order for correct service to be decoded. The SMS 15 is more or less unique to each service provider and can be designed such that it is an opera- tor that manually enters which users should have which services .
As has been described earlier, a problem with current STBs is that they have to be manufactured for a particular digital TV system. According to the present invention this is solved by a system as now will be described with reference to fig. 2.
In fig. 2 is shown a conventional CA system according to fig. 1, which has a new system node added. This system node is a decoder data injector, in this embodiment called a VCAM injector 17 (Virtual Conditional Access Module) that has as its task to create virtual CA modules. These virtual CA modules contain the same information and functions as in current physical CA modules of today or corresponding functionality that is integrated in STBs of today, that is, the parts that e.g. handle CA card reading and management keys that are used to decrypt EMM's, and out of which EMM' s the operational keys are extracted and used to decrypt ECM' s to recover the control word. The control word is sent to the descrambler to descram- ble the video signal.
A user that wishes to get access to a particular CA system, that is, the services of a particular CA system operator, may according to the invention, instead of purchasing a STB that is manufactured for the particular CA system operator, purchase or otherwise obtain a more general STB that does not comprise CA module functionality of a particular system, . When a new user is added a new virtual CA module is created and put in a so called carrousel, being a circular list containing items, into which the program codes for the different virtual CA modules are entered. The items remain in the list during a predetermined time period before they are removed. This time period should correspond to the time period needed for a STB 3 to be able to download the virtual CA module.
After download of the virtual CA module the STB is adapted to operate in the particular CA system the virtual CA module has been downloaded for. As the STB now has the same functionality as a conventional STB, the STB may comprise a card reader into which a conventional CA card for the CA system may be inserted. The user may then use the STB in the same way as a conventional STB with a conventional CA card. It is not important for the invention which CA system that is used, the VCAM injector 17 may easily be adapted to different systems.
When the new user for the first time wishes to use his/her STB
3, it has to be initiated, which is done by downloading the virtual CA module to the user's STB 3. The downloading of the virtual CA module is performed by means of an extra data stream 18, here called a VCAM data stream 18 (Virtual Conditional Access Module) , transmitted via a distribution network to the user together with other information that the operator broadcasts .
In a preferred embodiment the CA module for a particular CA system may be discarded and replaced by a new virtual CA module for enabling access to another CA system if a user later decides that he wishes to change to another CA system. The present invention thus also solves the problem with current systems that a STB that is intended for use in one CA system generally may not be used in another CA system.
Information broadcast by a digital TV operator is received by a large number of STBs. A function in the STB 3 determines whether the received information is to be decoded or not, i.e. whether the user has authorization to access certain information, as was explained above. A certain STB 3 listens to the information stream, now also containing the extra VCAM data stream 18, and receives the virtual CA module intended for that specific STB 3. The received virtual module is stored in a memory 19 in the STB 3, preferably a flash memory in the decoder chip. The advantage of having a flash memory is that the virtual CA module remains in the memory even if the STB 3 is turned off. An alternative is to use an ordinary RAM memory, but then it is required that the virtual CA module is downloaded each time the STB 3 is turned on, which may be perceived as time-consuming by "a user.
In order to avoid interception and download of a VCAM data stream 18 by an unauthorised user, it can be protected in different ways. One way to make it more difficult for a potential eavesdropper is to encrypt the information, which will be more described below in connection with fig. 4.
A user may also enter a code to his/her STB 3 in order to further enhance the security.
In accordance with a preferred embodiment the user terminal includes a unique identity. The processor in a STB 3 has for example its own unique serial number, which serial number may be used as the unique identity of the STB 3. The hardware has in other words a unique identity. In one embodiment, the user may have knowledge of this identity and state it to the CA system supplier during the ordering procedure. The VCAM data stream 18 will then include also this unique identity and thereby the virtual CA module intended for a certain user will only be downloaded to that particular user terminal. This pro- vides a secure way to convey the virtual CA module, and fraud by means of downloading to unauthorized user terminals is made more difficult or avoided entirely.
Fig. 3 shows another embodiment of the present invention. In this embodiment the system has another system node, a VCD in- jector (Virtual Conditional Access Download) 20, the task of which is to create virtual CA cards. As has been described in the WO 03/069911 Al, same applicant, handling of CA cards constitutes a large cost for a digital TV operator. WO 03/069911 Al handles this problem by eliminating the physical CA cards. Instead of having a digital TV operator providing a physical CA card to each user, the system creates virtual CA cards instead which are downloaded to the STBs. Thus, when a CA module has been downloaded to the STB, a CA card may be downloaded as well according to the functionality described in WO 03/069911 Al, After download of the CA card, preferably also this is stored in a flash-memory in the decoder chip, the STB is both arranged for use in a particular CA system and allows the user to get access to free channels that do not require a subscription or other payment. The user may then in a conventional manner order services or subscriptions in the CA system.
In fig. 3 the units for transmitting VCAM modules and VCD cards are shown as separate units. These units may however consist of one single decoder data injector. This decoder data injector may also be used to transmit other data to the decoder. Also, in the embodiment in fig. 3 the VCD card may con- stitute an integrated part of the VCAM module and the VCAM module and the VCD card may thus be transmitted to the STB as one singe unit according to the method described with reference to fig. 2.
A preferred embodiment of the present invention, which enables secure transportation of software regarding conditional access properties, in particular CA modules and virtual CA cards, and which solves the problem with current systems that an STB that is intended for use in a particular distribution network cannot be used in another, and that a user that wishes to get ac- cess to several distribution networks have to purchase several different STBs will now be described with reference to fig 4.
Fig. 4 shows a conditional access system, which, as the system described in figs. 1-3, on the head end side comprises a subscriber management system (SMS) 30 connected to a subscriber authorization system (SAS) 31, which in turn is connected to an EMM encrypter 32 and an ECM encry'pter 33, both connected to a multiplexer 34. To the multiplexer are further connected the services that are to be delivered by the distribution system. The services are represented as TV 35, audio 36 and data 37. The multiplexer output is connected to a modulator 38 and a scrambler 39. The modulator modulates the data that is to be transmitted to a suitable transmission format and the scrambler adds a scrambling signal to the data based on control words that are generated by a control word (CW) generator 40. The control words generated by the CW generator are also used to generate ECM messages. The modulated and scrambled signal is broadcasted by a transmitter 41, such as a satellite or an antenna and is received at a user's premises by a receiver 42 such as a satellite dish, an antenna, or via a cable for further processing by a user terminal 43 at the users premises. The user terminal comprises a tuner 44 for tuning to various frequencies in the received signal, where the frequencies correspond to different services such as TV programmes, radio channels or other services. The frequency tuned to is then demodulated by a demodulator 45 and demultiplexed and descram- bled so that e.g. a TV programme may be displayed on a TV set 50.
The SAS 31 is further connected to a Conditional Access Crypto Module (CACM) 46, which acts as an adapter between a specific operator's SAS 31 and a Soft Security Services function (SSS) 47 and enables data communication between an operator's SAS and the SSS. There may be multiple CACMs 48, 49 connected to the SSS, where each CACM 48, 49 constitute an adapter between a CA system (the SAS in a CA system) and the SSS 47. This enables that only one SSS is needed, irrespective of the number of CA systems present.
Different CA systems often utilise different technologies. This is also the reason why a STB usually works in only one CA system. The CACMs according to the present invention have the advantage that the technology of the present invention may be utilised in different CA systems irrespective of the particular technology used in these systems. TV broadcasting is uni-directional . This complicates achievement of sufficient security since there often is no return channel from a STB in use. The present embodiment utilises a PGP (Pretty Good Privacy) alike technique and PKI (Public Key Infrastructure) .
A user wishing to get access to a CA system first obtains a STB 43. According to the present invention this STB does not have to be adapted to a particular CA system. The STB comprises standardised functions for handling the incoming signal and data such as tuner 44, demodulator 45, demultiplexer and descrambler. A decoder chip may include security functions that may be used by the present invention, such as ability to store private keys, a root certificate, service provider certificate, a unique chip ID, bus encryption functionality, tam- per resistance and integrity protection.
Flow diagrams of the STB manufacturing priming and subsequent user initialisation is shown in fig 5a and 5b, respectively, and references to these actions will be made in parentheses.
During manufacturing the decoder chip manufacturer fetches a CSP (Certificate Signing Provider) signed root certificate (action 1) and generates a public/private key pair. The decoder chip ID is sent (action 2) to the CSP together with the public key (action 3) , the decoder chip model & version (action 4) and the date and time (action 5) .
In this embodiment the CSP is an external PKI instance. In this way the CSP delivers trust between the decoder chip manufacturer and TV broadcasters.
The decoder chip is then provided with the CSP root certificate (action 6) together with the generated private key (ac- tion 7) . The primed decoder chip is then sent to the decoder manufacturer (action 8) together with an adapter arrangement 51 (action 9) . The adapter arrangement 51 consists of software that is capable of utilising the security functions provided for in the decoder chip. The adapter arrangement handles e.g. asymmetric and/or symmetric decryption, digital certificates, upgrades, virtual CA modules and virtual smart cards. The adapter arrangement further has a function corresponding to the CACM, i.e. to enable decoder chips from multiple decoder chip manufacturers to work in the system. In this way STBs provided with the adapter arrangement will have a common interface towards the system and a user is thus free to obtain an STB from any manufacturer as long as it is provided with an adapter arrangement 51. The STB is then sent to a retailer for sale (action 10) .
When the user has obtained the STB (fig. 5b), by e.g. purchasing it from a retailer, the STB must be adapted to the specific CA system prior to use. This initialisation process may be started by putting the STB into initialisation mode (fig. 5b, action 1) . The STB then displays the decoder chip ID (ac- tion 2) . The user then makes a phone call, enters a webpage or sends a mail or a SMS to the CA system operator to provide his user identity, such as name and address (action 3), and STB identity (the chip ID) (action 4) . The CA operator then sends this data (action 5 & 6) along with an ID of the CA operator (action 7), a validity of the future digital certificate (action 8) and subsidy information (action 9) to the CSP 60 via the SAS 31, CACM 46 and SSS 47. The CSP then creates a digital certificate with the information received from the CA system operator and the information previously received from the de- coder chip manufacturer, and sends the digital certificate to the CA system operator (action 10) . The digital certificate is stored in a data base in the CA system together with other certificates of the CA system operator's customers. A certificate for the operator, operator's certificate, signed by the CSP is at the end of the initialisation sequence transmitted to the STB via the CACM, SSS, DDg 52 and DDi 53 (action 11) together with a session key encrypted with the public key of the STB (action 12) . The DDg 52 (Decoder Data generator) encrypts the session key with the STB' s public key so that only the intended recipient STB is able to decrypt the session key using its private key. The data encrypted by the DDg 52 is then injected into the play-out carousel by a DDi 53 (Decoder Data injector) .
As stated above, the carousel is a circular list containing items into which the program codes representing the data to be transmitted are entered. The session key remains in the list during a predetermined time period before it is removed. This time period should correspond to the time period needed for the STB to be able to download the session key.
When the STB has received the session key a crypto session is established between the CA system operator and the STB and a virtual conditional access module, VCAM, which usually is specific for the particular CA system it represents, is encrypted by the session key in the DDg 52 and is then injected into the play-out carousel by the DDi 53 (action 13) . The VCAM is received by the adapter arrangement 51 in the STB, which also decrypts the VCAM by the session key and stores it in a secure memory in the STB .
After the reception and storage of the VCAM, a virtual CA card is encrypted in the same manner by the session key and transmitted to the STB (action 14), which stores the virtual CA card in the secure memory in the STB. The virtual CA card contains the STB assigned network address, management keys for EMM decryption, first free EMM' s enabling free initial free viewing and other CA data. When the VCAM and virtual card have been downloaded to the STB the STB works just like any conventional STB.
If the user wishes to get access to other CA systems he may repeat the initialisation procedure for the next CA system. The number of CA systems that simultaneous access may be obtained can be pre programmed and controlled in the decoder chip. Also if the user wishes to change CA operator the stored VCAM and virtual card may be discarded and replaced by a new VCAM and virtual card for the new CA operator. The VCAM and virtual card may also be discarded and replaced in order to prevent and make fraud difficult, for example at regular intervals .
The present invention thus has the advantage that it allows the use of a single STB in a plurality of systems, and a user that wishes to get access to various distribution systems therefore must not purchase or otherwise obtain a plurality of decoders, which, as stated above is both costly and inconven- ient.
In accordance with an embodiment, shown in Fig. 6, a user wishing to download a virtual CA module and/or a virtual CA card to an optional STB 3, may do this through his/her mobile terminal. By utilizing a special server arrangement 70, de- scribed in WO 03/056830 Al, same applicant, a user is able to create a temporary connection between his/her mobile terminal and an optional STB 3 in the system 1. In accordance with the present invention the server arrangement 70 is used in order to enable a user to download a virtual CA module and or a vir- tual card by means of his/her mobile phone. This server arrangement 70 has the task of opening a parallel way to create EMM messages through the SAS 31 and with the aid of the DDg 52 create virtual CA modules or virtual CA cards to a certain STB 50. The server arrangement also handles the debiting of ordered services. A user wishing to download a virtual CA module in order to thereafter be able to download a virtual CA card, or alternatively download the virtual CA module and the virtual CA card as a single unit, to be able to then order a service, contacts the server arrangement 70 via his/her mobile terminal and is identified via the mobile communication net- work. This identification includes for example that the user first identifies himself through a PIN code towards his SIM card (Subscriber Identity Module) when activating the mobile terminal, after which the SIM card is identified in the mobile communication network via the IMSI number (International Mo- bile Subscriber Identity) of the SIM card. In this way the mobile communication network know who the user is, and a unique user identity, for example in the form of the phone number of the user, is sent together with the set up request to the server arrangement 70, which then uses the information as an identification and debiting basis.
When the user has established contact with the server arrangement 70, the user states that he/she wishes to receive a virtual CA module and/or a virtual CA card and an identity of the STB 50 to which the user wishes to have the virtual CA module and/or card delivered. Thereafter the server arrangement 70 sends information to the SAS 31 about the user and which STB 50 that is to receive the virtual module and/or virtual card. The SAS then sends information to the DDg 52 via the CACM 46, which translates the information from the SAS 31 into a vir- tual CA module and/or a virtual CA card and sends an encrypted data stream according to the method described above. After the download of the virtual CA module and the virtual CA card, or alternatively with the download request, the user may order a service (a TV programme for example) . An EMM message representing the service is then generated via the SAS 31, and this authorisation may be temporary, an EMM message may for example be valid for only one service. As an alternative to the embodiment shown in fig. 6, the server arrangement 70 may connected to the CACM, SSS or DDg 52 directly.
The STB has in the above description been described as a sepa- rate unit. The STB functionality may however advantageously constitute an integrated part of a TV set or a computer.

Claims

Claims
1. Adapter arrangement for enabling access to a distribution system, intended for a user terminal, which user terminal is arranged for reception and/or decoding of services that are distributed via a distribution network, characterised in that the adapter arrangement comprises means for enabling download of a virtual CA (Conditional Access) module to the user terminal via the distribution network.
2. Adapter arrangement according to claim 1, characterised in that the virtual CA module is downloaded via the distribution network via an extra data stream from a system unit .
3. Adapter arrangement according to claim 2, characterised in that said system unit is a decoder data injector.
4. Adapter arrangement according to any of the claims 1-3, characterised in that the adapter arrangement comprises means for enabling download of a virtual CA module from a plurality of distribution networks.
5. Adapter arrangement according to any of the claims 1-4, characterised in that the adapter arrangement enables download of a virtual CA module which, substantially includes functions corresponding to functions of a conventional CA module.
6. Adapter arrangement as claimed in any of the claims 1-5, characterised in that the arrangement further comprises means for storing the virtual CA module in a memory in the user terminal.
7. Adapter arrangement as claimed in claim 6, characterised in that said storage is effected in a flash memory or a RAM memory .
8. Adapter arrangement as claimed in any of the claims 1-7, characterised in that the download of the virtual CA module includes means for secured transfer.
9. Adapter arrangement according to claim 8, characterised in that the means comprise asymmetric and/or symmetric encryption of at least part of the information to be transmitted.
10. Adapter arrangement according to any of the claims 1-9, characterised in that the arrangement is arranged to use built-in security functions of the user terminal at download of the virtual CA module.
11. Adapter arrangement according to any of the preceding claims, characterised in that the adapter arrangement is arranged to enable contemporary storage of two or more CA modules, whereupon the user terminal receives contemporaneous access to two or more distribution networks.
12. Adapter arrangement according to any of the preceding claims, characterised in that a downloaded CA module may be discarded from the user terminal and replaced with a new downloaded CA module.
13. Adapter arrangement according to claim 1, characterised in that the adapter arrangement further enables download of a virtual CA card, which substantially includes functions corresponding to functions of a conventional CA card.
14. Adapter arrangement according to claim 13, characterised in that the virtual CA module and/or virtual CA card is downloaded via the distribution network via an extra data stream from a system unit.
15.Adapter arrangement according to claim 14, characterised in that said system unit is a decoder data injector.
16. Adapter arrangement according to any of the claims 13-15, characterised in that the adapter arrangement comprises means for enabling download of a virtual CA module and/or a virtual CA card from a plurality of distribution networks .
17. Adapter arrangement according to any of the claims 13-16, characterised in that the adapter arrangement enables download of a virtual CA module which, substantially includes functions corresponding to functions of a conventional CA module.
18.Adapter arrangement as claimed in any of the claims 13- 17, characterised in that the arrangement further comprises means for storing the virtual CA module and/or the virtual CA card in a memory in the user terminal.
19. Adapter arrangement as claimed in claim 18, characterised in that said storage is effected in a flash memory or a RAM memory.
20.Adapter arrangement as claimed in any of the claims 13- 19, characterised in that the download of the virtual CA module and/or virtual CA card includes means for secured transfer.
21.Adapter arrangement according to claim 20, characterised in that the means comprise asymmetric and/or symmetric encryption of at least part of the information to be transmitted.
22. Adapter arrangement according to any of the claims 13-21, characterised in that the arrangement is arranged to use built-in security functions of the user terminal at download of the virtual CA module and/or virtual CA card.
23. Adapter arrangement according to any of the claims 13-22, characterised in that the adapter arrangement is arranged to enable contemporary storage of two or more CA modules and/or CA cards, whereupon the user terminal receives contemporaneous access to two or more distribution networks .
24. Adapter arrangement according to any of the claims 13-23, characterised in that a downloaded CA module and/or a downloaded CA card may be discarded from the user terminal and replaced with a new downloaded CA module and/or CA card.
25. Adapter arrangement as claimed in any of the claims 13- 24, characterised in that the arrangement is adapted to receive the CA module and the CA card as a single unit.
26.Adapter arrangement according to any of the preceding claims, characterised in that the adapter arrangement is arranged to be adapted to a plurality of user terminals.
27. Adapter arrangement as claimed in any of the preceding claims, characterised in that the user terminal is a set- top-box, a TV set or a computer.
28. Adapter arrangement as claimed in any of the preceding claims, characterised in that the distribution network is a digital TV network.
29.Adapter arrangement according to any of the preceding claims, characterised in that the adapter arrangement is composed of a computer program product stored on a computer readable memory.
30. Method for enabling access to a system in which different services are distributed via a distribution network and in which a user terminal is used to decode these ser- vices, characterised in the step of downloading a virtual CA module to the user terminal via the distribution network.
31.Method according to claim 30, characterised in that the virtual CA module is downloaded via the distribution net- work via an extra data stream from a system unit.
32. Method according to any of the claims 30-31, characterised in that the CA module substantially includes func- tions corresponding to functions of a conventional CA module .
33. Method according to any of the claims 30-32, characterised in that the virtual CA module is stored in a memory, such as a flash memory or a RAM memory in the user terminal .
34. Method according to any of the claims 30-33, characterised in that the download of the virtual CA module includes means for secured transfer.
35. Method according to claim 34, characterised in that the means comprise asymmetric and/or symmetric encryption of at least part of the information to be transmitted.
36. Method according to any of the claims 30-35, characterised in that the built-in security functions of the user terminal are used at download of the virtual CA module.
37. Method according to any of the claims 30-32, characterised in that the method further comprises the step of downloading a virtual CA card, which substantially includes functions corresponding to functions of a conven- tional CA card to the user terminal via the distribution network.
38. Method according to claim 37, characterised in that the virtual CA module and/or the virtual CA card is stored in a memory, such as a flash memory or a RAM memory in the user terminal.
39. Method according to any of the claims 37-38, characterised in that the download of the virtual CA module and/or virtual CA card includes means for secured transfer.
40. Method according to claim 39, characterised in that the means comprise asymmetric and/or symmetric encryption of at least part of the information to be transmitted.
41. Method according to any of the claims 37-40, characterised in that the built-in security functions of the user terminal are used at download of the virtual CA module and/or virtual CA card.
42. Method according to any of the claims 37-41, characterised in that the CA module and the CA card are downloaded as a single unit.
43. Method according to any of the claims 30-42, characterised in that the user terminal is a set-top-box, a TV set or a computer.
44. Method according to any of the claims 30-43, character- ised in that the distribution network is a digital TV network.
45. Method as claimed in any of the claims 30-44, characterised in that the extra data stream includes a identity- unique for said user terminal, by means of which said virtual CA module can only be downloaded to this user terminal .
46. System for distributing different services via a distribution network and in which a user terminal is used in order to decode these services characterised in that the system includes means for enabling access to said system for said user terminal by means of a virtual CA module, and means for downloading the virtual CA module via the distribution network for reception by said user terminal.
47. System according to claim 46, characterised in that the virtual CA module is downloaded via the distribution network via an extra data stream from a system unit.
48. System according to any of the claims 46-47, characterised in that the CA module substantially includes functions corresponding to functions of a conventional CA module.
49. System according to any of the claims 46-48, characterised in that the virtual CA module is stored in a memory, such as a flash memory or a RAM memory in the user terminal .
50. System according to any of the claims 46—49, characterised in that the download of the virtual CA module in- eludes means for secured transfer.
51. System according to claim 50, characterised in that the means comprise asymmetric and/or symmetric encryption of at least part of the information to be transmitted.
52. System according to any of the claims 46-51, character- ised in that the built-in security functions of the user terminal are used at download of the virtual CA module.
53. System according to any of the claims 47-52, characterised in that the extra data stream includes a identity unique for said user terminal, by means of which said virtual CA module can only be downloaded to this user terminal .
54. System according to claim 46, characterised in that the system further enables download of a virtual CA card, which substantially includes functions corresponding to functions of a conventional CA card.
55. System according to claim 54, characterised in that the virtual CA module is downloaded via the distribution network via an extra data stream from a system unit.
56. System according to any of the claims 54-55, character- ised in that the CA module substantially includes functions corresponding to functions of a conventional CA module .
57. System according to any of the claims 54-56, characterised in that the virtual CA module and/or the virtual CA card is stored in a memory, such as a flash memory or a RAM memory in the user terminal.
58. System according to any of the claims 54-57, characterised in that the download of the virtual CA module and/or virtual CA card includes means for secured transfer.
59. System according to claim 58, characterised in that the means comprise asymmetric and/or symmetric encryption of at least part of the information to be transmitted.
60. System according to any of the claims 54-59, characterised in that the built-in security functions of the user terminal are used at download of the virtual CA module and/or virtual CA card.
61. System according to any of the claims 55-60, characterised in that the extra data stream includes a identity unique for said user terminal, by means of which said virtual CA module can only be downloaded to this user terminal .
62. System as claimed in any of claims 46-61, characterised in that the user terminal is a set-top-box, a TV set or a computer.
63. System as claimed in any of claims 46-62, characterised in that the distribution network is a digital TV network.
64. User terminal, arranged for reception and/or decoding of services that are distributed via a distribution network, characterised in that it includes an adapter arrangement according to any of the claims 1-29.
65. Computer program product for implementing an adapter arrangement according to any of the claims 1-29.
66.A computer readable medium containing a computer program product according to claim 65.
PCT/SE2004/000931 2003-06-13 2004-06-14 Adapter arrangement, method, system and user terminal for conditional access Ceased WO2004112385A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP04748990A EP1639812A1 (en) 2003-06-13 2004-06-14 Adapter arrangement, method, system and user terminal for conditional access

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0301728-2 2003-06-13
SE0301728A SE0301728D0 (en) 2003-06-13 2003-06-13 Adapter arrangement, method, system and user terminal for conditional access

Publications (2)

Publication Number Publication Date
WO2004112385A1 true WO2004112385A1 (en) 2004-12-23
WO2004112385A9 WO2004112385A9 (en) 2005-08-18

Family

ID=29212460

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2004/000931 Ceased WO2004112385A1 (en) 2003-06-13 2004-06-14 Adapter arrangement, method, system and user terminal for conditional access

Country Status (3)

Country Link
EP (1) EP1639812A1 (en)
SE (1) SE0301728D0 (en)
WO (1) WO2004112385A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100161987A1 (en) * 2008-12-22 2010-06-24 Electronics And Telecommunications Research Institute Downloadable conditional access system service providing apparatus and method
WO2010120627A1 (en) * 2009-04-13 2010-10-21 Digital Keystone, Inc. Direct iptv distribution
CN103037255A (en) * 2011-09-30 2013-04-10 乐金电子(中国)研究开发中心有限公司 Automatic adaptive method for conditional access module (CAM) card
WO2015200370A1 (en) * 2014-06-23 2015-12-30 Syphermedia International, Inc. Method and apparatus for providing secure internet protocol media services
US9277259B2 (en) 2006-10-13 2016-03-01 Syphermedia International, Inc. Method and apparatus for providing secure internet protocol media services

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0982935A2 (en) 1998-08-11 2000-03-01 CSELT Centro Studi e Laboratori Telecomunicazioni S.p.A. Method and system for the controlled delivery of digital multimedia services
WO2000025475A1 (en) 1998-10-23 2000-05-04 Qualcomm Incorporated Subscription portability for wireless systems
WO2001052543A1 (en) * 2000-01-14 2001-07-19 Diva Systems Corporation Conditional access and security for video on-demand systems
US20020146125A1 (en) * 2001-03-14 2002-10-10 Ahmet Eskicioglu CA system for broadcast DTV using multiple keys for different service providers and service areas
US20030093812A1 (en) * 2001-11-09 2003-05-15 Sony Corporation System and method for delivering data to an information appliance using the ISO07816
WO2003069911A1 (en) * 2001-12-14 2003-08-21 Television And Wireless Applications Europe Ab Method and system for conditional access
DE10216384A1 (en) * 2002-04-12 2003-10-30 Scm Microsystems Gmbh Access control network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0982935A2 (en) 1998-08-11 2000-03-01 CSELT Centro Studi e Laboratori Telecomunicazioni S.p.A. Method and system for the controlled delivery of digital multimedia services
WO2000025475A1 (en) 1998-10-23 2000-05-04 Qualcomm Incorporated Subscription portability for wireless systems
WO2001052543A1 (en) * 2000-01-14 2001-07-19 Diva Systems Corporation Conditional access and security for video on-demand systems
US20020146125A1 (en) * 2001-03-14 2002-10-10 Ahmet Eskicioglu CA system for broadcast DTV using multiple keys for different service providers and service areas
US20030093812A1 (en) * 2001-11-09 2003-05-15 Sony Corporation System and method for delivering data to an information appliance using the ISO07816
WO2003069911A1 (en) * 2001-12-14 2003-08-21 Television And Wireless Applications Europe Ab Method and system for conditional access
DE10216384A1 (en) * 2002-04-12 2003-10-30 Scm Microsystems Gmbh Access control network

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9277259B2 (en) 2006-10-13 2016-03-01 Syphermedia International, Inc. Method and apparatus for providing secure internet protocol media services
US20100161987A1 (en) * 2008-12-22 2010-06-24 Electronics And Telecommunications Research Institute Downloadable conditional access system service providing apparatus and method
WO2010120627A1 (en) * 2009-04-13 2010-10-21 Digital Keystone, Inc. Direct iptv distribution
US8610827B2 (en) 2009-04-13 2013-12-17 Digital Keystone, Inc. Direct IPTV distribution
CN103037255A (en) * 2011-09-30 2013-04-10 乐金电子(中国)研究开发中心有限公司 Automatic adaptive method for conditional access module (CAM) card
CN103037255B (en) * 2011-09-30 2017-06-30 乐金电子(中国)研究开发中心有限公司 A kind of CAM cards automatic adaptation method
WO2015200370A1 (en) * 2014-06-23 2015-12-30 Syphermedia International, Inc. Method and apparatus for providing secure internet protocol media services

Also Published As

Publication number Publication date
SE0301728D0 (en) 2003-06-13
EP1639812A1 (en) 2006-03-29
WO2004112385A9 (en) 2005-08-18

Similar Documents

Publication Publication Date Title
KR100838892B1 (en) Method and system for conditional access
KR100672947B1 (en) Encryption transmission method and device
KR100637005B1 (en) Information broadcasting method, receiver and information processing device
KR100672983B1 (en) Method and apparatus for transmitting encrypted data stream
US8677147B2 (en) Method for accessing services by a user unit
US20050050333A1 (en) System and method for secure broadcast
US20040017918A1 (en) Process for point-to-point secured transmission of data and electronic module for implementing the process
CN1890968B (en) Broadcast Conditional Access System with Immediate Purchase Capability in Bidirectional Networks
EP1568226B1 (en) Messaging over mobile phone network for digital multimedia network
RU2329612C2 (en) Conditional access data decryption system
JP3708905B2 (en) Broadcast receiver, broadcast reception system, and information distribution method
EP1639812A1 (en) Adapter arrangement, method, system and user terminal for conditional access
KR101045490B1 (en) Conditional Access Broadcasting System with Impulse Buying Performance in Interactive Networks
KR101138126B1 (en) Cas system and method for iptv
EP1624690A1 (en) Method for transmitting and receiving video signals
KR20160067722A (en) Method for tramsmitting message between distributed authorization server and cam authentication sub-system and rcas headend
MXPA01007879A (en) Method and apparatus for encrypted transmission

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
COP Corrected version of pamphlet

Free format text: PAGE 4/7, DRAWINGS, ADDED

WWE Wipo information: entry into national phase

Ref document number: 2004748990

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2004748990

Country of ref document: EP